manualshive.com logo in svg

ZyXEL Communications XS1920 Series, Руководство пользователя

Поделиться
Скачать
ZyXEL Communications XS1920 Series Скачать руководство пользователя страница 220

XS1920 Series User’s Guide

220

C

H A P T E R

      2 6

IP Source Guard

26.1  IP Source Guard Overview 

Use IP source guard to filter unauthorized DHCP and ARP packets in your network.

IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and 
ARP packets in your network. A binding contains these key attributes:

• MAC  address
• VLAN  ID
• IP  address
• Port number

When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, 
IP address, and port number in the binding table. If there is a binding, the Switch forwards the 
packet. If there is not a binding, the Switch discards the packet.

26.1.1  What You Can Do

• Use  the 

IP Source Guard 

screen (

Section 26.2 on page 221

) to display the links to the 

configuration screens where you can configure IPv4 or IPv6 source guard settings.

• Use  the

 IPv4 Source Guard Setup

 screen (

Section 26.3 on page 222

) to look at the current 

bindings for DHCP snooping and ARP inspection.

• Use  the

 IP Source Guard Static Binding

 screen (

Section 26.4 on page 223

to manage static 

bindings for DHCP snooping and ARP inspection.

• Use  the 

DHCP Snooping

 screen (

Section 26.5 on page 225

) to look at various statistics about 

the DHCP snooping database. 

• Use  this 

DHCP Snooping Configure

 screen (

Section 26.5.1 on page 228

) to enable DHCP 

snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server 
is located, and configure the DHCP snooping database. 

• Use  the 

DHCP Snooping Port Configure

 screen (

Section 26.5.2 on page 230

) to specify 

whether ports are trusted or untrusted ports for DHCP snooping.

• Use  the 

DHCP Snooping VLAN Configure

 screen (

Section 26.5.3 on page 231

to enable DHCP 

snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 
82 information to DHCP requests that the Switch relays to a DHCP server for each VLAN. 

• Use  the 

DHCP Snooping VLAN Port Configure

 screen (

Section 26.5.4 on page 232

) to apply a 

different DHCP option 82 profile to certain ports in a VLAN. 

• Use  the 

ARP Inspection Status

 screen (

Section 26.6 on page 234

) to look at the current list of 

MAC address filters that were created because the Switch identified an unauthorized ARP packet.

• Use  the 

ARP Inspection VLAN Status

 screen (

Section 26.6.1 on page 235

) to look at various 

statistics about ARP packets in each VLAN.

Содержание XS1920 Series

Страница 1: ...xel com XS1920 Series 10 GbE Web managed Switches Version 4 30 Edition 1 01 2016 Copyright 2016 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Страница 2: ...rences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the Switch and access the Web Configurator Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary inform...

Страница 3: ... Forward Setup 114 Static Multicast Forward Setup 116 Filtering 119 Spanning Tree Protocol 121 Bandwidth Control 142 Broadcast Storm Control 144 Mirroring 146 Link Aggregation 148 Port Authentication 155 Port Security 163 Time Range 167 Classifier 169 Policy Rule 178 Queuing Method 182 Multicast 186 AAA 210 IP Source Guard 220 Loop Guard 253 Layer 2 Protocol Tunneling 257 PPPoE 261 Error Disable 2...

Страница 4: ...313 DHCP 317 ARP Setup 329 Maintenance 334 Access Control 343 Diagnostic 360 System Log 363 Syslog Setup 364 Cluster Management 367 MAC Table 373 IP Table 376 ARP Table 378 Routing Table 380 Path MTU Table 381 Configure Clone 382 IPv6 Neighbor Table 385 Troubleshooting 387 ...

Страница 5: ...he Switch 22 1 3 Good Habits for Managing the Switch 22 Chapter 2 Hardware Installation and Connection 23 2 1 Installation Scenarios 23 2 2 Desktop Installation Procedure 23 2 3 Rack Mounting 23 2 3 1 Rack mounted Installation Requirements 23 2 3 2 Attaching the Mounting Brackets to the Switch 24 2 3 3 Mounting the Switch on a Rack 24 Chapter 3 Hardware Panels 26 3 1 Front Panel 26 3 1 1 Gigabit E...

Страница 6: ... 5 1 2 Setting Port VID 42 5 2 Configuring Switch Management IP Address 43 Chapter 6 Tutorials 45 6 1 Overview 45 6 2 How to Use DHCP Snooping on the Switch 45 6 3 How to Use DHCP Relay on the Switch 49 6 3 1 DHCP Relay Tutorial Introduction 49 6 3 2 Creating a VLAN 49 6 3 3 Configuring DHCP Relay 52 6 3 4 Troubleshooting 53 Chapter 7 Status and ZON 54 7 1 Overview 54 7 1 1 What You Can Do 54 7 2 ...

Страница 7: ...p 83 8 9 7 IPv6 Neighbor Discovery Setup 84 8 9 8 IPv6 Router Discovery Setup 85 8 9 9 IPv6 Prefix Setup 86 8 9 10 IPv6 Neighbor Setup 88 8 9 11 DHCPv6 Client Setup 89 8 10 DNS 90 Chapter 9 VLAN 92 9 1 Overview 92 9 1 1 What You Can Do 92 9 1 2 What You Need to Know 92 9 2 VLAN Status 95 9 2 1 VLAN Details 96 9 3 Private VLAN Status 97 9 4 VLAN Configuration 98 9 5 Configure a Static VLAN 99 9 6 C...

Страница 8: ...apter 13 Spanning Tree Protocol 121 13 1 Spanning Tree Protocol Overview 121 13 1 1 What You Can Do 121 13 1 2 What You Need to Know 121 13 2 Spanning Tree Protocol Status Screen 124 13 3 Spanning Tree Configuration 124 13 4 Configure Rapid Spanning Tree Protocol 125 13 4 1 Rapid Spanning Tree Protocol Status 127 13 5 Configure Multiple Rapid Spanning Tree Protocol 128 13 5 1 Multiple Rapid Spanni...

Страница 9: ...erview 148 17 1 1 What You Can Do 148 17 1 2 What You Need to Know 148 17 2 Link Aggregation Status 149 17 3 Link Aggregation Setting 150 17 4 Link Aggregation Control Protocol 152 17 5 Technical Reference 153 17 5 1 Static Trunking Example 153 Chapter 18 Port Authentication 155 18 1 Port Authentication Overview 155 18 1 1 What You Need to Know 155 18 2 Port Authentication Configuration 157 18 3 A...

Страница 10: ...Policy Rules Overview 178 22 1 1 What You Can Do 178 22 2 Configuring Policy Rules 178 Chapter 23 Queuing Method 182 23 1 Queuing Method Overview 182 23 1 1 What You Can Do 182 23 1 2 What You Need to Know 182 23 2 Configuring Queuing 183 Chapter 24 Multicast 186 24 1 Multicast Overview 186 24 1 1 What You Can Do 186 24 1 2 What You Need to Know 186 24 2 Multicast Setup 190 24 3 IPv4 Multicast Sta...

Страница 11: ...219 Chapter 26 IP Source Guard 220 26 1 IP Source Guard Overview 220 26 1 1 What You Can Do 220 26 1 2 What You Need to Know 221 26 2 IP Source Guard Screen 221 26 3 IPv4 Source Guard Setup 222 26 4 IPv4 Source Guard Static Binding 223 26 5 DHCP Snooping 225 26 5 1 DHCP Snooping Configure 228 26 5 2 DHCP Snooping Port Configure 230 26 5 3 DHCP Snooping VLAN Configure 231 26 5 4 DHCP Snooping VLAN ...

Страница 12: ...unneling Overview 257 28 1 1 What You Can Do 257 28 1 2 What You Need to Know 257 28 2 Configuring Layer 2 Protocol Tunneling 258 Chapter 29 PPPoE 261 29 1 PPPoE Intermediate Agent Overview 261 29 1 1 What You Can Do 261 29 1 2 What You Need to Know 261 29 2 The PPPoE Screen 264 29 3 PPPoE Intermediate Agent 264 29 3 1 PPPoE IA Per Port 265 29 3 2 PPPoE IA Per Port Per VLAN 267 29 3 3 PPPoE IA for...

Страница 13: ...ocal Port Status Detail 288 34 5 LLDP Remote Status 291 34 5 1 LLDP Remote Port Status Detail 292 34 6 LLDP Configuration 298 34 6 1 LLDP Configuration Basic TLV Setting 300 34 6 2 LLDP Configuraion Basic Org specific TLV Setting 301 34 7 LLDP MED Configuration 302 34 8 LLDP MED Network Policy 303 34 9 LLDP MED Location 304 Chapter 35 Static Route 308 35 1 Static Route Overview 308 35 1 1 What You...

Страница 14: ...ay Configuration Example 324 37 5 Configuring DHCPv4 VLAN Settings 324 37 5 1 DHCPv4 VLAN Port Configure 325 37 5 2 Example DHCP Relay for Two VLANs 326 37 6 DHCPv6 Relay 327 Chapter 38 ARP Setup 329 38 1 ARP Overview 329 38 1 1 How ARP Works 329 38 1 2 ARP Learning Mode 329 38 2 ARP Setup 331 38 2 1 ARP Learning 331 38 2 2 Static ARP 332 Chapter 39 Maintenance 334 39 1 Overview 334 39 2 The Maint...

Страница 15: ...rt 346 40 3 3 Configuring SNMP User 347 40 4 Setting Up Login Accounts 348 40 5 Service Port Access Control 350 40 6 Remote Management 351 40 7 Technical Reference 352 40 7 1 About SNMP 352 40 7 2 Introduction to HTTPS 355 Chapter 41 Diagnostic 360 41 1 Overview 360 41 2 Diagnostic 360 Chapter 42 System Log 363 42 1 Overview 363 42 2 System Log 363 Chapter 43 Syslog Setup 364 43 1 Syslog Overview ...

Страница 16: ...le 377 Chapter 47 ARP Table 378 47 1 Overview 378 47 1 1 What You Can Do 378 47 1 2 What You Need to Know 378 47 2 Viewing the ARP Table 378 Chapter 48 Routing Table 380 48 1 Overview 380 48 2 Viewing the Routing Table Status 380 Chapter 49 Path MTU Table 381 49 1 Path MTU Overview 381 49 2 Viewing the Path MTU Table 381 Chapter 50 Configure Clone 382 50 1 Overview 382 50 2 Configure Clone 382 Cha...

Страница 17: ...uide 17 52 1 Power Hardware Connections and LEDs 387 52 2 Switch Access and Login 388 52 3 Switch Configuration 390 Appendix A Customer Support 391 Appendix B Common Services 397 Appendix C IPv6 400 Appendix D Legal Information 409 Index 414 ...

Страница 18: ...18 PART I User s Guide ...

Страница 19: ...the ZON Utility at www zyxel com and install it on a computer For more information on the ZON Utility see Section 7 3 on page 56 The following table describes the port features of the 10G Switch 100Mbps connections are not guaranteed The next section shows a few examples of using the Switch in various network environments 1 1 1 Backbone Application The Switch is an ideal solution for small network...

Страница 20: ...abit Ethernet mini GBIC port on the Switch Moreover the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location Figure 2 Bridging Application 1 1 3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following example use trunking to connect these two networks Switching ...

Страница 21: ...han one group With VLAN a station cannot directly talk to or hear from stations that are not in the same group s unless such traffic first goes through a router For more information on VLANs refer to Chapter 9 on page 92 1 1 4 1 Tag based VLAN Example Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic VLAN groups c...

Страница 22: ...67 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to rest...

Страница 23: ...a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 2 3 Rack Mounting The Switch can be mounted on an EIA standard size 19 inch rack or in a wiring closet with other equipment Follow t...

Страница 24: ...bracket with the screw holes on the side of the Switch Figure 5 Attaching the Mounting Brackets 2 Using a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section 2 3 3 Mounting the Switch ...

Страница 25: ...s User s Guide 25 Figure 6 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Страница 26: ...t An auto negotiating port can detect and adjust to the optimum Ethernet speed of the connected device Auto 1000M Full Duplex supports Ethernet and fiber connections at 100Mbps or Table 2 Panel Connections CONNECTOR DESCRIPTION Ports 1 10 These are 100Mbps 1Gbps 10Gbps RJ 45 Ethernet ports Connect these ports to a computer a hub an Ethernet switch or router Ports 11 12 Ethernet These are 100Mbps 1...

Страница 27: ...ected at the same time then Ethernet port 11 will be disabled Ethernet and fiber ports 12 work the same way 3 1 1 1 Default Ethernet Negotiation Settings The factory default negotiation settings for the Ethernet ports on the Switch are Speed Auto Duplex Full Flow control Off Link Aggregation Disabled 3 1 2 SFP SFP Slots Fiber ports 11 and 12 are slots for Small Form Factor Pluggable Plus modules s...

Страница 28: ... transceiver Figure 8 Transceiver Installation Example Figure 9 Connecting the Fiber Optic Cables 3 1 2 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module 1 Remove the fiber optic cables from the transceiver 2 Open the transceiver s latch latch styles vary 3 Pull the transceiver out of the slot Figure 10 Removing the Fiber Optic Cables Figure 11 Opening the ...

Страница 29: ...Power Connector Note Make sure you are using the correct power source as shown on the panel To connect power to the Switch insert the female end of the power cord to the AC power receptacle on the rear panel Connect the other end of the supplied power cord to a power outlet Make sure that no objects obstruct the airflow of the fans located on the side of the unit ...

Страница 30: ...he system is functioning normally LOCATOR Blue Blinking Shows the actual location of the Switch between several devices in a rack 100M 1G 10G Ethernet Ports 100Mbps connections are not recommended as some legacy 100Mbps devices may have interoperability issues when connected to the combo ports The LED displays green for successfully connected 100Mbps devices that do not have interoperability issue...

Страница 31: ...YS LED is steady green not blinking Use a pointed instrument such as a pin to access the Reset button on the Switch as shown in Section 3 3 on page 30 2 Press the button for more than five seconds until the SYS LED begins to blink and then release it Wait for the Switch to restart the SYS LED will be steady green again This takes up to two minutes Note If you want to access the Switch web configur...

Страница 32: ...32 PART II Technical Reference ...

Страница 33: ...device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default Note See your browser help for details on enabling these features 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the default management IP address is 192 168 1 1 in the Location or Address field Press ...

Страница 34: ...3 The Status Screen The Status screen is the first screen that displays when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 15 Web Configurator Status Screen A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window A B G C D E F ...

Страница 35: ...witch that stays the same even if the Switch s power is turned off D Click this link to go to the status page of the Switch E Click this link to logout of the web configurator F Click this link to display web help pages The help pages provide descriptions for all of the configuration screens G Click this link to go to the ZON Neighbor Management screen where you can see and manage neighbor devices...

Страница 36: ...s you to a screen where you can configure static multicast MAC addresses for port s These static multicast MAC addresses do not age out Filtering This link takes you to a screen to set up filtering rules Spanning Tree Protocol This link takes you to screens where you can configure the RSTP MRSTP MSTP to prevent network loops Bandwidth Control This link takes you to a screen where you can configure...

Страница 37: ...can configure LLDP settings IP Application Static Routing This link takes you to a screen where you can configure static routes A static route defines how the Switch should forward traffic by configuring the TCP IP parameters manually DiffServ This link takes you to screens where you can enable DiffServ and set DSCP to IEEE802 1p mappings DHCP This link takes you to screens where you can configure...

Страница 38: ...figurator to save your configuration to nonvolatile memory Nonvolatile memory refers to the Switch s storage that remains even if the Switch s power is turned off Note Use the Save link when you are done with a configuration session Path MTU Table This link takes you to a screen where you can view the path MTU aging time index destination address MTU and expire settings Configure Clone This link t...

Страница 39: ...he Switch 8 Change a service port number but forget it Note Be careful not to lock yourself and others out of the Switch 4 6 Resetting the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to reset the Switch back to the factory defaults see Section 3 4 on page 30 4 7 Logging Out of the Web Configurator Click Logout in a screen to exit the we...

Страница 40: ...Chapter 4 The Web Configurator XS1920 Series User s Guide 40 Click the Help link from a web configurator screen to view an online help description of that screen ...

Страница 41: ...gure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 18 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN VLAN Configuration in the navigati...

Страница 42: ... member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Setting Port VID Use PVID to add a tag to incoming untagg...

Страница 43: ...ID field for port 2 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 2 Configuring Switch Management IP Address The default management IP address of the Switch is 192 168 1 1 You can configure another IP address in a different subnet for management purposes The following figure shows an example Figure ...

Страница 44: ...Basic Setting IP Setup in the navigation panel and then the IP Configuration link 4 Configure the related fields in the IP Configuration screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the S...

Страница 45: ...VLAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 21 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 26 1 on page 220 The settings in this tutorial are as the following 1 Access the Switch through http 192 168 1 1 by default Log into the Switch by entering the username default admin and password default 12...

Страница 46: ...7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 22 Tutorial Create a VLAN and Add Ports to It 3 Go to Advanced Application VLAN VLAN Configuration VLAN Port Setup and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 ...

Страница 47: ...vate and specify VLAN 100 as the DHCP VLAN as shown Click Apply Figure 24 Tutorial Specify DHCP VLAN 5 Click the Port link at the top right corner 6 The DHCP Snooping Port Configure screen appears Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5 Keep ports 6 and 7 Untrusted because they are connected to DHCP clients Click Apply ...

Страница 48: ... or system name you can also select an Option82 Profile in the entry See Section 26 15 1 3 on page 250 Figure 26 Tutorial Enable DHCP Snooping on this VLAN 8 Click Save at the top right corner of the web configurator to save the configuration permanently 9 Connect your DHCP server to port 5 and a computer as DHCP client to either port 6 or 7 The computer should be able to get an IP address from th...

Страница 49: ... configured your DHCP server 192 168 2 3 and want to have it assign a specific IP address say 172 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to the Switch s port 2 in VLAN 102 Figure 28 Tutorial DHCP Relay Scenario 6 3 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurat...

Страница 50: ... descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field Set VLAN Type to Normal 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s powe...

Страница 51: ...d then the VLAN Port Setup link in the VLAN Configuration screen Figure 31 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Страница 52: ...ow to enable DHCP relay on the Switch and allow the Switch to add relay agent information such as the VLAN ID to DHCP requests 1 Click IP Application DHCP DHCPv4 and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select default1 or default2 in the Option 82 Profile...

Страница 53: ...ver can then assign a specific IP address based on the DHCP request 6 3 4 Troubleshooting Check the client A s IP address If it did not receive the IP address 172 16 1 18 make sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch...

Страница 54: ...ses You can also display other status screens for more information Use the ZON Utility screen Section 7 3 on page 56 to deploy and manage network devices Use the Neighbor screen Section 7 4 on page 57 to view and manage Switch s neighbor devices Use the Port Status Summary screen Section 7 5 on page 58 to view the port statistics Use the Port Details screen Section 7 5 1 on page 60 to display indi...

Страница 55: ...n This field displays the version number and date of the firmware the Switch is currently running System Time This field displays the current date and time in the UAG The format is mm dd yyyy hh mm ss Serial Number This field displays the serial number of this Switch The serial number is used for device tracking and control System Up Time This field displays how long the Switch has been running si...

Страница 56: ...g figure shows the ZON Utility screen IP Address Information IPv4 Address This field displays the Switch s current IPv4 address Subnet Mask This field displays the Switch s subnet mask Default Gateway This field displays the IP address of the Switch s default gateway IP Setup Click the link to go to the Basic Setting IP Setup screen IPV6 Global Unicast Address This field displays the Switch s IPv6...

Страница 57: ...s Layer Link Discovery Protocol LLDP to discover all neighbor devices connected to the Switch including non ZyXEL devices You can perform tasks on the neighboring devices like login reboot turn the power off and then back on again and reset to factory default settings in the Neighbor Management screen For more information on LLDP see Section 34 3 on page 286 Click Status Neighbor to see the follow...

Страница 58: ...ighbor device Firmware This shows the firmware version of the neighbor device This field will show for non ZyXEL devices IP This shows the IP address of the neighbor device The IP address is a hyper link that you can click to log into and manage the neighbor device through its web configurator This field will show for non ZyXEL devices MAC This shows the MAC address of the neighbor device This fie...

Страница 59: ... ports State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port See Section 13 1 on page 121 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted fra...

Страница 60: ...istics Use this screen to check status and detailed performance data about an individual port on the Switch Figure 38 Port Status Port Details The following table describes the labels in this screen Table 10 Port Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port number you are viewing Name This field displays the name of the port ...

Страница 61: ...tted Tagged This field shows the number of VLAN tagged packets transmitted Rx Packet The following fields display detailed information about packets received Unicast This field shows the number of good unicast packets received Multicast This field shows the number of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the ...

Страница 62: ...s received that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets received that were ...

Страница 63: ...ssign priorities to queues Use the IP Setup screen Section on page 70 to configure the Switch IP address default gateway device and the management VLAN ID Use the Port Setup screen Section 8 7 on page 74 to configure Switch port settings Use the Interface Setup screens Section 8 8 on page 76 to configure Switch interface type and interface ID settings Use the IPv6 screens Section 8 9 on page 77 to...

Страница 64: ...his screen Table 11 Basic Setting System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes Product Model This field displays the product model of the Switch Use this information when searching for firmware upgrade or looking for other support information in the website ...

Страница 65: ...e upper temperature limit at this sensor Status This field displays Normal for temperatures below the threshold and Error for those above Fan Speed RPM A properly functioning fan is an essential component along with a sufficiently ventilated cool operating environment in order for the device to stay within the temperature threshold Each fan has a sensor that is capable of detecting and reporting i...

Страница 66: ...the name of the person in charge of this Switch You can use up to 32 printable ASCII characters spaces are allowed Use Time Server when Bootup Enter the time service protocol that your timeserver uses Not all time servers support all protocols so you may have to use trial and error to find a protocol that works The main differences between them are the time format When you select the Daytime RFC 8...

Страница 67: ...cted Daylight Saving Time The time is displayed in the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Uni...

Страница 68: ...etup Screen Click Basic Setting Switch Setup in the navigation panel to display the screen as shown The VLAN setup screens change depending on whether you choose 802 1Q or Port Based in the VLAN Type field in this screen Refer to Chapter 9 on page 92 for more information on VLAN Figure 41 Basic Setting Switch Setup The following table describes the labels in this screen Table 13 Basic Setting Swit...

Страница 69: ...mer Priority Queue Assignment IEEE 802 1p defines up to eight separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Frames without an explicit priority tag are given the default priority of the ingress port Use the next fields to configure the priority level to physical queue mapping The Switch has eight physical queues that you can map to t...

Страница 70: ...8 6 1 IP Status Use this screen to view configured IP settings as shown Figure 42 Basic Setting IP Setup IP Status The following table describes the labels in this screen 8 6 2 IP Status Detail Click the index link in the IP Status screen to view further details on this IP address Table 14 Basic Setting IP Setup IP Status LABEL DESCRIPTION Index Click the index link to view further details on this...

Страница 71: ...cally assigned from a DHCP server or manually assigned Static or DHCP VID This is the VLAN identification number to which an IP routing domain belongs IP Address This is the IP address of your Switch in dotted decimal notation for example 192 168 1 1 IP Subnet Mask This is the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Table 16 Basic Setting IP Setup IP Stat...

Страница 72: ...ess This is the IP address of your Switch in dotted decimal notation for example 192 168 1 1 IP Subnet Mask This is the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Lease Time This displays the length of time in seconds that this interface can use the current dynamic IP address from the DHCP server Renew Time This displays the length of time from the lease sta...

Страница 73: ...nt Select this option if you have a DHCP server that can assign the Switch an IP address subnet mask a default gateway IP address and a domain name server IP address automatically Static IP Address Select this option if you don t have a DHCP server or if you wish to assign static IP address information to the Switch You need to fill in the following fields when you select this option IP Address En...

Страница 74: ...Address This field displays the IP address IP Subnet Mask This field displays the subnet mask VID This field displays the ID number of the VLAN group Type This field displays whether this IP interface has a static or DHCP assigned IP address Select the entries you want to remove Select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry fro...

Страница 75: ... connection speed If the peer port does not support auto negotiation or turns off this feature the Switch determines the connection speed by detecting the signal on the cablee When the Switch s auto negotiation is turned off a port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer port are the same in order to conne...

Страница 76: ... module that is attached to the 10 Gigabit interface Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 18 Basic Setting ...

Страница 77: ...lays the type of interface Interface ID This field displays the identification number of the interface Interface This field displays the interface s descriptive name which is generated automatically by the Switch The name is from a combination of the interface type and ID number Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select...

Страница 78: ...or not MTU Size This field displays the Maximum Transmission Unit MTU size for IPv6 packets on this interface ICMPv6 Rate Limit Bucket Size This field displays the maximum number of ICMPv6 error messages which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 Rate Limit Error Interval This field displays the time period in millis...

Страница 79: ...TA is an identity association for temporary addresses IAID Each IA consists of a unique IAID and associated IP information T1 This field displays the DHCPv6 T1 timer After T1 the Switch sends the DHCPv6 server a Renew message An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server t...

Страница 80: ...l Address Setup Click the link to go to a screen where you can configure the IPv6 link local address for an interface IPv6 Global Address Setup Click the link to go to a screen where you can configure the IPv6 global address for an interface IPv6 Neighbor Discovery IPv6 Neighbor Discovery Setup Click the link to go to a screen where you can configure the IPv6 neighbor discovery settings IPv6 Route...

Страница 81: ...n router advertisements This is the maximum number of hops on which an IPv6 packet is allowed to transmit before it is discarded by an IPv6 router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppress...

Страница 82: ... loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click on an index number to change the settings Interfa...

Страница 83: ... IPv6 Link Local Address Setup continued LABEL DESCRIPTION Table 26 Basic Setting IPv6 IPv6 Configuration IPv6 Global Address Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure IPv6 Global Address Manually configure a static IPv6 global address for the interface Prefix Length Specify an IPv6 prefix length that specifies how many most significant bits start from the l...

Страница 84: ...lete to remove the selected entry ies from the summary table Cancel Click Cancel to clear the Delete check boxes Table 26 Basic Setting IPv6 IPv6 Configuration IPv6 Global Address Setup continued LABEL DESCRIPTION Table 27 Basic Setting IPv6 IPv6 Configuration IPv6 Neighbor Discovery Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure DAD Attempts The Switch uses Dupl...

Страница 85: ...atile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click on an index number to change the settings Interface This is the name of the IPv6 interface you created DAD Attempts This field displays the number of consecutive neighbor solicitations the...

Страница 86: ...mum Interval Specify the maximum time interval from 4 to 1800 seconds at which the Switch sends router advertisements for this interface Lifetime Specify how long from 0 to 9000 seconds the router in router advertisements can be used as a default router for this interface Suppress Select this option to set the Switch to not send router advertisements and responses to router solicitations on this i...

Страница 87: ...utoconfig Flag to not allow IPv6 hosts to use this prefix for stateless address autoconfiguration Select No Onlink Flag to not allow the specified prefix to be used for on link determination Select No Advertise Flag to set the Switch to not include the specified IPv6 prefix prefix length in router advertisements for this interface Add Click this to create a new entry or to update an existing one T...

Страница 88: ...Basic Setting IPv6 IPv6 Configuration IPv6 Neighbor Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure The Switch supports the VLAN interface type for IPv6 at the time of writing Interface ID Specify a unique identification number from 1 to 4094 for the interface A static IPv6 neighbor entry displays in the Management Neighbor Table screen only...

Страница 89: ...which can be reached through the interface Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entry ies that you want to remove and then click Delete to remove the selected entry ies from the summary table Cancel Click Cancel to clear the Delete check boxes Table 30 Basic Setting IPv6 IPv6 Configurat...

Страница 90: ...ges to the nonvolatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click on an index number to change the settings Interface This is the name of the IPv6 interface you created IA NA This field displays whether the Switch obtains a non temporary...

Страница 91: ... changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Domain Name Server Table Index This field displays priority of the DNS server address Server Add...

Страница 92: ...cify Use the Protocol Based VLAN screen Section 9 8 on page 104 to set up VLANs that allow you to group traffic into logical VLANs based on the protocol you specify Use the Voice VLAN screen Section 9 9 on page 106 to set up VLANs that allow you to group voice traffic with defined priority and enable the switch port to carry the voice traffic separately from data traffic to ensure the sound qualit...

Страница 93: ...agged Frames Each port on the Switch is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware switch to an 802 1Q VLAN unaware switch the Switch first decides where to forward the frame and then strips off the VLAN tag To forward a frame from an 802 1Q VLAN unaware switch to an 802 1Q VLAN aware switch the Switch first decides where to forward the frame and then...

Страница 94: ...s A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Figure 62 Port VLAN Trunking Table 33 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistr...

Страница 95: ... port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged from a port with the specified VID 9 2 VLAN Status Click Advanced Application VLAN from the navigation panel to display the VLAN Status screen as shown next F...

Страница 96: ...The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the Static VLAN screen Elapsed Time This fie...

Страница 97: ...ow long it has been since a normal VLAN was registered or a static VLAN was set up Status This field shows how this VLAN was added to the Switch Dynamic using GVRP Static manually added as a normal VLAN Private manually added as a private VLAN primary isolated or community Voice manually added as a Voice VLAN MVR added via Multicast VLAN Registration MVR Private VLAN Status These fields show priva...

Страница 98: ...N ID in a private VLAN Type This field shows the type of private VLAN Primary Community or Isolated Port List This shows the ports mapped to the private VLAN using the Advanced Application Private VLAN or Advanced Application VLAN Static VLAN screen Change Pages Use the Previous and Next buttons to display different pages Table 37 Advanced Application VLAN VLAN Configuration LABEL DESCRIPTION Stat...

Страница 99: ...scribes the related labels in this screen Table 38 Advanced Application VLAN VLAN Configuration Static VLAN Setup LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings Name Enter a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters VLAN Group ID Enter the VLAN ID for this static entry the valid range is between...

Страница 100: ...LAN group using GVRP This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select Forbidden if you want to prohibit the port from joining this VLAN group Tagging Select TX Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these ...

Страница 101: ...n this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Check If this check box is selected the Switch discards incoming frames on a port for VLANs that do not include t...

Страница 102: ...et 10 1 1 0 24 data services All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly That is video services receive the highest priority and data the lowest Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select All from the drop down list box to accept all untagged or tagged frames on th...

Страница 103: ...he VLAN Port Setting screen to display the configuration screen as shown Note Subnet based VLAN applies to un tagged packets and is applicable only when you use IEEE 802 1Q tagged VLAN Figure 71 Advanced Application VLAN VLAN Port Setting Subnet Based VLAN 10 1 1 0 24 192 168 1 0 24 172 16 1 0 24 Internet VID 100 VID 200 VID 300 Untagged Frames Tagged Frames ...

Страница 104: ... the subnet mask To find the bit number convert the subnet mask to binary format and add all the 1 s together Take 255 255 255 0 for example 255 converts to eight 1s in binary There are three 255s so add three eights together and you get the bit number 24 VID Enter the ID of a VLAN with which the untagged frames from the IP subnet specified in this subnet based VLAN are tagged This must be an exis...

Страница 105: ...6 and 7 All upstream ARP traffic from port 1 2 and 3 will be grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 72 Protocol Based VLAN Application Example 9 8 1 Configuring Protocol Based VLAN Click Protocol Based VLAN Setup in the VLAN Configura...

Страница 106: ... 0800 and Novell IPX protocol is 8137 Note Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based VLANs VID Enter the ID of a VLAN to which the port belongs This must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add ...

Страница 107: ... off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to default settings Voice VLAN OUI Setup OUI address Type the IP Phone manufacturer s OUI MAC address The first three byes is the manufacturer identifier t...

Страница 108: ...screen Click MAC based VLAN in the VLAN Configuration window to see the following screen Figure 75 Advanced Application VLAN VLAN Configuration MAC based VLAN Setup The following table describes the fields in the above screen OUI mask This field displays the OUI mask address of the Voice VLAN Description This field displays the description of the Voice VLAN with OUI address Select an entry s check...

Страница 109: ...ased as the VLAN Type in the Basic Setting Switch Setup screen VID Type an ID from 1 to 4094 for the VLAN ID that is associated with the MAC based VLAN entry Priority Type a priority 0 7 for the MAC based VLAN entry The higher the numeric value you assign the higher the priority for this MAC based VLAN entry Add Click Add to save the new MAC based VLAN entry Cancel Click Cancel to clear the fields...

Страница 110: ...s User s Guide 110 Figure 76 Basic Setting Switch Setup Port Based Then click Advanced Application VLAN from the navigation panel to display the next screen Figure 77 Advanced Application VLAN Port Based VLAN Setup All Connected ...

Страница 111: ...mize these settings by adding deleting incoming or outgoing ports but you must also click Apply at the bottom of the screen Incoming These are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the inc...

Страница 112: ...IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN with an ID of 5 Type 5 6 Leave the priority set to 0 and click Add Figure 79 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 Apply Click Apply to save your changes to the Switch s run time memory The Swit...

Страница 113: ...Chapter 9 VLAN XS1920 Series User s Guide 113 2 Change the value in the Port field to the next port you want to add 3 Click Add ...

Страница 114: ...tatic MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to acce...

Страница 115: ...e top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwarding rule is active Yes or not No ...

Страница 116: ...ber of a multicast group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the mult...

Страница 117: ...orwarding to Multiple Ports 11 2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific port s Click Advanced Application Static Multicast Forwarding to display the configuration screen as shown Figure 84 Advanced Application Static Multicast Forwarding ...

Страница 118: ... 5 Enter 3 5 7 for ports 3 5 and 7 Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this s...

Страница 119: ...r destination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 119 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 85 Advanced Application...

Страница 120: ... Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index This field...

Страница 121: ...h Use the Rapid Spanning Tree Protocol screen Section 13 4 on page 125 to configure RSTP settings Use the Rapid Spanning Tree Protocol Status screen Section 13 4 1 on page 127 to view the RSTP status Use the Multiple Rapid Spanning Tree Protocol screen Section 13 5 on page 128 to configure MRSTP Use the Multiple Rapid Spanning Tree Protocol Status screen Section 13 5 1 on page 130 to view the MRST...

Страница 122: ...is switch has been accepted as the root bridge of the spanning tree network For each LAN segment a designated bridge is selected This bridge has the lowest cost to the root among the bridges connected to the LAN How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port and the ports that are the designated ports for connected LANs and disables all othe...

Страница 123: ...MRSTP on the Switch and specify which port s belong to which spanning tree Note Each port can belong to one STP tree only Figure 86 MRSTP Network Example Multiple STP Multiple Spanning Tree Protocol IEEE 802 1s is backward compatible with STP RSTP and addresses the limitations of existing spanning tree protocols STP and RSTP in networks to include the following features Table 49 STP Port States PO...

Страница 124: ...col status screen changes depending on what standard you choose to implement on your network Click Advanced Application Spanning Tree Protocol to see the screen as shown Figure 87 Advanced Application Spanning Tree Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration ...

Страница 125: ...ced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 121 for background information on STP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is tu...

Страница 126: ... LAN If it is a root port a new root port is selected from among the Switch ports attached to the network The allowed range is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time ...

Страница 127: ...op navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 51 Advanced Application Spanning Tree Protocol RSTP continued LABEL DESCRIPTION Table 52 Advanced Application Spanning Tree Protocol Status RSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to a...

Страница 128: ... cost and is the best port from the non root bridge to the root bridge A root bridge does not have a root port Designated A forwarding port on the designated bridge for each connected LAN segment A designated bridge has the lowest path cost to the root bridge among the bridges connected to the LAN segment All the ports on a root bridge root switch are designated ports Alternate A blocked port whic...

Страница 129: ...panning Tree Protocol Configuration screen to enable MRSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the STP root switch If all switches have the same priority the switch with the lowest MAC address will then become the root switch Select a value from the drop ...

Страница 130: ...this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate STP on this port Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking stat...

Страница 131: ...me second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait bef...

Страница 132: ...root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port moves to the forwarding state when the designated port for the LAN segment fails Backup A blocked port which has a backup redundant path to a LAN segment where a designated port is already connected when a switch has two links to the ...

Страница 133: ...Chapter 13 Spanning Tree Protocol XS1920 Series User s Guide 133 Figure 93 Advanced Application Spanning Tree Protocol MSTP ...

Страница 134: ...wed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Maximum hops Enter the number of hops between 1 and 255 in an MSTP region before the BPDU is discarded and the port information is aged Configuration Name Enter a descriptive name up to 32 characters of an MST region Revision Number Enter a number to identify a region s configuration Devices must have the ...

Страница 135: ... are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost see Table 48 on page 122 for more information Add Click Add to save this MST instance to the Switch s run tim...

Страница 136: ...me for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately wit...

Страница 137: ...idge is this switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message Max Age second This is the maximum time in sec...

Страница 138: ...te with the root of the MST instance Port This field displays the number of the port on the Switch Port State This field displays the port state in STP Discarding The port does not forward process received frames or learn MAC addresses but still listens for BPDUs Learning The port learns MAC addresses and processes BPDUs but does not forward frames yet Forwarding The port is operating normally It ...

Страница 139: ...pped to different spanning trees in the network Thus traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Designated Port ID This field displays the priority and number of the bridge port on the designated bridge through which the designated bridge transmits the stored configuration messages Designated Cost This field displays the path cost...

Страница 140: ...erse the region Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings These include the following parameters Name of the MST region Revision level as the unique number for the MST region VLAN to MST Instance mapping 13 7 3 MST Instance An MST Instance MSTI is a spanning tree instance VLANs can be configured to run on a specific MSTI E...

Страница 141: ...t is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled network there is only one CIST that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network segments running RSTP Figure 99 MSTP and Legacy RSTP Netw...

Страница 142: ...control means defining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 1 1 What You Can Do Use the Bandwidth Control screen Section 14 2 on page 142 to limit the bandwidth for traffic going through the Switch 14 2 Bandwidth Control Setup Click Advanced Application Bandwidth Control in the navigation panel to bring up the screen as shown next ...

Страница 143: ... to all the ports as soon as you make them Active Select this check box to activate ingress rate limits on this port Ingress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Note Ingress rate bandwidth control applies to layer 2 traffic only Active Select this check box to activate egress rate limits on this port Egress Rate Specify the...

Страница 144: ...t multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 1 1 What You Can Do Use the Broadcast Storm Control screen Section 15 2 on page 144 to limit the number of broadcast multicast and destination lookup failure DLF pac...

Страница 145: ...settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destina...

Страница 146: ...ic from the monitor port without interference 16 1 1 What You Can Do Use the Mirroring screen Section 16 2 on page 146 to select a monitor port and specify the traffic flow to be copied to the monitor port 16 2 Port Mirroring Setup Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be...

Страница 147: ...orts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop do...

Страница 148: ...data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 3 on page 150 to configure to enable static link aggregation Use the Link Aggregation Control Protocol screen Section 17 4 on page 152 to enable Link Aggregation Control Protocol LACP 17 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a properly pl...

Страница 149: ...ork topology loops Link Aggregation ID LACP aggregation ID consists of the following information Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group not the individual port 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Link Aggregation Status screen displays by default See Section 17 1 on page 148 for more inform...

Страница 150: ...ggregation ID on page 149 for more information on this field The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distribu...

Страница 151: ...nk within the trunk By default the Switch uses the src dst mac distribution type If the Switch is behind a router the packet s destination or source MAC address will be changed In this case set the Switch to distribute traffic based on its IP address to make sure port trunking can work properly Select src mac to distribute traffic based on the packet s source MAC address Select dst mac to distribu...

Страница 152: ... which a port belongs Note When you enable the port security feature on the Switch and configure port security settings for a port you cannot include the port in an active trunk group Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the no...

Страница 153: ...nk Aggregation Control Protocol LACP The smaller the number the higher the priority level Group ID The field identifies the link aggregation group that is one logical link containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same fo...

Страница 154: ...ink Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 107 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete A B EXAMPLE ...

Страница 155: ... 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 18 1 1 What You Need to Know IEEE 802 1x authentication uses the RADIUS Remote Authentication Dial In User Service RFC 2138 2139 protocol to validate users See RADIUS and TACACS for more information on configuring your RADIUS server settings IEEE 802 1x Authentication The following...

Страница 156: ...nt for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch Figure 109 MAC Authentication Process New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied New Connection Aut...

Страница 157: ...settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Figure 110 Advanced Application Port Authentication 18 3 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication screen click 802 1x to display the configuration screen as shown Figure 111 Ad...

Страница 158: ...mit 802 1x authentication on this port You must first allow 802 1x authentication on the Switch before configuring it on each port Max Req Specify the number of times the Switch tries to authenticate client s before sending unresponsive ports to the Guest VLAN This is set to 2 by default That is the Switch attempts to authenticate a client twice If the client does not respond to the first authenti...

Страница 159: ...nced Application Port Authentication 802 1x Guest VLAN LABEL DESCRIPTION Port This field displays a port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Acti...

Страница 160: ...t user enters the correct credential any other users are allowed to access the port without authentication If the first user fails to enter the correct credential they are all put in the guest VLAN Once the first user who did authentication logs out or disconnects from the port rest of the users are blocked until a user does the authentication process again Select Multi Secure to authenticate each...

Страница 161: ...orwarded to the RADIUS server Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server You can enter up to 32 printable ASCII characters Timeout Specify the amount of time before the Switch allows a client MAC address that fails authentication to try and authenticate again Maximum time is 3000 seconds When a client fails MAC authe...

Страница 162: ... on this port You must first allow MAC authentication on the Switch before configuring it on each port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin conf...

Страница 163: ...urity enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activated 19 1 1 What You Can Do Use the Port Security screen Section 19 2 on page 163 to ...

Страница 164: ... boxes and clear the Address Learning check boxes only for the ports specified in the Port list Active Select this option to enable port security on the Switch Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by...

Страница 165: ...up screen The valid range is from 0 to 16384 0 means this feature is disabled Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afres...

Страница 166: ... the rule Click an index number to change the settings Active This field displays Yes when the rule is activated and No when is it deactivated Port This field displays the number of the port to which this rule is applied VID This is the VLAN ID number to which the port belongs Limit Number This is the maximum number of MAC addresses which a port can learn in a VLAN Select an entry s check box to s...

Страница 167: ...vantage of the time range feature is that it allows you to schedule the active time of configurations For example see Section 21 2 on page 169 to configure the classifier rule with time range The time range can be configured in two ways Absolute and Periodic Absolute is a fixed time range with a start and end time Periodic is recurrence of a time range and doesn t have an end time 20 2 Time Range ...

Страница 168: ...urring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the same day Days of the week Time Use the check boxes and drop down list boxes to set the periodic time range This is a recurrence time range Add...

Страница 169: ...video on demand A classifier groups traffic into data flows according to specific criteria such as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune netwo...

Страница 170: ...ield displays the rule s weight This is to indicate a rule s priority when the match order is set to manual in the Classifier Classifier Global Setting screen The higher the number the higher the rule s priority Name This field displays the descriptive name for this rule This is for identification purpose only Match Count This field displays the number of times a rule is applied It displays if the...

Страница 171: ...Chapter 21 Classifier XS1920 Series User s Guide 171 Figure 119 Advanced Application Classifier Configuration ...

Страница 172: ... format of the packet Choices are All 802 3 tagged 802 3 untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II indicates that the packets are formatted according to RFC 894 Ethernet II encapsulation Layer 2 Specify the fields below to configure a layer 2 classifier VLAN Select Any ...

Страница 173: ...its of the 8 bit ToS field value between 0 and 255 in the field provided IP Protocol Select an IPv4 protocol type or select Other and enter the protocol number in decimal value Refer to Table 77 on page 175 for more information You may select Establish Only for TCP protocol type This means that the Switch will identify packets that initiate or acknowledge establish TCP connections IPv6 Next Header...

Страница 174: ...ou are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Table 73 Advanced Application Classifier Classifier Configuration continued LABEL DESCRIPTION Table 74 Classifier Status Summary Table LABEL DESCRIPTION Index This field displays the index number of the rule Click an index number to edit the rul...

Страница 175: ...o configure the match order and enable logging on the Switch In the Classifier Configuration screen click Classifier Global Setting to display the configuration screen as shown Figure 121 Advanced Application Classifier Configuration Classifier Global Setting Chaosnet 0804 X 25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Table 76 Common IP Prot...

Страница 176: ...onfigured in Advanced Application Classifier Configuration Alternatively select auto to have classifier rules applied according to the layer of the item configured in the rule Layer 4 items have the highest priority Logging Active Select this to create a log when packets match a classifier rule during a defined time interval Interval Select the length of the time period in seconds to count matched...

Страница 177: ...Chapter 21 Classifier XS1920 Series User s Guide 177 Figure 122 Classifier Example EXAMPLE ...

Страница 178: ... ensures that a traffic flow gets the requested treatment in the network 22 1 1 What You Can Do Use the Policy screen Section 22 2 on page 178 to enable the policy and display the active classifier s you configure in the Classifier screen 22 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 21 2 on page 169 for more information Click Advance...

Страница 179: ...re 123 Advanced Application Policy Rule The following table describes the labels in this screen Table 79 Advanced Application Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy Name Enter a descriptive name for identification purposes ...

Страница 180: ...fy a new DSCP number between 0 and 63 if you want to replace or remark the DSCP number for out of profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Note You can specify only one action pair in a policy rule To have the Switch take multiple actions on the same traffic flow you need to define multiple classifiers with the same criteria and apply d...

Страница 181: ...t of profile traffic and drop it when network is congested Select Do not drop the matching frame previously marked for dropping to queue the frames that are marked to be dropped Add Click Add to inset the entry to the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation...

Страница 182: ... that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth ...

Страница 183: ...ure in the queue Weight field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than queues with smaller weights This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied 23 2 Configur...

Страница 184: ...plication Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them ...

Страница 185: ...th larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ Lowest Queue This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use SPQ to service the subsequent queue s after and including ...

Страница 186: ...24 3 1 on page 191 to enable IGMP snooping to forward group multicast traffic only to ports that are members of that group Use the IPv6 Multicast Status screen Section 24 4 on page 196 to view multicast group information Use the MLD Snooping proxy screen Section 24 4 1 on page 197 to enable the upstream port to report group changes to a connected multicast router and forward MLD messages to other ...

Страница 187: ...he VLANs that IGMP snooping should be performed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN MLD Snooping proxy MLD snooping proxy is a ZyXEL proprietary feature IPv6 MLD proxy allows only one upstream interface on a switch while MLD snooping proxy supports more than o...

Страница 188: ...R Overview Multicast VLAN Registration MVR is designed for applications such as Media on Demand MoD that use multicast traffic across an Ethernet ring based service provider network MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network While isolated in different subscriber VLANs connected devices can subscribe to and unsubscribe from the multicast strea...

Страница 189: ...a multicast television example where a subscriber device such as a computer in VLAN 1 receives multicast traffic from the streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A sends an IGMP report to the Switch to join the appropriate multicast group If the ...

Страница 190: ...on Multicast IPv4 Multicast to display the screen as shown This screen shows the IPv4 multicast group information See Section 24 1 on page 186 for more information on multicasting Figure 128 Advanced Application Multicast IPv4 Multicast S Multicast VLAN VLAN 1 A Table 81 Advanced Application Multicast Setup LABEL DESCRIPTION IPv4 Multicast Click the link to open screens where you can configure IGM...

Страница 191: ...scribes the labels in this screen Table 82 Advanced Application Multicast IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group This field displays IP multicast group addresses Table 83 Advanced Application Multicast IPv4 Multicast IGMP S...

Страница 192: ...0C CC CC CC and 01 00 0C CC CC CD are also included in this group Specify the action to perform when the Switch receives a frame with a reserved multicast address Select Drop to discard the frame s Select Flooding to send the frame s to all ports Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all por...

Страница 193: ... is reached Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table entry is aged out Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report s received on this port IGMP Filtering Profile Select the name of the IGMP filtering profile to use for this port Otherwise select Default to prohibit the ...

Страница 194: ...changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh VLAN Use this section of the screen to add VLANs upon which the Switch is to perform IGMP snooping Name Ent...

Страница 195: ...splays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Delete Check the entry ies that you want to remove in the Delete column then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 84 Advanced Application Multicast IPv4 Multicast IGMP Snooping IGMP Snooping VLAN continued LABEL DESCRIPTION Table 85 Advanced Applicati...

Страница 196: ... a profile s check box to select a specific profile Otherwise select the check box in the table heading row to select all profiles Delete Rule Select the check box es of the rule s that you want to remove from a profile Delete To delete the profile s and all the accompanying rules select the profile s that you want to remove in the Delete Profile column then click the Delete button To delete a rul...

Страница 197: ...pplication Multicast IPv6 Multicast MLD Snooping proxy VLAN Table 87 Advanced Application Multicast IPv6 Multicast MLD Snooping proxy LABEL DESCRIPTION MLD Snooping proxy Use these settings to configure MLD snooping proxy Active Select Active to enable MLD snooping proxy on the Switch to minimize MLD control messages and allow better network performance 802 1p Priority Select a priority level 0 7 ...

Страница 198: ...r Query Interval and Robustness Variable Robustness Variable Enter the number of queries A multicast address entry learned only on an upstream port by snooping is removed from the forwarding table when there is no response to the configured number of queries sent by the router connected to the upstream port This value should be exactly the same as what s configured in the connected multicast route...

Страница 199: ...N entry in the table Click on an index number to view more details or change the settings VID This field displays the ID number of the VLAN group Check the entry ies that you want to remove Select the check box in the table heading row to select all entries Delete Click Delete to remove the entry selected permanently Cancel Click Cancel to clear the check boxes Table 88 Advanced Application Multic...

Страница 200: ... removes an MLD snooping membership entry learned on a downstream port immediately Immediate or wait for an MLD report before the leave timeout Normal or fast leave timeout Fast when an MLD leave message is received on this port from a host Leave Timeout Enter the MLD snooping normal leave timeout in milliseconds the Switch uses to update the forwarding table for the specified downstream port s Th...

Страница 201: ...ect this option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new MLD Report message is dropped on this port Filtering Profile Select the name of the MLD filtering profile to use for this port Otherwise select Default to pr...

Страница 202: ...cify a different IP multicast address range Start Address Type the starting multicast IPv6 address for a range of multicast IPv6 addresses that you want to belong to the MLD filtering profile End Address Type the ending multicast IPv6 address for a range of IPv6 addresses that you want to belong to the MLD filtering profile If you want to add a single multicast IPv6 address enter it in both the St...

Страница 203: ...ic VLAN with the same VID when you create a multicast VLAN in this screen To delete the profile s and all the accompanying rules select the profile s that you want to remove then click the Delete button You can select the check box in the table heading row to select all profiles To delete a rule s from a profile select the rule s that you want to remove then click the Delete button Delete Click De...

Страница 204: ...ptive name up to 32 printable ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP or MLD control packets belonging to this multicast VLAN Mode Specify the MVR mode on the Switch Choices are Dynamic and Compatible Select Dynamic to sen...

Страница 205: ...nt or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non...

Страница 206: ...address for a multicast group Refer to IP Multicast Addresses on page 186 for more information on IP multicast addresses Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done confi...

Страница 207: ...MVR Configuration Example To configure the MVR settings on the Switch create a multicast VLAN in the MVR screen and set the receiver and source ports Delete Select the entry ies that you want to remove then click the Delete button to remove the selected entry ies from the table If you delete a multicast VLAN all multicast groups in this VLAN will also be removed Cancel Select Cancel to clear the c...

Страница 208: ... forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two IPv4 multicast groups News and Movie are configured for the multicast VLAN 200 Figure 142 MVR Group Configuration Example EXAMPLE EXAMPLE ...

Страница 209: ...Chapter 24 Multicast XS1920 Series User s Guide 209 Figure 143 MVR Group Configuration Example EXAMPLE ...

Страница 210: ...4 on page 213 to configure your TACACS authentication settings Use the AAA Setup screen Section 25 5 on page 215 to configure authentication authorization and accounting settings such as the methods used to authenticate users accessing the Switch and which database the Switch should use first 25 1 2 What You Need to Know Authentication is the process of determining who a user is and validating acc...

Страница 211: ...US and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some key differences between RADIUS and TACACS 25 2 AAA Screens The AAA screens allow you to enable authentication and authorization or both of them on the Switch First configure your authentication server settings RADIUS TACACS or both and then set up the auth...

Страница 212: ...h the second RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the RADIUS server If you are using index priority for your authentication and you are using two RADIUS servers then the timeout value is divided between the two ...

Страница 213: ...resenting a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared b...

Страница 214: ...you are using index priority for your authentication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first TACACS server for 15 seconds and then tries the second TACACS server Index This is a read only number representing a TACACS server entry I...

Страница 215: ...9 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external TACACS accounting server and the Switch This key is not sent over the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to re...

Страница 216: ...ides the following services to a user Exec Allow an administrator who logs into the Switch to have a different access privilege level assigned via the external server Dot1x Allow an IEEE 802 1x client to have different bandwidth limit or VLAN ID assigned via the external server Active Select this to activate authorization for a specified event types Method Select whether you want to use RADIUS or ...

Страница 217: ...ing you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server Mode The Switch supports two modes of recording login events Select start stop to have the Switch send information to the accounting server when a user begins a session during a user s...

Страница 218: ...d for authentication This section lists the attributes used by authentication functions on the Switch In cases where the attribute has a specific format associated with it the format is specified Table 98 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment Vendor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 ...

Страница 219: ... User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 25 6 3 2 Attributes Used to Login Users User Name User Password NAS Identifier NAS IP Address 25 6 3 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS Identifier NAS IP Address NAS Port NAS Port Type This value is set to Ethernet 15 on the Switch Ca...

Страница 220: ...r DHCP snooping and ARP inspection Use the DHCP Snooping screen Section 26 5 on page 225 to look at various statistics about the DHCP snooping database Use this DHCP Snooping Configure screen Section 26 5 1 on page 228 to enable DHCP snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use the DHCP Snooping P...

Страница 221: ...affic from all link local addresses Use the IPv6 Source Guard Port Setup screen Section 26 11 on page 244 to apply configured IPv6 source guard policies to the ports you specify Use the IPv6 Snooping Policy Setup screen Section 26 12 on page 245 to dynamically create an IPv6 source guard binding table using a DHCPv6 snooping policy A DHCPv6 snooping policy lets the Switch sniff DHCPv6 packets sent...

Страница 222: ... or ARP inspection and look at various statistics IPv6 Source Binding Status Click the link to open a screen where you can view the current IPv6 dynamic and static bindings or remove dynamic bindings based on IPv6 address and or IPv6 prefix IPv6 Static Binding Setup Click the link to open a screen where you can manually create IPv6 source guard static binding entries IPv6 Source Guard Policy Setup...

Страница 223: ... LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how many days hours minutes and seconds the binding is valid for example 2d3h4m5s means the binding is still valid for 2 days 3 hours...

Страница 224: ...able Port List Select this and enter the number of the port s separated by a comma ARP entries learned on the specified port s are added to the static bindings table after you click ARP Freeze VLAN List Select this and enter the ID number of the VLAN s separated by a comma ARP entries for the specified VLAN s are added to the static bindings table after you click ARP Freeze Static Binding MAC Addr...

Страница 225: ...long the binding is valid Type This field displays how the Switch learned the binding static This binding was learned from information provided manually by an administrator VLAN This field displays the source VLAN ID in the binding Port This field displays the port number in the binding If this field is blank the binding applies to all ports Select an entry s check box to select a specific entry O...

Страница 226: ...labels in this screen Table 103 Advanced Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database You can configure them in the DHCP Snooping Configure screen See Section 26 5 1 on page 228 Agent URL This field displays the location of the DHCP snooping database ...

Страница 227: ...g database unsuccessfully Last failed reason This field displays the reason the Switch updated the DHCP snooping database unsuccessfully This section displays historical information about the number of times the Switch successfully or unsuccessfully read or updated the DHCP snooping database Total attempts This field displays the number of times the Switch has tried to access the DHCP snooping dat...

Страница 228: ...xpired leases This field displays the number of bindings the Switch ignored because the lease time had already expired Unsupported vlans This field displays the number of bindings the Switch ignored because the VLAN ID does not exist anymore Last ignored time This field displays the last time the Switch ignored any bindings for any reason from the DHCP binding database Total ignored bindings count...

Страница 229: ...between DHCP requests from different VLAN Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN Database If Timeout interval is greater than Write delay interval it is possible that the next update is scheduled to occur before the current update has finished successfully or timed out In this case the Switch waits to start the next update until it completes the cur...

Страница 230: ... you want the Switch to load it You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL When the Switch loads dynamic bindings from a DHCP snooping database it does not discard the current dynamic bindings first If there is a conflict the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in t...

Страница 231: ...rusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCP servers or other switches and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high Untrusted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for exa...

Страница 232: ...field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option 82 Profile Select a pre defined DHCP opt...

Страница 233: ...g Configure screen see Section 26 5 1 on page 228 The profile you select here has priority over the one you select in the DHCP Snooping Configure VLAN screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to sa...

Страница 234: ...al number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field displays the source VLAN ID in the MAC address filter Port This field displays the source port of the discarded ARP packet Expiry sec This field displays how long in seconds the MAC address filter remains in the Switch You can also delete the record manually Delete ...

Страница 235: ...t to look at in the section below Enabled VLAN Select this to look at all the VLANs on which ARP inspection is enabled in the section below Selected VLAN Select this to look at all the VLANs in a specific range in the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section belo...

Страница 236: ...s field displays the source VLAN ID of the ARP packet Sender MAC This field displays the source MAC address of the ARP packet Sender IP This field displays the source IP address of the ARP packet Num Pkts This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates identical log messages generated by ARP packets in the log consolidation interva...

Страница 237: ...ddress filters Enter how long 1 2147483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Enter 0 if you want the MAC address filter to be permanent Log Profile Log buffer size Enter the maximum number 1 1024 of log messages that were generated by ARP packets and have not...

Страница 238: ... syslog server The relationship between Syslog rate and Log interval is illustrated in the following examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the Switch sends 5 syslog messages every 2 seconds Log interval Enter how often 1 86400 seconds the Switch...

Страница 239: ...scards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on untrusted ports Limit These settings have no effect on trusted ports Rate pps Specify the maximum rate 1 2048 packets per second at...

Страница 240: ...N ID you want to manage in the section below Apply Click this to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch gen...

Страница 241: ...y by administrators static bindings To open this screen click Advanced Application IP Source Guard IPv6 Source Binding Status Figure 163 Advanced Application IP Source Guard IPv6 Source Binding Status The following table describes the labels in this screen Table 114 Advanced Application IP Source Guard IPv6 Source Binding Status LABEL DESCRIPTION Clear Dynamic Source Binding Specify how you want t...

Страница 242: ... in the binding MAC Address This field displays the source MAC address in the binding If the entry is blank this field will not be checked in the binding VLAN This field displays the source VLAN ID in the binding If the entry is blank this field will not be checked in the binding Port This field displays the port number in the binding If this field is blank the binding applies to all ports Lease T...

Страница 243: ...e binding If this binding doesn t check this field select Any Note You cannot choose Any for all three of MAC Address VLAN and Port You must fill in at least one VLAN Enter the source VLAN ID in the binding If this binding doesn t check this field select Any Port Specify the port s in the binding If this binding has one port select the first radio button and enter the port number in the field to t...

Страница 244: ...ise leave the setting at Deny A link local address is an IPv6 unicast address that can be automatically configured on any interface using the link local prefix FE80 10 and the interface identifier in the modified EUI 64 format Add Click this to create the IPv6 source guard policy or to update an existing one Cancel Click this to reset the values above or if not applicable to clear the fields above...

Страница 245: ... perform DHCPv6 snooping Table 117 Advanced Application IP Source Guard IPv6 Source Guard Port Setup LABEL DESCRIPTION Port This field displays the port number If you configure the port the settings are applied to all of the ports Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then...

Страница 246: ...ries See the product datasheet for the latest specifications Add Click this to create the specified IPv6 snooping policy or to update an existing one Cancel Click this to reset the values above based or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each IPv6 snooping policy Name This field displays the descr...

Страница 247: ...ort to have all ports be Untrusted or Trusted Table 119 Advanced Application IP Source Guard IPv6 Snooping VLAN Setup LABEL DESCRIPTION Interface Select the VLAN interface to apply the selected DHCPv6 snooping policy Policy Select the IPv6 snooping policy to apply to this VLAN interface Add Click this to create the VLAN interface to IPv6 snooping policy association Cancel Click this to reset the v...

Страница 248: ... then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Trusted state Select whether this port is a trusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCPv6 servers or other switches Untrusted ports are connected to subscribers and the Switch discards DHCPv6 packets from untrusted ports in the fol...

Страница 249: ...s will not succeed Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do n...

Страница 250: ... headers of client DHCP request frames See Chapter 37 on page 317 for more information about DHCP relay option 82 When the DHCP server responds the Switch removes the information in the Agent Information field before forwarding the response to the original source You can configure this setting for each source VLAN This setting is independent of the DHCP relay settings Chapter 37 on page 317 26 15 ...

Страница 251: ...address filters are different than regular MAC address filters Chapter 12 on page 119 They are stored only in volatile memory They do not use the same space in memory that regular MAC address filters use They appear only in the ARP Inspection screens not in the MAC Address Filter screens 26 15 2 2 Trusted vs Untrusted Ports Every port is either a trusted port or an untrusted port for ARP inspectio...

Страница 252: ... DHCP snooping See Section 26 15 1 4 on page 250 Note It is recommended you enable DHCP snooping at least one day before you enable ARP inspection so that the Switch has enough time to build the binding table 2 Enable ARP inspection on each VLAN 3 Configure trusted and untrusted ports and specify the maximum number of ARP packets that each port can receive per second ...

Страница 253: ...nformation 27 1 1 What You Can Do Use the Loop Guard screen Section 27 2 on page 255 to enable loop guard on the Switch and in specific ports 27 1 2 What You Need to Know Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a sw...

Страница 254: ... is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 174 Loop Gua...

Страница 255: ...te the disabled port via the web configurator see Section 8 7 on page 74 27 2 Loop Guard Setup Click Advanced Application Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol RSTP MRSTP or MSTP enabled Figure 176 Advanced Application Loop Guard A P P N P ...

Страница 256: ... Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the switch it is connected to is in loop state If the switch that this port is connected is in loop state the Switch will shut down this port Clear this check box to disable the loop guard feat...

Страница 257: ...ocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure connected through the service provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 177 Layer 2 Protocol Tunneling Network Scenario ...

Страница 258: ... Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the service provider s network and connected to another service provider s switch Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port 28 2 Configuring Layer 2 Protocol Tunne...

Страница 259: ...hes in the service provider s network should be set to use the same MAC address for encapsulation Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them CDP Select this option to have the Switch tunnel CDP Cisco...

Страница 260: ...tus of a link Mode Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and forward them to the tunnel port s Select Access for ingress ports at the edge of the service provider s network Note You can enable L2PT services for STP LACP VTP CDP UDLD and PAGP on the access port s only Select Tunnel for egress ports at the edge of the service provider s network The Switch...

Страница 261: ...termediate Agent PPPoE IA Overview 29 1 1 What You Can Do Use the PPPoE screen Section 29 2 on page 264 to display the main PPPoE screen Use the Intermediate Agent screen Section 29 3 on page 264 to enable the PPPoE Intermediate Agent on the Switch Use the PPPoE IA Per Port screen Section 29 3 1 on page 265 to set the port state and configure PPPoE intermediate agent sub options on a per port basi...

Страница 262: ...ld The Switch takes the Circuit ID string you manually configure for a VLAN on a port as the highest priority and the Circuit ID string for a port as the second priority In addition the Switch puts the PPPoE client s MAC address into the Agent Remote ID Sub option if you do not specify any user defined string Flexible Circuit ID Syntax with Identifier String and Variables If you do not configure a...

Страница 263: ...overy Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the Switch forwards it to other trusted port s Note The Switch will drop all PPPoE discovery packets if yo...

Страница 264: ...ditional subscriber information that the server can use to identify and authenticate a PPPoE client Click Advanced Application PPPoE Intermediate Agent in the navigation panel to display the screen as shown Figure 182 Advanced Application PPPoE Intermediate Agent The following table describes the labels in this screen Table 128 Advanced Application PPPoE Intermediate Agent LABEL DESCRIPTION Active...

Страница 265: ...is option to have the Switch add the user defined identifier string and variables specified in the option field to PADI or PADR packets from PPPoE clients If you leave this option unselected the Switch will use the string specified in the access node identifier field identifier string Specify a string that the Switch adds in the Agent Circuit ID sub option You can enter up to 53 ASCII characters S...

Страница 266: ...e Discovery Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the Switch forwards it to other trusted port s Untrusted ports are downlink ports connected to subscribers If a PADI PADR or PADT packet is sent from a PPPoE client and received on an un...

Страница 267: ... so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 129 Advanced Application PPPoE Intermediate Agent Port continued LABEL DESCRIPTION Table 130 Advanced Application PPPoE Intermediate Agent Port VLAN LABEL DESCRIPTION Show Port Enter a port number to show t...

Страница 268: ...st priority Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 130 Advanced Application PPPoE Intermediate Agent Port VLA...

Страница 269: ...take effect Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 131 Advanced Application PPPoE Intermediate Agent VLAN con...

Страница 270: ... control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Use the Errdisable Detect screen Section 30 5 on page 273 to have the Switch detect whether the control packets exceed the rate limit configured for a port and configure the action to take once the limit is exceeded Use the Errdisable Recovery screen Section 30 6 on page 274 to set the Switch to automatically u...

Страница 271: ...h you want to reset inactive reason status Cause Select the cause of inactive reason mode you want to reset here Reset Press to reset the specified port s to handle ARP BPDU or IGMP packets instead of ignoring them if the port s is in inactive reason mode Errdisable Status Port This is the number of the port on which you want to configure Errdisable Status Cause This refers to the cause of Errdisa...

Страница 272: ...u configure this screen make sure you also enable error detection for the specific control packets in the Advanced Application Errdisable Errdisable Detect screen Mode This field shows the mode of the cause inactive port The Switch disables the port on which the control packets are received inactive reason The Switch drops all the specified control packets such as BPDU on the port rate limitation ...

Страница 273: ...ure here Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit Y...

Страница 274: ...able Detect LABEL DESCRIPTION Cause This field displays the types of control packet that may cause CPU overload Use this row to make the setting the same for all entries Use this row first and then make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Active Select this option to have the Switch detect if the configured rate limit fo...

Страница 275: ...r all entries Use this row first and then make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Timer Status Select this option to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port after the error was gone Deselect this option to turn off this rule Interval Enter the numbe...

Страница 276: ...e ports to have priority over other ports in MAC address learning That means when a MAC address and VLAN ID is learned on a MAC pinning enabled port the MAC address will not be learned on any other port until the aging time for the dynamically learned MAC address in the table expires This helps enhance security For example when an attacker A sends packets to all connected clients by spoofing the s...

Страница 277: ...ts to each port if necessary Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable MAC pinning on this port The port then has priority over other ports in MAC address learning Clear this check box to disable MAC pinning Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned...

Страница 278: ...They cannot communicate with ports in different primary VLANs Community Ports in a Community VLAN can communicate with promiscuous ports in an associated Primary VLAN and other community ports in the same Community VLAN They cannot communicate with ports in Isolated VLANs non associated Primary VLAN promiscuous ports nor community ports in different Community VLANs Isolated Ports in an Isolated VL...

Страница 279: ...n P VLAN 100 can communicate with all ports in P VLAN 100 including community ports in C VLAN 101 and isolated ports in I VLAN 102 Table 137 PVLAN Graphic Key LABEL DESCRIPTION P VLAN 100 Primary private VLAN C VLAN 101 Community private VLAN I VLAN 102 Isolated private VLAN Table 138 Spanning PVLAN Graphic Key LABEL DESCRIPTION UP Uplink promiscuous port TP VLAN trunking ports S1 S2 Switch 1 Swit...

Страница 280: ...AN 102 nor community ports in C VLAN 101 Note Isolation in VLAN VLAN Configuration VLAN Port Setting see Section 9 6 on page 100 has a higher priority than private VLAN settings so promiscuous ports with Isolation in VLAN VLAN Port Setting enabled will not be able to communicate with each other 32 1 1 Configuration You must go to the Static VLAN screen first see Section 9 5 on page 99 to create VL...

Страница 281: ... Primary VLAN only They cannot communicate with other Isolated ports in the same Isolated VLAN non associated Primary VLAN Promiscuous ports nor any Community ports Associated VLAN Enter the VLAN ID of a previously created VLAN here Note The VLAN ID and Mode selected here must be the same as the VLAN ID and VLAN Type created in Advanced Application VLAN Static VLAN Tagged A VLAN ID tag identifies ...

Страница 282: ...Periodically the port transmits a REFRESH signal to allow the link partner to keep the link alive When there is traffic to be sent a WAKE signal is sent to the link partner to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the lin...

Страница 283: ... the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these ch...

Страница 284: ...e basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optional The Switch also supports the IEEE 802 1 and IEEE 802 3 organizationally specific TLVs IEEE 802 1 specific TLVs Port VLAN ID TLV optional Port and Protocol VLA...

Страница 285: ...MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the LLDP MED network connectivity devices NCD like Switches and Routers will transmit LLDP TLV to endpoint device ED li...

Страница 286: ...e labels in this screen Table 141 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices LLDP Configuration Click here to show a screen to configure LLDP parameters LLDP MED LLDP MED Configuration Click here to show a screen to...

Страница 287: ...creen as shown next Figure 199 Advanced Application LLDP LLDP Local Status LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices location parameters Table 141 Advanced Appl...

Страница 288: ... System Capabilities enabled and supported on the local Switch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management The TLV may also include the system interface number and an object...

Страница 289: ...Chapter 34 Link Layer Discovery Protocol LLDP XS1920 Series User s Guide 289 Figure 200 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail ...

Страница 290: ...de AN Supported Displays if the port supports or does not support auto negotiation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the l...

Страница 291: ...Configuration Information LCI Table 143 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail LABEL DESCRIPTION Table 144 Advanced Application LLDP LLDP Remote Status LABEL DESCRIPTION Index The index number shows the number of remote devices that are connected to the Switch Click on an index number to view the detailed LLDP status for this remote device at LLDP Remote Port Sta...

Страница 292: ... Remote Port Status Detail Basic TLV The following table describes the labels in Basic TLV part of the screen Table 145 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV LABEL DESCRIPTION Basic TLV Chassis ID TLV Chassis ID Subtype this displays how the chassis of the remote device is identified Chassis ID this displays the chassis ID of the remote device The ch...

Страница 293: ...his displays the system name of the remote device System Description TLV This displays the system description of the remote device System Capabilities TLV This displays whether the system capabilities are enabled and supported on the remote device System Capabilities Supported System Capabilities Enabled Management Address TLV This displays the following management address parameters of the remote...

Страница 294: ...Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device Port Protocol VLAN ID TLV This displays the IEEE 802 1 Port Protocol VLAN ID TLV which indicates whether the VLAN ID and whether it is enabled and supported on the port of remote Switch which sent the LLDPDU Port Protocol VLAN ID Port Protocol VLAN ID ...

Страница 295: ...ities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Aggregation Capability The current aggregation capability of the port Aggregation Status The...

Страница 296: ...Chapter 34 Link Layer Discovery Protocol LLDP XS1920 Series User s Guide 296 Figure 204 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Страница 297: ...his displays the MED capabilities the remote port supports Network Policy Location Extend Power via MDI PSE Extend Power via MDI PD Inventory Management Device Type TLV LLDP MED endpoint device classes Endpoint Class I Endpoint Class II Endpoint Class III Network Connectivity Network Policy TLV This displays a network policy for the specified application Voice Voice Signaling Guest Voice Guest Voi...

Страница 298: ...nded Power via MDI TLV Extended Power Via MDI Discovery enables detailed power information to be advertised by Media Endpoints such as IP phones and Network Connectivity Devices such as the Switch Power Type whether it is currently operating from primary power or is on backup power backup power may indicate to the Endpoint Device that it should move to a power conservation mode Power Source whethe...

Страница 299: ... when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your changes to t...

Страница 300: ...es power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 148 Advanced Application LLDP LLDP Configuration continued LABEL DESCRIPTION Table 149 Advanced Application LLDP LLDP Configuration Basic TLV Setting LABEL DESCRIPTION Port This displays the port nu...

Страница 301: ...screen afresh Table 149 Advanced Application LLDP LLDP Configuration Basic TLV Setting continued LABEL DESCRIPTION Table 150 Advanced Application LLDP LLDP Configuration Org specific TLV Setting LABEL DESCRIPTION Port This displays the port number on which you re configuring LLDP Select check boxes in the row to configure all ports simultaenously Dot1 TLV Port Protocol VLAN ID Select check box to ...

Страница 302: ...top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 150 Advanced Application LLDP LLDP Configuration Org specific TLV Setting LABEL DESCRIPTION Table 151 Advanced Application LLDP LLDP MED Configuration LABEL DESCRIPTION Port This displays the port number on which you re configuring LLD...

Страница 303: ...he Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 151 Advanced Application LLDP LLDP MED Configuration continued LABEL DESCRIPTION Table 152 Advanced Application LLDP LLDP MED Network Policy LABEL DESCRIPTION Port Enter the port number to set up the LLDP MED networ...

Страница 304: ...l Click Cancel to begin entering the information afresh Index This field displays the of index number of the network policy Click an index number to edit the rule Port This field displays the port number of the network policy Application Type This field displays the application type of the network policy Tag This field displays the Tag Status of the network policy VLAN This field displays the VLAN...

Страница 305: ...cation Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitude altitude and datum Civic Address includes Country State County City Street and other related information Latitude Enter the latitude information The value should be from 0º to 90º The negative value represent...

Страница 306: ...digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP The valid length is from 10 to 25 characters Add Click Add after finish entering the location information Cancel Click Cancel to begin entering the location information afresh Index This lists the index number of the location configuration Click an index number...

Страница 307: ... Guide 307 Delete Check the locations that you want to remove in the Delete column then click the Delete button Cancel Click Cancel to clear the selected check boxes in the delete column Table 153 Advanced Application LLDP LLDP MED Location continued LABEL DESCRIPTION ...

Страница 308: ...n Do Use IPv4 Static Route to open a screen where you can create IPv4 static routing rules Use IPv6 Static Route to open a screen where you can create IPv6 static routing rules 35 2 Static Routing The Switch usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet To have the Switch send data to devices not reachable through the default gateway use stati...

Страница 309: ...k the link next to IPv4 Static Route to open a screen where you can create IPv4 static routing rules Click the link next to IPv6 Static Route to open a screen where you can create IPv6 static routing rules Figure 212 IP Application Static Routing 35 3 IPv4 Static Route Click IP Application Static Routing IPv4 Static Route in the navigation panel to display the screen as shown R1 R2 A R3 Internet ...

Страница 310: ...uting uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Add Click Add to insert a new static route to the Switch s run time memory The Switch loses these changes if it is turned off or loses po...

Страница 311: ...P Application Static Routing IPv6 Static Route LABEL DESCRIPTION Route Destination Enter the IPv6 address of the final destination Prefix Length Enter the prefix length number of up to 64 for this destination Next Hop Enter the IPv6 address of the next hop router Interface Type Select the type of the IPv6 interface through which the IPv6 packets are forwarded The Switch supports only the VLAN inte...

Страница 312: ... the final destination Next Hop This field displays the IPv6 address of the gateway that helps forward the packet to the destination Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 155 ...

Страница 313: ...rmation for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 36 1 1 What You Can Do Use the DiffServ screen Section 36 2 on page 314 to activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the Switch Use the DSCP screen Section 36 3 1 on page 316 to change the DSCP IEEE 802 1p mapping 36 1 2...

Страница 314: ... marks with a DSCP value the incoming packets into different traffic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped wh...

Страница 315: ...d displays the index number of a port on the switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable Diffserv on the port Apply Click ...

Страница 316: ...apping DSCP VALUE 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 IEEE 802 1p 0 1 2 3 4 5 6 7 Table 158 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Страница 317: ...d on the VLAN domain of the DHCP clients Use the DHCPv6 Relay screen Section 37 6 on page 327 to enable and configure DHCPv6 relay 37 1 2 What You Need to Know Read on for concepts on DHCP that can help you configure the screens in this chapter DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request fro...

Страница 318: ...ased on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field The Option 82 field is in the DHCP headers of client DHCP request frames that the Switch relays to a DHCP server Relay Agent Information can include the System Name of the Switch if you select this option You can change the System Name i...

Страница 319: ...ure the Switch to relay DHCP information based on the VLAN membership of the DHCP clients 37 4 1 DHCPv4 Relay Agent Information The Switch can add information about the source of client DHCP requests that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this inform...

Страница 320: ...this as an Agent Circuit ID sub option and 2 identifies this as an Agent Remote ID sub option The next field specifies the length of the field 37 4 2 DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles Click IP Application DHCP DHCPv4 in the navigation panel and click the Option 82 Profile link to display the screen as shown Table 161 DHCP Relay Agent Information Option Fo...

Страница 321: ...n the Basic Setting General Setup screen Select this option for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server string Enter a string of up to 64 ASCII characters that the Switch adds into the client DHCP requests Spaces are allowed Remote ID Use this section to configure the Remote ID sub option to include information that identifies the relay agent t...

Страница 322: ...eck box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entry ies that you want to remove and then click the Delete button Cancel Click Cancel to clear the selected check box es in the Delete column Table 164 IP Application DHCP DHCPv4 Option 82 Profile continued LABEL DESCRIPTION Table 165 IP Application DHCP DHCPv4 Global ...

Страница 323: ...over the one you select in the DHCP DHCPv4 Global screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset t...

Страница 324: ...e Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 225 DHCP Relay Configuration Example 37 5 Configuring DHCPv4 VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients Click IP Application DHC...

Страница 325: ...te an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults VID This f...

Страница 326: ...s priority over the one you select in the DHCP DHCPv4 VLAN screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this t...

Страница 327: ...Pv6 server on its network it then needs a DHCPv6 relay agent to send a message to a DHCPv6 server that is not attached to the same network The DHCPv6 relay agent can add the remote identification remote ID option and the interface ID option to the Relay Forward DHCPv6 messages The remote ID option carries a user defined string such as the system name The interface ID option provides slot number po...

Страница 328: ...to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to reset the fi...

Страница 329: ... In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP address of the device being sought or the router that knows the way replaces the broadcast address with the target s MAC address swaps the sender and target pairs and unicasts the answer directly back to the requesting machine ARP updates the ...

Страница 330: ...here will be no reply to a gratuitous ARP request A device may send a gratuitous ARP packet to detect IP collisions If a device restarts or its MAC address is changed it can also use gratuitous ARP to inform other devices in the same network to update their ARP table with the new mapping information In Gratuitous ARP learning mode the Switch updates its ARP table with either an ARP reply or a grat...

Страница 331: ...ay the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Click the link next to Static ARP to open a screen where you can create static ARP entries on the Switch Figure 231 IP Application ARP Setup 38 2 1 ARP Learning Use this screen to configure each port s ARP learning mode Click the link next to ARP Learning in the IP Appl...

Страница 332: ...en make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them ARP Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply...

Страница 333: ... the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of an entry Click an index number to change the settings Active This field displays Yes when the entry is...

Страница 334: ...scribes the labels in this screen Table 172 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configuration Click Click Here to go to the Restore Configuration screen Backup Configuration Click Click Here to go...

Страница 335: ...the current configuration settings permanently to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on the Switch Alternatively click Save on the top right hand corner in any screen to save the configuration changes to the current configuration Save Configuration Click Config 1 to save the current configuration settings to Configuration 1 on...

Страница 336: ...is takes up to two minutes This does not affect the Switch s configuration Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch Click Factory Default and follow steps 1 to 2 to reboot and load default configuration settings on the Switch 39 2 4 Firmware Upgrade Use the following screen to upgrade your Switch to the latest firmware The Switch supports dual firmw...

Страница 337: ... model code and MM DD YYYY creation date of the firmware currently in use on the Switch Firmware 1 or Firmware 2 The firmware information is also displayed at System Information in Basic Settings Firmware 1 shows its version number and model code and MM DD YYYY creation date Firmware 2 shows its version number and model code and MM DD YYYY creation date Current Boot Image This displays which firmw...

Страница 338: ...ng up your Switch configurations allows you to create various snap shots of your device from which you may restore at a later date Back up your current Switch configuration to a computer using the Backup Configuration screen Figure 239 Management Maintenance Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen 1 Click Backup File P...

Страница 339: ...k Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 39 2 7 Tech Support The Tech Support feature is a log enhancement tool that logs useful information such as CPU utilization history memory and Mbuf Memory Buffer log and cr...

Страница 340: ...The Mbuf log report is stored in flash permanent memory For example Mbuf 50 means a log will be created when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned o...

Страница 341: ...stination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 39 3 3 FTP Command Line Procedure 1 Launch the FTP client on your computer 2 Enter open followed by a space and t...

Страница 342: ...trictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately Table 176 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous...

Страница 343: ...screen Section 40 3 3 on page 347 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use the Logins screens Section 40 4 on page 348 to assign which users can access the Switch via web configurator at any one time Use the Service Access Control screen Section 40 5 on page 350 to decide what services you may use to access the Switch Use the Remote ...

Страница 344: ...ABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community password values Version Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which i...

Страница 345: ...gers to send your SNMP traps to Port Enter the port number upon which the manager listens for SNMP traps Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap This username must match an existing account on the Switch configured in Management Access Control Logins screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these c...

Страница 346: ...box automatically clears all of the category s trap check boxes the Switch only sends traps from selected categories Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel...

Страница 347: ...l to begin configuring this screen afresh Table 180 Management Access Control SNMP Trap Group Port continued LABEL DESCRIPTION Table 181 Management Access Control SNMP User LABEL DESCRIPTION User Information Note Use the username and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager Username Specify the username of a login account on the Switch Sec...

Страница 348: ... create and edit the MIBs on the Switch except the user account and AAA configuration readonly Members of this group have read rights only meaning the user can collect information from the Switch Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save ...

Страница 349: ...lowing table describes the labels in this screen Table 182 Management Access Control Logins LABEL DESCRIPTION Administrator This is the default administrator account with the admin user name You cannot change the default administrator user name Only the administrator has read write access Old Password Type the existing system password 1234 is the default password when shipped New Password Enter yo...

Страница 350: ...strator and enable passwords and display configuration information Users can run command lines if the session s privilege level is greater than or equal to the command s privilege level The session privilege initially comes from the privilege of the login account For example if the user has a privilege of 5 he she can run commands that requires privilege level of 5 or less but not more Apply Click...

Страница 351: ...gure 248 Management Access Control Remote Management Timeout Type how many minutes from 1 to 255 a management session can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or ...

Страница 352: ...gement LABEL DESCRIPTION Entry This is the client set index number A client set is a group of one or more trusted computers from which an administrator may use a service to manage the Switch Active Select this check box to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of t...

Страница 353: ...gement SNMP managers can be required to authenticate with agents before conducting SNMP management sessions Security can be further enhanced by encrypting the SNMP messages sent from the managers Encryption protects the contents of the SNMP messages When the contents of the SNMP messages are encrypted only the intended recipients can read them Supported MIBs MIBs let administrators collect statist...

Страница 354: ... 1 1 5 5 This trap is sent when authentication fails due to incorrect user name and or password ping pingProbeFailed 1 3 6 1 2 1 80 0 1 This trap is sent when a single ping probe fails pingTestFailed 1 3 6 1 2 1 80 0 2 This trap is sent when a ping test consisting of a series of ping probes fails pingTestCompleted 1 3 6 1 2 1 80 0 3 This trap is sent when a ping test is completed traceroute traceR...

Страница 355: ...omputer which requests the HTTPS connection with the Switch whereas the SSL client only should authenticate itself when the SSL server requires it to do so Authenticating client certificates is optional and if selected means the SSL client must send the Switch a certificate You must apply for a certificate for the browser from a Certificate Authority CA that is a trusted CA on the Switch Please re...

Страница 356: ... access the Switch HTTPS server a Windows dialog box pops up asking if you trust the server certificate You see the following Security Alert screen in Internet Explorer Select Yes to proceed to the web configurator login screen if you select No then web configurator access is blocked Figure 251 Security Alert Dialog Box Internet Explorer 6 Internet Explorer 7 or 8 When you attempt to access the Sw...

Страница 357: ... 253 Certificate Error Internet Explorer 7 or 8 Click Install Certificate and follow the on screen instructions to install the certificate in your browser Figure 254 Certificate Internet Explorer 7 or 8 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the ...

Страница 358: ... Series User s Guide 358 Figure 255 Security Alert Mozilla Firefox Confirm the HTTPS server URL matches Click Confirm Security Exception to proceed to the web configurator login screen Figure 256 Security Alert Mozilla Firefox EXAMPLE ...

Страница 359: ...er you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection Figure 257 Example Lock Denoting a Secure Connection EXAMPLE ...

Страница 360: ...Diagnostic screen Use the Diagnostic screen Section 41 2 on page 360 to check system logs ping IP addresses or perform port tests 41 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests ...

Страница 361: ...wise select to send ping requests to all VLANs on the Switch IPv6 Select this option if you want to ping an IPv6 address You can also select vlan and specify the ID number of the VLAN to which the Switch is to send ping requests Otherwise select to send ping requests to all VLANs on the Switch Count Enter the number of ICMP Echo Request ping messages the Switch continuously sends IP Address Host N...

Страница 362: ... wire pair test of the Ethernet connections on the specified port s The following fields display when you diagnose a port Port This is the number of the physical Ethernet port on the Switch Channel An Ethernet cable usually has four pairs of wires A 10BASE T or 100BASE TX port only use and test two pairs while a 1000BASE T port requires all four pairs This displays the descriptive name of the wire...

Страница 363: ...ches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 259 Management System Log The summary table shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is currently di...

Страница 364: ...els 43 1 1 What You Can Do Use the Syslog Setup screen Section 43 2 on page 364 to configure the device s system logging settings and configure a list of external syslog servers 43 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click Management Syslog Setup i...

Страница 365: ...ur syslog program for more details Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Active Select this ch...

Страница 366: ...slog server entry Click this number to edit the entry Active This field displays Yes if the device is to send logs to the syslog server No displays if the device is not to send logs to the syslog server IP Address This field displays the IP address of the syslog server Log Level This field displays the severity level of the logs that the device is to send to this syslog server Select an entry s ch...

Страница 367: ...th one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 261 Clustering Application Example Table 190 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager...

Страница 368: ...owing table describes the labels in this screen Table 191 Management Cluster Management Status LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster Manager Member you see this if you access this screen in the cluster member switch directly and not via the cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster mana...

Страница 369: ...iguration Model This field displays the model name Status This field displays Online the cluster member switch is accessible Error for example the cluster member switch password was changed or the switch was set as the manager and so left the member list etc Offline the switch is disconnected Offline shows approximately 1 5 minutes after the link between cluster member and manager goes down Table ...

Страница 370: ...s must be directly connected Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate list Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list Password Each cluster member s password is its web configurator password Select a member in the Clustering Candidate list and then enter its web ...

Страница 371: ...select an Index hyperlink from the list of members to go to that cluster member switch s web configurator home page This cluster member web configurator home page and the home page that you d see if you accessed it directly are different Figure 264 Cluster Management Cluster Member Web Configurator Screen 44 4 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to ...

Страница 372: ...K ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 430AAHW0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 193 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The web configurat...

Страница 373: ... or static 45 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already learned the port fo...

Страница 374: ...e 374 Figure 266 MAC Table Flowchart 45 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static Click Management MAC Table in the navigation panel to display the following screen Figure 267 Management MAC Table ...

Страница 375: ...t Dynamic to MAC forwarding and click the Transfer button to change dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forwarding screen Select Dynamic to MAC filtering and click the Transfer button to change dynamically learned MAC address entries in the summary table below into MAC filtering entries These entries will then d...

Страница 376: ...ard packets See the following figure 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not already lear...

Страница 377: ...IP Click this button to display and arrange the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This field displays the index number IP Address This is the IP address of the device from which the incoming packets came VID This is the VLAN group to which t...

Страница 378: ... it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast...

Страница 379: ...el Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the device belongs Port This field displays the port...

Страница 380: ...o display the screen as shown Figure 271 Management Routing Table The following table describes the labels in this screen Table 197 Management Routing Table LABEL DESCRIPTION Index This field displays the index number Destination This field displays the destination IP routing domain Gateway This field displays the IP address of the gateway device Interface This field displays the IP address of the...

Страница 381: ...creen to view IPv6 path MTU information on the Switch Click Management Path MTU Table in the navigation panel to display the screen as shown Figure 272 Management Path MTU Table The following table describes the labels in this screen Table 198 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ages out and n...

Страница 382: ...This chapter shows you how you can copy the settings of one port onto other ports 50 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen ...

Страница 383: ...Chapter 50 Configure Clone XS1920 Series User s Guide 383 Figure 273 Management Configure Clone ...

Страница 384: ... 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings you configured in the Advanced Application menus should be copied to the destination ports Apply Cl...

Страница 385: ...tch cannot find an entry in the neighbor table or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages 51 2 Viewing the IPv6 Neighbor Table Use this screen to view IPv6 neighbor information on the Switch Click Management IPv6 Neighbor Table in the navigation panel to display the screen as s...

Страница 386: ...ays sending request packets for a short to give upper layer protocols a chance to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 address unknown The status of the neighboring interface can not be determined for some reason incomplete I Address resolution is in progress and the link...

Страница 387: ...re the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the Switch 4 If the problem continues contact the vendor The ALM LED is on 1 Disconnect and re connect the power adaptor or cord to the Switch 2 If the problem continues contact the vendor One of the L...

Страница 388: ...igurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardware connections and make sure the LEDs are behaving as expected See Section 3 3 on page 30 3 Make sure ...

Страница 389: ...o the Switch 4 If this does not work you have to reset the device to its factory defaults See Section 3 4 on page 30 Pop up Windows JavaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by default I cannot see some of Advanced Application submenus at the bottom of t...

Страница 390: ...after I restart the Switch Make sure you save your configuration into the Switch s nonvolatile memory each time you make changes Click Save at the top right corner of the web configurator to save the configuration permanently See also Section 39 2 6 on page 338 for more information about how to save your configuration ...

Страница 391: ...information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan ZyXEL Communications Corporation http www zyxel com Asia China ZyXEL Communications Shanghai Corp Zy...

Страница 392: ...com pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com tw zh Thailand ZyXEL Thailand Co Ltd http www zyxel co th Vietnam ZyXEL Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria ZyXEL Deutschland GmbH http www zyxel de Belarus ZyXEL BY http www zyxel...

Страница 393: ... Czech Republic ZyXEL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXEL France http www zyxel fr Germany ZyXEL Deutschland GmbH http www zyxel de Hungary ZyXEL Hungary SEE http www zyxel hu Italy ZyXEL Communications Italy http www zyxel it ...

Страница 394: ...nelux http www zyxel nl Norway ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Communications Czech s r o organizacna zlozka http www zyxel sk Spain ZyXEL Communications ES Ltd http www zyxel es Sweden ZyXEL Communications http www zyxel se Switzerland Stu...

Страница 395: ...kraine http www ua zyxel com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Brazil ZyXEL Communications Brasil Ltda https www zyxel com br pt Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Israel ZyXEL Communication Corporation http il zyxel com homepage shtml Middle East ZyXEL Communication Corporation http www zyxel com me en ...

Страница 396: ... User s Guide 396 North America USA ZyXEL Communications Inc North America Headquarters http www zyxel com us en Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Страница 397: ...ons in which this service is used Table 201 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOTP...

Страница 398: ...at sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to...

Страница 399: ...S UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP...

Страница 400: ...f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length...

Страница 401: ...group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 203 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0...

Страница 402: ... the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able ...

Страница 403: ...Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lif...

Страница 404: ...es Neighbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it responds to a neighbor solicitation message from the host with a neighbor advertisement message Neighbor advertisement A response from a node to announce its link layer address Router solicitation A request from a ...

Страница 405: ...uto generated IP addresses IPv6 is installed and enabled by default in Windows Vista Use the ipconfig command to check your automatic configured IPv6 address as well You should see at least one IPv6 address available for the interface on your computer Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assignment you have to additiona...

Страница 406: ...from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Страница 407: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Страница 408: ...Appendix C IPv6 XS1920 Series User s Guide 408 ...

Страница 409: ...wo conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested and found to comply with the limits for a Class A ...

Страница 410: ...tronic device For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your device Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The POE Power ov...

Страница 411: ... llévelo a un punto limpio Cuando llegue el momento de desechar el producto la recogida por separado éste y o su batería ayudará a salvar los recursos naturales y a proteger la salud humana y medioambiental Le symbole ci dessous signifie que selon les réglementations locales votre produit et ou sa batterie doivent être éliminés séparément des ordures ménagères Lorsque ce produit atteint sa fin de ...

Страница 412: ...Appendix D Legal Information XS1920 Series User s Guide 412 Environmental Product Declaration ...

Страница 413: ...arts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or...

Страница 414: ...ring 252 syslog messages 251 trusted ports 251 ARP Table 378 authentication 210 setup 215 Authentication and Authorization see AAA 210 authorization 210 setup 215 automatic VLAN registration 93 B back up configuration file 338 bandwidth control 142 egress rate 143 ingress rate 143 setup 142 basic settings 63 basic setup tutorial 45 binding 220 binding table 220 building 221 BPDUs Bridge Protocol D...

Страница 415: ... support 391 D daylight saving time 67 default Ethernet settings 27 DHCP configuration options 317 relay example 326 DHCP relay option 82 250 DHCP snooping 45 221 249 configuring 250 DHCP relay option 82 250 trusted ports 249 untrusted ports 249 DHCP snooping database 249 diagnostics 360 Ethernet port test 362 ping 361 Differentiated Service DiffServ 313 DiffServ 313 activate 314 DS field 313 DSCP...

Страница 416: ...igabit ports 26 GMT Greenwich Mean Time 67 Green Ethernet 282 Guide Quick Start 2 GVRP 94 101 and port assignment 101 GVRP GARP VLAN Registration Protocol 94 H hardware installation 23 hardware monitor 65 hardware overview 26 hello time 134 hops 134 HTTPS 355 certificates 355 implementation 355 public keys private keys 355 HTTPS example 356 I IEEE 802 1p priority 69 IEEE 802 1x activate 157 160 21...

Страница 417: ...eout 153 Layer 2 protocol tunneling see L2PT LEDs 30 limit MAC address learning 165 link aggregation 148 dynamic 148 ID information 149 setup 150 152 status 150 traffic distribution algorithm 150 traffic distribution type 151 trunk group 148 Link Aggregation Control Protocol LACP 148 Link Aggregation Control Protocol see LACP 148 Link Layer Discovery Protocol LLDP 284 285 LLDP Link Layer Discovery...

Страница 418: ...ring ports 146 MLD Snooping proxy 197 monitor port 146 147 mounting brackets 24 MRSTP configuration 128 MRSTP status 130 MSA MultiSource Agreement 27 MST ID 140 MST Instance See MSTI 140 MST region 140 MSTI 140 MSTP 121 123 bridge ID 137 138 configuration 132 configuration digest 138 forwarding delay 134 Hello Time 137 hello time 134 Max Age 137 max age 134 max hops 134 path cost 135 port priority...

Страница 419: ...ss learning 163 167 overview 163 167 setup 163 167 255 258 port setup 74 port status 58 port VLAN ID see PVID 101 port VLAN trunking 94 port based VLAN 109 all connected 111 port isolation 111 settings wizard 111 ports diagnostics 362 mirroring 146 speed duplex 75 standby 149 power voltage 65 power connector 29 power status 65 PPPoE IA trusted ports 263 untrusted ports 263 priority level 69 priori...

Страница 420: ...l 352 manager 353 MIB 353 network components 352 object variables 353 protocol operations 353 security 347 348 setup 344 traps 345 users 347 version 3 and security 353 versions supported 352 SNMP traps 354 supported 354 Spanning Tree Protocol See STP 121 SPQ Strict Priority Queuing 182 SSL Secure Socket Layer 355 stale 386 standby ports 149 static bindings 221 static link aggregation example 153 s...

Страница 421: ...erver 66 time service protocol 66 format 66 trademarks 413 transceivers installation 27 removal 28 traps destination 345 trunk group 148 trunking 148 example 153 trusted ports ARP inspection 251 DHCP snooping 249 PPPoE IA 263 tunnel protocol attribute and RADIUS 218 tutorials 45 DHCP snooping 45 Type of Service ToS 313 U UDLD 260 UniDirectional Link Detection see UDLD untrusted ports ARP inspectio...

Страница 422: ...3 VLAN Trunking Protocol see VTP VLAN protocol based See protocol based VLAN 104 Voice VLAN 106 VSA 217 VTP 259 W warranty 413 note 413 web configurator 33 getting help 39 home 34 login 33 logout 39 navigation panel 35 weight queuing 183 Weighted Round Robin Scheduling WRR 183 WRR Weighted Round Robin Scheduling 182 Z ZON Neighbor Management 57 ZON Utility 56 ZyNOS ZyXEL Network Operating System 3...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды