manualshive.com logo in svg

ZyXEL Communications XS3800-28, Руководство пользователя, Страница: 655 / 789

Поделиться
Скачать
ZyXEL Communications XS3800-28 Скачать руководство пользователя страница 655

 Chapter 85 Port Authentication

XS3800-28 User’s Guide

655

The following types of RADIUS messages are exchanged between the switch and the RADIUS server for 
user accounting:

• Accounting-Request

Sent by the switch requesting accounting.

• Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

The switch and the RADIUS server use a shared secret key, which is a password, they both know to 
authenticate the communications between them, and ensure network security. A shared key is not sent 
over the network.

The switch forwards the RADIUS requests of a client to the RADIUS server. The login password information 
exchanged is sent over the network and encrypted to protect the network from unauthorized access.

85.6.3  EAP (Extensible Authentication Protocol) Authentication

This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. 
Your wired LAN device may not support all authentication types.

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x 
transport mechanism in order to support multiple types of user authentication. By using EAP to interact 
with an EAP-compatible RADIUS server, a switch helps a wired station and a RADIUS server perform 
authentication.

The type of authentication you use depends on the RADIUS server and an intermediary switch that 
supports IEEE 802.1x.

For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the 
certificates from a certificate authority (CA). A certificate (also called digital IDs) can be used to 
authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

• EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a 
challenge to the wired client. The wired client ‘proves’ that it knows the password by encrypting the 
password with the challenge and sends back the information. Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the 
plain text passwords, the passwords must be stored. Thus someone other than the authentication server 
may access the password file. In addition, it is possible to impersonate an authentication server as MD5 
authentication method does not perform mutual authentication. Finally, MD5 authentication method 
does not support data encryption with dynamic session key. You must configure WEP encryption keys for 
data encryption.

• EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wired clients for mutual 
authentication. The server presents a certificate to the client. After validating the identity of the server, 
the client sends a different certificate to the server. The exchange of certificates is done in the open 
before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital 
certificate is an electronic ID card that authenticates the sender’s identity. However, to implement 

Содержание XS3800-28

Страница 1: ...E L3 Managed Switch Copyright 2022 Zyxel and or its affiliates All Rights Reserved Out of Band MGMT Port http 192 168 0 1 In Band Ports http setup zyxel or http DHCP assigned IP or http 192 168 1 1 Us...

Страница 2: ...the Switch Web Configurator Online Help Click the Help icon in any screen for help in configuring that screen and supplementary information Networked AV Mode Online Help Click the Help icon in Networ...

Страница 3: ...Product labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example SYSTEM IP Setup Network Proxy Configuratio...

Страница 4: ...RD 105 MONITOR 111 ARP Table 112 IP Table 114 IPv6 Neighbor Table 116 MAC Table 118 Neighbor 121 Path MTU Table 126 Routing Table 136 System Information 138 System Log 144 SYSTEM 146 Cloud Management...

Страница 5: ...Queuing Method 362 Priority Queue 366 Bandwidth Control 368 sFlow 371 Spanning Tree Protocol 375 Static MAC Filtering 407 Static MAC Forwarding 409 VLAN 412 VLAN Isolation 441 VLAN Mapping 444 VLAN S...

Страница 6: ...Guide 6 Storm Control 593 Error Disable 596 IP Source Guard 604 DHCP Snooping 609 ARP Inspection 621 Port Authentication 642 Port Security 657 MAINTENANCE 663 Networked AV Mode 691 Troubleshooting and...

Страница 7: ...2 1 Backbone Example Application 36 1 2 2 Bridging or Fiber Optic Uplink Example Application 37 1 2 3 High Performance Switching Example 38 1 2 4 IEEE 802 1Q VLAN Application Examples 38 1 2 5 IPv6 S...

Страница 8: ...erview 55 4 2 System Login 55 4 3 Zyxel One Network ZON Utility 60 4 3 1 Requirements 60 4 3 2 Run the ZON Utility 60 4 4 Networked AV Mode Wizard 64 4 4 1 Basic Settings 64 4 4 2 Advanced Settings 69...

Страница 9: ...a DHCP Server on the Switch 101 Chapter 7 DASHBOARD 105 7 1 New User Interface 105 7 2 DASHBOARD 105 7 2 1 Port Status 109 7 2 2 Quick Links to Use 109 Chapter 8 MONITOR 111 Chapter 9 ARP Table 112 9...

Страница 10: ...126 Chapter 15 15 0 1 What You Can Do 127 15 1 Port Status 127 15 1 1 Port Details 129 15 2 DDMI 131 15 2 1 DDMI Details 132 15 3 Port Utilization 134 Chapter 16 Routing Table 136 16 1 Routing Table O...

Страница 11: ...rfaces 157 23 2 IP Status 158 23 2 1 IP Status Details 158 23 3 IP Setup 160 23 3 1 Add Edit IP Interfaces 162 23 4 Network Proxy Configuration 163 Chapter 24 IPv6 165 24 1 IPv6 Overview 165 24 1 1 Wh...

Страница 12: ...re SNMP 184 26 3 Configure SNMP User 186 26 3 1 Add Edit SNMP User 186 26 4 Configure SNMP Trap Group 188 26 5 Enable or Disable Sending of SNMP Traps on a Port 189 26 6 Technical Reference 191 26 6 1...

Страница 13: ...it Flex Link 218 Chapter 33 Green Ethernet 220 33 1 Green Ethernet Overview 220 33 2 Configuring Green Ethernet 220 Chapter 34 Link Aggregation 224 34 1 Link Aggregation Overview 224 34 1 1 What You C...

Страница 14: ...MED Location 256 Chapter 36 OAM 260 36 1 OAM Overview 260 36 1 1 What You Can Do 260 36 2 OAM Status 260 36 2 1 OAM Details 262 36 3 OAM Setup 266 36 4 OAM Remote Loopback 268 Chapter 37 Port Setup 2...

Страница 15: ...Source 296 43 4 1 Add Edit Source 297 43 5 Destination 299 43 5 1 Add Edit Destination 300 43 6 Connected Port 301 43 6 1 Add Edit Connected Ports 301 Chapter 44 Multicast 304 44 1 Multicast Overview...

Страница 16: ...45 1 Static Multicast Forwarding Overview 335 45 1 1 What You Can Do 335 45 1 2 What You Need To Know 335 45 2 Static Multicast Forwarding By MAC 336 45 2 1 Add Edit Static Multicast Forwarding By MA...

Страница 17: ...hat You Need to Know 362 50 2 Configuring Queuing 363 Chapter 51 Priority Queue 366 51 1 Priority Queue Overview 366 51 1 1 What You Can Do 366 51 2 Assign Priority Queue 366 Chapter 52 Bandwidth Cont...

Страница 18: ...3 MST Instance 405 54 11 4 Common and Internal Spanning Tree CIST 405 Chapter 55 Static MAC Filtering 407 55 1 Static MAC Filtering Overview 407 55 1 1 What You Can Do 407 55 2 Configure a Static MAC...

Страница 19: ...ure a Port Based VLAN 438 Chapter 58 VLAN Isolation 441 58 1 VLAN Isolation Overview 441 58 2 Configuring VLAN Isolation 441 58 2 1 Add Edit a VLAN Isolation Rule 442 Chapter 59 VLAN Mapping 444 59 1...

Страница 20: ...ption 82 Profile 470 64 4 1 Add Edit a DHCPv4 Option 82 Profile 471 64 5 Configuring DHCPv4 Smart Relay 472 64 5 1 Add Edit DHCPv4 Global Relay Port 473 64 5 2 DHCP Smart Relay Configuration Example 4...

Страница 21: ...Chapter 67 OSPF 501 67 1 OSPF Overview 501 67 1 1 OSPF Autonomous Systems and Areas 501 67 1 2 How OSPF Works 502 67 1 3 Interfaces and Virtual Links 502 67 1 4 OSPF and Router Elections 502 67 1 5 C...

Страница 22: ...Routing Overview 526 71 1 1 What You Can Do 526 71 2 IPv4 Static Route 527 71 2 1 Add Edit IPv4 Static Route 527 71 3 IPv6 Static Route 528 71 3 1 Add Edit IPv6 Static Route 529 Chapter 72 VRRP 531 7...

Страница 23: ...75 3 Remote Management 557 75 4 Account Security 558 75 5 Technical Reference 560 75 5 1 SSH Overview 560 75 5 2 Introduction to HTTPS 562 75 5 3 Google Chrome Warning Messages 564 Chapter 76 Classif...

Страница 24: ...0 Chapter 80 Storm Control 593 80 1 Storm Control Overview 593 80 1 1 What You Can Do 593 80 2 Storm Control Setup 593 Chapter 81 Error Disable 596 81 1 Error Disable Overview 596 81 1 1 CPU Protectio...

Страница 25: ...Inspection Port Setup 625 84 6 ARP Inspection VLAN Setup 627 84 7 IPv6 Source Guard 628 84 8 IPv6 Source Binding Status 628 84 9 IPv6 Static Binding 629 84 9 1 Add Edit IPv6 Static Binding 630 84 10...

Страница 26: ...1 Overview 663 87 1 1 What You Can Do 663 87 2 Certificates 663 87 2 1 HTTPS Certificates 665 87 3 Technical Reference 665 87 3 1 FTP Command Line 665 87 3 2 Filename Conventions 666 87 3 3 FTP Comma...

Страница 27: ...4 88 14 Configure SNMP User 706 88 14 1 Add Edit SNMP User 707 88 15 Configure SNMP Trap Group 708 88 16 Enable or Disable Sending of SNMP Traps on a Port 709 88 17 PORT 710 88 18 Link Aggregation 711...

Страница 28: ...ent 739 88 38 Storm Control 740 88 39 MAINTENANCE 741 88 40 What You Can Do 742 88 41 Restore Configuration 742 88 42 Backup Configuration 742 88 43 Save Configuration 743 88 44 Firmware Upgrade 744 8...

Страница 29: ...29 PART I User s Guide...

Страница 30: ...P slots for fiber connections to the backbone switches and you could use the 10 Gbps Ethernet ports for connections to other Ethernet devices requiring high bandwidth such as network attached storage...

Страница 31: ...0 m is used The speed drops to 1G if these criteria are not met it drops to 100M if a Cat 5 cable is used up to 100 m If a network device such as a 5G network card gaming computer server Network Attac...

Страница 32: ...onding speed Note Make sure to select the correct speed for the port in PORT Port Setup 1 1 3 Stacking Mode The Switch can work in Stacking mode and directly connect to other switches The switches the...

Страница 33: ...t the Nebula web portal at https nebula zyxel com and ensure that Nebula Control Center NCC Discovery is enabled in SYSTEM Cloud Management in the Switch Web Configurator Note See the Switch s datashe...

Страница 34: ...Start on the first page Click Create account to create a myZyxel account or enter your existing account information to log in 2 Create an organization and site or select an existing site using the Zyx...

Страница 35: ...program called Zyxel One Network ZON Utility it is a utility tool that assists you to set up and maintain network devices in a more simple and efficient way You can download the ZON Utility at www zy...

Страница 36: ...tworked AV mode s basic and advanced settings Figure 4 Comparison Between Traditional AV and AVoIP Setups 1 2 Example Applications This section shows a few examples of using the Switch in various netw...

Страница 37: ...viate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to high speed department servers through the Switch You can provide a super fast...

Страница 38: ...4 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one or mor...

Страница 39: ...oping and proxy For more information on IPv6 refer to Appendix C on page 760 and the CLI Reference Guide 1 3 Ways to Manage the Switch Use any of the following methods to manage the Switch NCC Zyxel N...

Страница 40: ...ecure and to manage the Switch more effectively Change the password Use a password that is not easy to guess and that consists of different types of characters such as numbers and letters Write down t...

Страница 41: ...and at least 5 cm of clearance on all four sides of the Switch This allows air circulation for cooling Do NOT block the ventilation holes nor store cables or power cords on the Switch Allow clearance...

Страница 42: ...for air circulation 2 4 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size 19 inch rack or in a wiring closet with other equipment Follow the steps below to mount your Sw...

Страница 43: ...s through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to t...

Страница 44: ...and Connection XS3800 28 User s Guide 44 the rack Note Make sure you tighten all the four screws to prevent the Switch from getting slanted 3 Repeat steps 1 and 2 to attach the second mounting bracke...

Страница 45: ...e ports for high bandwidth backbone connections You can also insert an SFP Direct Attach Copper DAC in the SFP slot 4 100 Mbps 1 Gbps 2 5 Gbps 5 Gbps and 10 Gbps RJ 45 Ethernet Ports These are 10GBase...

Страница 46: ...r the Ethernet ports on the Switch are Speed Auto Duplex Auto Flow control Off Dual Personality Interface Fiber optic module first 3 1 2 SFP SFP Slots The transceiver slots are for Small Form Factor P...

Страница 47: ...Installation Use the following steps to install a transceiver 1 Attach an ESD preventive wrist strap to your wrist and to a bare metal surface 2 Align the transceiver in front of the slot opening 3 M...

Страница 48: ...can be pulled out successfully 4 Pull the latch or use your thumb and index finger to grasp the tabs on both sides of the transceiver and carefully slide it out of the slot Note Do NOT pull the transc...

Страница 49: ...Ethernet MGMT management port is used for local management Connect directly to this port using an Ethernet cable You can configure the Switch through Telnet or the Web Configurator The default IP add...

Страница 50: ...r enclosed conduit for protecting electric wiring that is 15 cm apart or as specified by your country s electrical regulations Any device that is located outdoors and connected to this product must be...

Страница 51: ...inspection authority or an electrician This device must be grounded Do this before you make other connections 3 2 2 AC Power Connection Note Make sure you are using the correct power source as shown o...

Страница 52: ...urce The fans are not functioning at a proper speed or malfunctioning Off The Switch is not receiving power from the power module in the first power slot PWR2 Green On The Switch is receiving power fr...

Страница 53: ...mode Amber On There is an error occurred when the Switch is selected as the master member in a stack Ethernet Ports 17 28 Green On The port has a successful 100 Mbps 1 Gbps 2 5 Gbps 5 Gbps connection...

Страница 54: ...54 PART II Technical Reference...

Страница 55: ...ult Type http DHCP assigned IP in the Location or Address field Press ENTER Note You can always use the domain name setup zyxel to access the Web Configurator whether the Switch is using a DHCP assign...

Страница 56: ...The NCC is a cloud based network management system that allows you to remotely manage and monitor the Switch See Section 1 1 5 on page 33 for information on changing your Switch to Nebula Cloud manage...

Страница 57: ...sic or advanced settings see Section 4 4 on page 64 for details Use the Basic Settings to configure networked AV operation on management VLAN Such as the Switches IP address DNS server system password...

Страница 58: ...Mode Click Password SNMP to open a screen where you can change the administrator password and SNMP community string simultaneously Otherwise click Ignore to close it If you log into the Web Configura...

Страница 59: ...sion on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP version 1 Get Community...

Страница 60: ...install it in a computer Windows operating system 4 3 1 Requirements Before installing the ZON Utility in your computer please make sure it meets the requirements listed below Operating System At the...

Страница 61: ...Show information about ZON icon in the upper right of the screen Then select the Supported model and firmware version link If your device is not listed here see the device release notes for ZON Utili...

Страница 62: ...es in your network Figure 33 Discovery 5 The ZON Utility screen shows the devices discovered Figure 34 ZON Utility Screen 6 Select a device and then use the icons to perform actions Some functions may...

Страница 63: ...nzipped it in advance 8 Change Password Use this icon to change the admin password of the selected device You must know the current admin password before changing to a new one 9 Configure NCC Discover...

Страница 64: ...s of an internal interface on the discovered device that first received a ZDP discovery request from the ZON Utility System Name This field displays the system name of the discovered device Location T...

Страница 65: ...c IP Interface when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the VLAN ID IP Address The Switch needs an IP address for it to be manag...

Страница 66: ...Enabled to let the Switch act as an SNMP agent which allows a manager station to manage and monitor the Switch through the network Select Disabled to turn this feature off Version Select the SNMP ver...

Страница 67: ...2 Wizard Basic Settings Step 3 Networked AV LABEL DESCRIPTION Skip Networked AV Mode Settings Click this option to avoid using the basic default AVoIP settings The default AVoIP settings can be seen i...

Страница 68: ...ress Default Gateway This field displays the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 1 254 DNS Server This field displays the DNS Domain Name System f...

Страница 69: ...P Snooping Querier This field displays Active when the Switch is allowed to send IGMP General Query messages to the VLANs with the multicast hosts attached Otherwise it displays Inactive Unknown Multi...

Страница 70: ...s the Switch s Web Configurator again Select Static IP Interface when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the VLAN ID IP Address...

Страница 71: ...ct Enabled to let the Switch act as an SNMP agent which allows a manager station to manage and monitor the Switch through the network Select Disabled to turn this feature off Version Select the SNMP v...

Страница 72: ...Table 16 Wizard Advanced Settings Step 3 Networked AV LABEL DESCRIPTION Allocate networked AV service to a VLAN Networked AV VLAN Enter a number between 1 and 4094 to create a VLAN for the AVoIP netwo...

Страница 73: ...k Management to assign the ports for connecting to non Audio Video equipment for example computer and NAS Link aggregate Select this option to aggregate multiple port bandwidth if you are connecting t...

Страница 74: ...his field displays the Trap Community string Networked AV Advanced Settings Networked AV VLAN This field displays the VLAN ID for the AVoIP network Networked AV VLAN IP This field displays the corresp...

Страница 75: ...mation in the screen you are currently viewing G Click this icon to save your configuration into the Switch s non volatile memory Non volatile memory is the configuration of your Switch that stays the...

Страница 76: ...kes you to a screen where you can view the IPv4 routing table for routing information including IP interface and hop count to certain network destinations IPv6 Routing Table This link takes you to a s...

Страница 77: ...arameters such as VLAN type Syslog Setup This link takes you to a screen where you can configure the Switch s system logging settings and configure a list of external syslog servers Time Range This li...

Страница 78: ...col over Ethernet Intermediate Agent and configure per port per port per VLAN settings Private VLAN This link takes you to a screen where you can block traffic between ports in a VLAN on the Switch Qo...

Страница 79: ...VLANs based on the source MAC address of the packet You can specify a mask for the MAC address to create a MAC address filter and enter a weight to set the VLAN rule s priority VLAN Isolation This li...

Страница 80: ...CS Server Setup This link takes you to a screen where you can configure your TACACS Terminal Access Control ler Access Control System Plus server settings for authentication AAA Setup This link takes...

Страница 81: ...ted for DHCPv6 snoop ing Port Authenti cation Click the link to unfold the following sub link menu These links take you to screens where you can configure IEEE 802 1x port authentication as well as MA...

Страница 82: ...Control status and Networked AV status MONITOR System Information This link takes you to a screen that displays general system information SYSTEM General Setup This link takes you to a screen where y...

Страница 83: ...s you to a screen where you can specify a group of one or more trusted computers from which an administrator may use a service to manage the Switch Storm Control This link takes you to a screen to set...

Страница 84: ...t administrator password Click SYSTEM Logins to display the next screen Table 20 Common Table Icons LABEL DESCRIPTION Select an entry s check box to select a specific entry Otherwise select the check...

Страница 85: ...ave your configuration to non volatile memory Non volatile memory refers to the Switch s storage that remains even if the Switch s power is turned off Note Use the Save link when you are done with a c...

Страница 86: ...ee Section 3 3 on page 52 for more information about the LED behavior 4 8 2 Reload the Configuration File Uploading the factory default configuration file replaces the current configuration file with...

Страница 87: ...ish a management session for security reasons Figure 50 Logout button 4 10 Help The Web Configurator s online help has descriptions of individual screens and some supplementary information Click the H...

Страница 88: ...Chapter 4 Web Configurator XS3800 28 User s Guide 88 Figure 51 Online Web Help...

Страница 89: ...tup Create a VLAN Set Port VID Configure Switch Management IP Address 5 1 1 Create a VLAN VLANs confine broadcast frames to the VLAN group in which the ports belongs You can do this with port based VL...

Страница 90: ...configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the Tx Tagging check box to set the Switc...

Страница 91: ...ly to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 3 Configure Switch Management IP Address If the Switch fails to o...

Страница 92: ...nd enter setup zyxel or 192 168 1 1 the default IP address in the address bar to access the Web Configurator See Section 4 2 on page 55 for more information Note You can always use the domain name set...

Страница 93: ...k 5 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong In this example enter VLAN ID 2 This is the same as the VLAN ID you configure in the Static V...

Страница 94: ...network V Create a VLAN containing ports 4 5 and 6 Connect a computer M to the Switch for management Figure 55 Tutorial DHCP Snooping Tutorial Overview The settings in this tutorial are as the followi...

Страница 95: ...Create a VLAN with ID of 100 Add ports 4 5 and 6 in the VLAN by selecting Fixed in the Control field as shown De select Tx Tagging because you do not want outgoing traffic to contain this VLAN tag Cl...

Страница 96: ...IPv4 Source Guard DHCP Snooping DHCP Snp VLAN Setup screen will be broadcast to the DHCP VLAN you set on this screen which is VLAN100 in this example Tutorial Specify DHCP VLAN 6 Go to SECURITY IPv4 S...

Страница 97: ...name you can select an Option82 Profile in the entry The Switch will add DHCP option 82 information to DHCP requests that the Switch relays to a DHCP server for the specified VLAN 8 Connect your DHCP...

Страница 98: ...P server 192 168 2 3 and want to have it assign a specific IP address say 172 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to the Swi...

Страница 99: ...lick Add Edit 4 The following screen appears Enable the switch button to set this VLAN to Active Enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID fiel...

Страница 100: ...tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 9 Click Apply to save your changes back to the run time memory 10 Click t...

Страница 101: ...e sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked t...

Страница 102: ...DHCP option 60 enabled and a Vendor Class Identifier assigned when you reboot the Switch follow the instruction below Otherwise skip this step Enter the filename of an auto configuration file Set up a...

Страница 103: ...s Identifier in the Class ID field and specify the VLAN interface in the VID field In this example we use ZyxelCorp and VID 1 Click Apply Figure 59 Tutorial Enable DHCP Client Option 60 6 You need to...

Страница 104: ...ONITOR System Log screen to see if auto configuration was performed successfully Figure 62 Tutorial Log 9 Check the screens to see if it is the configuration file you want to load If it is not go thro...

Страница 105: ...e circles Clickable hardware status monitoring sections that directly link to the MONITOR System Information screen Editable Quick Link section which provides shortcuts to configuration screens that y...

Страница 106: ...cally refreshes every 30 seconds Click this to disable the auto refresh Click Resume Auto Refresh to enable Port Status This displays individual port type status and connection speed of the Switch Cli...

Страница 107: ...mber and date of the firmware the Switch is currently running System Time This field displays the current date and time in the UAG The format is mm dd yyyy hh mm ss System Uptime This field displays h...

Страница 108: ...on NCC Gray The Switch is not registered on NCC Note All circles will gray out if you disable Nebula Discovery Note If a circle displays orange or gray hover the mouse over the circle to check the di...

Страница 109: ...ks in the Quick Link section provide shortcuts to specific configuration screens You can use the quick links to directly access the screens that you would frequently use You can also decide which quic...

Страница 110: ...gure 67 Quick Links The setup panel displays after you click the Edit button Figure 68 Quick Link Selection Select the quick links you want and click Apply The selected quick links will be displayed i...

Страница 111: ...ers introduces the configurations of the links under the MONITOR navigation panel Quick links to chapters ARP Table IP Table IPv6 Neighbor Table MAC Table Neighbor Path MTU Table Port StatusThis chapt...

Страница 112: ...Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP add...

Страница 113: ...the condition you specified Cancel Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Swit...

Страница 114: ...re 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address alre...

Страница 115: ...hich the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch In stacking mode the first number represents the slot and the second the port number Type...

Страница 116: ...Pv6 Neighbor Setup screen When the Switch needs to send a packet it first consults other table to determine the next hop Once the next hop IPv6 address is known the Switch looks into the neighbor tabl...

Страница 117: ...pper layer protocols a chance to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 ad...

Страница 118: ...dynamic or static 12 1 2 What You Need to Know The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on...

Страница 119: ...e Use this screen to search specific MAC addresses You can also directly add dynamic MAC addresses into the static MAC forwarding table or MAC filtering table from the MAC table using this screen Clic...

Страница 120: ...nge the data according to port number Type Transfer Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into...

Страница 121: ...hboring devices like login This screen shows the neighboring device first recognized on an Ethernet port of the Switch Device information is displayed in gray when the neighboring device is offline 13...

Страница 122: ...slot number of the Switch in a stack Port This shows the port of the Switch on which the neighboring device is discovered In Stacking mode the first number represents the slot ID and the second is the...

Страница 123: ...Chapter 13 Neighbor XS3800 28 User s Guide 123 Figure 77 MONITOR Neighbor Neighbor Details Standalone Mode...

Страница 124: ...nts the slot and the second the port number Enter 1 1 1 24 2 23 for ports 1 to 24 for the Switch in slot 1 and port 23 for the Switch in slot 2 for example SLOT This field appears only in Stacking mod...

Страница 125: ...do not support the ZON utility Desc This shows the description of the neighbor device s port which is connected to the Switch IPv4 This shows the IPv4 address of the neighbor device The IPv4 address...

Страница 126: ...ble Use this screen to view IPv6 path MTU information on the Switch Click MONITOR Path MTU Table in the navigation panel to display the screen as shown Figure 79 MONITOR Path MTU Table The following t...

Страница 127: ...FP transceivers on the Switch Use the Port Utilization screen Section 15 3 on page 134 to view the current data rate and utilization percentage of each port on the Switch 15 1 Port Status This screen...

Страница 128: ...Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port If STP is disabled this field displays FORWARDING if the li...

Страница 129: ...led performance data about an individual port on the Switch Figure 82 MONITOR Port Status Port Details The following table describes the labels in this screen Table 31 MONITOR Port Status Port Details...

Страница 130: ...nformation about packets transmitted Unicast This field shows the number of good unicast packets transmitted Multicast This field shows the number of good multicast packets transmitted Broadcast This...

Страница 131: ...ackets received with a length that was out of range Runt This field shows the number of packets received that were too short shorter than 64 octets including the ones with CRC errors Distribution 64 T...

Страница 132: ...own list to choose the slot number of the Switch in a stack Port This identifies the SFP port In Stacking mode the first number represents the slot ID and the second is the port number Please note tha...

Страница 133: ...Revision This displays the revision number of the optical transceiver Date Code This displays the date when the optical transceiver was manufactured Transceiver This displays details about the type o...

Страница 134: ...rom the fiber cable Current This displays the current status for each monitored DDMI parameter High Alarm Threshold This displays the high value alarm threshold for each monitored DDMI parameter An al...

Страница 135: ...d They are reserved for stacking only Link This field displays the speed either 100M for 100Mbps 1G for 1 Gbps 2 5G for 2 5 Gbps 5G for 5 Gbps or 10G for 10 Gbps and the duplex F for full duplex or H...

Страница 136: ...information Use the IPv6 Routing Table screen Section 16 3 on page 137 to view the Switch s IPv6 routing table information 16 2 IPv4 Routing Table Use this screen to view IPv4 routing table informatio...

Страница 137: ...ays how long the route has been running since the Switch learned the route and added an entry in the routing table Table 35 MONITOR Routing Table IPv4 Routing Table continued LABEL DESCRIPTION Table 3...

Страница 138: ...138 to view general system information and hardware status of the Switch Use the Hardware Monitor screen Section 17 2 on page 142 to monitor and check the hardware status of the Switch in Stacking mod...

Страница 139: ...Chapter 17 System Information XS3800 28 User s Guide 139 Figure 90 MONITOR System Information Standalone Mode...

Страница 140: ...f the Switch CPU Utilization Current This displays the current percentage of CPU utilization Memory Utilization Memory utilization shows how much DRAM memory is available and in use It also displays t...

Страница 141: ...le of detecting and reporting if the voltage falls out of the tolerance range Status Normal indicates that the voltage is within an acceptable operating range at this point otherwise Error is displaye...

Страница 142: ...when the Switch is in Stacking mode In the MONITOR System Information screen click an index of a Slot under Hardware Monitor to display the screen as shown Use this screen to view hardware information...

Страница 143: ...t this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum speed Current This field displays this fan s current speed in Revolutions Per Minute RP...

Страница 144: ...n for viewing 18 2 System Log Click MONITOR System Log in the navigation panel to open this screen Use this screen to check current system logs Note When a log reaches the maximum number of log messag...

Страница 145: ...e shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is currently displa...

Страница 146: ...ing chapters introduces the configurations of the links under the SYSTEM navigation panel Quick links to chapters Cloud Management General Setup Hardware Monitor Setup Interface Setup IP Setup IPv6 Lo...

Страница 147: ...ows you to remotely manage and monitor Zyxel Nebula APs Ethernet switches and security gateways The Switch is managed and provisioned automatically by the NCC Nebula Control Center when It is connecte...

Страница 148: ...Chapter 20 Cloud Management XS3800 28 User s Guide 148 Figure 94 SYSTEM Cloud Management...

Страница 149: ...e app to scan the QR code to register the Switch on NCC and add the Switch into a site Table 39 SYSTEM Cloud Management LABEL DESCRIPTION Nebula Control Center NCC Discovery Enable the switch button t...

Страница 150: ...Chapter 20 Cloud Management XS3800 28 User s Guide 150 If Nebula Control Center NCC Discovery is disabled the Switch will NOT discover the NCC and remain in Standalone mode...

Страница 151: ...95 SYSTEM General Setup Note The input string of any field in this screen should not contain or The following table describes the labels in this screen Table 40 SYSTEM General Setup LABEL DESCRIPTION...

Страница 152: ...your time zone from the drop down list box Daylight Saving Time Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour t...

Страница 153: ...See the transceiver documentation Figure 96 SYSTEM Hardware Monitor Setup The following table describes the labels in this screen Apply Click Apply to save your changes to the Switch s run time memory...

Страница 154: ...Setup XS3800 28 User s Guide 154 You will see SFP warning icons next to the FANs in the MONITOR System Information screen when SFP Detect has triggered the fans Figure 97 Hardware Monitor SFP Module T...

Страница 155: ...r you configure them in the NETWORKING Loopback Interface IPv4 Loopback Interface screen or the SYSTEM IPv6 screens Click SYSTEM Interface Setup in the navigation panel to display the configuration sc...

Страница 156: ...he time of writing the Switch supports the following interface types VLAN interface for IPv6 IPv4 loopback interface Interface ID Specify a unique identification number from 1 to 4094 for the VLAN int...

Страница 157: ...nd used as the Switch s management IP address The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 On the Switch an IP address is not...

Страница 158: ...isplays the IP address of the DNS server Source This field displays whether the DNS server address is configured manually Static or obtained automatically using DHCPv4 IP Interface Index This field di...

Страница 159: ...outing domain belongs IP Address This is the IP address of your Switch in dotted decimal notation for example 192 168 1 1 IP Subnet Mask This is the IP subnet mask of your Switch in dotted decimal not...

Страница 160: ...rent dynamic IP address from the DHCP server Rebind Time This displays the length of time from the lease start that the Switch will request to get any dynamic IP address from the DHCP server Lease Tim...

Страница 161: ...h send the packets to the management port labeled MGMT This means that devices connected to the other ports do not receive these packets Select In band to have the Switch send the packets to all ports...

Страница 162: ...anges to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration IP Interface Use this section to view and configure IP routing dom...

Страница 163: ...thout the specific VCI Select this and enter the device identity you want the Switch to add in the DHCP discovery frames that go to the DHCP server This allows the Switch to identify itself to the DHC...

Страница 164: ...the proxy server 1 65535 Authentication Enable the switch button to enable proxy server authentication using a Username and Password Username Enter a login user name from the proxy server administrato...

Страница 165: ...iew and configure IPv6 global addresses Use the IPv6 Neighbor Discovery Setup screen Section 24 7 on page 173 to view and configure neighbor discovery settings on each interface Use the IPv6 Router Di...

Страница 166: ...n opens Table 50 SYSTEM IPv6 IPv6 Status LABEL DESCRIPTION Domain Name Server Domain Name Server This field displays the IP address of the DNS server Source This field displays whether the DNS server...

Страница 167: ...ime period in milliseconds during which ICMPv6 error messages of up to the bucket size can be transmitted 0 means no limit ND DAD Active This field displays whether Neighbor Discovery ND Duplicate Add...

Страница 168: ...ses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lifetimes expire T2 This field displays the DHCPv6 T2 ti...

Страница 169: ...an IPv6 router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time i...

Страница 170: ...6 Link Local Address Setup to display the screen as shown next Note You should first create an IPv6 interface in the SYSTEM Interface Setup screen Table 53 SYSTEM IPv6 IPv6 Interface Setup LABEL DESCR...

Страница 171: ...ace you created IPv6 Link Local Address This is the static IPv6 link local address for the interface IPv6 Default Gateway This is the default gateway IPv6 address for the interface Select an entry s c...

Страница 172: ...er a domain name server IPv6 address in order to be able to use a domain name instead of an IP address Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these cha...

Страница 173: ...IPv6 Addressing IPv6 Global Address Setup continued LABEL DESCRIPTION Table 58 SYSTEM IPv6 IPv6 Addressing IPv6 Global Address Setup Add Edit LABEL DESCRIPTION Interface Select the IPv6 interface you...

Страница 174: ...ated DAD Attempts This field displays the number of consecutive neighbor solicitations the Switch sends for this interface NS Interval This field displays the time interval in milliseconds at which ne...

Страница 175: ...faults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 60 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Neighbor Discovery Setup Edit continued LABEL DESCRIPT...

Страница 176: ...osts use DHCPv6 to obtain additional configuration settings such as DNS information De select the option to set the flag to 0 and the host will not use DHCPv6 to obtain additional configuration settin...

Страница 177: ...Figure 121 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Prefix Setup Add Edit Table 63 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Prefix Setup LABEL DESCRIPTION Index This is the interface index number Int...

Страница 178: ...valid lifetime Flags Select No Autoconfig Flag to not allow IPv6 hosts to use this prefix Select No Onlink Flag to not allow the specified prefix to be used for on link determination Select No Advert...

Страница 179: ...onfigure The Switch supports the VLAN interface type for IPv6 at the time of writing Interface ID Specify a unique identification number from 1 to 4094 for the interface A static IPv6 neighbor entry d...

Страница 180: ...me of the IPv6 interface you created IA NA This field displays whether the Switch obtains a non temporary IP address from the DHCPv6 server Rapid Commit This field displays whether the Switch obtains...

Страница 181: ...server should also support the Rapid Commit option to have it work well Options Select DNS to have the Switch obtain DNS server IPv6 addresses and or select Domain List to have the Switch obtain a lis...

Страница 182: ...is always admin The default administrator password is 1234 Note It is highly recommended that you change the default administrator password 1234 A non administrator user name is something other than...

Страница 183: ...pe the privilege level for this user At the time of writing users may have a privilege level of 0 3 13 or 14 representing different configuration rights as shown below 0 Display basic system informati...

Страница 184: ...P User screen Section 26 3 on page 186 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use the SNMP Trap Group screen Section 26 4 on page 188 to...

Страница 185: ...for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community strin...

Страница 186: ...un time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done conf...

Страница 187: ...nd SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Password Enter the password of up to 32 print...

Страница 188: ...turn to the last screen Table 72 SYSTEM SNMP SNMP User Add Edit continued LABEL DESCRIPTION Table 73 SYSTEM SNMP SNMP Trap Group LABEL DESCRIPTION Trap Destination IP Select one of your configured tra...

Страница 189: ...ager Figure 131 SYSTEM SNMP SNMP Trap Port Standalone Mode Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so u...

Страница 190: ...en make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them 1 Settings in this row apply to all ports for the Switch represented by the slot ID...

Страница 191: ...which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables or managed objects that...

Страница 192: ...heet at www zyxel com Support Download Library Datasheet To get the private MIBs supported by your Switch download and unzip the correct model MIB from www zyxel com Support Download Library MIB File...

Страница 193: ...t interface zySysMgmtBootImageInconsist ence 1 3 6 1 4 1 890 1 15 3 49 2 3 This trap is sent when the index number of image which is loaded when the Switch starts up is different from what is specifie...

Страница 194: ...over from an overloaded state zyPoePowerPortShortCircuitRe covered 1 3 6 1 4 1 890 1 15 3 59 4 6 This trap is sent when the port is turned on to recover from a short circuit zyPoePowerPortOverSystemBu...

Страница 195: ...gSyncConfFail 1 3 6 1 4 1 890 1 15 3 97 4 10 This trap is sent when a configuration sync fails zyStackingSysRestoreConfFail 1 3 6 1 4 1 890 1 15 3 97 4 11 This trap is sent when a backup Switch become...

Страница 196: ...nt when the transceiver temperature is recovered from the out of normal operating range zyTransceiverDdmiTxPowerOut OfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 7 This trap is sent when the transmitte...

Страница 197: ...ment connection authorization failed accounting zyRadiusServerAccountingServ erNotReachable 1 3 6 1 4 1 890 1 15 3 71 2 2 This trap is sent when there is no response message from the RADIUS accounting...

Страница 198: ...he MSTP root switch changes mactable zyMacForwardingTableFull 1 3 6 1 4 1 890 1 15 3 48 2 1 This trap is sent when more than 99 of the MAC table is used zyMacForwardingTableFullRec overed 1 3 6 1 4 1...

Страница 199: ...4 Switch Stacking Concept The last four combo ports of your Switch are dedicated for Switch stacking At the time of writing the Switch can only connect to another Switch of the same model and firmware...

Страница 200: ...l Switch Centralized management log into a single IP address of the master switch to control all Switches in the stacking system using the web configurator CLI SNMP or FTP Redundancy Data redundancy a...

Страница 201: ...If the Switch is a master restart it or choose another master MAC address This field displays the MAC address of the stacked Switch Role This field displays whether the Switch is a master backup or l...

Страница 202: ...l have the same priority level but the Switch that has the longest active run time will be selected as the master Switch automatically Priority This field displays the priority level of the Switch A h...

Страница 203: ...to enable Force Master Mode to choose the master Switch This master Switch will have the highest priority over all other stacked Switches even when they have same priority value If two or more Switch...

Страница 204: ...figuration file with factory default settings and the default IP interface settings in Stacking mode 2 After reboot completes the master LED will turn on 3 Configure the Switch stacking priority to a...

Страница 205: ...r from1 to 63 to assign a priority for the stacking Switch The higher the number the higher the priority Apply Click Apply to save changes made to the Force Master Mode and System Priority fields Canc...

Страница 206: ...cations VLAN is vital in providing isolation and security among the subscribers When properly configured VLAN prevents one subscriber from accessing the network resources of another on the same LAN th...

Страница 207: ...Chapter 28 Switch Setup XS3800 28 User s Guide 207 Figure 139 SYSTEM Switch Setup Standalone Mode Figure 140 Basic Setting Switch Setup Stacking Mode...

Страница 208: ...here applies to ARP entries which are newly added in the ARP table after you click Apply GARP Timer Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GA...

Страница 209: ...everity levels 29 1 1 What You Can Do Use the Syslog Setup screen Section 29 2 on page 209 to configure the device s system logging settings and configure a list of external syslog servers 29 2 Syslog...

Страница 210: ...e memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configurin...

Страница 211: ...ou can edit the entry later Server Address Enter the IPv4 or IPv6 address of the syslog server UDP Port The default syslog server port is 514 If your syslog server uses a different port configure the...

Страница 212: ...and does not have an end time 30 1 1 What You Can Do Use the Time Range screen Section 30 2 on page 212 to view or define a schedule on the Switch 30 2 Configuring Time Range Click SYSTEM Time Range...

Страница 213: ...ay Recurring schedules are useful for defining the workday and off work hours Range This field displays the time periods to which this schedule applies Add Edit Click Add Edit to add a new schedule ru...

Страница 214: ...nt to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute whe...

Страница 215: ...TER 31 PORT The following chapters introduces the configurations of the links under the PORT navigation panel Quick links to chapters Flex Link Green Ethernet Link Aggregation Link Layer Discovery Pro...

Страница 216: ...link automatically goes up and is able to forward traffic Preemption Enable Preemption to have the Switch automatically return the primary port to FORWARDING state after the connection from the primar...

Страница 217: ...t This displays the port number of the primary link In Stacking mode the first number represents the slot ID and the second is the port number Backup Port This displays the port number of the backup l...

Страница 218: ...T Flex Link Flex Link Setup Add Edit Stacking Mode Preemption This displays if Preemption is enabled on the flex link pair If Preemption is enabled when the primary port comes back up the backup port...

Страница 219: ...cannot be configured They are reserved for stacking only Preemption Select this to enable the Preemption mode on the flex link pair If Preemption is disabled if the primary port is down then comes ba...

Страница 220: ...return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a li...

Страница 221: ...Chapter 33 Green Ethernet XS3800 28 User s Guide 221 Figure 149 PORT Green Ethernet Standalone Mode...

Страница 222: ...the slot number of the Switch in a stack Port This field displays the port number In Stacking mode the first number represents the slot ID and the second is the port number Please note that the defaul...

Страница 223: ...memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring...

Страница 224: ...ransmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 34 3 on page 227 to configure static link aggregation Use the Link Aggregation Control...

Страница 225: ...ion Load sharing works by statically splitting the traffic based on source or destination IP MAC address and then distributing the load across multiple paths In link aggregation this allows the trunk...

Страница 226: ...to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same de...

Страница 227: ...3 Link Aggregation Setting Click PORT Link Aggregation Link Aggregation Setting to display the screen shown next See Section 34 1 on page 224 for more information on link aggregation Figure 152 PORT...

Страница 228: ...e describes the labels in this screen Table 98 PORT Link Aggregation Link Aggregation Setting LABEL DESCRIPTION This is the only screen you need to configure to enable static link aggregation Group ID...

Страница 229: ...ect src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based...

Страница 230: ...Chapter 34 Link Aggregation XS3800 28 User s Guide 230 Figure 154 PORT Link Aggregation Link Aggregation Control Protocol Standalone Mode...

Страница 231: ...between 1 and 65535 The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter...

Страница 232: ...ber Please note that the default stacking ports the last four ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if...

Страница 233: ...Chapter 34 Link Aggregation XS3800 28 User s Guide 233 Figure 157 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete...

Страница 234: ...LLDP data units in the form of TLV Type Length Value Device information carried in the received LLDPDUs is stored in the standard MIB The Switch supports these basic management TLVs End of LLDPDU mand...

Страница 235: ...easy trouble shooting for mis configured IP addresses There are three classes of endpoint devices that the LLDP MED supports Class I IP Communications Controllers or other communication related server...

Страница 236: ...screen Section 35 7 on page 251 to configure organization specific TLV settings on each port 35 2 2 What You Can Do LLDP MED Use the LLDP MED Setup screen Section 35 8 on page 252 to configure LLDP M...

Страница 237: ...Chapter 35 Link Layer Discovery Protocol LLDP XS3800 28 User s Guide 237 Figure 160 PORT LLDP LLDP LLDP Local Status Standalone Mode...

Страница 238: ...you are configuring The chassis ID is identified by the chassis ID subtype Chassis ID Subtype This displays how the chassis of the Switch is identified Chassis ID This displays the chassis ID of the...

Страница 239: ...ick a port number to view the detailed LLDP status on this port at LLDP Local Port Status Detail screen In Stacking mode the first number represents the slot ID and the second is the port number Pleas...

Страница 240: ...of the current port Max Frame Size TLV This displays the maximum supported frame size in octets MED TLV LLDP Media Endpoint Discovery MED is an extension of LLDP that provides additional capabilities...

Страница 241: ...number of the Switch in a stack Index The index number shows the number of remote devices that are connected to the Switch Click on an index number to view the detailed LLDP status for this remote dev...

Страница 242: ...isplays the chassis ID of the remote device The chassis ID is identified by the chassis ID subtype Port ID TLV Port ID Subtype This displays how the port of the remote device is identified Port ID Thi...

Страница 243: ...tem Capabilities Supported System Capabilities Enabled Management Address TLV This displays the management address IPv4 and IPv6 of the remote device Management Address Subtype Management Address Inte...

Страница 244: ...N Supported Displays if the port supports or does not support auto negotiation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of...

Страница 245: ...covery MED is an extension of LLDP that provides additional capabilities to support media endpoint devices MED enables advertisement and discovery of network policies device location discovery to allo...

Страница 246: ...t should move to a power conservation mode Power Source Whether or not the Endpoint is currently operating from an external power source Power Priority The Endpoint Device s power priority which the N...

Страница 247: ...Chapter 35 Link Layer Discovery Protocol LLDP XS3800 28 User s Guide 247 Figure 167 PORT LLDP LLDP LLDP Setup Standalone Mode...

Страница 248: ...tween successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click A...

Страница 249: ...soon as you make them Admin Status Select whether LLDP transmission and or reception is allowed on this port Disable not allowed Tx Only transmit only Rx Only receive only Tx Rx transmit and receive N...

Страница 250: ...Changes in this row are copied to all the ports as soon as you make them Management Address Select the check boxes to enable or disable the sending of Management Address TLVs on the ports Port Descrip...

Страница 251: ...TLV Setting Use this screen to configure organization specific TLV settings Click PORT LLDP LLDP Org specific TLV Setting to display the screen as shown next Figure 171 PORT LLDP LLDP Org specific TL...

Страница 252: ...ake them Dot1 TLV Port Protocol VLAN ID Select the check boxes to enable or disable the sending of IEEE 802 1 Port and Protocol VLAN ID TLVs on the ports Port VLAN ID Select the check boxes to enable...

Страница 253: ...mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the...

Страница 254: ...configuring this screen afresh Table 109 PORT LLDP LLDP LLDP MED Setup continued LABEL DESCRIPTION Table 110 PORT LLDP LLDP MED LLDP MED Network Policy LABEL DESCRIPTION Index This field displays the...

Страница 255: ...r the Switch in slot 2 for example Application Type Select the type of application used in the network policy voice voice signaling guest voice guest voice signaling softphone voice video conferencing...

Страница 256: ...e first number represents the slot and the second the port number Location Coordinates This field displays the location configuration information based on geographical coordinates that includes longit...

Страница 257: ...Chapter 35 Link Layer Discovery Protocol LLDP XS3800 28 User s Guide 257 Figure 178 PORT LLDP LLDP MED LLDP MED Location Add Edit Standalone Mode...

Страница 258: ...up the location within the LLDP MED network In Stacking mode the first field is the slot ID and the second field is the port number Location Coordinates The LLDP MED uses geographical coordinates and...

Страница 259: ...g Street Direction Street Suffix Trailing Street Suffix House Number House Number Suffix Landmark Additional Location Name Zip Code Building Unit Floor Room Number Place Type Postal Community Name Pos...

Страница 260: ...eshoot network connection problems The Switch supports the following IEEE 802 3ah features Discovery this identifies the devices on each end of the Ethernet link and their OAM configuration Remote Loo...

Страница 261: ...ack Local This section displays information about the ports on the Switch Port This field displays the port number In Stacking mode the first number represents the slot ID and the second is the port n...

Страница 262: ...device Mac Address This field displays the MAC address of the remote device OUI This field displays the OUI first 3 bytes of the MAC address of the remote device Mode This field displays the operation...

Страница 263: ...Chapter 36 OAM XS3800 28 User s Guide 263 Figure 182 PORT OAM OAM Status OAM Details...

Страница 264: ...ack This field indicates whether or not the port can use loopback control PDUs to put the remote device into loopback mode Link events This field indicates whether or not the port can interpret link e...

Страница 265: ...device that is connected to the Switch Vendor oui This field displays the Organizationally Unique Identifiers OUI representing the vendor of the IEEE 802 3ah enabled remote Ethernet device that is co...

Страница 266: ...OAM OAM Setup to display the configuration screen as shown Figure 183 PORT OAM OAM Setup Standalone Mode Unsupported OAMPDU Tx This field displays the number of unsupported OAM PDUs sent on the port U...

Страница 267: ...row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied t...

Страница 268: ...ote Loopback Standalone Mode Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top na...

Страница 269: ...umber of the loopback test frames Packet Size Define the allowable packet size of the loopback test frames Test Click Test to begin the test Remote Loopback Mode Port Enter the number of the port from...

Страница 270: ...User s Guide 270 CHAPTER 37 Port Setup 37 1 Port Setup Use this screen to configure Switch port settings Click PORT Port Setup in the navigation panel to display the configuration screen Figure 187 P...

Страница 271: ...ur Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first...

Страница 272: ...top sending signals when the receiving port memory buffers fill Back Pressure flow control is typically used in half duplex mode to send a collision signal to the sending port mimicking a state of pac...

Страница 273: ...ional as B cannot send packets to S1 although the S1 B link is up Similarly S2 S1 is unidirectional as S1 cannot send packets to S2 although the S1 S2 link is up Figure 189 ZULD Overview 38 1 1 What Y...

Страница 274: ...ZULD and you want to recover it then do one of the following Go to PORT Port Setup Clear Active and click Apply Then select Active and click Apply again Go to SECURITY Errdisable Errdisable Recovery...

Страница 275: ...state as well as sends a syslog and trap when it detects a unidirectional link Probe Time Probe time is the length of time that ZULD waits before declaring that a link is unidirectional When the probe...

Страница 276: ...PORT ZULD ZULD Setup Figure 192 PORT ZULD ZULD Setup Standalone Mode Remote MAC Addr This is the MAC address of the port on the connected device to which the port of the Switch is connected Remote Por...

Страница 277: ...make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon a...

Страница 278: ...h loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click thi...

Страница 279: ...el Quick links to chapters Layer 2 Protocol Tunneling Loop Guard MAC Pinning Mirroring Multicast Static Multicast Forwarding NLB PPPoE Private VLAN Differentiated Services Queuing Method Priority Queu...

Страница 280: ...packets 40 1 2 What You Need to Know Layer 2 protocol tunneling L2PT is used on the service provider s edge devices L2PT allows edge switches 1 and 2 in the following figure to tunnel layer 2 STP Span...

Страница 281: ...nneling Mode Each port can have two layer 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 195 on page 281 and con...

Страница 282: ...Chapter 40 Layer 2 Protocol Tunneling XS3800 28 User s Guide 282 Figure 196 SWITCHING Layer 2 Protocol Tunneling Standalone Mode Figure 197 SWITCHING Layer 2 Protocol Tunneling Stacking Mode...

Страница 283: ...o have the Switch tunnel CDP Cisco Discovery Protocol packets so that other Cisco devices can be discovered through the service provider s network STP Select this option to have the Switch tunnel STP...

Страница 284: ...apsulates the encapsulated layer 2 protocol packets received on a tunnel port by changing the destination MAC address to the original one and then forward them to an access port If the services is not...

Страница 285: ...he Switch and in specific ports 41 1 2 What You Need to Know Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a...

Страница 286: ...witch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not a...

Страница 287: ...ING Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature cannot be enabled on the ports that have Spanning Tree Protocol RSTP MRSTP or MSTP enabled Figure 202...

Страница 288: ...in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port bas...

Страница 289: ...you to set a port or multiple ports to have priority over other ports in MAC address learning That means when a MAC address and VLAN ID is learned on a MAC pinning enabled port the MAC address will n...

Страница 290: ...ing Stacking Mode The following table describes the labels in this screen Table 123 SWITCHING MAC Pinning LABEL DESCRIPTION Active Enable the switch button to turn on the MAC pinning function on the S...

Страница 291: ...then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable MAC pinning on this port The port the...

Страница 292: ...th local port mirroring and remote port mirroring In local port mirroring the mirroring ports through which traffic you copy passes and the monitor port are on the same device In remote port mirroring...

Страница 293: ...e the reflector port The Switch adds RMirror VLAN tag and forwards mirrored traffic from the mirroring port to the connected port directly 43 2 Local Port Mirroring Click SWITCHING Mirroring Mirroring...

Страница 294: ...Chapter 43 Mirroring XS3800 28 User s Guide 294 Figure 206 SWITCHING Mirroring Mirroring Standalone Mode Figure 207 SWITCHING Mirroring Mirroring Stacking Mode...

Страница 295: ...ld appears only in Stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In Stacking mode the first number represents the s...

Страница 296: ...CRIPTION VLAN This field displays the ID number of the RMirror VLAN Active This field displays whether the VLAN is enabled or not Select an entry s check box to select a specific entry Otherwise selec...

Страница 297: ...he mirrored traffic Mirror Port Ingress This field displays the number of ports on which the incoming traffic is mirrored Egress This field displays the number of ports on which the outgoing traffic i...

Страница 298: ...Chapter 43 Mirroring XS3800 28 User s Guide 298 Figure 211 SWITCHING Mirroring RMirror Source Add Edit Standalone Mode Figure 212 SWITCHING Mirroring RMirror Source Add Edit Stacking Mode...

Страница 299: ...to choose the slot number of the Switch in a stack Port This field displays the port number In Stacking mode the first number represents the slot ID and the second is the port number Please note that...

Страница 300: ...ror VLAN ID Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new entry or edit a se...

Страница 301: ...ort screen to display this screen Clear Click Clear to clear the fields to the factory defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 130 SWITC...

Страница 302: ...Port Add Edit LABEL DESCRIPTION RMirror VLAN ID Select the RMirror VLAN over which the mirrored traffic is forwarded SLOT This field appears only in Stacking mode Click the drop down list to choose t...

Страница 303: ...d traffic from the connected source or another intermediate device or forward mirrored traffic to the connected destination or another intermediate device in the same RMirror VLAN When the Switch is a...

Страница 304: ...esses of multicast groups the hosts want to join on its network MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port ca...

Страница 305: ...unctionality as IPv4 broadcast addresses Broadcasting is not supported in IPv6 A multicast address allows a host to send packets to all hosts in a multicast group Multicast scope allows you to determi...

Страница 306: ...stream port in MLD snooping proxy can report group changes to a connected multicast router and forward MLD messages to other upstream ports This helps especially when you want to have a network that u...

Страница 307: ...e multicast VLAN This improves bandwidth utilization with reduced multicast traffic in the subscriber VLANs and simplifies multicast group management MVR only responds to IGMP join and leave control m...

Страница 308: ...warding table on the Switch This maps the subscriber VLAN to the list of forwarding destinations for the specified multicast traffic When the subscriber changes the channel or turns off the computer a...

Страница 309: ...ure 222 SWITCHING Multicast IPv4 Multicast IGMP Snooping Standalone Mode Table 133 SWITCHING Multicast IPv4 Multicast IPv4 Multicast Status LABEL DESCRIPTION Index This is the index number of the entr...

Страница 310: ...le the switch button to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this to allow the Switch to send IGMP General Query messages...

Страница 311: ...n Multicast Frame Specify the action to perform when the Switch receives an unknown multicast frame Select Flooding to send the frames to all ports Select Drop to discard the frames Select Drop on VLA...

Страница 312: ...P leave message is received on this port from a host Fast Leave Enter an IGMP fast leave timeout value from 200 to 6348800 in miliseconds Select this option to have the Switch use this timeout to upda...

Страница 313: ...the port receives IGMP query packets Select Fixed to have the Switch always use the port as an IGMP query port Select this when you connect an IGMP multicast server to the port Select Edge to stop th...

Страница 314: ...lticast MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs You must also enable IGMP snooping in the SWITCHI...

Страница 315: ...name of the VLAN for identification purposes You can enter up to 32 printable ASCII characters except or VID Enter the ID of a static VLAN the valid range is between 1 and 4094 Note You cannot config...

Страница 316: ...v4 Multicast IGMP Filtering Profile continued LABEL DESCRIPTION Table 138 SWITCHING Multicast IPv4 Multicast IGMP Filtering Profile Add Profile LABEL DESCRIPTION Profile Name Enter a descriptive name...

Страница 317: ...ddress Type the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of I...

Страница 318: ...field displays the time in seconds that elapses before the Switch removes a MLD group membership entry if it does not receive report messages from the port Table 140 SWITCHING Multicast IPv6 Multicas...

Страница 319: ...een to display this screen Figure 232 SWITCHING Multicast IPv6 Multicast VLAN Add Edit Table 142 SWITCHING Multicast IPv6 Multicast VLAN MLD Snooping proxy VLAN LABEL DESCRIPTION MLD Snooping proxy VL...

Страница 320: ...tness Variable Robustness Variable Enter the number of queries A multicast address entry learned only on an upstream port by snooping is removed from the forwarding table when there is no response to...

Страница 321: ...ng proxy Port Role Setting Click SWITCHING Multicast IPv6 Multicast Port Role Setting to display the screen as shown See Section 44 1 on page 304 for more information on multicasting Figure 233 SWITCH...

Страница 322: ...that the default stacking ports the last four ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to mak...

Страница 323: ...orwarding table for the specified downstream ports This defines how many seconds the Switch waits for an MLD report before removing an MLD snooping membership entry learned on a downstream port when a...

Страница 324: ...Chapter 44 Multicast XS3800 28 User s Guide 324 Figure 235 SWITCHING Multicast IPv6 Multicast Filtering Standalone Mode Figure 236 SWITCHING Multicast IPv6 Multicast Filtering Stacking Mode...

Страница 325: ...e this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied...

Страница 326: ...to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Profile Click this to add a new MLD Snooping proxy filtering profile Add Rule Click Add Rul...

Страница 327: ...r the fields to the factory defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 147 SWITCHING Multicast IPv6 Multicast Filtering Profile Add Profile...

Страница 328: ...xisting entry and click Add Edit in the SWITCHING Multicast MVR screen Table 149 SWITCHING Multicast MVR LABEL DESCRIPTION VLAN This field displays the multicast VLAN ID Active This field displays whe...

Страница 329: ...Chapter 44 Multicast XS3800 28 User s Guide 329 Figure 241 SWITCHING Multicast MVR Add Edit Standalone Mode Figure 242 SWITCHING Multicast MVR Add Edit Stacking Mode...

Страница 330: ...field appears only in Stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In Stacking mode the first number represents t...

Страница 331: ...This field displays the multicast VLAN ID Group Name This field displays the descriptive name for this setting Start Address This field displays the starting IP address of the multicast group End Addr...

Страница 332: ...Select a multicast VLAN ID that you configured in the MVR screen from the drop down list box Group Name Enter a descriptive name for identification purposes You can enter up to 32 printable ASCII cha...

Страница 333: ...ulticast group traffic to the subscribers click Add Edit in the SWITCHING Multicast MVR Group Setup screen and configure multicast group settings The following figure shows an example where two IPv4 m...

Страница 334: ...Chapter 44 Multicast XS3800 28 User s Guide 334 Figure 248 MVR Group Configuration Example View...

Страница 335: ...g device A static multicast address is a multicast MAC address or multicast IPv4 address that has been manually entered in the multicast table This identifies the destination of the multicast content...

Страница 336: ...active or not You may temporarily deactivate a rule without deleting it Name This field displays the descriptive name for identification purposes for a static multicast MAC address forwarding rule MA...

Страница 337: ...he first octet pair in a multicast MAC address must be 1 For example the first octet pair 00000001 is 01 in hexadecimal so 01 00 5e 00 00 0A and 01 00 5e 00 00 27 are valid multicast MAC addresses VID...

Страница 338: ...bution The Switch only supports up to two clusters for NLB traffic distribution Note NLB settings are configured on the servers See Section 46 1 2 on page 339 for more information about NLB 46 1 1 Wha...

Страница 339: ...cluster to all ports of the switch to make sure the traffic is forwarded to the right destination The servers in a cluster cannot communicate with each other because they use the same unicast MAC add...

Страница 340: ...SCRIPTION Index This field displays the index number of the rule Name This field displays the descriptive name of the rule IP Address This field displays the IP address of the cluster MAC Address This...

Страница 341: ...C address must be 0 For example the first octet pair 00000000 is 00 and 00000010 is 02 in hexadecimal so 00 00 5e 00 00 0A and 02 00 5e 00 00 27 are valid unicast MAC addresses Apply Click Apply to sa...

Страница 342: ...0001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses The last binary bit of the first octet pair in a unicast MAC address must be 0...

Страница 343: ...ide 343 Clear Click Clear to clear the fields to the factory defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 158 SWITCHING NLB MAC Forwarding Ad...

Страница 344: ...rmediate Agent screen Section 47 2 on page 346 to enable the PPPoE Intermediate Agent on the Switch Use the PPPoE IA Port screen Section 47 3 on page 348 to set the port state and configure PPPoE inte...

Страница 345: ...it ID Syntax with Identifier String and Variables If you do not configure a Circuit ID string for a VLAN on a specific port or for a specific port the Switch adds the user defined identifier string an...

Страница 346: ...erminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port...

Страница 347: ...fields here empty and configure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Enable the switch button to have the Switch add the user defined identifier string and varia...

Страница 348: ...d ports Click the SWITCHING PPPoE Intermediate Agent PPPoE IA Port screen to display the screen as shown Figure 258 SWITCHING PPPoE Intermediate Agent PPPoE IA Port Standalone Mode Apply Click Apply t...

Страница 349: ...sis Changes in this row are copied to all the ports as soon as you make them Server Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted Trusted ports are up...

Страница 350: ...ter a string of up to 63 ASCII characters except or that the Switch adds into the Agent Remote ID sub option for PPPoE discovery packets received on this port Spaces are allowed If you do not specify...

Страница 351: ...bove If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Change...

Страница 352: ...pply to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to al...

Страница 353: ...VLAN can communicate with promiscuous ports in an associated Primary VLAN and other community ports in the same Community VLAN They cannot communicate with ports in Isolated VLANs non associated Prim...

Страница 354: ...ate with other isolated ports in I VLAN 102 nor community ports in C VLAN 101 Note Isolation in SWITCHING VLAN VLAN Setup VLAN Port Setup has a higher priority than private VLAN settings so promiscuou...

Страница 355: ...G Private VLAN LABEL DESCRIPTION SLOT This field appears only in Stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In S...

Страница 356: ...Primary VLAN and other community ports in the same Community VLAN They cannot communicate with ports in an Isolated VLAN non associated Primary VLAN Promiscuous ports nor Community ports in different...

Страница 357: ...ve advanced notice of where the traffic is going 49 1 1 What You Can Do Use the Diffserv screen Section 49 2 on page 358 to activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on...

Страница 358: ...traffic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to giv...

Страница 359: ...CHING QoS Diffserv Stacking Mode The following table describes the labels in this screen Table 171 SWITCHING QoS Diffserv LABEL DESCRIPTION Active Enable the switch button to enable Diffserv on the Sw...

Страница 360: ...s on the same Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adju...

Страница 361: ...assification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory...

Страница 362: ...e Switch traffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmi...

Страница 363: ...u configure in the queue Weight field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than que...

Страница 364: ...y port basis Note Changes in this row are copied to all the ports as soon as you make them Method Select SPQ Strictly Priority Queuing WFQ Weighted Fair Queuing or WRR Weighted Round Robin Strictly Pr...

Страница 365: ...Q5 the Switch services traffic on Q5 Q6 and Q7 using SPQ Select None to always use WFQ or WRR for the port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these...

Страница 366: ...ity level to physical queue mapping The Switch has eight physical queues that you can map to the eight priority levels On the Switch traffic assigned to higher index queues gets through faster while t...

Страница 367: ...nsumes high bandwidth and is sensitive to jitter Priority 4 Typically used for controlled load latency sensitive traffic such as SNA Systems Network Architecture transactions Priority 3 Typically used...

Страница 368: ...n Rate CIR is the guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no n...

Страница 369: ...Chapter 52 Bandwidth Control XS3800 28 User s Guide 369 Figure 273 SWITCHING QoS Bandwidth Control Standalone Mode Figure 274 SWITCHING QoS Bandwidth Control Stacking Mode...

Страница 370: ...row are copied to all the ports as soon as you make them Ingress Rate Active Select this check box to activate commit rate limits on this port Commit Rate Specify the guaranteed bandwidth allowed in k...

Страница 371: ...and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output interface sampling process parame...

Страница 372: ...Chapter 53 sFlow XS3800 28 User s Guide 372 Figure 276 SWITCHING sFlow Standalone Mode Figure 277 SWITCHING sFlow Stacking Mode...

Страница 373: ...hanges in this row are copied to all the ports as soon as you make them Active Select this to allow the Switch to monitor traffic on this port and generate and send sFlow datagram to the specified col...

Страница 374: ...he check box in the table heading row to select all entries Add Edit Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entries Table 179 SWITCHING sFl...

Страница 375: ...e Rapid Spanning Tree Protocol screen Section 54 5 on page 384 to configure RSTP settings Use the Multiple Rapid Spanning Tree Protocol Status screen Section 54 6 on page 388 to view the MRSTP status...

Страница 376: ...is selected This bridge has the lowest cost to the root among the bridges connected to the LAN How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port a...

Страница 377: ...f existing spanning tree protocols STP and RSTP in networks to include the following features One Common and Internal Spanning Tree CIST that represents the entire network s connectivity Grouping of m...

Страница 378: ...Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network Click SWITCHING Spanning Tree Protocol Spanning Tree Protocol Status to see the screen...

Страница 379: ...ng Tree Setup There are three Auto path cost Modes see Table 185 on page 381 Choose the Auto Path cost Mode according to the device average link speeds in the STP network If most of your devices suppo...

Страница 380: ...lay the screen as shown Table 182 Auto Path Cost Mode Short LINK SPEED AUTO PATH COST VALUE Up to 4 Mbps 250 Up to 10 Mbps 100 Up to 16 Mbps 62 Up to 100 Mbps 19 Up to 1 Gbps 4 Up to 10 Gbps 2 More th...

Страница 381: ...er defined 32 bit The auto path cost values of each mode are described in Section 54 3 on page 379 Note It is recommended to use the same Auto Path cost Mode on all switches within the spanning tree n...

Страница 382: ...mation on RSTP Note This screen is only available after you activate RSTP on the Switch Figure 284 SWITCHING Spanning Tree Protocol Spanning Tree Protocol Status RSTP Standalone Mode Apply Click Apply...

Страница 383: ...conds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age seconds This is the maximum time in seconds the Switch can w...

Страница 384: ...ll the ports on a root bridge root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port move...

Страница 385: ...Chapter 54 Spanning Tree Protocol XS3800 28 User s Guide 385 Figure 286 SWITCHING Spanning Tree Protocol RSTP Standalone Mode...

Страница 386: ...ty Bridge priority is used in determining the root switch root port and designated port The Switch with the highest priority lowest numeric value becomes the STP root switch If all Switches have the s...

Страница 387: ...e Select this check box to activate RSTP on this port Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP por...

Страница 388: ...ee Protocol Spanning Tree Protocol Status in the navigation panel to display the status screen as shown next See Section 54 6 on page 388 for more information on MRSTP Note This screen is only availab...

Страница 389: ...is bridge consisting of bridge priority plus MAC address This ID is the same for Root Bridge and Our Bridge if the Switch is the root switch Hello Time seconds This is the time interval in seconds at...

Страница 390: ...LAN segment A designated bridge has the lowest path cost to the root bridge among the bridges connected to the LAN segment All the ports on a root bridge root switch are designated ports Alternate A b...

Страница 391: ...Chapter 54 Spanning Tree Protocol XS3800 28 User s Guide 391 Figure 290 SWITCHING Spanning Tree Protocol MRSTP Standalone Mode...

Страница 392: ...le MRSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the STP ro...

Страница 393: ...make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate STP on this port Edge Select this check...

Страница 394: ...is only available after you activate MSTP on the Switch Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use...

Страница 395: ...Chapter 54 Spanning Tree Protocol XS3800 28 User s Guide 395 Figure 292 SWITCHING Spanning Tree Protocol Spanning Tree Protocol Status MSTP Standalone Mode...

Страница 396: ...tocol Spanning Tree Protocol Status MSTP LABEL DESCRIPTION CST This section describes the Common Spanning Tree settings Bridge Root Bridge refers to the base of the spanning tree the root bridge Our B...

Страница 397: ...isplay the MSTI to VLAN mapping In other words which VLANs run on each spanning tree instance Instance Instance This field displays the MSTI ID VLAN This field displays which VLANs are mapped to an MS...

Страница 398: ...esignated port is already connected when a switch has two links to the same LAN segment Disabled Not strictly part of STP The port can be disabled manually Designated Bridge ID This field displays the...

Страница 399: ...gnated ports should receive BPDUs at regular intervals Any port that ages out STP information provided in the last BPDU becomes the designated port for the attached LAN If it is a root port a new root...

Страница 400: ...the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Instance Use this section to configur...

Страница 401: ...53248 57344 and 61440 VLAN List Enter the VLAN ID range You can specify multiple VLAN ID range separated by no space comma or hyphen for a range For example enter 1 3 5 7 for VLANs 1 3 5 6 and 7 SLOT...

Страница 402: ...ting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost Note Set the value to 0 to use the auto...

Страница 403: ...you make them Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwardi...

Страница 404: ...fore traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Figure 300 MSTP Network Example 54 11 2 MST Region An MST region is a logical groupi...

Страница 405: ...le where there are two MST regions Regions 1 and 2 have two spanning tree instances Figure 301 MSTIs in Different Regions 54 11 4 Common and Internal Spanning Tree CIST A CIST represents the connectiv...

Страница 406: ...Chapter 54 Spanning Tree Protocol XS3800 28 User s Guide 406 Figure 302 MSTP and Legacy RSTP Network Example...

Страница 407: ...Static MAC Filtering in the navigation panel to display the screen as shown next Figure 303 SWITCHING Static MAC Filtering The following table describes the related labels in this screen Table 194 SWI...

Страница 408: ...check box Name Enter a descriptive name up to 32 printable ASCII characters excluding or for this rule This is for identification only Action Select Discard source to drop the frames from the source M...

Страница 409: ...tatic MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Click SWITCHING Static MAC Forward...

Страница 410: ...arded and the VLAN identification number to which the MAC address belongs VID This field displays the ID number of the VLAN group Port This field displays the port where the MAC address shown in the n...

Страница 411: ...ormat that is six hexadecimal character pairs Note Static MAC addresses do NOT age out VID Enter the VLAN identification number Port Enter the port where the MAC address entered in the previous field...

Страница 412: ...e Protocol Based VLAN Setup screen Section 57 10 on page 428 to set up VLANs that allow you to group traffic into logical VLANs based on the protocol you specify Use the Voice VLAN Setup screen Sectio...

Страница 413: ...and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4094 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames To fo...

Страница 414: ...d B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking ports Figure 308 Port VLAN Trunking Table 198 I...

Страница 415: ...Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN...

Страница 416: ...the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index numbe...

Страница 417: ...Chapter 57 VLAN XS3800 28 User s Guide 417 Figure 311 SWITCHING VLAN VLAN Status VLAN Status Details Standalone Mode Figure 312 SWITCHING VLAN VLAN Status VLAN Status Details Stacking Mode...

Страница 418: ...up Status This field shows how this VLAN was added to the Switch Dynamic using GVRP Static manually added as a normal VLAN Private manually added as a private VLAN primary isolated or community RMirro...

Страница 419: ...vate VLANs See also SWITCHING Private VLAN Primary VLAN This field shows the primary VLAN ID in a private VLAN Secondary VLAN This field shows the secondary VLAN ID in a private VLAN Type This field s...

Страница 420: ...Chapter 57 VLAN XS3800 28 User s Guide 420 Figure 315 SWITHCING VLAN VLAN Setup Static VLAN Add Edit Standalone Mode...

Страница 421: ...Ns select Primary Isolated or Community Association VLAN List Primary private VLANs can associate with several secondary Community private VLANs and up to one secondary Isolated private VLAN You only...

Страница 422: ...ly join this VLAN group using GVRP This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select Forbidden if you want to prohibit the port from joining th...

Страница 423: ...your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row fir...

Страница 424: ...Switch is in Stacking mode and the master Switch has VLAN1 all other ports will be configured to untagged port VLAN Trunking Enable VLAN Trunking on ports connected to other switches or routers but n...

Страница 425: ...the Switch in a stack Port This field displays the port number of the Switch In Stacking mode the first number represents the slot ID and the second is the port number Please note that the default sta...

Страница 426: ...configured to group incoming traffic based on the source IP subnet of incoming frames You configure a subnet based VLAN with priority 6 and VID of 100 for traffic received from IP subnet 172 16 1 0 2...

Страница 427: ...es these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel t...

Страница 428: ...N Active Enable the switch button to activate the IP subnet VLAN you are creating or editing Name Enter up to 32 alphanumeric characters to identify this subnet based VLAN The string should not contai...

Страница 429: ...index number identifying this protocol based VLAN Click any of these numbers to edit an existing protocol based VLAN Active This field shows whether the protocol based VLAN is active or not Port This...

Страница 430: ...lot ID and the second field is the port number This port must belong to a static VLAN in order to participate in a protocol based VLAN Name Enter up to 32 alphanumeric characters to identify this prot...

Страница 431: ...0 and click Apply Figure 328 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 2 Change the val...

Страница 432: ...of IP phones from specific manufacturers by using its ID from the Organizationally Unique Identifiers OUI Click SWITCHING VLAN Voice VLAN Setup to display the configuration screen as shown Figure 329...

Страница 433: ...Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entry Table 210 SWITCHING VLAN Voice VLAN Setup continued LABEL DESCRIPTION Table 211 SWITCHING VLA...

Страница 434: ...Setup The following table describes the fields in the above screen 57 13 1 Add Edit a MAC Based VLAN Click Add Edit or select an entry and click Add Edit in the SWITCHING VLAN MAC Based VLAN Setup scr...

Страница 435: ...ght number to define the rule s priority level As rules are processed one after the other stating a priority order will let you choose which rule has to be applied first and which second Click the SWI...

Страница 436: ...name of the vendor ID based VLAN entry MAC Address This field displays the source MAC address that is bind to the vendor ID based VLAN entry Mask This field displays the mask for the source MAC addre...

Страница 437: ...ce MAC address of the data packet that is looked up when untagged packets arrive at the Switch Mask Enter the mask for the specified source MAC address to determine which bits a packet s MAC address s...

Страница 438: ...own list depending on your VLAN and VLAN security requirements If VLAN members need to communicate directly with each other then select All Connected Select Port Isolated if you want to restrict users...

Страница 439: ...Chapter 57 VLAN XS3800 28 User s Guide 439 Figure 336 SWITCHING VLAN Port Based VLAN Setup Port Isolation...

Страница 440: ...hese are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ing...

Страница 441: ...other ports in this VLAN to the isolated port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated port can communicate wit...

Страница 442: ...shows the ports that can communicate with any ports in the same VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entrie...

Страница 443: ...off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields to the factory...

Страница 444: ...VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID based on the VLAN setti...

Страница 445: ...VLAN Mapping Setup screen Section 59 3 on page 446 to enable and edit the VLAN mapping rules 59 2 Enable VLAN Mapping Click SWITCHING VLAN Mapping in the navigation panel to display the screen as show...

Страница 446: ...is the port number Please note that the default stacking ports the last four ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use...

Страница 447: ...y in the table Active This shows whether this entry is activated or not Name This is the descriptive name for this rule Port This is the port number to which this rule is applied In Stacking mode the...

Страница 448: ...tag carried in the packets and will be translated into the VID you specified in the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packe...

Страница 449: ...t service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign the...

Страница 450: ...second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Select Tunnel available for Gigabit ports only for egress ports at...

Страница 451: ...that allows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of the inner IEEE 802 1Q tag in the PORT Port...

Страница 452: ...Chapter 60 VLAN Stacking XS3800 28 User s Guide 452 Figure 347 SWITCHING VLAN Stacking VLAN Stacking Standalone Mode Figure 348 SWITCHING VLAN Stacking VLAN Stacking Stacking Mode...

Страница 453: ...ased QinQ or the Selective QinQ screen are ignored Select Access to have the Switch add the SP TPID tag to all incoming frames received on this port Select Access for ingress ports at the edge of the...

Страница 454: ...SWITCHING VLAN Stacking Port Based QinQ LABEL DESCRIPTION SLOT This field appears only in Stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field dis...

Страница 455: ...s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port Priority Select a priority level from 0 to 7 This is the service provider s priority level t...

Страница 456: ...check box in the table heading row to select all entries Add Edit Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entries Table 227 SWITCHING VLAN...

Страница 457: ...owest priority level and 7 is the highest Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link...

Страница 458: ...other devices in different subnets The Switch s Wake On LAN relay feature allows you to send magic packets to devices across different subnets 61 2 WoL Relay Use this screen to configure settings on...

Страница 459: ...ets are sent through The most common port for transmission is UDP port 9 Source VLAN Enter the source VLAN ID where the magic packet originates from Destination VLAN Enter the destination VLAN ID wher...

Страница 460: ...NETWORKING The following chapters introduces the configurations of the links under the NETWORKING navigation panel Quick links to chapters ARP Setup DHCP DVMRP IGMP Loopback Interface OSPF Policy Rout...

Страница 461: ...destined for a host device on a local area network arrives at the Switch the Switch looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address...

Страница 462: ...s MAC address and updates the ARP table with host A s ARP reply The Switch then can forward host B s ICMP reply to host A Gratuitous ARP A gratuitous ARP is an ARP request in which both the source and...

Страница 463: ...from the ARP request sent by host A The Switch then forwards host B s ICMP reply to host A right after getting host B s MAC address and ICMP reply 63 2 ARP Learning Use this screen to configure each...

Страница 464: ...Switch in a stack Port This field displays the port number In Stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the la...

Страница 465: ...r loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh...

Страница 466: ...intable ASCII characters except or for identification purposes IP Address Enter the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address Enter the MAC...

Страница 467: ...elay VLAN Setting screen Section 64 6 on page 475 to configure your DHCPv4 settings based on the VLAN domain of the DHCPv4 clients You can also use this screen to apply a different DHCP option 82 prof...

Страница 468: ...n the DHCP services you want to offer the DHCP clients on your network Choose the configuration screen based on the following criteria Smart Relay The Switch forwards all DHCP requests to the same DHC...

Страница 469: ...en provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field also known as the Option 82 field...

Страница 470: ...ID sub option and two identifies this as an Agent Remote ID sub option The next field specifies the length of the field 64 4 DHCPv4 Option 82 Profile Use this screen to view and configure DHCPv4 optio...

Страница 471: ...e Circuit ID sub option Remote ID This section displays the Remote ID sub option including information that identifies the relay agent the Switch Enable This field displays whether the Remote ID sub o...

Страница 472: ...ion to include information that identifies the relay agent the Switch Enable Select this option to have the Switch append the Remote ID sub option to the option 82 field of DHCP requests mac Select th...

Страница 473: ...fied in the profile to DHCP requests that it relays to a DHCP server Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses...

Страница 474: ...ce comma or hyphen for a range For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 In Stacking mode the first number represents the slot and the second the port number Enter 1 1...

Страница 475: ...inish the configuration Figure 367 DHCP Relay Configuration Example 64 6 DHCPv4 VLAN Setting Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients Click NETWORKI...

Страница 476: ...on Source Address This field displays the source IP address you configured for DHCP requests from clients on this VLAN Select an entry s check box to select a specific entry Otherwise select the check...

Страница 477: ...address when you configure multiple routing domains on a VLAN Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to all ports in this VLAN The Switch adds the Circui...

Страница 478: ...G DHCP DHCPv4 Relay DHCP Relay VLAN Setting the DHCP Relay VLAN Setting section Add Edit screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if...

Страница 479: ...e subnet mask value sent to clients from this DHCP server instance Default Gateway This field displays the default gateway value sent to clients from this DHCP server instance Primary DNS Server This...

Страница 480: ...d Edit in the NETWORKING DHCP DHCPv4 Server DHCP Server Setup to display this screen Hardware Address This field displays the MAC address of the DHCP client It may also display SELF OCCUPIED ADDRESS i...

Страница 481: ...rom 1 to 253 IP addresses to DHCP clients IP Subnet Mask Enter the subnet mask for the client IP pool Default Gateway Enter the IP address of the default gateway device Primary Secondary DNS Server En...

Страница 482: ...sages between the DHCPv6 server that is in another network and the DHCPv6 clients The DHCPv6 relay agent can add the remote identification remote ID option and the interface ID option to the Relay For...

Страница 483: ...entry and click Add Edit in the NETWORKING DHCP DHCPv6 Relay screen to display this screen Figure 378 NETWORKING DHCP DHCPv6 Relay Add Edit Table 250 NETWORKING DHCP DHCPv6 Relay LABEL DESCRIPTION VI...

Страница 484: ...1 db8 0 0 1a2f 15 Interface ID Enable the switch button to have the Switch add the interface ID option in the DHCPv6 requests from the clients in the specified VLAN before the Switch forwards them to...

Страница 485: ...Add Edit Table 253 NETWORKING DHCP DHCPv6 Server DHCPv6 Server Information LABEL DESCRIPTION Index This field displays a sequential number for each entry Active This field displays whether the entry...

Страница 486: ...ients to use here An 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons This is an example IPv6 address 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 IPv6 addresses can b...

Страница 487: ...Delegation Add Edit LABEL DESCRIPTION Client DUID Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DU...

Страница 488: ...rver Guard Use this screen to specify whether ports are trusted or untrusted ports for DHCP packets Click NETWORKING DHCP DHCP Server Guard in the navigation panel to display the screen as shown Figur...

Страница 489: ...cond is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports U...

Страница 490: ...h loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Can...

Страница 491: ...must have IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 393 on page 497 65 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Mul...

Страница 492: ...ticast routing table that is used to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loops...

Страница 493: ...e IP routing domain defined under Network The maximum number of DVMRP configurations allowed is the maximum number of IP routing domains allowed on the Switch Network This is the IP routing domain IP...

Страница 494: ...ost can decide to join or leave a multicast group at any time A host can also be a member of more than one multicast group Multicast groups are identified by IP addresses in the Class D range 224 0 0...

Страница 495: ...in IGMP version 2 is that it provides a mechanism for a multicast group member to notify a multicast router that it is leaving a multicast group The multicast router then sends a group specific IGMP...

Страница 496: ...e Switch then listens for IGMP Report packets and it records which port the messages came from It then delivers multicast traffic to only those ports from which it received a request to join a multica...

Страница 497: ...frames are addressed to multicast groups for which the Switch has not recorded any group members Select Drop to discard the frames Select Flooding to send the frames to all ports Index This field dis...

Страница 498: ...each loopback interface must be uniquely identified The Switch can use a loopback interface address as the source address of all packets that originate from the Switch Filters can then be applied to...

Страница 499: ...v4 loopback interface is activated or not Name This field displays the descriptive name for this IPv4 loopback interface IP Address This field displays the IP address of the Switch in the IP domain IP...

Страница 500: ...0 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your...

Страница 501: ...ch area represents a group of adjacent networks All areas are connected to a backbone also known as area 0 The backbone is the transit area to route packets between two areas A stub area at the edge o...

Страница 502: ...OSPF interface is a link between a layer 3 device and an OSPF network An interface has state information an IP address and subnet mask associated with it When you configure an OSPF interface you firs...

Страница 503: ...te in router elections In Figure 399 on page 503 you can assign a priority of 0 to routers B and C thereby ensuring they do not become DR or BDR and assign a priority of 1 to router A to make sure tha...

Страница 504: ...vated Running or not Down Interface The text box displays the OSPF status of the interfaces on the Switch Neighbor The text box displays the status of the neighboring router participating in the OSPF...

Страница 505: ...p Designated Router This field displays the router ID of a backup designated router Time Intervals Configured This field displays the time intervals in seconds configured Neighbor Count This field dis...

Страница 506: ...y identifies the Switch in an OSPF Enter a unique ID that uses the format of an IP address in dotted decimal notation for the Switch Distance Enter a number from 10 to 255 to specify the administrativ...

Страница 507: ...ply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the...

Страница 508: ...ntication Usually interfaces and virtual interfaces should use the same authentication method as the associated area If interfaces and virtual interfaces use different authentication methods than the...

Страница 509: ...ld displays the area ID in an IP address format with dotted decimal notation of an area to associate the interface to that area Network Type This field displays the network type broadcast point to poi...

Страница 510: ...elds when necessary Select None to disable authentication This is the default setting Select Simple and set the Key field to authenticate OSPF packets transmitted through this interface using simple p...

Страница 511: ...e interface to check if the interface s neighbor devices still exist The valid range for hello interval is between 1 and 65535 The default value is 10 seconds Dead Interval Specify how long in seconds...

Страница 512: ...h the selected protocol Type Select 1 for routing protocols such as RIP whose external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added t...

Страница 513: ...summary IP address which can cover multiple networks Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the...

Страница 514: ...dress format with dotted decimal notation of an area to associate the interface to that area Peer Router ID Enter the ID of a peer border router Authentication Note Virtual interfaces must use the sam...

Страница 515: ...lt value is 1 second Hello Interval Specify how often in seconds the Switch sends hello packets on the interface to check if the interface s neighbor devices still exist The valid range for hello inte...

Страница 516: ...ake when a packet meets the criteria in a specified classifier The action is taken only when all the criteria are met 68 1 1 Benefits Source Based Routing Network administrators can use policy based r...

Страница 517: ...KING Policy Routing Policy Route Profile LABEL DESCRIPTION Index This field displays the index number of the policy routing profile Active This field displays whether the policy routing profile is act...

Страница 518: ...ifier screen and a policy routing profile in the NEWTORKING Policy Routing Policy Route Profile screen Table 277 NEWTORKING Policy Routing Policy Route Rule LABEL DESCRIPTION Active This field display...

Страница 519: ...rule Select Deny to disable the rule action and forward traffic that matches this rule according to the routing table on the Switch Classifier This field displays the available active classifiers you...

Страница 520: ...RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M send the routing data...

Страница 521: ...d to routes learned by RIP The lower the administrative distance value is the more preferable the routing protocol is Note You cannot set two routing protocols to have the same administrative distance...

Страница 522: ...he Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel C...

Страница 523: ...example through different routing paths 1 2 and 3 of equal path cost This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next...

Страница 524: ...s of 10 in seconds at which the Switch sends an ARP request to update a resolved next hop s MAC address Discover Time Specify the time interval from 0 to 86400 in increments of 10 in seconds at which...

Страница 525: ...link The link with the next lowest metric will be the secondary link If Route Failover is enabled when a primary route link is down the Switch will use the secondary link The secondary link will be se...

Страница 526: ...t gateway to route outbound traffic from computers on the LAN to the Internet To have the Switch send data to devices not reachable through the default gateway use static routes For example the next f...

Страница 527: ...Add Edit in the NETWORKING Static Routing IPv4 Static Route screen to display this screen Table 282 NETWORKING Static Routing IPv4 Static Route LABEL DESCRIPTION Index This field displays the index nu...

Страница 528: ...255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your...

Страница 529: ...e packet to the destination Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new en...

Страница 530: ...530 Clear Click Clear to clear the fields to the factory defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 285 NETWORKING Static Routing IPv6 Sta...

Страница 531: ...he virtual router A layer 3 device having the same IP address is the preferred master router while the other Layer 3 devices are the backup routers The master router forwards traffic for the virtual r...

Страница 532: ...ual router Virtual Router ID This field displays the ID number of the virtual router Virtual Router Status This field displays the status of the virtual router This field is Master indicating that thi...

Страница 533: ...up router with the highest priority becomes the master router Note All routers participating in the virtual router must use the same advertisement interval Table 287 NETWORKING VRRP VRRP Setup IP Inte...

Страница 534: ...of the screen Click NETWORKING VRRP VRRP Setup to display the screen as shown next Figure 423 NETWORKING VRRP VRRP Setup Summary The following table describes the labels in this screen Table 288 NETWO...

Страница 535: ...elect a virtual router number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval s Specify the number of seconds between H...

Страница 536: ...al Router Network You want to set switch A as the master router Configure the VRRP parameters in the VRRP Setup screens on the switches as shown in the figures below Apply Click Apply to save your cha...

Страница 537: ...ple 1 VRRP Parameter Settings on Switch A Figure 427 VRRP Example 1 VRRP Parameter Settings on Switch B After configuring and saving the VRRP configuration the VRRP Status screens for both switches ar...

Страница 538: ...VRRP You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2 On the other hand switch B is the master for VR2 and a backup for VR1 Figure 430...

Страница 539: ...RP Parameter Settings for VR2 on Switch A Figure 432 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status screens for both swi...

Страница 540: ...Chapter 72 VRRP XS3800 28 User s Guide 540 Figure 434 VRRP Example 2 VRRP Status on Switch B...

Страница 541: ...he configurations of the links under the SECURITY navigation panel Quick links to chapters AAA Access Control Classifier Policy Rule Anti Arpscan BPDU Guard Storm Control Error Disable IP Source Guard...

Страница 542: ...e 547 to configure authentication authorization and accounting settings such as the methods used to authenticate users accessing the Switch and which database the Switch should use first 74 1 2 What Y...

Страница 543: ...er of users from a central location RADIUS and TACACS RADIUS and TACACS are security protocols used to authenticate users by means of an external server instead of or in addition to an internal device...

Страница 544: ...s to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the RADIUS server If you are using two RADIUS servers then the timeout value is div...

Страница 545: ...try IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not chang...

Страница 546: ...unt of time in seconds that the Switch waits for an authentication request response from the TACACS server If you are using index priority for your authentication and you are using two TACACS servers...

Страница 547: ...ck Apply Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an external TACACS accounting server in dotted decimal notation TCP Port The...

Страница 548: ...r Key Encryption Use this section to configure server key encryption settings Active Enable the switch button to enable server key shared secret encryption for RADIUS server and TACACS server for secu...

Страница 549: ...set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate administrator accounts The Switch checks the methods in the order you configure the...

Страница 550: ...Switch Active Enable the switch button to activate accounting for a specified event type Broadcast Select this to have the Switch send accounting information to all configured accounting servers at th...

Страница 551: ...7 74 5 1 1 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server refer to your RADIUS server documentation to assign a port on the Switch to a VLAN based on IEEE...

Страница 552: ...ormat associated with it the format is specified 74 5 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authenti...

Страница 553: ...s NAS Identifier Acct Status Type Acct Session ID The format of Acct Session Id is date time 8 digit sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00...

Страница 554: ...Service Type Calling Station Id Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Session Time Acct Terminate Cause Table 296 RADIUS Attributes Exec Events through Console continued...

Страница 555: ...28 User s Guide 555 Acct Output Packets Acct Terminate Cause Acct Input Gigawords Acct Output Gigawords Table 298 RADIUS Attributes Exec Events through Console continued ATTRIBUTE START INTERIM UPDAT...

Страница 556: ...on 75 3 on page 557 to specify a group of one or more trusted computers from which an administrator may use a service to manage the Switch Use the Account Security screen Section 75 4 on page 558 to e...

Страница 557: ...mber for that service Timeout Enter how many minutes from 1 to 255 a management session can be left idle before the session times out After it times out you have to log in with your password again Ver...

Страница 558: ...ton to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers...

Страница 559: ...in the SECURITY AAA AAA Setup screen Active Console Method setting in the Exec and Dot1x fields Server information configured for Authentication Server in the SECURITY AAA RADIUS Server Setup screen a...

Страница 560: ...ation file Otherwise the passwords configured on the Switch are displayed in plain text Apply Click Apply to save your changes for Account Security to the Switch s run time memory The Switch loses the...

Страница 561: ...ption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verifi...

Страница 562: ...hat you may securely access the Switch using the Web Configurator The SSL protocol specifies that the SSL server the Switch must always authenticate itself to the SSL client the computer which request...

Страница 563: ...he IP address or domain name of the Switch you wish to access Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not secure screen may display If...

Страница 564: ...oogle Chrome Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not private screen may display If that is the case click Advanced and then Proceed to x x x x unsa...

Страница 565: ...r you accept the certificate and enter the login user name and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address d...

Страница 566: ...o deliver data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can ca...

Страница 567: ...ule Active This field displays whether the rule is activated or not Weight This field displays the rule s weight This is to indicate a rule s priority when the match order is set to manual in the SECU...

Страница 568: ...t means a higher priority Name This field displays the descriptive name for this rule This is for identification purpose only Rule This field displays a summary of the classifier rule s settings Selec...

Страница 569: ...er you define the classifier you can specify actions or policy to act upon the traffic that matches the rules Click Add Edit or select an entry and click Add Edit in the SECURITY ACL Classifier Setup...

Страница 570: ...e following table describes the labels in this screen Table 307 SECURITY ACL Classifier Classifier Setup Add Edit LABEL DESCRIPTION Active Enable the switch button to enable this rule Name Enter a des...

Страница 571: ...ks enter the trunk group ID to apply the rule to multiple trunks You can enter multiple trunks with t or T then the trunk group ID separated by no space comma or hyphen For example enter t3 t5 for tru...

Страница 572: ...IPv4 protocol type or select Other and enter the protocol number in decimal value You may select Establish Only for TCP protocol type This means that the Switch will pick out the packets that are sen...

Страница 573: ...rule the Switch classifies the traffic based on the Match Order Select manual to have classifier rules applied according to the weight of each rule you configured in SECURITY ACL Classifier Classifier...

Страница 574: ...t the length of the time period in seconds to count matched packets for a classifier rule Enter an integer from 0 65535 0 means that no logging is done Apply Click Apply to save your changes to the Sw...

Страница 575: ...ifier XS3800 28 User s Guide 575 Figure 453 Classifier Example After you have configured a classifier you can configure a policy in the SECURITY ACL Policy Rule screen to define actions on the classif...

Страница 576: ...fServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications...

Страница 577: ...SECURITY ACL Policy Rule screen to display this screen Table 309 SECURITY ACL Policy Rule LABEL DESCRIPTION Index This field displays the policy index number Active This field displays whether policy...

Страница 578: ...llowing table describes the labels in this screen Table 310 SECURITY ACL Policy Rule Add Edit LABEL DESCRIPTION Source Destination Active Enable the switch button to enable the policy Name Enter a des...

Страница 579: ...Diffserv Outgoing Metering in a policy rule Note The Switch only applies one policy rule for each traffic flow Say you have a traffic flow that matches several classifiers and you specify a different...

Страница 580: ...the value you configure in the Priority field Select Set the Diffserv Codepoint field in the frame to set the DSCP field with the value you configure in the DSCP field Outgoing Select Send the packet...

Страница 581: ...Chapter 77 Policy Rule XS3800 28 User s Guide 581 Figure 456 Policy Example...

Страница 582: ...utomatically after the MAC aging time expires Note A port based threshold must be larger than the host based threshold or the host based threshold will not work 78 1 1 What You Can Do Use the Anti Arp...

Страница 583: ...ports will become active and start receiving packets again Use the command port no inactive Refer to the port logs to see when a port was closed 78 2 Anti Arpscan Status Use this screen to see what p...

Страница 584: ...d is the port number Please note that the default stacking ports the last four ports of your Switch cannot be configured They are reserved for stacking only Trusted This field displays whether the por...

Страница 585: ...n this screen click SECURITY Anti Arpscan Anti Arpscan Setup Figure 460 SECURITY Anti Arpscan Anti Arpscan Setup Standalone Mode Port This displays the port number to which the blocked host is connect...

Страница 586: ...ARP request packets received per second This is the global threshold rate for all hosts If the rate of a host is over the threshold then that host is blocked by using a MAC address filter A blocked h...

Страница 587: ...s soon as you make them Trusted State Select Untrusted or Trusted for the associated port Anti arpscan is not performed on trusted hosts Apply Click Apply to save your changes to the Switch s run time...

Страница 588: ...ype the IP address of the host Mask A trusted host may consist of a subnet of IP addresses Type a subnet mask to create a single host or a subnet of hosts Apply Click Apply to save your changes to the...

Страница 589: ...ts automatically You can then enable the ports manually in the PORT Port Setup screen or use the SECURITY Errdisable Errdisable Recovery screen see Section 81 5 on page 602 to have the ports become ac...

Страница 590: ...d global setup This field displays whether BPDU guard is activated on the Switch SLOT This field appears only in Stacking mode Click the drop down list to choose the slot number of the Switch in a sta...

Страница 591: ...PDU Guard Setup Stacking Mode The following table describes the fields in the above screen Table 317 SECURITY BPDU Guard BPDU Guard Setup LABEL DESCRIPTION Active Enable the switch button to enable BP...

Страница 592: ...on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the BPDU guard feature on this port The Switch shuts down t...

Страница 593: ...e broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify...

Страница 594: ...Chapter 80 Storm Control XS3800 28 User s Guide 594 Figure 468 SECURITY Storm Control Standalone Mode Figure 469 SECURITY Storm Control Stacking Mode...

Страница 595: ...ommon settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option to enable and specify...

Страница 596: ...uch as loop guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent...

Страница 597: ...cted that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related information Click SECURITY...

Страница 598: ...separated by a comma on which you want to reset inactive reason status In Stacking mode the first number represents the slot and the second the port number Enter 1 1 1 24 2 23 for ports 1 to 24 for t...

Страница 599: ...BPDU and or IGMP on the port is being detected or not It also shows whether loop guard anti arp scanning BPDU guard or ZULD is enabled on the port Mode This field shows the action that the Switch take...

Страница 600: ...Chapter 81 Error Disable XS3800 28 User s Guide 600 Figure 472 SECURITY Errdisable CPU Protection Standalone Mode Figure 473 SECURITY Errdisable CPU Protection Stacking Mode...

Страница 601: ...rst number represents the slot ID and the second is the port number Please note that the default stacking ports the last four ports of your Switch cannot be configured They are reserved for stacking o...

Страница 602: ...Select this option to have the Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below Mode Select the action that the Switch takes whe...

Страница 603: ...en make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Timer Status Select this check box to allow the Switch to wait for the specifi...

Страница 604: ...llowing features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the binding table dynami...

Страница 605: ...atic bindings for DHCP snooping and ARP inspection Static bindings are uniquely identified by the MAC address and VLAN ID Each MAC address and VLAN ID can only be in one static binding If you try to c...

Страница 606: ...comma or hyphen for a range For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 In Stacking mode the first number represents the slot ID and the second is the port number Enter 1...

Страница 607: ...Guard Static Binding Add Edit Standalone Mode Figure 479 SECURITY IPv4 Source Guard IP Source Guard Static Binding Add Edit Stacking Mode The following table describes the labels in this screen Select...

Страница 608: ...elect Any Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to s...

Страница 609: ...our network 83 1 1 What You Can Do Use the DHCP Snooping Status screen Section 83 2 on page 609 to look at various statistics about the DHCP snooping database Use this DHCP Snooping Setup screen Secti...

Страница 610: ...his field displays how long in seconds the Switch waits to update the DHCP snooping database after the current bindings change Agent Running This field displays the status of the current update or acc...

Страница 611: ...tail First Successful Access This field displays the first time the Switch accessed the DHCP snooping database for any reason Last Ignored Bindings Counters This section displays the number of times a...

Страница 612: ...r Figure 481 SECURITY IPv4 Source Guard DHCP Snooping DHCP Snp Setup Invalid Interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interfac...

Страница 613: ...database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt You can enter up to 256 printable ASCII...

Страница 614: ...P snooping and there are no trusted ports You can also specify the maximum number for DHCP packets that each port trusted or untrusted can receive each second To open this screen click SECURITY IPv4 S...

Страница 615: ...all the ports as soon as you make them Server Trusted state Select whether this port is a trusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCP servers or other switc...

Страница 616: ...above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted p...

Страница 617: ...h the ports belongs Port This field displays the ports to which the Switch applies the settings In Stacking mode the first number represents the slot and the second the port number Profile Name This f...

Страница 618: ...for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address a...

Страница 619: ...t is used to validate the binding when it is read If the calculated checksum is not equal to the checksum in the file that binding and all others after it are ignored 83 7 1 3 DHCP Relay Option 82 Inf...

Страница 620: ...apter 83 DHCP Snooping XS3800 28 User s Guide 620 3 Configure trusted and untrusted ports and specify the maximum number of DHCP packets that each port can receive per second 4 Configure static bindin...

Страница 621: ...SCRIPTION Total Number of Bindings This field displays the current number of MAC address filters that were created because the Switch identified unauthorized ARP packets Index This field displays a se...

Страница 622: ...hyphen to indicates a range of VLANs For example 3 4 or 3 9 Search Click this to display the specified range of VLANs in the section below The Number of VLANs This is the number of VLANs that match th...

Страница 623: ...umber VID This field displays the source VLAN ID of the ARP packet Sender MAC This field displays the source MAC address of the ARP packet Sender IP This field displays the source IP address of the AR...

Страница 624: ...483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Type 0 if you want...

Страница 625: ...ship between Syslog Rate and Log Interval is illustrated in the following examples Four invalid ARP packets per second Syslog Rate is 5 Log Interval is 1 the Switch sends 4 syslog messages every secon...

Страница 626: ...o make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon...

Страница 627: ...th 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on t...

Страница 628: ...ix Bindings are used to distinguish between authorized and unauthorized packets in the network The Switch learns the bindings by snooping DHCP packets dynamic bindings and from information provided ma...

Страница 629: ...Flush Click this to remove dynamic IPv6 source binding entries according to your selections Cancel Click this to reset the values above based or if not applicable to clear the fields above Index This...

Страница 630: ...lone Mode Table 339 SECURITY IPv6 Source Guard IPv6 Static Binding IPv6 Static Binding LABEL DESCRIPTION Index This field displays a sequential number for each binding Source Address This field displa...

Страница 631: ...Table 340 SECURITY IPv6 Source Guard IPv6 Static Binding IPv6 Static Binding Add Edit LABEL DESCRIPTION Source Address Enter the IPv6 Address or IPv6 Prefix and prefix length in the binding MAC Addre...

Страница 632: ...This field displays the descriptive name for identification purposes for this IPv6 source guard policy Validate Address This field displays the Validate Address status for this IPv6 source guard poli...

Страница 633: ...from all link local addresses otherwise leave the setting at Deny A link local address is an IPv6 unicast address that can be automatically configured on any interface using the link local prefix FE80...

Страница 634: ...the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In Stacking mode the first number represents the slot ID and the second is the port numb...

Страница 635: ...nooping Policy Setup Add Edit Table 344 SECURITY IPv6 Source Guard IPv6 Snooping IPv6 Snooping Policy Setup LABEL DESCRIPTION Index This field displays a sequential number for each IPv6 snooping polic...

Страница 636: ...Pv6 addresses and prefixes learned using the IPv6 snooping policy Note The maximum limit address count is the maximum size of the IPv6 source guard binding table See the product data sheet for the lat...

Страница 637: ...packets are sent from a DHCPv6 client to a DHCPv6 server Reply packets from a DHCPv6 server connected to an untrusted port are discarded Use port to have all ports be Untrusted or Trusted Table 347 SE...

Страница 638: ...Chapter 84 ARP Inspection XS3800 28 User s Guide 638 Figure 507 SECURITY IPv6 Source Guard DHCPv6 Trust Setup Standalone Mode Figure 508 SECURITY IPv6 Source Guard DHCPv6 Trust Setup Stacking Mode...

Страница 639: ...lt stacking ports the last four ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some setting...

Страница 640: ...ese MAC address filters are different than regular MAC address filters They are stored only in volatile memory They do not use the same space in memory that regular MAC address filters use They appear...

Страница 641: ...h 1 Configure DHCP snooping Note It is recommended you enable DHCP snooping at least one day before you enable ARP inspection so that the Switch has enough time to build the binding table 2 Enable ARP...

Страница 642: ...or MAC Authentication Strict The client authenticates using both IEEE 802 1x authentication and MAC Authentication Note All types of authentication use the RADIUS Remote Authentication Dial In User Se...

Страница 643: ...n information in the form of a user name and password after the client responds to its identity request When the client provides the login credentials the Switch sends an authentication request to a R...

Страница 644: ...on methods both on the Switch and the ports then configure the RADIUS server settings in the SECURITY AAA RADIUS Server Setup screen 85 2 Activate IEEE 802 1x Security Use this screen to activate IEEE...

Страница 645: ...e that requests access to the network resources or services and authenticator the Switch directly over the LAN Note EAPOL flood will not take effect when 802 1x authentication is enabled SLOT This fie...

Страница 646: ...s to periodically re enter his or her user name and password to stay connected to the port Reauth period secs Specify the length of time required to pass before a client has to re enter his or her use...

Страница 647: ...Chapter 85 Port Authentication XS3800 28 User s Guide 647 Figure 514 SECURITY Port Authentication MAC Authentication Standalone Mode...

Страница 648: ...t to the RADIUS server for authentication You can enter up to 32 printable ASCII characters except or If you leave this field blank then only the MAC address of the client is forwarded to the RADIUS s...

Страница 649: ...s cleared If you specify 0 for the timeout value the Switch uses the Aging Time configured in the SYSTEM Switch Setup screen Note If the Aging Time in the SYSTEM Switch Setup screen is set to a lower...

Страница 650: ...650 Figure 516 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port Click SECURITY Port Authentication Guest VLAN to display the configuration screen as shown Figure 517 SEC...

Страница 651: ...this check box to enable the guest VLAN feature on this port Clients that fail authentication are placed in the guest VLAN and can receive limited services Guest VLAN A guest VLAN is a pre configured...

Страница 652: ...tials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch Click SECURITY Port Authen...

Страница 653: ...or stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustme...

Страница 654: ...on authorization and accounting The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticat...

Страница 655: ...first have a wired connection to the network and obtain the certificates from a certificate authority CA A certificate also called digital IDs can be used to authenticate users and a CA issues certifi...

Страница 656: ...rts EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco LEAP LEAP Lightweight Extensible Authentication Protocol...

Страница 657: ...to 32K 8k MAC addresses in total with no limit on individual ports other than the sum cannot exceed 32K For maximum port security enable this feature disable MAC address learning and configure static...

Страница 658: ...Chapter 86 Port Security XS3800 28 User s Guide 658 Figure 521 SECURITY Port Security Standalone Mode...

Страница 659: ...y learned MAC addresses on the specified ports will become static MAC addresses and display in the SWITCHING Static MAC Forwarding screen MAC freeze Click MAC Freeze to have the Switch automatically s...

Страница 660: ...ress Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addres...

Страница 661: ...rity VLAN MAC Address Limit continued LABEL DESCRIPTION Table 355 SECURITY Port Security VLAN MAC Address Limit Add Edit LABEL DESCRIPTION Active Enable the switch button to activate this rule Port En...

Страница 662: ...es power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields to the factory defaults Ca...

Страница 663: ...he basic and advanced settings from a source port to a destination port or ports Use the Diagnostic screen Section 87 14 on page 679 to ping IP addresses run a traceroute perform port tests or show th...

Страница 664: ...ory Or delete the stacking members CA signed certificate if a CA signed certificate does not exist in the master Switch Otherwise disable this option Apply Click Apply to save your changes to the Swit...

Страница 665: ...ides technical background information on the topics discussed in this chapter 87 3 1 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP co...

Страница 666: ...de for more information about using commands The system does not reboot after it switches from one image to the other 87 3 2 1 Example FTP Commands ftp put firmware bin ras 0 This is a sample FTP sess...

Страница 667: ...ollowing table describes some of the commands that you may see in GUI based FTP clients 87 3 5 FTP Restrictions FTP will not work when FTP service is disabled in the SECURITY Access Control Service Ac...

Страница 668: ...ement Status screen Section 87 5 on page 668 to view the role of the Switch within the cluster and to access a cluster member Switch s Web Configurator Use the Cluster Management Setup screen Section...

Страница 669: ...e neither a manager nor a member of a cluster Manager This field displays the cluster manager Switch s hardware MAC address The Number Of Member This field displays the number of switches that make up...

Страница 670: ...s only applicable if the Switch is set to 802 1Q VLAN All switches must be directly connected and in the same VLAN group to belong to the same cluster Switches that are not in the same VLAN group are...

Страница 671: ...to be cluster managers will not be visible in the Clustering Candidate list Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list Password Each...

Страница 672: ...00 58 46 1970 User 192 168 0 1 none admin 331 Enter PASS command Password 230 Logged in ftp ls 200 Port command okay 150 Opening data connection for LIST w w w 1 owner group 3042210 Jul 01 12 00 ras...

Страница 673: ...gure 535 Configuration Restoring 87 9 Backup Configuration Backing up your Switch configurations allows you to create various snap shots of your device from which you may restore at a later date Use t...

Страница 674: ...or save the file click Save or Save File to download it to the default downloads folder on your computer If a Save As screen displays after you click Save or Save File choose a location to save the fi...

Страница 675: ...rebooted It shows blank if auto configuration was not enabled or not executed successfully Use this section to enable auto configuration and select the mode that you want to use for auto configuration...

Страница 676: ...P 87 12 Save Configuration To access this screen click MAINTENANCE Configuration Save Configuration in the navigation panel Click Config 1 to save the current configuration settings permanently to Con...

Страница 677: ...after making configuration does NOT save the changes permanently All unsaved changes are erased after you reboot the Switch 87 13 Configure Clone Cloning allows you to copy the basic and advanced sett...

Страница 678: ...Chapter 87 MAINTENANCE XS3800 28 User s Guide 678 Figure 542 MAINTENANCE Configuration Configure Clone Stacking Mode...

Страница 679: ...lect the check box in the table heading row to select all features for a category SYSTEM Select the system feature you configured in the SYSTEM menus to be copied to the destination ports Otherwise se...

Страница 680: ...Chapter 87 MAINTENANCE XS3800 28 User s Guide 680 Figure 543 MAINTENANCE Diagnostic Standalone Mode...

Страница 681: ...to all ports except the management port labeled MGMT If you select out of band the Switch sends the frames to the management port labeled MGMT Otherwise select to send ping requests to all VLANs on t...

Страница 682: ...Port The slot field appears only in Stacking mode Click the drop down list to choose the slot number of the Switch in a stack Enter a port number and click Port Test to perform an internal loopback t...

Страница 683: ...atest firmware The Switch supports dual firmware images Firmware 1 and Firmware 2 Use this screen to specify which image is updated when firmware is uploaded using the Web Configurator and to specify...

Страница 684: ...Chapter 87 MAINTENANCE XS3800 28 User s Guide 684 Figure 545 MAINTENANCE Firmware Upgrade Standalone Mode...

Страница 685: ...d firmware Click the Config Boot Image drop down list box to select the boot image Firmware1 or Firmware2 you want the Switch to use when rebooting click Apply Restart the Switch manually or using the...

Страница 686: ...Firmware 1 or Firmware 2 should load click Apply and reboot the Switch to see changes you will also see changes in the Current Boot Image field above as well Apply Click Apply to save your changes to...

Страница 687: ...ctory Default and follow steps 1 to 2 to reboot and load Zyxel factory default configuration settings on the Switch Click Custom Default and follow steps 1 to 2 to reboot and load a customized default...

Страница 688: ...368 MAINTENANCE Service Register LABEL DESCRIPTION Service This lists the name of the service that is available on the Switch Status This field displays whether the service license is enabled at myZy...

Страница 689: ...from 50 to 100 in the Mbuf Memory Buffer threshold box The Mbuf log report is stored in flash permanent memory For example Mbuf 50 means a log will be created when the Mbuf utilization is over 50 The...

Страница 690: ...Click Download to see the layer 3 Switch log report The log only applies to the layer 3 Switch models This report is stored in flash memory Apply Click Apply to save your changes to the Switch s run...

Страница 691: ...tions of the Web Configurator In Networked AV mode Click Networked AV at the top left of the Web Configurator to switch between the Web Configurator s Standard or Networked AV mode Figure 553 Web Conf...

Страница 692: ...u can configure the IP address and subnet mask necessary for Switch management and set up to 128 IP routing domains IGMP Snooping VLAN This displays the ID number of the VLAN group upon which the Swit...

Страница 693: ...the duplex F for full duplex or H for half It also shows the cable type Copper or Fiber for the combo ports This field displays Down if the port is not connected to any device Bandwidth Usage Tx Band...

Страница 694: ...Information In the navigation panel click MONITOR System Information to display the screen as shown Use this screen to view general system information You can check the firmware version number and mo...

Страница 695: ...tures below the threshold and Error for those above Current This shows the current temperature at this sensor MAX This field displays the maximum temperature measured at this sensor MIN This field dis...

Страница 696: ...ecify the types of SNMP traps that should be sent to each SNMP manager Use the SNMP Trap Port screen Section 88 16 on page 709 to set whether a trap received on the ports would be sent to the SNMP man...

Страница 697: ...hapter 88 Networked AV Mode XS3800 28 User s Guide 697 It has been registered in the NCC Click SYSTEM Cloud Management in the navigation panel to display this screen Figure 557 SYSTEM Cloud Management...

Страница 698: ...the system name and time Click SYSTEM General Setup in the navigation panel to display the screen as shown Table 372 SYSTEM Cloud Management LABEL DESCRIPTION Nebula Control Center NCC Discovery Enabl...

Страница 699: ...o 32 printable ASCII characters spaces are allowed Use Time Server when Bootup Enter the time service protocol that your time server uses Not all time servers support all protocols so you may have to...

Страница 700: ...ond Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time...

Страница 701: ...changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset...

Страница 702: ...DHCP Client Select this option if you have a DHCP server that can assign the Switch an IP address subnet mask a default gateway IP address and a domain name server IP address automatically Static IP A...

Страница 703: ...the existing system password 1234 is the default password when shipped New Password Enter your new system password Retype to confirm Re enter your new system password for confirmation Edit Logins You...

Страница 704: ...At the time of writing users may have a privilege level of 0 3 13 or 14 representing different configuration rights as shown below 0 Display basic system information 3 Display configuration or status...

Страница 705: ...e with agents before conducting SNMP management sessions Security can be further enhanced by encrypting the SNMP messages sent from the managers Encryption protects the contents of the SNMP messages W...

Страница 706: ...ssword for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which...

Страница 707: ...ntain or Table 379 SYSTEM SNMP SNMP User LABEL DESCRIPTION Index This is a read only number identifying a login account on the Switch Username This field displays the user name of a login account on t...

Страница 708: ...le ASCII characters except space or for SNMP user authentication Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following DES Data Encryption Sta...

Страница 709: ...reen to select which traps the Switch sends to that SNMP manager Select the individual SNMP traps that the Switch is to send to the SNMP station The traps are grouped by category Selecting a category...

Страница 710: ...to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the trap ty...

Страница 711: ...form a trunk group Figure 568 Link Aggregation 88 18 1 What You Can Do Use the Link Aggregation Status screen Section 88 19 on page 711 to view ports you have configured to be in the trunk group ports...

Страница 712: ...g to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same d...

Страница 713: ...rts you aggregate then the fewer available ports you have A trunk group is one logical link containing multiple ports Click PORT Link Aggregation Link Aggregation Setting to display the screen shown n...

Страница 714: ...lect src mac to distribute traffic based on the packet s source MAC address Select dst mac to distribute traffic based on the packet s destination MAC address Select src dst mac to distribute traffic...

Страница 715: ...itch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priori...

Страница 716: ...t exchanges of LACP packets in order to check that the peer port in the trunk group is still up If a port does not respond after three tries then it is deemed to be down and is removed from the trunk...

Страница 717: ...speed and duplex mode If the peer port does not support auto negotiation or turns off this feature the Switch determines the connection speed by detecting the signal on the cable and using half duplex...

Страница 718: ...Select Peer to process any BPDU Bridge Protocol Data Units received on this port Select Tunnel to forward BPDUs received on this port Select Discard to drop any BPDU received on this port Select Netw...

Страница 719: ...plays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adj...

Страница 720: ...ing to forward group multicast traffic only to ports that are members of that group Use the IGMP Snooping VLAN screen Section 88 28 on page 724 to perform IGMP snooping on up to 16 VLANs Use the IGMP...

Страница 721: ...accordingly IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them The Switch forwards multicast traffic destined for multicast groups that it has lea...

Страница 722: ...s before the Switch removes an IGMP group membership entry if it does not receive report messages from the port 802 1p Priority Select a priority level 0 7 to which the Switch changes the priority in...

Страница 723: ...ve the Switch use this timeout to update the forwarding table for the port In normal leave mode when the Switch receives an IGMP leave message from a host on a port it forwards the message to the mult...

Страница 724: ...rofile Select the name of the IGMP filtering profile to use for this port Otherwise select Default to prohibit the port from joining any multicast group You can create IGMP filtering profiles in the S...

Страница 725: ...enable IGMP snooping in the SWITCHING Multicast IGMP Snooping screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or...

Страница 726: ...ach port can be assigned a single profile A profile can be assigned to multiple ports Click SWITCHING Multicast IGMP Filtering Profile link to display the screen as shown Figure 578 SWITCHING Multicas...

Страница 727: ...tional rule for the selected profile Delete Select a profile and click Delete to remove the selected profile and the accompanying rules Select a rule from a profile and click Delete to remove the sele...

Страница 728: ...d to Know Read this section to know more about VLAN and how to configure the screens Table 394 SWITCHING Multicast IGMP Filtering Profile Add Rule LABEL DESCRIPTION Profile Name Select a profile from...

Страница 729: ...not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each o...

Страница 730: ...A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave message A Leave All message terminates all registrations GARP timers set declaration timeout v...

Страница 731: ...ow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking ports Figure 583 Port VLAN Trunking 88 31 VLAN Status Use this screen to view...

Страница 732: ...his is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN inde...

Страница 733: ...c VLAN to display the screen as shown next Table 397 SWITCHING VLAN VLAN Status VLAN Status Details LABEL DESCRIPTION VID This is the VLAN identification number that was configured in the correspondin...

Страница 734: ...n to display this screen Table 398 SWITCHING VLAN Static VLAN LABEL DESCRIPTION VID This field displays the ID number of the VLAN group Active This field indicates whether the VLAN settings are enable...

Страница 735: ...ated or Community Association VLAN List Primary private VLANs can associate with several secondary Community private VLANs and up to one secondary Isolated private VLAN You only configure VLAN Associa...

Страница 736: ...if you want to prohibit the port from joining this VLAN group Tagging Select Tx Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID Apply Click Apply to save y...

Страница 737: ...e VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select...

Страница 738: ...ich an administrator may use a service to manage the Switch 88 36 Service Access Control Service Access Control allows you to decide what services you may use to access the Switch You may also change...

Страница 739: ...password again Very long idle timeouts may have security risks Login Timeout The Telnet or SSH server do not allow multiple user logins at the same time Enter how many seconds from 30 to 300 seconds a...

Страница 740: ...trusted computers from which an administrator may use a service to manage the Switch Active Enable the switch button to activate this secured client set Clear the check box if you wish to temporarily...

Страница 741: ...rts Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select...

Страница 742: ...file Use the Tech Support screen Section 88 46 on page 745 to create reports for customer support if there are problems with the Switch 88 41 Restore Configuration Use this screen to restore a previou...

Страница 743: ...le on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 88 43 Save Configuration...

Страница 744: ...ng the power off It also allows you to load the Current Configuration a Custom Default or the Factory Default configuration when you reboot Follow the steps below to reboot the Switch Click MAINTENANC...

Страница 745: ...actory default configuration settings on the Switch Click Custom Default and follow steps 1 to 2 to reboot and load a customized default file on the Switch 88 46 Tech Support The Tech Support feature...

Страница 746: ...ded successfully click Back to return to the previous screen Figure 600 MAINTENANCE Tech Support Download Table 406 MAINTENANCE Tech Support LABEL DESCRIPTION Tech Support Click Download to see all th...

Страница 747: ...747 PART III Troubleshooting and Appendices...

Страница 748: ...Make sure the power adapter or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or co...

Страница 749: ...ot sure what the Switch s management mode is you have to reset the device to its factory defaults standalone management mode first See Section 4 8 on page 86 for more information on resetting the Swit...

Страница 750: ...dress and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardware connections and make sure the LEDs are behaving as expected See Section...

Страница 751: ...ch 89 3 Switch Configuration I lost my configuration settings after I restart the Switch Make sure you save your configuration into the Switch s non volatile memory each time you make changes Click Sa...

Страница 752: ...index shtml for the latest information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you r...

Страница 753: ...pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailan...

Страница 754: ...tps www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications I...

Страница 755: ...pain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de https www zyxel ch fr Turkey Zyxel Turkey...

Страница 756: ...ons Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel...

Страница 757: ...s in which this service is used Table 407 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this servic...

Страница 758: ...t sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary co...

Страница 759: ...DP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It...

Страница 760: ...2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifie...

Страница 761: ...ng table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and cannot be assigned to a multicast group Table 409 Predefined...

Страница 762: ...UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vend...

Страница 763: ...plink router for its LAN The Switch uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Switch pas...

Страница 764: ...the next hop Otherwise the Switch determines the next hop from the default router list or routing table Once the next hop IP address is known the Switch looks into the neighbor cache to get the link...

Страница 765: ...CPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in y...

Страница 766: ...mple Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sh...

Страница 767: ...CPv6 is enabled when you enable IPv6 on a Windows 10 PC To enable IPv6 in Windows 10 1 Select Control Panel Network and Sharing Center 2 On the left side of the Network and Sharing Center select Chang...

Страница 768: ...r computer 1 Select Start Settings Network Internet 2 On the left side of the Network Internet select Ethernet Then select the Ethernet network you are connected to 3 Under IP assignment select Edit 4...

Страница 769: ...t to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Change...

Страница 770: ...nd electronic device For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product U...

Страница 771: ...eitpunkt der Entsorgung wird die getrennte Sammlung von Produkt und oder seiner Batterie dazu beitragen nat rliche Ressourcen zu sparen und die Umwelt und die menschliche Gesundheit zu sch tzen El s m...

Страница 772: ...bols Various symbols are used in this product to ensure correct usage to prevent danger to the user and others and to prevent property damage The meaning of these symbols are described below It is imp...

Страница 773: ...th damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of...

Страница 774: ...circulation for cooling 41 All connected Setting Wizard 440 anti arpscan 582 blocked hosts 584 host threshold 585 status 583 trusted hosts 587 applications backbone 36 bridging 37 fiber uplink 37 IEE...

Страница 775: ...31 Cat 6a cable 31 CDP 283 Certificates screen 664 certifications viewing 773 CFI Canonical Format Indicator 413 729 changing the password 84 Cisco Discovery Protocol see CDP CIST 405 Class of Service...

Страница 776: ...t 763 DHCP relay option 82 619 DHCP server block 609 DHCP Server Status screen 478 DHCP snooping 94 604 618 configure 619 DHCP relay option 82 619 trusted ports 618 untrusted ports 618 DHCP snooping d...

Страница 777: ...status 599 error disable 596 control packets 599 CPU protection 599 detect 601 recovery 602 status 597 error disable recovery 596 Ethernet broadcast address 112 461 Ethernet MAC 140 695 Ethernet OAM 2...

Страница 778: ...tes screen 665 HTTPS example 563 I IANA Internet Assigned Number Authority 757 Identity Association IA 762 IEEE 802 1x activate 644 port authentication 642 re authentication 646 IEEE 802 3az 220 IEEE...

Страница 779: ...cache 764 IPv6 Global Setup screen 168 IPv6 interface DHCPv6 client 179 180 enable 169 170 global address 172 173 global unicast address 168 link local address 170 171 link local IP 167 neighbor disco...

Страница 780: ...non administrator 182 702 login accounts 182 702 configuring through Web Configurator 182 702 multiple 182 702 number of 182 702 login password edit 183 703 login user name display 559 Logins screen 1...

Страница 781: ...Age 397 max age 399 max hops 399 path cost 402 port priority 402 revision level 400 status 394 MTU 126 MTU Multi Tenant Unit 206 multicast 802 1 priority 310 IGMP throttling 312 724 IP addresses 305 s...

Страница 782: ...n 511 overheating prevention 41 P PAgP 283 password 84 administrator 59 183 703 change 40 change through Wizard 66 71 display 559 write down 40 password change through Password SNMP link 58 password e...

Страница 783: ...46 sub option format 345 tag format 344 trusted ports 346 untrusted ports 346 VLAN 352 PPPoE Intermediate Agent 344 prefix delegation 763 priority and OSPF 503 product registration 773 protocol based...

Страница 784: ...he Switch 41 safety warnings 770 save configuration 85 676 Save link 85 schedule type 213 Secure Shell see SSH serial number Switch 34 service access control 556 738 service port 557 739 Service Acces...

Страница 785: ...RRP 532 Storm Control screen 740 STP 283 bridge ID 383 389 bridge priority 386 392 designated bridge 376 edge port 387 393 forwarding delay 387 Hello BPDU 376 Hello Time 383 386 389 392 how it works 3...

Страница 786: ...ctional Link Detection see UDLD unregister Switch 35 untrusted ports ARP inspection 640 DHCP snooping 618 PPPoE IA 346 uplink connection 49 super fast 37 user name 56 default 56 user profiles 543 UTC...

Страница 787: ...n DHCPv4 476 480 VLAN stacking 449 451 configuration 451 example 449 frame format 451 port roles 450 453 port based Q in Q 453 priority 451 selective Q in Q 455 VLAN terminology 414 730 VLAN trunking...

Страница 788: ...t 87 navigating components 74 navigation panel 76 online help 87 usage prerequisite 55 weight 363 Windows OS version check 60 Wizard link aggregation 69 WRR Weighted Round Robin Scheduling 362 Z ZDP 6...

Страница 789: ...probe time 276 status 274 ZULD Zyxel Unidirectional Link Detection 273 ZyNOS Zyxel Network Operating System 666 Zyxel AP Configurator ZAC 63 Zyxel Discovery Protocol ZDP 60 Zyxel Nebula Mobile app 34...

Отзывы:

Нет отзывов