ZyXEL Communications XGS4700 Series Скачать руководство пользователя страница 264 | Manualshive

Страница: 264 / 485

background image

Chapter 26 IP Source Guard

XGS4700-48F User’s Guide

264

3

Configure trusted and untrusted ports, and specify the maximum number of DHCP
packets that each port can receive per second.

4

Configure static bindings.

26.1.2 ARP Inspection Overview

Use ARP inspection to filter unauthorized ARP packets on the network. This can
prevent many kinds of man-in-the-middle attacks, such as the one in the following
example.

Figure 121

Example: Man-in-the-middle Attack

In this example, computer B tries to establish a connection with computer A.
Computer X is in the same broadcast domain as computer A and intercepts the
ARP request for computer A. Then, computer X does the following things:

• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.

As a result, all the communication between computer A and computer B passes
through computer X. Computer X can read and alter the information passed
between them.

26.1.2.1 ARP Inspection and MAC Address Filters

When the Switch identifies an unauthorized ARP packet, it automatically creates a
MAC address filter to block traffic from the source MAC address and source VLAN
ID of the unauthorized ARP packet. You can configure how long the MAC address
filter remains in the Switch.

These MAC address filters are different than regular MAC address filters (

• They are stored only in volatile memory.
• They do not use the same space in memory that regular MAC address filters

use.

A

X

B

«
...
262
263
264
265
266
...
»

Содержание XGS4700 Series

Страница 1: ...Stackable Gigabit Ethernet Switch Copyright 2011 ZyXEL Communications Corporation Firmware Version 4 00 Edition 1 04 2011 Default Login Details IP Address http 192 168 0 1 Out of band MGMT port http...

Страница 2: ......

Страница 3: ...ce Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch Note It is recommended you use the web configurator to configure the Sw...

Страница 4: ...stions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that ca...

Страница 5: ...d field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or m...

Страница 6: ...Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Serve...

Страница 7: ...device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe...

Страница 8: ...Safety Warnings XGS4700 48F User s Guide 8...

Страница 9: ...ing 105 VLAN 119 Static MAC Forward Setup 139 Static Multicast Forward Setup 143 Filtering 147 Spanning Tree Protocol 149 Bandwidth Control 171 Broadcast Storm Control 175 Mirroring 177 Link Aggregati...

Страница 10: ...tiated Services 351 DHCP 359 VRRP 369 ARP Learning 379 Load Sharing 385 Maintenance 387 Access Control 395 Diagnostic 421 Syslog 423 Cluster Management 427 MAC Table 435 IP Table 439 ARP Table 443 Rou...

Страница 11: ...VLAN Application Example 29 1 1 5 IPv6 Support 30 1 2 Ways to Manage the Switch 30 1 3 Good Habits for Managing the Switch 31 Chapter 2 Hardware Installation and Connection 33 2 1 Freestanding Install...

Страница 12: ...r 4 The Web Configurator 55 4 1 Introduction 55 4 2 System Login 55 4 3 The Web Configurator Layout 56 4 3 1 Change Your Password 61 4 4 Saving Your Configuration 62 4 5 Switch Lockout 62 4 6 Resettin...

Страница 13: ...nfigure Routing Policy 93 6 6 1 Create a Layer 3 Classifier 94 6 6 2 Create a Policy Routing Rule 95 Part II Technical Reference 97 Chapter 7 System Status and Port Statistics 99 7 1 Overview 99 7 2 P...

Страница 14: ...view 139 10 2 Configuring Static MAC Forwarding 139 Chapter 11 Static Multicast Forward Setup 143 11 1 Static Multicast Forwarding Overview 143 11 2 Configuring Static Multicast Forwarding 144 Chapter...

Страница 15: ...17 Link Aggregation 179 17 1 Link Aggregation Overview 179 17 2 Dynamic Link Aggregation 179 17 2 1 Link Aggregation ID 180 17 3 Link Aggregation Status 181 17 4 Link Aggregation Setting 183 17 5 Lin...

Страница 16: ...2 Queuing Method 217 22 1 Queuing Method Overview 217 22 1 1 Strictly Priority 217 22 1 2 Weighted Fair Queuing 217 22 1 3 Weighted Round Robin Scheduling WRR 218 22 2 Configuring Queuing 219 Chapter...

Страница 17: ...Setup 251 25 2 4 Vendor Specific Attribute 254 25 2 5 Tunnel Protocol Attribute 255 25 3 Supported RADIUS Attributes 256 25 3 1 Attributes Used for Authentication 256 25 3 2 Attributes Used for Accoun...

Страница 18: ...5 Chapter 30 sFlow 297 30 1 sFlow Overview 297 30 2 sFlow Port Configuration 298 30 2 1 sFlow Collector Configuration 299 Chapter 31 PPPoE 301 31 1 PPPoE Intermediate Agent Overview 301 31 1 1 PPPoE I...

Страница 19: ...trative Distance 325 35 2 Configuring RIP 326 Chapter 36 OSPF 329 36 1 OSPF Overview 329 36 1 1 OSPF Autonomous Systems and Areas 329 36 1 2 How OSPF Works 330 36 1 3 Interfaces and Virtual Links 330...

Страница 20: ...3 39 3 Activating DiffServ 354 39 3 1 Configuring 2 Rate 3 Color Marker Settings 355 39 4 DSCP to IEEE 802 1p Priority Settings 357 39 4 1 Configuring DSCP Settings 358 Chapter 40 DHCP 359 40 1 DHCP O...

Страница 21: ...pter 44 Maintenance 387 44 1 The Maintenance Screen 387 44 2 Load Factory Default 388 44 3 Save Configuration 388 44 4 Reboot System 389 44 5 Firmware Upgrade 389 44 6 Restore a Configuration File 390...

Страница 22: ...15 45 10 Service Port Access Control 416 45 11 Remote Management 417 Chapter 46 Diagnostic 421 46 1 Diagnostic 421 Chapter 47 Syslog 423 47 1 Syslog Overview 423 47 2 Syslog Setup 424 47 3 Syslog Serv...

Страница 23: ...Overview 445 52 2 Viewing the Routing Table Status 445 Chapter 53 Configure Clone 447 53 1 Configure Clone 447 Chapter 54 Troubleshooting 449 54 1 Power Hardware Connections and LEDs 449 54 2 Switch...

Страница 24: ...Table of Contents XGS4700 48F User s Guide 24...

Страница 25: ...25 PART I User s Guide...

Страница 26: ...26...

Страница 27: ...8F power modules and one slot for the FAN4700 48F fan module The DCP4700 48F power module requires DC power supply input of 36 VDC to 72 VDC 3 A Max no tolerance The ACP4700 48F power module requires...

Страница 28: ...high bandwidth In the following example a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network Within the headquarters network a company can use...

Страница 29: ...net To expand the network simply add more networking devices such as switches routers computers print servers and so on Figure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A VLA...

Страница 30: ...allows up to 3 4 x 1038 IP addresses At the time of writing the Switch supports the following features Static address assignment and stateless auto configuration Neighbor Discovery Protocol a protoco...

Страница 31: ...page 396 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s no...

Страница 32: ...Chapter 1 Getting to Know Your Switch XGS4700 48F User s Guide 32...

Страница 33: ...weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and...

Страница 34: ...g brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit 2 2 1 1 Precautions Make sure...

Страница 35: ...2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on t...

Страница 36: ...2 4 Power Module Installation There is one power module installed in the first power slot of the Switch by default This section shows you how to install a second power module or remove the power modu...

Страница 37: ...User s Guide 37 3 Insert the power module halfway into the slot and push the lever leftward 4 Slide the power module into the slot until it makes contact with the backplane 5 Push the lever rightward...

Страница 38: ...one hand and place the other hand under the power module to support it 3 Slide the power module into the slot until it makes contact with the backplane 4 Tighten the screw 2 4 2 Removing a Power Modul...

Страница 39: ...Guide 39 3 Push the lever leftward 4 Grab the handle and slide the power module out 2 4 2 2 DC Power Module 1 Refer to Section 3 3 4 on page 51 to disconnect the power before you begin 2 Use a screwd...

Страница 40: ...Chapter 2 Hardware Installation and Connection XGS4700 48F User s Guide 40 3 Grab the handle and slide the power module out...

Страница 41: ...t a fiber optic cable to the Switch The Switch does not come with transceivers You must use transceivers that comply with the Small Form Table 1 Panel Connections CONNECTO R DESCRIPTION 48 Mini GBIC S...

Страница 42: ...oid possible eye injury do not look into an operating fiber optic module s connectors 3 1 1 1 Transceiver Installation Use the following steps to install a mini GBIC transceiver SFP or XFP module 1 In...

Страница 43: ...No parity 8 data bits 1 stop bit No flow control Connect the male 9 pin end of the RS 232 console cable to the console port of the Switch Connect the female end to a serial port COM1 COM2 or other COM...

Страница 44: ...shows you how to connect an external sensor device to the Switch 1 Use a connector to connect wires of the correct gauge to the sensor s signal output pins See Chapter 55 on page 455 for the wire spec...

Страница 45: ...itch which supports the external alarm feature If daisy chaining to a ZyXEL switch that is a different model check your switch s documentation for the correct pin assignments 1 Use wires of the correc...

Страница 46: ...lowing figures show the rear panels of the AC and DC power input model switches The rear panels contain A slot for a fan module A Two optional slot B and C for installing EM 422 or EM 412 uplink modul...

Страница 47: ...the following procedure to remove the fan module in order to replace the entire fan module Return any malfunctioning fan modules to the manufacture 1 Loosen the thumbscrew on the front of the fan modu...

Страница 48: ...ptional two XFP or CX4 Ports These ports are available when you install an EM 422 or EM 412 in the optional uplink module slot s B and or C in the figure above Both the EM 422 and EM 412 are not hot s...

Страница 49: ...wer module ACP4700 48F and DC power module DCP4700 48F You can install one type depending on your power source or install both types simutaneously The power connections are on the front of each power...

Страница 50: ...aining power supply Use two wires to connect to a single terminal pair one wire for the positive terminal and one wire for the negative terminal Note The current rating of the power wires must be grea...

Страница 51: ...o the DC power input 3 3 4 Disconnecting the Power The power inputs are redundant so if one power input fails the system can operate on the remaining power input The power input connectors can be disc...

Страница 52: ...n the second power slot fails to supply power or its fan is not functioning at a proper speed SYS System Green Blinking The system is rebooting and performing self diagnostic tests On The system is on...

Страница 53: ...uccessful 100 Mbps connection Off This link is disconnected 10G 49 50 Blue On The Switch is connected to other switches through an uplink module in SLOT 1 Off The Switch is not connected to other swit...

Страница 54: ...Chapter 3 Hardware Overview XGS4700 48F User s Guide 54...

Страница 55: ...recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Wind...

Страница 56: ...234 The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen Figure 24 Web Configurator Login 4 Click OK to view the...

Страница 57: ...e currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is saved in the configuration file from which the Switch booted from and it...

Страница 58: ...itoring information General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch Switch Setup This link takes you to a scre...

Страница 59: ...ation This link takes you to a screen where you can configure IEEE 802 1x port authentication as well as MAC authentication for clients communicating via the Switch Port Security This link takes you t...

Страница 60: ...view the OSPF status and configure OSPF settings IGMP This link takes you to a screen where you can configure the IGMP settings DVMRP This link takes you to a screen where you can configure the DVMRP...

Страница 61: ...screen where you can view the MAC address and VLAN ID of a device attach to a port You can also view what kind of MAC address it is IP Table This link takes you to a screen where you can view the IP a...

Страница 62: ...nagement managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is the m...

Страница 63: ...reconnect the Switch s power to begin a session When you reconnect the Switch s power you will see the initial screen 3 When you see the message Press any key to enter Debug Mode within 3 seconds pre...

Страница 64: ...your password again after you log out This is recommended after you finish a management session for security reasons Figure 28 Web Configurator Logout Screen 4 8 Help The web configurator s online hel...

Страница 65: ...rt VLAN ID Enable RIP 5 1 1 Configuring an IP Interface On a layer 3 switch an IP interface also known as an IP routing domain is not bound to a physical port The default IP address of the Switch is 1...

Страница 66: ...management Make sure your computer is in the same subnet as the MGMT port 2 Open your web browser and enter 192 168 0 1 the default MGMT port IP address in the address bar to access the web configurat...

Страница 67: ...the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In the web configurator click IP Application and DHCP in the navigation panel and...

Страница 68: ...ple VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2 in th...

Страница 69: ...en the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defin...

Страница 70: ...the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field select...

Страница 71: ...Use Error Disable and Recovery on the Switch How to Set Up a Guest VLAN How to Configure Routing Policy 6 1 How to Use DHCP Snooping on the Switch You only want DHCP server A connected to port 5 to a...

Страница 72: ...t 1234 2 Go to Advanced Application VLAN Static VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you d...

Страница 73: ...and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate and...

Страница 74: ...rce Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom...

Страница 75: ...he command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP...

Страница 76: ...2 Figure 33 Tutorial DHCP Relay Scenario 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 G...

Страница 77: ...02 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to...

Страница 78: ...screen 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to...

Страница 79: ...P Server 1 field 4 Select the Option 82 and the Information check boxes 5 Click Apply to save your changes back to the run time memory 6 Click the Save link in the upper right corner of the web config...

Страница 80: ...y PPPoE server S can identify subscriber C and may apply different settings to it Figure 34 Tutorial PPPoE Intermediate Agentt Tutorial Overview Note For related information about PPPoE IA see Section...

Страница 81: ...Intermediate Agent Select Active then click Apply Click Port on the top of the screen 2 Select Untrusted for port 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for port...

Страница 82: ...4700 48F User s Guide 82 3 The Intermediate Agent screen appears Click VLAN on the top of the screen 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in th...

Страница 83: ...d Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply 6 3 2 Configuring Switch B The example uses another XGS4700 48F as switch...

Страница 84: ...s XGS4700 48F User s Guide 84 2 Select Trusted for ports 11 and 12 and then click Apply Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on the...

Страница 85: ...pass to the PPPoE server Click Apply The settings are completed now If you miss some settings above subscriber C could not successfully receive an IP address assigned by the PPPoE Server If this happ...

Страница 86: ...atures are helpful for this demand Note Refer to Section 27 2 on page 287 and Section 32 3 on page 312 for more information about Loop Guard and Errdiable To configure the settings 1 First click Advan...

Страница 87: ...Protection select ARP as the reason enter 100 as the rate limit packets per second for the first entry port to apply the setting to all ports Then click Apply 3 Click Advanced Application Errdisable E...

Страница 88: ...le IEEE 802 1x authentication on ports 1 to 8 Clients that connect to these ports should provide the correct user name and password in order to access the ports You want to assign clients that connect...

Страница 89: ...e VLAN type to 802 1Q Click Apply to save the settings to the run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 200...

Страница 90: ...when the Switch s power is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports 1 2 3...

Страница 91: ...e upper right corner of the web configurator to save your configuration permanently 6 5 2 Enabling IEEE 802 1x Port Authentication Follow the steps below to enable port authentication to validate acce...

Страница 92: ...he first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Click Apply 6 5 3 Enabling G...

Страница 93: ...ts that attach to port 1 2 or 3 and fail to authenticate with the RADIUS server now should be in VLAN 200 and can access the Internet but cannot communicate with devices in VLAN 1 6 6 How to Configure...

Страница 94: ...sifier that sorts traffic with DSCP value 58 into a data flow 1 Access the web configurator through the Switch s management port 2 Go to Advanced Application Classifier and select Active Enter a descr...

Страница 95: ...icy Routing Rule Follow the steps below to set up a policy routing profile first and then a rule to forward traffic of classifier DSCP58 to gateway R2 1 Click IP Application Policy Routing 2 Select Ac...

Страница 96: ...number to 1 in the Sequence field Select Permit to have the Switch send matched traffic to the specified gateway Select the name of the layer 3 classifier to which the rule applies Enter the IP addre...

Страница 97: ...97 PART II Technical Reference...

Страница 98: ...98...

Страница 99: ...ome page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 Port Status Summary T...

Страница 100: ...r more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enab...

Страница 101: ...labels in this screen Table 9 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port number you are viewing Name This field displays the name of the port Link This field...

Страница 102: ...unicast packets received Multicast This field shows the number of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the n...

Страница 103: ...eceived that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 This field...

Страница 104: ...Chapter 7 System Status and Port Statistics XGS4700 48F User s Guide 104...

Страница 105: ...on information The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then disp...

Страница 106: ...and voltage in this screen Figure 37 Basic Setting System Info The following table describes the labels in this screen Table 10 Basic Setting System Info LABEL DESCRIPTION System Name This field disp...

Страница 107: ...ature threshold Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown Current This field displays this fan s current speed in Revolutions Pe...

Страница 108: ...table describes the labels in this screen Table 11 Basic Setting General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes This name consists of up to 64 printab...

Страница 109: ...plays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the tim...

Страница 110: ...e Chapter 9 on page 119 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field use...

Страница 111: ...r more information Bridge Control Protocol Transparency Select Active to allow the Switch to handle bridging control protocols STP for example You also need to define how to treat a BPDU in the Port S...

Страница 112: ...ets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE 802 1d standa...

Страница 113: ...255 0 On the Switch as a layer 3 device an IP address is not bound to any physical ports Since each IP address on the Switch must be in a separate subnet the configured IP address is also known as IP...

Страница 114: ...Enter the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example...

Страница 115: ...etting Port Setup IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the Switch Delete Click D...

Страница 116: ...e port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support When auto negotiation is turned on a port on the Switch negotiates with the pee...

Страница 117: ...Bridge Protocol Data Units received on this port Select Tunnel to forward BPDUs received on this port Select Discard to drop any BPDU received on this port Select Network to process a BPDU with no VLA...

Страница 118: ...Chapter 8 Basic Setting XGS4700 48F User s Guide 118...

Страница 119: ...ormation starting after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethern...

Страница 120: ...k switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism for protocols that serve a more specific...

Страница 121: ...es A and B C D and E automatically VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are forbi...

Страница 122: ...LAN type in the Basic Setting Switch Setup screen Figure 43 Switch Setup Select VLAN Type 9 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group...

Страница 123: ...s is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when...

Страница 124: ...on on static VLAN To configure a Table 17 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that...

Страница 125: ...r a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the val...

Страница 126: ...g frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link o...

Страница 127: ...arded to the VLAN group that the tag defines Enter a number between 1 and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Specify the type of frame...

Страница 128: ...voice services is designated for IP subnet 172 16 1 0 24 video for 192 168 1 0 24 and data for 10 1 1 0 24 The Switch can then be configured to group incoming traffic based on the source IP subnet of...

Страница 129: ...can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN Select this checkbox to force the DHCP clients in this IP subnet to obtain their IP addresses thro...

Страница 130: ...VLAN are tagged This must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN A...

Страница 131: ...d together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 5...

Страница 132: ...ust be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to sav...

Страница 133: ...Give this protocol based VLAN a descriptive name Type IP VLAN 4 Select the protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN wi...

Страница 134: ...Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The po...

Страница 135: ...Chapter 9 VLAN XGS4700 48F User s Guide 135 The following screen shows users on a port based all connected VLAN configuration Figure 53 Advanced Application VLAN Port Based VLAN Setup All Connected...

Страница 136: ...Chapter 9 VLAN XGS4700 48F User s Guide 136 The following screen shows users on a port based port isolated VLAN configuration Figure 54 Advanced Application VLAN Port Based VLAN Setup Port Isolation...

Страница 137: ...t is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the inc...

Страница 138: ...Chapter 9 VLAN XGS4700 48F User s Guide 138...

Страница 139: ...AC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting st...

Страница 140: ...where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or l...

Страница 141: ...splays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check bo...

Страница 142: ...Chapter 10 Static MAC Forward Setup XGS4700 48F User s Guide 142...

Страница 143: ...ge out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the s...

Страница 144: ...3 within VLAN group 4 Figure 56 No Static Multicast Forwarding Figure 57 Static Multicast Forwarding to A Single Port Figure 58 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Static Mu...

Страница 145: ...air 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC address to po...

Страница 146: ...This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address wil...

Страница 147: ...in the navigation panel to display the screen as shown next Figure 60 Advanced Application Filtering The following table describes the related labels in this screen Table 25 Advanced Application FIlte...

Страница 148: ...Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to res...

Страница 149: ...hes in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the span...

Страница 150: ...nnected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange...

Страница 151: ...its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A Figure 61 MRSTP Network Example To set up MRSTP activate MRSTP on the Switch and specif...

Страница 152: ...le bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use t...

Страница 153: ...ion external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the sam...

Страница 154: ...ST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instan...

Страница 155: ...Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for eac...

Страница 156: ...d Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or M...

Страница 157: ...e generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds a switch can wait without receiving a BPDU before attempting to reconfigure All switch...

Страница 158: ...tocol Data Unit BPDU Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority num...

Страница 159: ...Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This...

Страница 160: ...The following table describes the labels in this screen Table 31 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure 6...

Страница 161: ...to 40 seconds Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology change...

Страница 162: ...e disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended that you as...

Страница 163: ...econd This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maxi...

Страница 164: ...164 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 152 for more information on MSTP F...

Страница 165: ...rwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it start...

Страница 166: ...ommon settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST...

Страница 167: ...e column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 33 Advanced Application Spanning Tree Protocol MSTP continued LABEL DESCRIPTION Table 34 Adv...

Страница 168: ...dge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port o...

Страница 169: ...t from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree C...

Страница 170: ...st from the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the...

Страница 171: ...aranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion Th...

Страница 172: ...want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports...

Страница 173: ...g traffic flow on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top naviga...

Страница 174: ...Chapter 14 Bandwidth Control XGS4700 48F User s Guide 174...

Страница 175: ...ckets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this fea...

Страница 176: ...ort by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second M...

Страница 177: ...w to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel t...

Страница 178: ...row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied t...

Страница 179: ...cal link containing multiple ports The beginning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a prop...

Страница 180: ...full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switch to...

Страница 181: ...unk group that is one logical link containing multiple ports Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays onl...

Страница 182: ...c based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes tr...

Страница 183: ...vanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 42 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCR...

Страница 184: ...MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distrib...

Страница 185: ...rol Protocol Click in the Advanced Application Link Aggregation Link Aggregation Setting LACP to display the screen shown next See Section 17 2 on page 179 for more information on dynamic link aggrega...

Страница 186: ...ink containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want t...

Страница 187: ...igure 81 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffi...

Страница 188: ...Chapter 17 Link Aggregation XGS4700 48F User s Guide 188...

Страница 189: ...date users See Section 25 1 2 on page 246 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Swit...

Страница 190: ...8 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The login...

Страница 191: ...first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the AAA Radius Server Setup screen To activate a port aut...

Страница 192: ...check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays a port number Setting...

Страница 193: ...he Switch sends the client to the Guest VLAN The client needs to send a new request to be authenticated by the Switch again Reauth Specify if a subscriber has to periodically re enter his or her usern...

Страница 194: ...switches or routers with the guest network feature Figure 87 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication 802 1x screen click Guest Vlan t...

Страница 195: ...guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to authen...

Страница 196: ...ication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You must first enable MAC authentication on the Switch before configuring it on each port Name Pr...

Страница 197: ...s this setting See Section 8 5 on page 111 Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port...

Страница 198: ...Chapter 18 Port Authentication XGS4700 48F User s Guide 198...

Страница 199: ...Switch The Switch can learn up to 32K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 32K For maximum port security enable this feature disable MAC address le...

Страница 200: ...ously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically select...

Страница 201: ...ing to occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learne...

Страница 202: ...this feature is disabled Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigatio...

Страница 203: ...ing to specific criteria such as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic...

Страница 204: ...rules To configure policy rules refer to Chapter 21 on page 209 Click Advanced Application Classifier in the navigation panel to display the configuration screen as shown Figure 92 Advanced Applicatio...

Страница 205: ...ect the second choice and type a MAC address in valid MAC address format six hexadecimal character pairs Port Type the port number to which the rule should be applied You may choose one port only or a...

Страница 206: ...ddress Address Prefix Enter a destination IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask Socket Number Note You must select either U...

Страница 207: ...ctivated Name This field displays the descriptive name for this rule This is for identification purposes only Rule This field displays a summary of the classifier rule s settings Delete Click Delete t...

Страница 208: ...figuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 94 Classifier Example After you have configured a classifier you can configure a policy to define...

Страница 209: ...the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or reme...

Страница 210: ...he DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured...

Страница 211: ...tion panel to display the screen as shown Figure 95 Advanced Application Policy Rule The following table describes the labels in this screen Table 53 Advanced Application Policy Rule LABEL DESCRIPTION...

Страница 212: ...f profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the packet...

Страница 213: ...rofile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field Select Set...

Страница 214: ...lick an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Classif...

Страница 215: ...Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier ref...

Страница 216: ...Chapter 21 Policy Rule XGS4700 48F User s Guide 216...

Страница 217: ...raffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5...

Страница 218: ...qual amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin Schedu...

Страница 219: ...labels in this screen Table 55 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if yo...

Страница 220: ...vice than queues with smaller weights Weight Q0 Q7 When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ...

Страница 221: ...4 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle...

Страница 222: ...Select Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag ca...

Страница 223: ...Port then the Switch only adds the SP TPID tag to all incoming frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one conf...

Страница 224: ...d Double Tagged 802 11Q Frame Format DA SA Len Etype Dat a FCS Untagged Ethernet frame DA SA TPI D Priorit y VI D Len Etype Dat a FCS IEEE 802 1Q customer tagged frame D A SA SPTPI D Priori ty VI D TP...

Страница 225: ...s ports at the edge of the service provider s network Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network Select Tunnel Port to have the...

Страница 226: ...entifies the port you are configuring SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 9 on pa...

Страница 227: ...uring CVID Enter a customer VLAN ID the inner VLAN tag from 1 to 4094 This is the VLAN tag carried in the packets from the subscribers SPVID SPVID is the service provider s VLAN ID the outer VLAN tag...

Страница 228: ...he service provider s VLAN ID that adds to the packets from the subscribers Priority This is the service provider s priority level in the packets Delete Check the rule s that you want to remove in the...

Страница 229: ...ast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual receiving...

Страница 230: ...p to 16 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This is re...

Страница 231: ...ettings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow the...

Страница 232: ...ports Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common s...

Страница 233: ...entry is aged out Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report s received on this port IGMP Filtering Profile Select the name of the IGMP filt...

Страница 234: ...on of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLAN s that you specify below In either auto or fixed mode the Switch can learn u...

Страница 235: ...tic VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save your changes to the...

Страница 236: ...t IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to belo...

Страница 237: ...re managed by IGMP snooping The following figure shows a network example The subscriber VLAN 1 2 and 3 information is hidden from the streaming media server S In addition the multicast VLAN informatio...

Страница 238: ...he streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A s...

Страница 239: ...utomatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen Figure 109 Advanced Application Multicast Multicast Setting MVR The following table describes the r...

Страница 240: ...multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag...

Страница 241: ...abels in this screen Table 67 Advanced Application Multicast Multicast Setting MVR Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID that you configured in the MVR scr...

Страница 242: ...on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the mult...

Страница 243: ...he Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 112 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscrib...

Страница 244: ...er s Guide 244 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 113 MVR Group Configuration Example Figure 114 MVR Group Con...

Страница 245: ...levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on the...

Страница 246: ...ted to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some...

Страница 247: ...up Use this screen to configure your RADIUS server settings See Section 25 1 2 on page 246 for more information on RADIUS servers and Section 25 3 on page 256 for RADIUS attributes utilized by the aut...

Страница 248: ...notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a passwor...

Страница 249: ...server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existing RA...

Страница 250: ...in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret...

Страница 251: ...ver the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the Switch...

Страница 252: ...Select local to have the Switch check the access privilege configured for local authentication Select radius or tacacs to have the Switch check the access privilege via the external servers Login Thes...

Страница 253: ...begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send information when commands of specified privilege level and hi...

Страница 254: ...s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes...

Страница 255: ...in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege lev...

Страница 256: ...used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified 25 3 1 Attributes Used for Authentication Th...

Страница 257: ...Id is date time 8 digit sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 25 3 2 2 Attributes Used for Accounting Exec Events Th...

Страница 258: ...IP Address Service Type Calling Station Id Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Session Time Acct Terminate Cause Table 76 RADIUS Attributes Exec Events via Console AT...

Страница 259: ...Chapter 25 AAA XGS4700 48F User s Guide 259 Acct Input Gigawords Acct Output Gigawords Table 76 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP...

Страница 260: ...Chapter 25 AAA XGS4700 48F User s Guide 260...

Страница 261: ...is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from information...

Страница 262: ...are no trusted ports Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER...

Страница 263: ...e requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information field in...

Страница 264: ...X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between computer A...

Страница 265: ...itch can send syslog messages to the specified syslog server Chapter 47 on page 423 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to...

Страница 266: ...rce Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP a...

Страница 267: ...ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not app...

Страница 268: ...out the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 124 DHCP Snooping Delete Select this and click Delete to remove the specified entry C...

Страница 269: ...field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right now...

Страница 270: ...ce Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field d...

Страница 271: ...rt To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 125 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has ig...

Страница 272: ...tp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific updat...

Страница 273: ...DHCP snooping Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports You can also specify the maximum number for DHCP packets that each port trusted or...

Страница 274: ...ed ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source...

Страница 275: ...witch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number port...

Страница 276: ...fied unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field...

Страница 277: ...the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section below VID This fi...

Страница 278: ...re generated by ARP packets and that have not been sent to the syslog server yet If one or more log messages are dropped due to unavailable buffer there is an entry called overflow with the current nu...

Страница 279: ...g with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because ther...

Страница 280: ...the log and reset this counter See Section 26 6 2 on page 278 Syslog rate Type the maximum number of syslog messages the Switch can send to the syslog server in one batch This number is expressed as a...

Страница 281: ...ure the port the settings are applied to all of the ports Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on tru...

Страница 282: ...every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off...

Страница 283: ...P packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLAN Ap...

Страница 284: ...Chapter 26 IP Source Guard XGS4700 48F User s Guide 284...

Страница 285: ...e 134 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a re...

Страница 286: ...port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch...

Страница 287: ...k you can re activate the disabled port via the web configurator see Section 8 7 on page 115 or via commands see the Ethernet Switch CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Applicatio...

Страница 288: ...nges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check...

Страница 289: ...Gigabit uplink port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID...

Страница 290: ...setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check b...

Страница 291: ...VID you specified in the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level from...

Страница 292: ...is the VLAN ID that replaces the customer VLAN ID in the tagged packets Priority This is the priority level that replaces the customer priority level in the tagged packets Delete Check the rule s that...

Страница 293: ...e provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 142 Layer...

Страница 294: ...t on the service provider s edge device 1 or 2 in Figure 143 on page 294 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and for...

Страница 295: ...lect this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the dest...

Страница 296: ...nd detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select this option to have t...

Страница 297: ...w agent then creates sFlow data and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output i...

Страница 298: ...h Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your...

Страница 299: ...tor Address Enter the IP address of the sFlow collector Note You must have the sFlow collector already configured in the sFlow Collector screen The sFlow collector does not need to be in the same subn...

Страница 300: ...Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the...

Страница 301: ...31 1 1 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled the Switch adds a vendor specific tag to PADI PPPoE Active Discovery Initialization and PADR PPPoE Active Discove...

Страница 302: ...ort the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and o...

Страница 303: ...cted to PPPoE servers If a PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and received o...

Страница 304: ...e Intermediate Agent screen Figure 148 Advanced Application PPPoE Intermediate Agent 31 3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional...

Страница 305: ...re circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string and variables specified in the option field...

Страница 306: ...n as shown Figure 150 Advanced Application PPPoE Intermediate Agent Port The following table describes the labels in this screen Table 101 Advanced Application PPPoE Intermediate Agent Port LABEL DESC...

Страница 307: ...ntrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The...

Страница 308: ...n the section below End VID Enter the highest VLAN ID you want to configure in the section below Apply Click Apply to display the specified range of VLANs in the section below Port This field displays...

Страница 309: ...Agent Remote ID sub option for this VLAN on the specified port Spaces are allowed If you do not specify a string here or in the Remote id field for a specific port the Switch automatically uses the P...

Страница 310: ...ngs are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all the...

Страница 311: ...ows you to limit the rate of ARP BPDU and IGMP packets to be delivered to the CPU on a port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network s Y...

Страница 312: ...guration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in the A...

Страница 313: ...here Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Note Changes in this row a...

Страница 314: ...ction that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Switch disables the po...

Страница 315: ...packets on a port according to the feature requirements and what action you configure Use this row to make the setting the same for all entries Use this row first and then make adjustments to each en...

Страница 316: ...Chapter 32 Error Disable XGS4700 48F User s Guide 316...

Страница 317: ...t reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Switch The Switch routes most traffic from A to the Internet through the Switc...

Страница 318: ...t ID IP Subnet Mask Enter the subnet mask for this destination Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet t...

Страница 319: ...s This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination Gateway Address This field displays the IP address of the gat...

Страница 320: ...Chapter 33 Static Route XGS4700 48F User s Guide 320...

Страница 321: ...r to the normal routing Individual routing policies are used as part of the overall policy routing process A routing policy defines the action to take when a packet meets the criteria in a specified c...

Страница 322: ...Click Add to insert a new policy routing profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to s...

Страница 323: ...ward packets based on the classifier and action you specify A policy route rule defines the matching classifier and the action to take when a packet meets the criteria in the classifier The action is...

Страница 324: ...of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Add Click Add to insert the entry in the summary table below and save your changes to...

Страница 325: ...The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries mo...

Страница 326: ...ion RIP The following table describes the labels in this screen Table 110 Default Distance Value ROUTE SOURCE ADMINISTRATIVE DISTANCE Local 0 Static 1 OSPF 110 RIP 120 Table 111 IP Application RIP LAB...

Страница 327: ...oth and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch loses thes...

Страница 328: ...Chapter 35 RIP XGS4700 48F User s Guide 328...

Страница 329: ...ting protocols such as RIP The following table summarizes some of the major differences between OSPF and RIP 36 1 1 OSPF Autonomous Systems and Areas An OSPF autonomous system AS can be divided into l...

Страница 330: ...o network destinations Layer 3 devices build a synchronized link state database by exchanging Hello messages to confirm which neighbor layer 3 devices exist and then they exchange database description...

Страница 331: ...n is fine but in some situations it must be controlled In the following figure only router A has direct connectivity with all the other routers on the network segment Routers B and C do not have a dir...

Страница 332: ...y the screen as shown next See Section 36 1 on page 329 for more information on OSPF Figure 164 IP Application OSPF Status The following table describes the labels in this screen Table 114 IP Applicat...

Страница 333: ...sed in the designated router election Designated Router This field displays the router ID of the designated router Backup Designated Router This field displays the router ID of a backup designated rou...

Страница 334: ...displays the time in seconds since the last LSA was sent Seq This field displays the link sequence number of the LSA Checksum This field displays the checksum value of the LSA Link Count This field d...

Страница 335: ...t is assigned to routes learned by OSPF The lower the administrative distance value is the more preferable the routing protocol is See Section 35 1 1 on page 325 for more information about administrat...

Страница 336: ...enticati on Select an authentication method Simple or MD5 to activate authentication Select None default to disable authentication Usually interface s and virtual interface s should use the same authe...

Страница 337: ...rned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this scr...

Страница 338: ...otocol Type Select 1 for routing protocols such as RIP whose external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added to the AB boundary...

Страница 339: ...you can use 192 168 8 0 22 instead of using 192 168 8 0 24 192 168 9 0 24 192 168 10 0 24 and 192 168 11 0 24 The third octet of these four network IP addresses is 00001000 00001001 00001010 00001011...

Страница 340: ...want to use Key When you select Simple in the Authentication field enter a password eight character long Characters after the eighth character will be ignored When you select MD5 in the Authenticatio...

Страница 341: ...is field displays the interface cost used for calculating the routing table Priority This field displays the priority for this OSPF interface Delete Click Delete to remove the selected entry from the...

Страница 342: ...d eight character long When you select MD5 in the Authentication field enter a password 16 character long Add Click Add to save your changes to the Switch s run time memory The Switch loses these chan...

Страница 343: ...tween a multicast server multicast routers and multicast hosts A multicast server transmits multicast packets and multicast routers forward multicast packets to multicast hosts Figure 171 IP Multicast...

Страница 344: ...n 1 to version 3 IGMP version 1 defines how a multicast router checks to see if any multicast hosts are part of a multicast group It checks for group membership by sending out an IGMP Query packet Hos...

Страница 345: ...multicast server Z IP address 13 2 2 2 both send multicast traffic to the same multicast group identified by the multicast IP address 225 1 1 1 In IGMP version 3 multicast host A can join multicast g...

Страница 346: ...ot recorded any group members Select Drop to discard the frame s Select Flooding to send the frame s to all ports Index This field displays an index number of an entry Network This field displays the...

Страница 347: ...e IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 178 on page 349 38 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Multicast d...

Страница 348: ...st routing table that is used to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loops exi...

Страница 349: ...This applies only to multicast traffic this Switch sends out Index Index is the DVMRP configuration for the IP routing domain defined under Network The maximum number of DVMRP configurations allowed i...

Страница 350: ...Error Message 38 4 Default DVMRP Timer Values The following are some default DVMRP timer values Table 124 DVMRP Default Timer Values DVMRP FIELD DEFAULT VALUE Probe interval 10 sec Report interval 35...

Страница 351: ...differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give...

Страница 352: ...to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum...

Страница 353: ...ork Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PIR and CIR...

Страница 354: ...ed against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 184 TRTCM Color aware Mode 39...

Страница 355: ...the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on...

Страница 356: ...gh loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to tre...

Страница 357: ...are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the DSC...

Страница 358: ...28 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop dow...

Страница 359: ...40 1 1 DHCP Modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of IP addresses along with subnet masks DNS...

Страница 360: ...view the screen as shown Use Table 129 IP Application DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode Index This is t...

Страница 361: ...way value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server This fi...

Страница 362: ...sts that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this in...

Страница 363: ...n Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This...

Страница 364: ...DHCP clients in both domains Figure 191 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send additional in...

Страница 365: ...VLAN that you want to configure DHCP settings for on the Switch See Section 8 6 on page 113 for information on how to do this Figure 193 IP Application DHCP VLAN The following table describes the labe...

Страница 366: ...requests that it relays to a DHCP server Informati on This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name...

Страница 367: ...vers are installed to serve each VLAN The system is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academic bu...

Страница 368: ...Chapter 40 DHCP XGS4700 48F User s Guide 368 For the example network configure the VLAN Setting screen as shown Figure 195 DHCP Relay for Two VLANs Configuration Example EXAMPLE...

Страница 369: ...vailable In VRRP a virtual router VR represents a number of physical layer 3 devices An IP address is associated with the virtual router A layer 3 device having the same IP address is the preferred ma...

Страница 370: ...k IP Application VRRP in the navigation panel to display the VRRP Status screen as shown next Figure 197 IP Application VRRP Status The following table describes the labels in this screen 172 21 1 100...

Страница 371: ...unctions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is initiating the VRRP protocol or when the Uplink...

Страница 372: ...an IP domain Authenticati on Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key When y...

Страница 373: ...routers participating in the virtual router must use the same advertisement interval 41 3 2 2 Priority Configure the priority level 1 to 254 to set which backup router to take over in case the master...

Страница 374: ...r number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval Specify the number of seconds between Hello message transmissi...

Страница 375: ...ick Clear to set the above fields back to the factory defaults Table 136 IP Application VRRP Configuration VRRP Parameters continued LABEL DESCRIPTION Table 137 VRRP Configuring VRRP Parameters LABEL...

Страница 376: ...e host computer X is set to use VR1 as the default gateway Figure 201 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parameters...

Страница 377: ...the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 and as...

Страница 378: ...VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 208 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status sc...

Страница 379: ...the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the kn...

Страница 380: ...reply from host B it updates its ARP table and also forwards host A s ICMP request to host B After the Switch gets the ICMP reply from host B it sends out an ARP request to get host A s MAC address a...

Страница 381: ...3 ARP Request When the Switch is in ARP Request learning mode it updates the ARP table with both ARP replies gratuitous ARP requests and ARP requests Therefore in the following example the Switch can...

Страница 382: ...some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as yo...

Страница 383: ...ry The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Canc...

Страница 384: ...Chapter 42 ARP Learning XGS4700 48F User s Guide 384...

Страница 385: ...ths 1 2 and 3 of equal path cost This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next hop ECMP works with static routes o...

Страница 386: ...t s source and destination IP addresses into a hash value which acts as an index to a route path Aging Time Specify the time interval from 0 to 86400 in increments of 10 in seconds at which the Switch...

Страница 387: ...Maintenance The following table describes the labels in this screen Table 140 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration...

Страница 388: ...change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 44 3 Save Configuration Click Config 1 to save the current configuration settings p...

Страница 389: ...Config 1 or configuration two Config 2 when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load confi...

Страница 390: ...re After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 44 6 Restore a Configuration File Restore a previously saved configuration f...

Страница 391: ...the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the config...

Страница 392: ...put firmware bin ras 0 This is a sample FTP session showing the transfer of the computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current conf...

Страница 393: ...your computer and renames it to config cfg See Table 141 on page 392 for more information on filename conventions 7 Enter quit to exit the ftp prompt 44 8 3 GUI based FTP Clients The following table d...

Страница 394: ...P Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not...

Страница 395: ...ns are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Ethernet Switch CLI Reference Guide for more information on d...

Страница 396: ...twork consists of two main components agents and a manager An agent is a management software module that resides in a managed Switch the Switch An agent translates the local management information fro...

Страница 397: ...s let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC...

Страница 398: ...3 1 2 2 This trap is sent when the fan speed returns to the normal operating range temperatur e TemperatureEventOn 1 3 6 1 4 1 890 1 5 8 54 3 1 2 1 This trap is sent when the temperature goes above or...

Страница 399: ...s trap is sent when the Switch ceases the action taken on a port such as shutting down the port or discarding packets on the port after the specified recovery interval Table 145 SNMP System Traps cont...

Страница 400: ...range DDMIRxPowerEventClear DDMITemperatureEventCl ear DDMITxBiasEventClear DDMITxPowerEventClear DDMIVoltageEventClear 1 3 6 1 4 1 890 1 5 8 54 31 2 2 This trap is sent when all device operating para...

Страница 401: ...1 3 6 1 2 1 80 0 3 This trap is sent when a ping test is completed traceroute traceRouteTestFailed 1 3 6 1 2 1 81 0 2 This trap is sent when a traceroute test fails traceRouteTestCompleted 1 3 6 1 2 1...

Страница 402: ...is used MacTableFullEventClear 1 3 6 1 4 1 890 1 5 8 54 3 1 2 2 This trap is sent when less than 95 of the MAC table is used rmon RmonRisingAlarm 1 3 6 1 4 1 890 1 5 1 1 16 0 1 This trap is sent when...

Страница 403: ...only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is onl...

Страница 404: ...manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 45...

Страница 405: ...Security Level Select whether you want to implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the SNMP...

Страница 406: ...ead rights only meaning the user can collect information from the Switch Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch l...

Страница 407: ...s something other than admin is someone who can view but not configure Switch settings Click Management Access Control Logins to view the screen as shown Figure 224 Management Access Control Logins Th...

Страница 408: ...privileges via the CLI For more information on assigning privileges see the Ethernet Switch CLI Reference Guide User Name Set a user name up to 32 ASCII characters long Password Enter your new system...

Страница 409: ...er The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically s...

Страница 410: ...ure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring c...

Страница 411: ...in the Service Access Control screen then the Switch blocks all HTTP connection attempts 45 9 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https...

Страница 412: ...blocked Figure 228 Security Alert Dialog Box Internet Explorer 6 45 9 1 2 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server a screen with the message There is a problem with...

Страница 413: ...age Certificate Error Click on Certificate Error next to the address bar and click View certificates Figure 230 Certificate Error Internet Explorer 7 or 8 Click Install Certificate and follow the on s...

Страница 414: ...Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the Ad...

Страница 415: ...rm Security Exception to proceed to the web configurator login screen Figure 233 Security Alert Mozilla Firefox 45 9 3 The Main Screen After you accept the certificate and enter the login username and...

Страница 416: ...address bar in Internet Explorer 7 or 8 denotes a secure connection Figure 234 Example Lock Denoting a Secure Connection 45 10 Service Port Access Control Service Access Control allows you to decide...

Страница 417: ...Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then...

Страница 418: ...roup of one or more trusted computers from which an administrator may use a service to manage the Switch Active Select this check box to activate this secured client set Clear the check box if you wis...

Страница 419: ...Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Clic...

Страница 420: ...Chapter 45 Access Control XGS4700 48F User s Guide 420...

Страница 421: ...n this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 237 Management Diagnostic The following table describes the labels in this screen Table 156 Management...

Страница 422: ...ice that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform...

Страница 423: ...message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the sys...

Страница 424: ...tting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Fac...

Страница 425: ...ore critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigatio...

Страница 426: ...Chapter 47 Syslog XGS4700 48F User s Guide 426...

Страница 427: ...ted and be in the same VLAN group so as to be able to communicate with one another Table 160 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Clust...

Страница 428: ...er and the other switches on the upper floors of the building are cluster members Figure 240 Clustering Application Example 48 2 Cluster Management Status Click Management Cluster Management in the na...

Страница 429: ...s the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches...

Страница 430: ...nagement XGS4700 48F User s Guide 430 configurator home page and the home page that you d see if you accessed it directly are different Figure 242 Cluster Management Cluster Member Web Configurator Sc...

Страница 431: ...c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 400BVG0b6 bin fw 00...

Страница 432: ...switches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its St...

Страница 433: ...terwards then it cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen If multiple devices have the same password then hold SHIFT and clic...

Страница 434: ...Chapter 48 Cluster Management XGS4700 48F User s Guide 434...

Страница 435: ...ynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch exami...

Страница 436: ...filters the frame Figure 245 MAC Table Flowchart 49 2 Viewing the MAC Table Click Management MAC Table in the navigation panel to display the following screen Use this screen to search specific MAC ad...

Страница 437: ...t the criteria here into the static MAC forwarding table see Section 10 2 on page 139 The type of the MAC address es will be changed to static Select Dynamic to MAC filtering and click Transfer to add...

Страница 438: ...Chapter 49 MAC Table XGS4700 48F User s Guide 438...

Страница 439: ...ned by the Switch or static belonging to the Switch The Switch uses the IP Table to determine how to forward packets See the following figure 1 The Switch examines a received packet and learns the por...

Страница 440: ...he labels in this screen Table 165 Management IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information is the...

Страница 441: ...Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is dynamic learned by...

Страница 442: ...Chapter 50 IP Table XGS4700 48F User s Guide 442...

Страница 443: ...h s ARP program looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch...

Страница 444: ...address Select Port and enter a port number to remove the dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cancel Cli...

Страница 445: ...navigation panel to display the screen as shown Figure 250 Management Routing Table The following table describes the labels in this screen Table 167 Management Routing Table LABEL DESCRIPTION Index T...

Страница 446: ...Chapter 52 Routing Table XGS4700 48F User s Guide 446...

Страница 447: ...ou can copy the settings of one port onto other ports 53 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management...

Страница 448: ...le 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic Settin...

Страница 449: ...ned on in DC models or if the DC power supply is connected in AC DC models 2 Make sure you are using the power adaptor or cord included with the Switch 3 Make sure the power adaptor or cord is connect...

Страница 450: ...Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Turn the Switch off and on in DC models or if the DC power supply is connected in AC DC models 5 Disconnect and re co...

Страница 451: ...ardware connections and make sure the LEDs are behaving as expected See Section 3 4 on page 52 3 Make sure your Internet browser does not block pop up windows and has JavaScripts and Java enabled 4 Ma...

Страница 452: ...avaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by default I...

Страница 453: ...fter I restart the Switch Make sure you save your configuration into the Switch s nonvolatile memory each time you make changes Click Save at the top right corner of the web configurator to save the c...

Страница 454: ...Chapter 54 Troubleshooting XGS4700 48F User s Guide 454...

Страница 455: ...nterfaces 48 mini GBIC slots compatible with Small Form Factor Pluggable SFP Multi Source Agreement MSA transceivers Two slots for optional 10G uplink module sets One local management Ethernet 10 100B...

Страница 456: ...k belong to one group A device can belong to more than one group With VLAN a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a ro...

Страница 457: ...or applications such as Media on Demand MoD using multicast traffic across a network MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network This improves ban...

Страница 458: ...ervices via RADIUS and TACACS AAA servers Device Management Use the web configurator or commands to easily configure the rich range of features on the Switch Port Cloning Use the port cloning feature...

Страница 459: ...lso configure the Switch to automatically undo the action after the error is gone Policy Routing Policy routing lets you override the default routing behavior and alter the packet forwarding based on...

Страница 460: ...le trees IEEE 802 1s Multiple Spanning Tree Protocol BPDU transparency QoS IEEE 802 1p Eight priority queues per port Port based egress traffic shaping Rule based traffic mirroring IEEE 802 3x flow co...

Страница 461: ...ast RIP V1 V2 OSPF V2 Multicast DVMRP IGMP V1 V2 V3 ECMP Static Routing IP services DHCP relay VLAN based DHCP server relay DHCP Snooping Policy routing Load sharing 64 VRRP entries Filtering Support...

Страница 462: ...on Guest VLAN PPPoE IA and option 82 Configurable ARP learning mode Management IEEE 802 3ah OAM IEEE 802 1AB LLDP IEEE 802 1ag CFM Loop guard Password encryption sFlow User access right Error disable...

Страница 463: ...Protocol Version 3 RFC 3414 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802 1ab Link Layer Discovery Pr...

Страница 464: ...Chapter 55 Product Specifications XGS4700 48F User s Guide 464...

Страница 465: ...r information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the...

Страница 466: ...This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange...

Страница 467: ...ime Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message exchang...

Страница 468: ...P networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User...

Страница 469: ...sing out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the ri...

Страница 470: ...ice in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a...

Страница 471: ...ith damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of...

Страница 472: ...IANO NEDERLANDS D claration de Produit Green Directive RoHS 2002 95 EC Dichiarazione Green Product Direttiva RoHS 2002 95 CE Productmilieuverklaring RoHS richtlijn 2002 95 EC Directive DEEE 2002 96 EC...

Страница 473: ...Appendix B Legal Information XGS4700 48F User s Guide 473...

Страница 474: ...Appendix B Legal Information XGS4700 48F User s Guide 474...

Страница 475: ...onfiguring 265 syslog messages 265 trusted ports 265 AS Boundary Router 330 authentication 336 and OSPF 335 and RADIUS 246 setup 251 authorization privilege levels 253 setup 251 automatic VLAN registr...

Страница 476: ...ing copyright 469 CPU management port 134 CPU protection configuration 312 overview 311 current date 109 current time 109 D Database Description DD 330 daylight saving time 109 default gateway 366 def...

Страница 477: ...FCC interference statement 469 file transfer using FTP command example 392 filename convention configuration configuration file names 391 filtering 147 rules 147 filtering database MAC table 435 firm...

Страница 478: ...stalling the Fan Module 47 interface 332 and OSPF 339 interface and OSPF 330 Internal Router IR 330 Internet Protocol version 6 see IPv6 introduction 27 IP capability 461 interface 113 371 routing dom...

Страница 479: ...backup 391 firmware 389 restoring configuration 390 maintenance 387 current configuration 387 main screen 387 Management Information Base MIB 396 management port 49 137 default IP address 49 managing...

Страница 480: ...C 1305 109 O OSPF 329 advantages 329 area 329 335 Area 0 329 area ID 336 authentication 335 336 autonomous system 329 backbone 329 configuration steps 331 general settings 334 how it works 330 interfa...

Страница 481: ...current rating 50 disconnecting 51 power wire 50 power specification 455 power status 107 Power Wires 50 PPPoE IA 80 trusted ports 303 untrusted ports 303 priority level 112 priority and OSPF 331 prio...

Страница 482: ...299 UDP port 300 sFlow agent 297 sFlow collector 297 Simple Network Management Protocol see SNMP SNMP 31 396 agent 396 and MIB 396 authentication 405 406 communities 403 management model 396 manager...

Страница 483: ...423 server setup 425 settings 424 setup 424 severity levels 423 system information 106 system log 421 system reboot 389 T TACACS 246 setup 249 TACACS Terminal Access Controller Access Control System...

Страница 484: ...VLAN 124 status 123 124 tagged 119 trunking 121 127 type 111 122 VLAN Virtual Local Area Network 110 VLAN mapping 289 activating 290 configuration 291 example 289 priority level 289 tagged 289 traffi...

Страница 485: ...ator 31 55 getting help 64 layout 56 login 55 logout 64 navigation panel 58 weight queuing 218 Weighted Round Robin Scheduling WRR 218 WFQ Weighted Fair Queuing 218 WRR Weighted Round Robin Scheduling...

Отзывы:

Нет отзывов

Похожие инструкции для XGS4700 Series

Бренд: Abocom Страницы: 1

Бренд: DBM Страницы: 50

Avenue Express Control Panel

Бренд: Ensemble Designs Страницы: 19

Бренд: Abocom Страницы: 2

Бренд: Techroutes Страницы: 20

Бренд: Ubiquiti Страницы: 13

VIGI NVR1004H-4P

Бренд: TP-Link Страницы: 2

Бренд: Zhone Страницы: 2

Бренд: National Instruments Страницы: 26

Бренд: Doro Страницы: 50

Бренд: Black Box Страницы: 12

ENHANCED PSD 239 H2R

Бренд: ADTRAN Страницы: 2

Бренд: Manson Engineering Industrial Страницы: 10

IntraSwitch 5324MT

Бренд: Asante Страницы: 2

Бренд: Stephen Страницы: 8

DiskStation Series

Бренд: Synology Страницы: 6

Бренд: Eneo Страницы: 49

Бренд: 3Com Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды