background image

Chapter 19 Policy Rule

GS-2750 User’s Guide

156

Summary of Contents for GS-2750

Page 1: ...yxel com GS 2750 Intelligent Layer 3 Switch User s Guide Version 3 80 11 2007 Edition 1 DEFAULT LOGIN In band IP Address http 192 168 1 1 Out of band IP Address http 192 168 0 1 User Name admin Password 1234 ...

Page 2: ......

Page 3: ...e Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch It is recommended you use the web configurator to configure the Switch Supporting Disk Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide ...

Page 4: ...ld choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log ...

Page 5: ...uide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ...

Page 6: ...of fuse Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow...

Page 7: ...Safety Warnings GS 2750 User s Guide 7 This product is recyclable Dispose of it properly ...

Page 8: ...Safety Warnings GS 2750 User s Guide 8 ...

Page 9: ...Basic Setting 71 Advanced Setup 83 VLAN 85 Static MAC Forward Setup 101 Filtering 103 Spanning Tree Protocol 105 Bandwidth Control 121 Broadcast Storm Control 123 Mirroring 125 Link Aggregation 127 Port Authentication 135 Port Security 141 Classifier 145 Policy Rule 151 Queuing Method 157 VLAN Stacking 161 Multicast 167 Authentication Accounting 181 IP Source Guard 195 Loop Guard 215 IP Applicatio...

Page 10: ...ment 253 Maintenance 255 Access Control 261 Diagnostic 279 Syslog 281 Cluster Management 285 MAC Table 291 IP Table 293 ARP Table 295 Routing Table 297 Configure Clone 299 Product Specifications 301 Product Specifications 303 Appendices and Index 309 ...

Page 11: ...le 34 1 1 3 Gigabit Ethernet to the Desktop 35 1 1 4 IEEE 802 1Q VLAN Application Example 35 1 2 Ways to Manage the Switch 36 1 3 Good Habits for Managing the Switch 36 Chapter 2 Hardware Installation and Connection 37 2 1 Freestanding Installation 37 2 2 Mounting the Switch on a Rack 38 2 2 1 Rack mounted Installation Requirements 38 2 2 2 Attaching the Mounting Brackets to the Switch 38 2 2 3 Mo...

Page 12: ...ing Your Configuration 55 4 5 Switch Lockout 55 4 6 Resetting the Switch 56 4 6 1 Reload the Configuration File 56 4 7 Logging Out of the Web Configurator 57 4 8 Help 57 Chapter 5 Initial Setup Example 59 5 1 Overview 59 5 1 1 Configuring an IP Interface 59 5 1 2 Configuring DHCP Server Settings 60 5 1 3 Creating a VLAN 61 5 1 4 Setting Port VID 62 5 1 5 Enabling RIP 63 Chapter 6 System Status and...

Page 13: ... 4 Select the VLAN Type 87 8 5 Static VLAN 87 8 5 1 Static VLAN Status 88 8 5 2 Static VLAN Details 88 8 5 3 Configure a Static VLAN 89 8 5 4 Configure VLAN Port Settings 90 8 6 Subnet Based VLANs 92 8 7 Configuring Subnet Based VLAN 93 8 8 Protocol Based VLANs 94 8 9 Configuring Protocol Based VLAN 95 8 10 Create an IP based VLAN Example 96 8 11 Port based VLAN Setup 97 8 11 1 Configure a Port ba...

Page 14: ...l Overview 121 12 1 1 CIR and PIR 121 12 2 Bandwidth Control Setup 121 Chapter 13 Broadcast Storm Control 123 13 1 Broadcast Storm Control Setup 123 Chapter 14 Mirroring 125 14 1 Port Mirroring Setup 125 Chapter 15 Link Aggregation 127 15 1 Link Aggregation Overview 127 15 2 Dynamic Link Aggregation 127 15 2 1 Link Aggregation ID 128 15 3 Link Aggregation Status 128 15 4 Link Aggregation Setting 1...

Page 15: ...fServ 151 19 1 2 DSCP and Per Hop Behavior 151 19 2 Configuring Policy Rules 152 19 3 Viewing and Editing Policy Configuration 154 19 4 Policy Example 154 Chapter 20 Queuing Method 157 20 1 Queuing Method Overview 157 20 1 1 Strictly Priority 157 20 1 2 Weighted Fair Queuing 157 20 1 3 Weighted Round Robin Scheduling WRR 158 20 2 Configuring Queuing 158 Chapter 21 VLAN Stacking 161 21 1 VLAN Stack...

Page 16: ...1 1 Local User Accounts 181 23 1 2 RADIUS and TACACS 182 23 2 Authentication and Accounting Screens 182 23 2 1 RADIUS Server Setup 182 23 2 2 TACACS Server Setup 184 23 2 3 Authentication and Accounting Setup 186 23 2 4 Vendor Specific Attribute 189 23 2 5 Tunnel Protocol Attribute 190 23 3 Supported RADIUS Attributes 190 23 3 1 Attributes Used for Authentication 191 23 3 2 Attributes Used for Acc...

Page 17: ...ter 27 RIP 223 27 1 RIP Overview 223 27 2 Configuring RIP 223 Chapter 28 Differentiated Services 225 28 1 DiffServ Overview 225 28 1 1 DSCP and Per Hop Behavior 225 28 1 2 DiffServ Network Example 226 28 2 Two Rate Three Color Marker Traffic Policing 226 28 2 1 TRTCM Color blind Mode 227 28 2 2 TRTCM Color aware Mode 227 28 3 Activating DiffServ 228 28 3 1 Configuring 2 Rate 3 Color Marker Setting...

Page 18: ...0 3 3 Configuring VRRP Parameters 246 30 3 4 Configuring VRRP Parameters 247 30 4 VRRP Configuration Examples 248 30 4 1 One Subnet Network Example 248 30 4 2 Two Subnets Example 249 Part V Management 253 Chapter 31 Maintenance 255 31 1 The Maintenance Screen 255 31 2 Load Factory Default 256 31 3 Save Configuration 256 31 4 Reboot System 257 31 5 Firmware Upgrade 257 31 6 Restore a Configuration ...

Page 19: ... Example 273 32 8 1 Internet Explorer Warning Messages 273 32 8 2 Netscape Navigator Warning Messages 274 32 8 3 The Main Screen 274 32 9 Service Port Access Control 275 32 10 Remote Management 276 Chapter 33 Diagnostic 279 33 1 Diagnostic 279 Chapter 34 Syslog 281 34 1 Syslog Overview 281 34 2 Syslog Setup 281 34 3 Syslog Server Setup 282 Chapter 35 Cluster Management 285 35 1 Clustering Manageme...

Page 20: ...g the ARP Table 295 Chapter 39 Routing Table 297 39 1 Overview 297 39 2 Viewing the Routing Table Status 297 Chapter 40 Configure Clone 299 40 1 Configure Clone 299 Part VI Product Specifications 301 Chapter 41 Product Specifications 303 Part VII Appendices and Index 309 Appendix A IP Addresses and Subnetting 311 Appendix B Legal Information 319 Appendix C Customer Support 323 Index 329 ...

Page 21: ...gurator Logout Screen 57 Figure 19 Initial Setup Network Example IP Interface 59 Figure 20 Initial Setup Network Example VLAN 61 Figure 21 Initial Setup Network Example Port VID 62 Figure 22 Status 65 Figure 23 Status Port Details 67 Figure 24 Basic Setting System Info 72 Figure 25 Basic Setting General Setup 74 Figure 26 Basic Setting Switch Setup 76 Figure 27 Basic Setting IP Setup 78 Figure 28 ...

Page 22: ...us 128 Figure 58 Advanced Application Link Aggregation Link Aggregation Setting 129 Figure 59 Advanced Application Link Aggregation Link Aggregation Setting LACP 131 Figure 60 Trunking Example Physical Connections 132 Figure 61 Trunking Example Configuration Screen 133 Figure 62 IEEE 802 1x Authentication Process 136 Figure 63 MAC Authentication Process 136 Figure 64 Advanced Application Port Auth...

Page 23: ... 99 DHCP Snooping Configure 204 Figure 100 DHCP Snooping Port Configure 206 Figure 101 DHCP Snooping VLAN Configure 207 Figure 102 ARP Inspection Status 208 Figure 103 ARP Inspection VLAN Status 209 Figure 104 ARP Inspection Log Status 210 Figure 105 ARP Inspection Configure 211 Figure 106 ARP Inspection Port Configure 212 Figure 107 ARP Inspection VLAN Configure 213 Figure 108 Loop Guard vs STP 2...

Page 24: ...tings for VR2 on Switch B 250 Figure 143 VRRP Example 2 VRRP Status on Switch A 251 Figure 144 VRRP Example 2 VRRP Status on Switch B 251 Figure 145 Management Maintenance 255 Figure 146 Load Factory Default Start 256 Figure 147 Reboot System Confirmation 257 Figure 148 Management Maintenance Firmware Upgrade 257 Figure 149 Management Maintenance Restore Configuration 258 Figure 150 Management Mai...

Page 25: ... 288 Figure 172 Management Clustering Management Configuration 289 Figure 173 MAC Table Flowchart 292 Figure 174 Management MAC Table 292 Figure 175 IP Table Flowchart 293 Figure 176 Management IP Table 294 Figure 177 Management ARP Table 296 Figure 178 Management Routing Table 297 Figure 179 Management Configure Clone 299 Figure 180 Network Number and Host ID 312 Figure 181 Subnetting Example Bef...

Page 26: ...List of Figures GS 2750 User s Guide 26 ...

Page 27: ...VLAN Port Setting Protocol Based VLAN Setup 96 Table 21 Advanced Application VLAN Port Based VLAN Setup 100 Table 22 Advanced Application Static MAC Forwarding 102 Table 23 Advanced Application FIltering 103 Table 24 STP Path Costs 106 Table 25 STP Port States 106 Table 26 Advanced Application Spanning Tree Protocol Configuration 110 Table 27 Advanced Application Spanning Tree Protocol RSTP 111 Ta...

Page 28: ...cast Setting IGMP Filtering Profile 173 Table 58 Advanced Application Multicast Multicast Setting MVR 176 Table 59 Advanced Application Multicast Multicast Setting MVR Group Configuration 178 Table 60 RADIUS vs TACACS 182 Table 61 Advanced Application Auth and Acct RADIUS Server Setup 183 Table 62 Advanced Application Auth and Acct TACACS Server Setup 185 Table 63 Advanced Application Auth and Acc...

Page 29: ...ients 260 Table 100 Access Control Overview 261 Table 101 SNMP Commands 262 Table 102 SNMP System Traps 263 Table 103 SNMP InterfaceTraps 264 Table 104 AAA Traps 265 Table 105 SNMP IP Traps 265 Table 106 SNMP Switch Traps 266 Table 107 Management Access Control SNMP 267 Table 108 Management Access Control SNMP Trap Group 269 Table 109 Management Access Control Logins 270 Table 110 Management Acces...

Page 30: ...able 129 IP Address Network Number and Host ID Example 312 Table 130 Subnet Masks 313 Table 131 Maximum Host Numbers 313 Table 132 Alternative Subnet Mask Notation 313 Table 133 Subnet 1 315 Table 134 Subnet 2 316 Table 135 Subnet 3 316 Table 136 Subnet 4 316 Table 137 Eight Subnets 316 Table 138 24 bit Network Number Subnet Planning 317 Table 139 16 bit Network Number Subnet Planning 317 ...

Page 31: ...31 PART I Introduction Getting to Know Your Switch 33 Hardware Installation and Connection 37 Hardware Overview 41 ...

Page 32: ...32 ...

Page 33: ...ort active at a time and two mini GBIC transceivers for fiber optic uplink connections This section shows a few examples of using the Switch in various network environments See Chapter 41 on page 303 for a full list of software features available on the Switch 1 1 1 Bridging Example In this example the Switch connects different company departments RD and Sales to the corporate backbone It can alle...

Page 34: ...h In the following example a company uses the Gigabit uplink ports to connect the headquarters to a branch office network Within the headquarters network a company can use trunking to group several physical ports into one logical higher capacity link Trunking can be used with copper cabling over relatively shorter distances than fiber optic connections Figure 2 High Performance Switching Backbone ...

Page 35: ...igure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one or more groups With VLAN a station cannot directly talk to or hear from stations that are not in the same group s unless such traffic first goes through a router For more in...

Page 36: ...nitored and or managed by an SNMP manager See Section 32 3 on page 262 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a saf...

Page 37: ...ables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 4 Remove the adhesive backing from the rubber feet 5 Attach the rubber feet to each corner on the bottom of the Switch These rubber feet help protect the Switch from shock or vibration and ensure space between devices when s...

Page 38: ...ead screws and a 2 Philips screwdriver 1 Failure to use the proper screws may damage the unit 2 2 1 1 Precautions Make sure the rack will safely support the combined weight of all the equipment it contains Make sure the position of the Switch does not make the rack unstable or top heavy Take all necessary precautions to anchor the rack securely before installing the unit 2 2 2 Attaching the Mounti...

Page 39: ...g the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 7 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the secon...

Page 40: ...Chapter 2 Hardware Installation and Connection GS 2750 User s Guide 40 ...

Page 41: ...Connections CONNECTOR DESCRIPTION 44 10 100 1000 Mbps RJ 45 Ethernet Ports Connect these ports to a computer a hub an Ethernet switch or router Four Dual Personality Interfaces Each interface has one 1000 Base T RJ 45 port and one Small Form Factor Pluggable SFP slot also called a mini GBIC slot with one port or transceiver active at a time 4 100 1000 Mbps RJ 45 Ports Connect these ports to high b...

Page 42: ...e you can connect either to the 1000Base T port or the mini GBIC port The mini GBIC ports have priority over the 1000Base T ports This means that if a mini GBIC port and the corresponding 1000Base T port are connected at the same time the 1000Base T port will be disabled 3 1 3 Mini GBIC Slots These are 6 slots for Small Form Factor Pluggable SFP transceivers Four of them are part of the Dual Perso...

Page 43: ...iver Installation Example 2 Press the transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly Figure 10 Installed Transceiver 3 1 3 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module 1 Open the transceiver s latch latch styles vary Figure 11 Opening th...

Page 44: ... Panel AC Model The following table describes the ports on the rear panel 3 2 1 Power Connector Make sure you are using the correct power source as shown on the panel B D E A C Table 2 Panel Connections CONNECTOR DESCRIPTION 2 Mini GBIC Slots Use mini GBIC transceivers in these slots for fiber optic connections to backbone Ethernet switches Console Port Only connect this port to your computer usin...

Page 45: ...For local management you can use a computer with terminal emulation software configured to the following parameters VT100 terminal emulation 9600 bps No parity 8 data bits 1 stop bit No flow control Connect the male 9 pin end of the RS 232 console cable to the console port of the Switch Connect the female end to a serial port COM1 COM2 or other COM port of your computer 3 3 LEDs The following tabl...

Page 46: ...network is up Amber Blinking The system is transmitting receiving to from a 100 Mbps Ethernet network On The link to a 100 Mbps Ethernet network is up Off The link to an Ethernet network is down Mini GBIC Slot LNK Green On The port has a successful connection Off No Ethernet device is connected to this port ACT Green Blinking The port is receiving or transmitting data Table 3 LEDs continued LED CO...

Page 47: ...47 PART II Basic Configuration The Web Configurator 49 Initial Setup Example 59 System Status and Port Statistics 65 Basic Setting 71 ...

Page 48: ...48 ...

Page 49: ...the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the default is 192 168 1 1 in the Location or Address field Press ENTER 3 The ...

Page 50: ...tus Screen The Status screen is the first screen that displays when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 15 Web Configurator Home Screen Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window A B D C E ...

Page 51: ...urned off See Section 31 3 on page 256 for information on saving your settings to a specific configuration file C Click this link to go to the status page of the Switch D Click this link to log out of the web configurator E Click this link to display web help pages The help pages provide descriptions for all of the configuration screens In the navigation panel click a main link to reveal a list of...

Page 52: ... VLAN IGMP Filtering Profile MVR Group Configuration Authentication and Accounting RADIUS Server Setup TACACS Server Setup Auth and Acct Setup IP Source Guard IP Source Guard Static Binding DHCP Snooping DHCP Snooping Configure DHCP Snooping Port Configure DHCP Snooping VLAN Configure ARP Inspection Status ARP Inspection VLAN Status ARP Inspection Log Status ARP Inspection Configure ARP Inspection...

Page 53: ...g Tree Protocol This link takes you to screens where you can configure the RSTP MSTP to prevent network loops Bandwidth Control This link takes you to screens where you can cap the maximum bandwidth allowed from specified source s to specified destination s Broadcast Storm Control This link takes you to a screen to set up broadcast filters Mirroring This link takes you to screens where you can cop...

Page 54: ...ings DHCP This link takes you to screens where you can configure the DHCP settings VRRP This link takes you to screens where you can configure redundant virtual router for your network Management Maintenance This link takes you to screens where you can perform firmware and configuration file maintenance as well as reboot the system Access Control This link takes you to screens where you can change...

Page 55: ...e Switch s storage that remains even if the Switch s power is turned off Use the Save link when you are done with a configuration session 4 5 Switch Lockout You could block yourself and all others from using in band management managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The...

Page 56: ...s configurations and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity one stop bit and flow control set to none The password will also be reset to 1234 and the IP address to 192 168 1 1 To upload the configuration file do the following 1 Connect to the console port using a computer with terminal emulation software See Section 3 2 on page 44 for detail...

Page 57: ... for security reasons Figure 18 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen Bootbase Version V0 2 07 18 2007 10 12 41 RAM Size 64 Mbytes DRAM POST Testing 65536K OK DRAM Test SUCCESS FLASH Intel...

Page 58: ...Chapter 4 The Web Configurator GS 2750 User s Guide 58 ...

Page 59: ... a physical port The default IP address of the Switch is 192 168 1 1 with a subnet mask of 255 255 255 0 In the example network since the RD network is already in the same IP interface as the Switch you don t need to create an IP interface for it However if you want to have the Sales network on a different routing domain you need to create a new IP interface This allows the Switch to route traffic...

Page 60: ...e settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Configuring DHCP Server Settings You can set the Switch to assign network information such as the IP address DNS server etc to DHCP clients on the network For the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In t...

Page 61: ...tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 20 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network example ...

Page 62: ...e memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines In the example network configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2 Figure 21 Initi...

Page 63: ...the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field select RIP 1 for the RIP packet format that is universally supported 4 Click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned ...

Page 64: ...Chapter 5 Initial Setup Example GS 2750 User s Guide 64 ...

Page 65: ...me page and port details screens 6 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 6 2 Port Status Summary To view the port statistics click Status in all web configurator screens to display the Status screen as shown next Figure 22 Status ...

Page 66: ...Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 11 1 3 on page 106 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this port R...

Page 67: ... H for half duplex It also shows the cable type Copper or Fiber Status If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 11 1 3 on page 106 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This field shows if LACP is enabled on this port or not TxPkts This field shows the number...

Page 68: ...lisions while transmitting Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive collision is defined as...

Page 69: ...his field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 to 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets in length Giant This field shows the number of packets dropped because they were bigger than the maximum frame size Table 8 Status Port Details continued LABEL D...

Page 70: ...Chapter 6 System Status and Port Statistics GS 2750 User s Guide 70 ...

Page 71: ...o allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup screen allows you to set up and configure global Switch features The IP Setup screen allows you to configure a Switch IP address in each routing domain subnet mask s and DNS domain name server for mana...

Page 72: ...may choose the temperature unit Centigrade or Fahrenheit in this field Temperature MAC CPU and PHY refer to the location of the temperature sensors on the Switch printed circuit board Current This shows the current temperature at this sensor MAX This field displays the maximum temperature measured at this sensor MIN This field displays the minimum temperature measured at this sensor Threshold This...

Page 73: ...g above the minimum speed Error indicates that this fan is functioning below the minimum speed Voltage V The power supply for each voltage has a sensor that is capable of detecting and reporting if the voltage falls out of the tolerance range Current This is the current voltage reading MAX This field displays the maximum voltage measured at this point MIN This field displays the minimum voltage me...

Page 74: ...me format When you select the Daytime RFC 867 format the Switch displays the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None is the d...

Page 75: ...me zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday Ma...

Page 76: ...change depending on whether you choose 802 1Q or Port Based in the VLAN Type field in this screen Refer to the chapter on VLAN Figure 26 Basic Setting Switch Setup The following table describes the labels in this screen Table 11 Basic Setting Switch Setup LABEL DESCRIPTION VLAN Type Choose 802 1Q or Port Based The VLAN Setup screen changes depending on whether you choose 802 1Q VLAN type or Port B...

Page 77: ... priority of the ingress port Use the following fields to configure the priority level to physical queue mapping The Switch has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the ...

Page 78: ...55 0 On the Switch as a layer 3 device an IP address is not bound to any physical ports Since each IP address on the Switch must be in a separate subnet the configured IP address is also known as IP interface or routing domain In addition this allows routing between subnets based on the IP address without additional routers You can configure multiple routing domains on the same VLAN as long as the...

Page 79: ... 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 0 254 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel ...

Page 80: ...cel Click Cancel to clear the Delete check boxes Table 12 Basic Setting IP Setup continued LABEL DESCRIPTION Table 13 Basic Setting Port Setup LABEL DESCRIPTION Port This is the port index number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port...

Page 81: ... buffer memory causing packet discards and frame losses Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE 802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE 802 3x flow control is used in full duplex mode to send a pause signal to the sending port causing it to temporarily stop send...

Page 82: ...Chapter 7 Basic Setting GS 2750 User s Guide 82 ...

Page 83: ...ree Protocol 105 Bandwidth Control 121 Broadcast Storm Control 123 Mirroring 125 Link Aggregation 127 Port Authentication 135 Port Security 141 Classifier 145 Policy Rule 151 Queuing Method 157 VLAN Stacking 161 Multicast 167 Authentication Accounting 181 IP Source Guard 195 Loop Guard 215 ...

Page 84: ...84 ...

Page 85: ...The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame Of the 4096 possible VIDs a VID of 0 is used t...

Page 86: ...VLAN groups beyond the local Switch Please refer to the following table for common IEEE 802 1Q VLAN terminology Table 14 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed registration por...

Page 87: ...er with VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Figure 29 Port VLAN Trunking 8 4 Select the VLAN Type Select a VLAN type in the Basic Setting Switch Setup scre...

Page 88: ...re 32 Advanced Application VLAN VLAN Detail Table 15 Advanced Application VLAN VLAN Status LABEL DESCRIPTION The Number of VLAN This is the number of VLANs configured on the Switch Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the Static VLAN screen Elapsed Time This field shows how long it h...

Page 89: ...Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long it ...

Page 90: ... Changes in this row are copied to all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select Forbidden if you want to prohibit the port from joining this VLAN group Tagging Select TX Tagging if you want the port to tag all outgoin...

Page 91: ... Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Check If this check box is selected for a port the Switch discards incoming frames for VLANs that do not include this port in its member set C...

Page 92: ...also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you can configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly That is video services receive the highest...

Page 93: ...erride When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN Select this checkbox to force the DHCP clients in this IP subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses po...

Page 94: ...vanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Ca...

Page 95: ... on port 6 and 7 All upstream ARP traffic from port 1 2 and 3 will be grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 37 Protocol Based VLAN Application Example 8 9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Set...

Page 96: ...in hexadecimal notation is 0800 and Novell IPX protocol is 8137 Note Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based VLANs VID Enter the ID of a VLAN to which the port belongs This must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames b...

Page 97: ...estination MAC address and its associated port Port based VLANs require allowed outgoing ports to be defined for each port Therefore if you wish to allow two subscriber ports to talk to each other for example between conference rooms in a hotel you must define the egress an egress port is an outgoing port that is a port through which a data packet leaves for both ports Port based VLANs are specifi...

Page 98: ...ay the following screen Select either All Connected or Port Isolated from the drop down list depending on your VLAN and VLAN security requirements If VLAN members need to communicate directly with each other then select All Connected Select Port Isolated if you want to restrict users from communicating directly Click Apply to save your settings The following screen shows users on a port based all ...

Page 99: ...Chapter 8 VLAN GS 2750 User s Guide 99 The following screen shows users on a port based port isolated VLAN configuration Figure 41 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Page 100: ... is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with a ...

Page 101: ...C address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allows only computers in the MAC address table on a port to access the Switch See Chapter 17 on page 141 for more information on port security Click Advanced A...

Page 102: ...loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwa...

Page 103: ...n the navigation panel to display the screen as shown next Figure 43 Advanced Application Filtering The following table describes the related labels in this screen Table 23 Advanced Application FIltering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a descriptive na...

Page 104: ...begin configuring this screen afresh Clear Click Clear to clear the fields to the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is activated and No when is it deactivated Name This field displays the descriptive name for this rule This is for identification purposes only MAC Address ...

Page 105: ...between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device that generates the topology change In STP a longer delay is required as t...

Page 106: ...re switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the root bridge If a bridge does not get a Hello BPDU after a predefined interval Max Age the bridge assumes that the link to the...

Page 107: ...e spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 11 1 4 1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches If the switches are using STP or RSTP the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link Figure 44 ...

Page 108: ...ased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings These include the following parameters Name of the MST region Revision level as the unique number for the MST region VLAN to MST Instance mapping 11 1 4 3 MST Instance An M...

Page 109: ...embers of an MST instance are members of the CIST In an MSTP enabled network there is only one CIST that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network segments running RSTP Figure 47 MSTP and Legacy RSTP Network Example 11 2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on wha...

Page 110: ...ng table describes the labels in this screen 11 4 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings see Section 11 1 on page 105 for more information on RSTP Click RSTP in the Advanced Application Spanning Tree Protocol screen Table 26 Advanced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes...

Page 111: ... 27 Advanced Application Spanning Tree Protocol RSTP LABEL DESCRIPTION Status Click Status to display the RSTP Status screen see Figure 51 on page 113 Active Select this check box to activate RSTP Clear this checkbox to disable RSTP Note You must also activate Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to enable RSTP on the Switch ...

Page 112: ...re it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Port This field displays the port number Settings in this row apply to all ports Use this row only if you w...

Page 113: ...idge Bridge ID This is the unique identifier for this bridge consisting of the bridge priority plus the MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the...

Page 114: ...on Spanning Tree Protocol screen See Section 11 1 4 on page 107 for more information on MSTP Topology Changed Times This is the number of times the spanning tree has been reconfigured Time Since Last Change This is the time since the spanning tree was last reconfigured Table 28 Advanced Application Spanning Tree Protocol Status RSTP continued LABEL DESCRIPTION ...

Page 115: ...Chapter 11 Spanning Tree Protocol GS 2750 User s Guide 115 Figure 52 Advanced Application Spanning Tree Protocol MSTP ...

Page 116: ...it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Maximum hops Enter the number of hops between 1 and 255 in an MSTP region before the BPDU is discarded and the...

Page 117: ...check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in the Switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN throug...

Page 118: ... on the Switch CST This section describes the Common Spanning Tree settings Bridge Root refers to the base of the spanning tree the root bridge Our Bridge is this Switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time...

Page 119: ...his is the number of times the spanning tree has been reconfigured Time Since Last Change This is the time since the spanning tree was last reconfigured Instance These fields display the MSTI to VLAN mapping In other words which VLANs run on each spanning tree instance Instance This field displays the MSTI ID VLAN This field displays which VLANs are mapped to an MSTI MSTI Select the MST instance s...

Page 120: ...Chapter 11 Spanning Tree Protocol GS 2750 User s Guide 120 ...

Page 121: ...Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the ingress port exceeding the CIR will be marked for drop The CIR should ...

Page 122: ...ify the guaranteed bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port The commit rate should be less than the peak rate The sum of commit rates cannot be greater than or equal to the uplink bandwidth Active Select this check box to activate peak rate limits on this port Peak Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming t...

Page 123: ...kets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the navigation panel...

Page 124: ...rt by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF packets the port r...

Page 125: ... to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 56 Advanced Application Mirroring ...

Page 126: ...row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box Ch...

Page 127: ...egation In a properly planned network it is recommended to implement static link aggregation only This ensures increased network stability and control over the trunk groups on your Switch See Section 15 6 on page 132 for a static port trunking example 15 2 Dynamic Link Aggregation The Switch adheres to the IEEE 802 3ad standard for static and dynamic LACP port trunking The IEEE 802 3ad standard de...

Page 128: ...s The following table describes the labels in this screen Table 34 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 Table 35 Link Aggregation ID Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 1 Port Priority and Port Number are 0 as it is the aggregator ID for th...

Page 129: ...ggregation Setting Aggregator ID Link Aggregator ID consists of the following system priority MAC address key port priority and port number Refer to Section 15 2 1 on page 128 for more information on this field Status This field displays how these ports were added to the trunk group It displays Static if the ports are configured as static members of a trunk group LACP if the ports are configured t...

Page 130: ...This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select this option to activate a trunk group Port This field displays the port number Group Select the trunk group to which a port belongs Apply Click Apply to save your changes to the Switch s run time me...

Page 131: ...Link Aggregation Control Protocol LACP System Priority LACP system priority is a number between 1 and 65 535 The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol LACP The smaller the num...

Page 132: ...the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still up If a port does not respond after three tries then it is deemed to be down and is removed...

Page 133: ...pter 15 Link Aggregation GS 2750 User s Guide 133 Figure 61 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete you do not need to go to any additional screens example ...

Page 134: ...Chapter 15 Link Aggregation GS 2750 User s Guide 134 ...

Page 135: ...e information on configuring your RADIUS server settings If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 16 1 1 IEEE 802 1x Authentication The following figure illustrates how a client connecting to a IEEE 802 1x authenti...

Page 136: ...nt for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch Figure 63 MAC Authentication Process New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied New Connection Auth...

Page 137: ...Radius Server Setup screen To activate a port authentication method click Advanced Application Port Authentication in the navigation panel Select a port authentication method in the screen that appears Figure 64 Advanced Application Port Authentication 16 2 1 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication screen click 802 1x to display the...

Page 138: ...e common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox to permit 802 1x authentication on this port You must first allow 802 1x authentication on the Switch before configuring it on each port Reauthentication Specify if a subscriber has to periodically re enter his or her username...

Page 139: ...rded to the RADIUS server Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server You can enter up to 32 printable ASCII characters Timeout Specify the amount of time before the Switch allows a client MAC address that fails authentication to try and authenticate again Maximum time is 3000 seconds When a client fails MAC authentic...

Page 140: ... this port You must first allow MAC authentication on the Switch before configuring it on each port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configu...

Page 141: ...with no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not...

Page 142: ...itch forwards packets whose MAC address es is in the MAC address table on this port Packets with no matching MAC address es are dropped Clear this check box to disable the port security feature The Switch forwards all packets on this port Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a port the port itself must be active with address ...

Page 143: ...he Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 41 Advanced Application Port Security continued LABEL DESCRIPTION ...

Page 144: ...Chapter 17 Port Security GS 2750 User s Guide 144 ...

Page 145: ...number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifiers to sort traffic into different flows 2 Configure poli...

Page 146: ... untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II indicates that the packets are formatted according to RFC 894 Ethernet II encapsulation Layer 2 Specify the fields below to configure a layer 2 classifier VLAN Select Any to classify traffic from any VLAN or select the second o...

Page 147: ...efix by entering the number of ones in the subnet mask A subnet mask can be represented by a 32 bit binary notation For example the subnet mask 255 255 255 0 can be represented as 11111111 11111111 11111111 00000000 and counting up the number of ones in this case results in 24 Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers Sele...

Page 148: ...h Clear Click Clear to set the above fields back to the factory defaults Table 42 Advanced Application Classifier continued LABEL DESCRIPTION Table 43 Classifier Summary Table LABEL DESCRIPTION Index This field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name This field displays...

Page 149: ...er Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Table 45 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ICMP 1 TCP 6 UDP 17 EGP 8 L2TP 115 Table 46 Common TCP and UDP Port Numbers PORT...

Page 150: ...s Guide 150 Figure 70 Classifier Example After you have configured a classifier you can configure a policy to define action s on the classified traffic flow See Chapter 19 on page 151 for information on configuring a policy rule example ...

Page 151: ...ithout the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 19 1 2 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6...

Page 152: ...olicy Rules You must first configure a classifier in the Classifier screen Refer to Section 18 2 on page 145 for more information Click Advanced Applications Policy Rule in the navigation panel to display the screen as shown Figure 71 Advanced Application Policy Rule ...

Page 153: ...ile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the packets Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before Priority Select No change to keep the priority setting of the frames Select ...

Page 154: ...p it when network is congested Select Do not drop the matching frame previously marked for dropping to queue the frames that are marked to be dropped Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes...

Page 155: ...Chapter 19 Policy Rule GS 2750 User s Guide 155 Figure 73 Policy Example example ...

Page 156: ...Chapter 19 Policy Rule GS 2750 User s Guide 156 ...

Page 157: ...s transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 20 1 2 Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth based on its bandwidth weight portion the number you configur...

Page 158: ...ing fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you configure in the queue Weight field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than queues w...

Page 159: ...t field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue weight the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is div...

Page 160: ...Chapter 20 Queuing Method GS 2750 User s Guide 160 ...

Page 161: ... on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore there is no VLAN tag overlap among customers so traffic from different customers i...

Page 162: ...ple figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag can be added Static VLAN Tx Tagging MUST be disabled on a port where you choose Access Port Select Tunnel Port for egress ports at the edge of the service provider s network All VLANs belonging to a customer can be aggregated into a single service provider s VLAN using the outer VLAN tag defined by the Service...

Page 163: ... frame s SP TPID is the same as the one configured on the Switch then the Switch will not add the tag Priority refers to the IEEE 802 1p standard that allows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of the inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the hi...

Page 164: ... TPID SP TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802 1Q tag information Choose 0x8100 or 0x9100 from the drop down list box or select Others and then enter a four digit hexadecimal number from 0x0000 to 0xFFFF 0x denotes a hexadecimal number It does not have to be typed in the Others text field Port The port number identifies the por...

Page 165: ...ice provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 8 on page 85 for more background information on VLAN ID Priority On the Switch configure priority level of inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the highest Apply Click Apply to save your changes to the Switch s run tim...

Page 166: ...Chapter 21 VLAN Stacking GS 2750 User s Guide 166 ...

Page 167: ...IP addresses in the Class D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA website for more information 22 1 2 IGMP Filtering With the IGMP filtering feature you can control which IGMP groups a subscriber on a port can join This allows you to control the distribution of multicast services such as c...

Page 168: ...ed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN 22 2 Multicast Status Click Advanced Applications Multicast to display the screen as shown This screen shows the multicast group information See Section 22 1 on page 167 for more information on multicasting Figure 77 Adva...

Page 169: ...ship entry if it does not receive report messages from the port Leave Timeout Enter an IGMP leave timeout value from 1 to 16 711 450 in seconds This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received from a host 802 1p Priority Select a priority level 0 7 to which the Switch changes the priority in o...

Page 170: ...t groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new IGMP join report frame s is dropped on this port IGMP Filtering Profile Select the name of the IGMP filtering profile to use for this port Otherwise select Default to prohibit the port from joining any mu...

Page 171: ... VLAN s that you specify below In either auto or fixed mode the Switch can learn up to 16 VLANs including up to three VLANs you configured in the MVR screen For example if you have configured one multicast VLAN in the MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs Note You must also enable IGMP snooping...

Page 172: ...ic VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are...

Page 173: ...n purposes To configure additional rule s for a profile that you have already added enter the profile name and specify a different IP multicast address range Start Address Type the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to belong...

Page 174: ...he following figure shows a multicast television example where a subscriber device such as a computer in VLAN 1 receives multicast traffic from the streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A sends an IGMP report to the Switch to join the appropria...

Page 175: ...select the receiver port s and a source port for each multicast VLAN Click Advanced Applications Multicast Multicast Setting MVR link to display the screen as shown next You can create up to three multicast VLANs and up to 256 multicast rules on the Switch Your Switch automatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen ...

Page 176: ... the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control packets belonging to this multicast VLAN Mode Specify the MVR mode on the Switch Choices are Dynamic and Compatible Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN Select Compatible to set the Switch not to send IGMP reports Port Thi...

Page 177: ...t this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this scr...

Page 178: ...tion 22 1 1 on page 167 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Address field if you want to configure only one IP address for a multicast group Refer to Section 22 1 1 on page 167 for more information on IP multicast addresses Add Click Add to save your...

Page 179: ...MVR screen and set the receiver and source ports Figure 86 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 example ...

Page 180: ...Chapter 22 Multicast GS 2750 User s Guide 180 Figure 87 MVR Group Configuration Example Figure 88 MVR Group Configuration Example example example ...

Page 181: ...itch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when users log in log out execute commands and so on Accounting can also record system related actions such as boot up and shut down times of the Switch The external servers that perform authentication authoriza...

Page 182: ...irst configure your authentication server settings RADIUS TACACS or both and then set up the authentication priority and accounting settings Click Advanced Application Auth and Acct in the navigation panel to display the screen as shown Figure 90 Advanced Application Auth and Acct 23 2 1 RADIUS Server Setup Use this screen to configure your RADIUS server settings See Section 23 1 2 on page 182 for...

Page 183: ...t the Switch waits for an authentication request response from the RADIUS server If you are using index priority for your authentication and you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second...

Page 184: ...ccounting server Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to...

Page 185: ...lternate between the TACACS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the TACACS server If you are using index priority for your authentication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the timeout ...

Page 186: ...Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the TACACS server Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an external TACACS accounting server in dotted decimal notation TCP Port The default port of a TACACS accounting server is 49 You need not change this value unl...

Page 187: ...nts via commands See Section 44 7 on page 336 for local authentication The TACACS and RADIUS are external servers Before you specify the priority make sure you have set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate the access privilege level of administrators The Switch checks the methods in the order you configure them first Metho...

Page 188: ...ting is enabled system accounting is disabled Exec Configure the Switch to send information when an administrator logs in and logs out via the console port telnet or SSH Dot1x Configure the Switch to send information when an IEEE 802 1x client begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send information when ...

Page 189: ... the IANA Internet Assigned Numbers Authority ZyXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server The following table describes the VSAs supported on the S...

Page 190: ...entication Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting This section lists the attributes used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assignment Ve...

Page 191: ...NAS IP Address 23 3 1 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS Identifier NAS IP Address NAS Port NAS Port Type This value is set to Ethernet 15 on the Switch Calling Station Id Frame MTU EAP Message State Message Authenticator 23 3 2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing authenti...

Page 192: ...TRIBUTE START INTERIM UPDATE STOP User Name D D D NAS Identifier D D D NAS IP Address D D D Service Type D D D Acct Status Type D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Session Time D D Acct Terminate Cause D Table 67 RADIUS Attributes Exec Events via Telnet SSH ATTRIBUTE START INTERIM UPDATE STOP User Name D D D NAS Identifier D D D NAS IP Address D D D Service ...

Page 193: ... D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Input Octets D D Acct Output Octets D D Acct Session Time D D Acct Input Packets D D Acct Output Packets D D Acct Terminate Cause D Acct Input Gigawords D D Acct Output Gigawords D D Table 68 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP ...

Page 194: ...Chapter 23 Authentication Accounting GS 2750 User s Guide 194 ...

Page 195: ... consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically ARP inspection Use this to filter unauthorized ARP packets on the network If you want to use dynamic bindings to filter unauthorized ARP packets typical implementation you hav...

Page 196: ...h restarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send DHCP requests again As a result it is recommended you configure the DHCP snooping database The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server If you set up the DHCP snooping da...

Page 197: ...g DHCP Snooping Follow these steps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trusted and untrusted ports and specify the maximum number of DHCP packets that each port can receive per second 4 Configure static bindings 24 1 2 ARP Inspection Overview Use ARP inspection to filter una...

Page 198: ...pecify the maximum rate at which the Switch receives ARP packets on untrusted ports The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high 24 1 2 3 Syslog The Switch can...

Page 199: ...s and VLAN ID as an existing static binding the new static binding replaces the original one To open this screen click Advanced Application IP Source Guard Static Binding Table 69 IP Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigne...

Page 200: ...his to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field...

Page 201: ...rd GS 2750 User s Guide 201 24 4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 98 DHCP Snooping ...

Page 202: ...ate the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last update This section displays information about the last time the Switch updated the DHCP snooping database Last succeeded time This field displays the last time the Switch updated the DHCP snooping database successfully Last failed time This field displays the last time the Switch u...

Page 203: ...ed leases This field displays the number of bindings the Switch ignored because the lease time had already expired Unsupported vlans This field displays the number of bindings the Switch ignored because the VLAN ID does not exist anymore Last ignored time This field displays the last time the Switch ignored any bindings for any reason from the DHCP binding database Total ignored bindings counters ...

Page 204: ...he labels in this screen Table 72 DHCP Snooping Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch You still have to enable DHCP snooping on specific VLAN and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports DHCP Vlan Select a VLAN ID if you want the Switch to forward DHCP packets to DHCP ...

Page 205: ... the DHCP snooping database before it gives up Write delay interval Enter how long 10 65535 seconds the Switch waits to update the DHCP snooping database the first time the current bindings change after an update Once the next update is scheduled additional changes in current bindings are automatically included in the next update Renew DHCP Snooping URL Enter the location of a DHCP snooping databa...

Page 206: ...ations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the current bindings The rate at which DHCP packets arrive is too high Rate pps Specify the maximum number for DHCP packets...

Page 207: ...ettings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number port number and VLAN ID to DHCP requests that it broadcasts to the DHC...

Page 208: ...field displays the current number of MAC address filters that were created because the Switch identified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field displays the source VLAN ID in the MAC address filter Port This field displays the source port of th...

Page 209: ...s in a specific range in the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above Received This field displays the total number of ARP packets received from the VLAN since the Switch last res...

Page 210: ... of the ARP packet Num Pkts This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message You can configure this interval in the ARP Inspection Configure screen See Section 24 7 on page 211 Reason This field displays the reason the log message ...

Page 211: ...tting has no effect on existing MAC address filters Enter how long 1 2147483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Type 0 if you want the MAC address filter to be permanent Log Profile Log buffer size Enter the maximum number 0 1024 of log messages that were g...

Page 212: ...f the Syslog rate number X is greater than Log interval seconds Y X divided by Y system messages are sent every second Otherwise one message is sent every Y divided by X seconds For example If the Syslog rate is 5 and the Log interval value is 2 two messages are sent every second If the Syslog rate is 3 and the Log interval value is 6 one message is sent every two seconds Log interval Type how oft...

Page 213: ...tings have no effect on trusted ports Rate pps Specify the maximum rate 0 2048 packets per second at which the Switch receives ARP packets from each port The Switch discards any additional ARP packets Enter 0 to disable this limit Burst interval seconds The burst interval is the length of time over which the rate of ARP packets is monitored for each port For example if the Rate is 15 pps and the b...

Page 214: ...lays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log messages for receiving ARP packets from the VLAN None The Switch does not generate any log messages when it receives an ARP packet ...

Page 215: ...oblems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re broadcast again and again causing a broadcast storm If a switch not...

Page 216: ...enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 110 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loo...

Page 217: ...g Tree Protocol RSTP or MSTP enabled Figure 112 Advanced Application Loop Guard The following table describes the labels in this screen Table 81 Advanced Application Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the Switch The Switch generates syslog internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature Port This field dis...

Page 218: ...e the Switch will shut down this port Clear this check box to disable the loop guard feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring th...

Page 219: ...219 PART IV IP Application Static Routing 221 RIP 223 Differentiated Services 225 DHCP 233 VRRP 243 ...

Page 220: ...220 ...

Page 221: ...d allows you to activate deactivate this static route Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to f...

Page 222: ... to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the descriptive name for this route This is for identification purposes only Destination Address This field displays the IP...

Page 223: ...one the Switch will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2...

Page 224: ...on IP Setup for more information on configuring IP domains Direction Select the RIP direction from the drop down list box Choices are Outgoing Incoming Both and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so...

Page 225: ...remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 28 1 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS field contains a 6 bit DSCP field which can define up to 64 service levels and th...

Page 226: ...riteria Traffic policing methods measure traffic flows against user defined criteria and identify it as either conforming exceeding or violating the criteria Two Rate Three Color Marker TRTCM defined in RFC 2698 is a type of traffic policing that identifies packets by comparing them to two user defined rates the Committed Information Rate CIR and the Peak Information Rate PIR The CIR specifies the...

Page 227: ...117 TRTCM Color blind Mode 28 2 2 TRTCM Color aware Mode In color aware mode the evaluation of the packets uses the existing packet loss priority TRTCM can increase a packet loss priority of a packet but it cannot decrease it Packets that have been previously marked red or yellow can only be marked with an equal or higher packet loss priority Packets marked red high packet loss priority continue t...

Page 228: ...TION Active Select this option to enable DiffServ on the Switch Port This field displays the index number of a port on the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soo...

Page 229: ... Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to treat the packets as marked by some preceding entity Incoming packets are evaluated based on their existing color Incoming packets that are not marked proceed through the Switch Port This field displays the index number of a port on the Swi...

Page 230: ...SCP values that you want to assign to packets based on the color they are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the DSCP value to use for packets with high packet loss priority Apply Click Apply to save your changes to the Switch s run time memory T...

Page 231: ...tion number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin c...

Page 232: ...Chapter 28 Differentiated Services GS 2750 User s Guide 232 ...

Page 233: ...itch as a DHCP server it will maintain the pool of IP addresses along with subnet masks DNS server and default gateway information and distribute them to your LAN computers If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request from a computer on your network it contacts the DHCP server for the necessary IP infor...

Page 234: ...HCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode Index This is the index number VID This field displays the VLAN ID for which the Switch is a DHCP server Server Status This field displays the starting DHCP client IP address IP Pool Size This field displays the number of IP addresses that can be assigned to clients Rela...

Page 235: ...configured for this DHCP server instance Subnet Mask This field displays the subnet mask value sent to clients from this DHCP server instance Default Gateway This field displays the default gateway value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server This field di...

Page 236: ...on 82 field is in the DHCP headers of client DHCP request frames that the Switch relays to a DHCP server Relay Agent Information can include the System Name of the Switch if you select this option You can change the System Name in Basic Settings General Setup The following describes the DHCP relay information that the Switch sends to the DHCP server 29 4 2 Configuring DHCP Global Relay Configure g...

Page 237: ...l LABEL DESCRIPTION Active Select this check box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name yo...

Page 238: ... DHCP settings based on the VLAN domain of the DHCP clients Click IP Application DHCP in the navigation panel then click the VLAN link In the DHCP Status screen that displays You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch See Section 7 6 on page 78 for information on how to do this example ...

Page 239: ...you select Server then fields related to DHCP relay configuration are grayed out and vice versa Server Use this section if you want to configure the Switch to function as a DHCP server for this VLAN Client IP Pool Starting Address Specify the first of the contiguous addresses in the IP address pool Size of Client IP Pool Specify the size or count of the IP address pool The Switch can issue from 1 ...

Page 240: ...lays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on th...

Page 241: ... Guide 241 Figure 128 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 129 DHCP Relay for Two VLANs Configuration Example VLAN 1 VLAN 2 DHCP 192 168 1 100 DHCP 172 23 10 100 example ...

Page 242: ...Chapter 29 DHCP GS 2750 User s Guide 242 ...

Page 243: ...ess is associated with the virtual router A layer 3 device having the same IP address is the preferred master router while the other Layer 3 devices are the backup routers The master router forwards traffic for the virtual router When the master router becomes unavailable a backup router assumes the role of the master router until the master router comes back up and takes over The following figure...

Page 244: ...sk bits of an IP routing domain that is associated to a virtual router VRID This field displays the ID number of the virtual router VR Status This field displays the status of the virtual router This field is Master indicating that this Switch functions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is in...

Page 245: ...re 132 IP Application VRRP Configuration IP Interface The following table describes the labels in this screen Table 94 IP Application VRRP Configuration IP Interface LABEL DESCRIPTION Index This field displays the index number of an entry Network This field displays the IP address and number of subnet mask bit of an IP domain Authentication Select None to disable authentication This is the default...

Page 246: ...ciated with the virtual router is 255 30 3 2 3 Preempt Mode If the master router is unavailable a backup router assumes the role of the master router However when another backup router with a higher priority joins the network it will preempt the lower priority backup router that is the master Disable preempt mode to prevent this from happening By default a layer 3 device with the same IP address a...

Page 247: ...t is 1 Preempt Mode Select this option to activate preempt mode Priority Enter a number between 1 and 254 to set the priority level The bigger the number the higher the priority This field is 100 by default Uplink Gateway Enter the IP address of the uplink gateway in dotted decimal notation The Switch checks the link to the uplink gateway Primary Virtual IP Enter the IP address of the primary virt...

Page 248: ...r Network Table 96 VRRP Configuring VRRP Parameters LABEL DESCRIPTION Index This field displays the index number of an entry Active This field shows whether a VRRP entry is enabled Yes or disabled No Name This field displays a descriptive name of an entry Network This field displays the IP address and subnet mask of an interface VRID This field displays the ID number of a virtual router Primary VI...

Page 249: ...ens for both switches are shown next Figure 138 VRRP Example 1 VRRP Status on Switch A Figure 139 VRRP Example 1 VRRP Status on Switch B 30 4 2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic Hosts in the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure...

Page 250: ...ple 1 for virtual router VR1 refer to Section 30 4 2 on page 249 Configure the VRRP parameters on the switches as shown in the figures below Figure 141 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 142 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status screens for both switches are shown next 172 16 1 1...

Page 251: ...Chapter 30 VRRP GS 2750 User s Guide 251 Figure 143 VRRP Example 2 VRRP Status on Switch A Figure 144 VRRP Example 2 VRRP Status on Switch B example example ...

Page 252: ...Chapter 30 VRRP GS 2750 User s Guide 252 ...

Page 253: ...253 PART V Management Maintenance 255 Access Control 261 Diagnostic 279 Syslog 281 Cluster Management 285 MAC Table 291 IP Table 293 ARP Table 295 Routing Table 297 Configure Clone 299 ...

Page 254: ...254 ...

Page 255: ... Maintenance The following table describes the labels in this screen Table 97 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configuration Click Click Here to go to the Restore Configuration screen Backup Co...

Page 256: ... configuration settings permanently to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on the Switch Alternatively click Save on the top right hand corner in any screen to save the configuration changes to the current configuration Clicking the Apply or Add button does NOT save the changes permanently All unsaved changes are erased after y...

Page 257: ...d configuration two on the Switch 31 5 Firmware Upgrade Make sure you have downloaded and unzipped the correct model firmware and version to your computer before uploading to the device 1 Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device From the Maintenance screen display the Firmware Upgrade screen as shown next Figure 148 Management Mainte...

Page 258: ...cking up your Switch configurations allows you to create various snapshots of your device from which you may restore at a later date Back up your current Switch configuration to a computer using the Backup Configuration screen Figure 150 Management Maintenance Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen 1 Click Backup 2 Cl...

Page 259: ...copies of both files for later use 1 Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 31 8 2 FTP Command Line Procedure 1 Launch the FTP client on your computer 2 Enter open followed by a space and the IP address of your Switch 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to se...

Page 260: ...t match the client IP address If it does not match the Switch will disallow the FTP session Table 99 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is when a user I D and password is automatically supplied to the server for anonymous access Anonymous logins will work only if your ISP or service administrato...

Page 261: ...essions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Command Reference guide for more information on disabling multi login 32 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 151 Management Access Control Table 100 Access Cont...

Page 262: ...t functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to com...

Page 263: ... SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP 32 3 3 SNMP Traps The Switch sends traps to an SNMP manager when an event occurs The following tables outline the SNMP traps by category An OID Object ID that begins with 1 3 6 1 4 1 890 1 5 8 is defined in private MIBs Otherwise it is a standard ...

Page 264: ...s sent when the Switch reboots by an administrator through a management interface timesync RTCNotUpdatedEventOn 1 3 6 1 4 1 890 1 5 8 44 37 2 1 This trap is sent when the Switch fails to get the time and date from a time server RTCNotUpdatedEventClear 1 3 6 1 4 1 890 1 5 8 44 37 2 2 This trap is sent when the Switch gets the time and date from a time server intrusionlock IntrusionLockEventOn 1 3 6...

Page 265: ... 1 4 1 890 1 5 8 44 37 2 1 This trap is sent when there is no response message from the RADIUS server RADIUSNotReachableEvent Clear 1 3 6 1 4 1 890 1 5 8 44 37 2 2 This trap is sent when the RADIUS server can be reached accounting RADIUSAcctNotReachableEv entOn 1 3 6 1 4 1 890 1 5 8 44 37 2 1 This trap is sent when there is no response message from the RADIUS accounting server RADIUSAcctNotReachab...

Page 266: ...gyChange 1 3 6 1 2 1 17 0 2 This trap is sent when the STP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 44 107 7 0 2 This trap is sent when the MSTP root switch changes mactable MacTableFullEventOn 1 3 6 1 4 1 890 1 5 8 44 37 2 1 This trap is sent when more than 99 of the MAC table is used MacTableFullEventClear 1 3 6 1 4 1 890 1 5 8 44 37 2 2 This trap is sent when less than 95 of th...

Page 267: ...g Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community which is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the...

Page 268: ...o implement an authentication algorithm for SNMP messages sent by this user priv to implement authentication and encryption for SNMP messages sent by this user This is the highest security level Note The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch Authentication Select an authentication algorithm MD5 Message Digest 5 ...

Page 269: ...e SNMP Setting screen Use the rest of the screen to select which traps the Switch sends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 32 3 3 on page 263 for individual trap descriptions The traps are grouped by category Selecting a categ...

Page 270: ...ult password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users These users have read only access You can give users higher privileges via the CLI For more information on assigning privileges see Chapter 44 on page 333 User Name Set a user name up to 32 ASCII charac...

Page 271: ... How SSH works The following table summarizes how a secure connection is established between two remote hosts Figure 157 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client a...

Page 272: ...b protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certificates public keys and private keys HTTPS o...

Page 273: ...P Address is the IP address or domain name of the Switch you wish to access 32 8 1 Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server a Windows dialog box pops up asking if you trust the server certificate Click View Certificate if you want to verify that the certificate is from the Switch You see the following Security Alert screen in Internet Explorer Select Ye...

Page 274: ...itch If Accept this certificate temporarily for this session is selected then click OK to continue in Netscape Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 160 Security Certificate 1 Netscape Figure 161 Security Certificate 2 Netscape 32 8 3 The Main Screen After you accept the certificate and enter the login username and password the Swi...

Page 275: ...cess Control allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted computer s for each service in the Remote Management screen discussed later Click Access Control to go back to the main Access Control screen Figure 163 Management Access Control Service Access Control ...

Page 276: ... Timeout Type how many minutes a management session via the web configurator can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the t...

Page 277: ... Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 111 Management Access Control Remote Management continued LABEL DESCRIPTION ...

Page 278: ...Chapter 32 Access Control GS 2750 User s Guide 278 ...

Page 279: ...wing table describes the labels in this screen Table 112 Management Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry IP Ping Type the IP address of a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the l...

Page 280: ...Chapter 33 Diagnostic GS 2750 User s Guide 280 ...

Page 281: ...o the documentation of your syslog program for details The following table describes the syslog severity levels 34 2 Syslog Setup Click Management Syslog in the navigation panel to display this screen The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings Table 113 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is u...

Page 282: ...umn displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the Switch s run time memory Th...

Page 283: ...time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to the factory defaults Index This is the index number of a syslog server entry Click this numbe...

Page 284: ...Chapter 34 Syslog GS 2750 User s Guide 284 ...

Page 285: ...other In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Table 116 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Cluster member models must be compatible with ZyXEL cluster management implementation Cluster Manager The cluster manager is the S...

Page 286: ...ide 286 Figure 168 Clustering Application Example 35 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen A cluster can only have one manager Figure 169 Management Cluster Management ...

Page 287: ...anager None neither a manager nor a member of a cluster Manager This field displays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column is a hyper...

Page 288: ... rw 1 owner group 393216 Jul 01 12 00 config w w w 1 owner group 0 Jul 01 12 00 fw 00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received O...

Page 289: ...r in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if the Switch is set to 802 1Q VLAN All switches must be directly connected and in the same VLAN group to belong to the same cluster Switc...

Page 290: ...the member summary list below If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common web configurator password Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatil...

Page 291: ...warding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port from which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC Table If the Switch has already learned the port for this MAC address then...

Page 292: ...layed in the summary table below MAC Click this button to display and arrange the data according to MAC address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This is the incoming frame index number MAC Address This is the MAC address of the device from which this incoming frame cam...

Page 293: ...e how to forward packets See the following figure 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not...

Page 294: ...Click this button to display and arrange the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This field displays the index number IP Address This is the IP address of the device from which the incoming packets came VID This is the VLAN group to which the ...

Page 295: ...the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is...

Page 296: ...dex This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above Type This shows whether the MAC address is dynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen ...

Page 297: ...g Table in the navigation panel to display the screen as shown Figure 178 Management Routing Table The following table describes the labels in this screen Table 123 Management Routing Table LABEL DESCRIPTION Index This field displays the index number Destination This field displays the destination IP routing domain Gateway This field displays the IP address of the gateway device Interface This fie...

Page 298: ...Chapter 39 Routing Table GS 2750 User s Guide 298 ...

Page 299: ...u can copy the settings of one port onto other ports 40 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 179 Management Configure Clone ...

Page 300: ...e 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings configured in the Advanced Application menus should be copied to the destination ports Apply Click App...

Page 301: ...301 PART VI Product Specifications Product Specifications 303 ...

Page 302: ...302 ...

Page 303: ...ber cables For each Dual Personality interface one port or slot is active at a time 2 mini GBIC slots compatible with Small Form Factor Pluggable SFP Multi Source Agreement MSA transceivers to be used with 1000Base X fiber cables One local management Ethernet 10 100Base T port One RS 232 console port Ethernet Ports Auto negotiating 10 Mbps or 100 Mbps in either half duplex or full duplex mode 1000...

Page 304: ... to 4 094 VLAN groups with each group containing up to 4 094 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers MAC Address Filter Filter traffic based on the source and or destination MAC address and VLAN group ID DHCP Dynamic Host Configuration Protocol Use this feature to have the Switch assign IP addresses an IP defau...

Page 305: ...ks between switches bridges or routers It allows a Switch to interact with other R STP compliant switches in your network to ensure that only one path exists between any two stations on the network Loop Guard Use the loop guard feature to protect against network loops on the edge of your network IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network Link Ag...

Page 306: ...ing Switching Throughput 1488000 pps for 1000Base T 64byte packet 148800 pps for 100Base TX 64byte packet Switching fabric 100 Gbps non blocking Max Frame size 9 kbytes Forwarding frame IEEE 802 3 IEEE 802 1q Ethernet II PPPoE Prevent the forwarding of corrupted packets STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol QoS IEEE 802 1p Eight priority queu...

Page 307: ... Protocol RFC 894 Ethernet II Encapsulation RFC 1058 RIP 1 Routing Information Protocol RFC 1112 IGMP v1 RFC 1155 SMI RFC 1157 SNMPv1 Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II RFC 1305 Network Time Protocol NTP version 3 RFC 1441 SNMPv2 Simple Network Management Protocol version 2 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1723 RIP 2 Routing Information Protocol RFC 17...

Page 308: ...ed Network Access Control IEEE 802 1D MAC Bridges IEEE 802 1p Traffic Types Packet Priority IEEE 802 1Q Tagged VLAN IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP IEEE 802 3 Packet Format IEEE 802 3ad Link Aggregation IEEE 802 3ah Ethernet OAM Operations Administration and Maintenance IEEE 802 3x Flow Control IEEE 802 3z 1000BASE X For optical fiber ...

Page 309: ...309 PART VII Appendices and Index IP Addresses and Subnetting 311 Legal Information 319 Customer Support 323 Index 329 ...

Page 310: ...310 ...

Page 311: ...are a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four p...

Page 312: ... part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to by the size of th...

Page 313: ...by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks u...

Page 314: ...ws the company network before subnetting Figure 181 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company...

Page 315: ... 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 2...

Page 316: ...net 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 136 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 ...

Page 317: ... BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 139 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382...

Page 318: ... You don t need to change the subnet mask computed by the Switch unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA ...

Page 319: ...ftware described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in thi...

Page 320: ...xpressly approved by the party responsible for compliance could void the user s authority to operate the equipment This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040 10 AND 1040 11 PRODUIT CONFORME SELON 21 CFR 1040 10 ET 10...

Page 321: ...irect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the d...

Page 322: ...Appendix B Legal Information GS 2750 User s Guide 322 ...

Page 323: ...ail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web www zyxel ...

Page 324: ...448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E mail support zyxel de Sales E mail sales zyxel de Telephone 49 2405 6909 69 Fax 49 2405 6909 99 Web www zyxel de Regula...

Page 325: ...gawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk Ave Office 414 Dostyk Business Centre 050010 Almaty Republic of Kazakhstan Malaysia Support E mail support zyxel com my Sales E mail sales zyxel com my Telephone 603 8076 9933 Fax 603 8076 9833 Web htt...

Page 326: ...rzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova 37a Str Moscow 117279 Russia Singapore Support E mail support zyxel com sg Sales E mail sales zyxel com sg Telephone 65 6899 6678 Fax 65 6899 8887 Web http www zyxel com sg Regular Mail ZyXEL Singapor...

Page 327: ...l ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 134...

Page 328: ...Appendix C Customer Support GS 2750 User s Guide 328 ...

Page 329: ...lege levels 188 automatic VLAN registration 86 B back up configuration file 258 bandwidth control 306 basic settings 71 binding 195 binding table 195 building 195 BPDUs Bridge Protocol Data Units 106 Bridge Protocol Data Units BPDUs 106 bridging 306 C certifications 319 notices 320 viewing 320 CFI Canonical Format Indicator 85 changing the password 54 CIST 109 CIST Common and Internal Spanning Tre...

Page 330: ...79 Ethernet port test 279 ping 279 system log 279 Differentiated Service DiffServ 225 DiffServ 225 activate 228 and TRTCM 229 DS field 225 DSCP 225 DSCP to IEEE802 1p mapping 230 network example 226 PHB 225 dimensions 303 disclaimer 319 double tagged frames 161 DS Differentiated Services 225 DSCP DSCP to IEEE802 1p mapping 230 service level 225 what it does 225 DSCP DiffServ Code Point 225 dynamic...

Page 331: ...iltering 167 profile 172 profiles 169 IGMP snooping 167 MVR 173 ingress port 100 Installation Rack mounting 38 installation freestanding 37 precautions 38 Internet Assigned Numbers Authority See IANA 318 introduction 33 IP capability 307 interface 78 244 routing domain 78 services 307 setup 78 IP source guard 195 ARP inspection 195 197 DHCP snooping 195 static bindings 195 IP table 293 how it work...

Page 332: ...3 mirroring ports 125 monitor port 125 126 mounting brackets 38 MSA MultiSource Agreement 42 MST Instance See MSTI 108 MST region 108 MSTI 108 MST ID 108 MSTI Multiple Spanning Tree Instance 107 MSTP 105 107 bridge ID 118 119 configuration 114 configuration digest 119 forwarding delay 116 Hello Time 118 hello time 116 Max Age 118 max age 116 max hops 116 MST region 108 network example 107 path cos...

Page 333: ... 73 priority level 77 priority queue assignment 77 product registration 321 protocol based VLAN 94 and IEEE 802 1Q tagging 94 example 96 hexadecimal notation for protocols 93 96 isolate traffic 94 priority 93 96 PVID 85 91 PVID Priority Frame 85 Q QoS 306 and classifier 145 queue weight 158 queuing 157 SPQ 158 WFQ 158 WRR 158 queuing method 157 159 R RADIUS 182 advantages 182 and authentication 18...

Page 334: ...outes 221 222 static trunking example 132 Static VLAN 89 static VLAN control 90 tagging 90 status 50 65 LED 45 link aggregation 128 port 65 port details 66 power 73 STP 113 117 VLAN 88 VRRP 244 STP 105 306 bridge ID 113 bridge priority 112 configuration 110 114 designated bridge 106 forwarding delay 112 Hello BPDU 106 Hello Time 112 113 how it works 106 Max Age 112 113 path cost 106 112 port prior...

Page 335: ...43 VLAN 75 85 306 acceptable frame type 91 automatic registration 86 ID 85 ingress filtering 91 introduction 75 number of VLANs 88 port isolation 91 port number 89 port settings 90 port based VLAN 97 port based all connected 100 port based isolation 100 port based wizard 100 static VLAN 89 status 88 89 tagged 85 trunking 87 92 type 76 87 VLAN Virtual Local Area Network 75 VLAN number 79 VLAN stack...

Page 336: ...me 50 login 49 logout 57 navigation panel 51 screen summary 51 weight queuing 158 Weighted Round Robin Scheduling WRR 158 WFQ Weighted Fair Queuing 158 WRR Weighted Round Robin Scheduling 158 Z ZyNOS ZyXEL Network Operating System 259 ...

Reviews: