ZyXEL Communications GS1350 Series, User Manual

Page 1: ... User s Guide GS1350 Series GbE Layer 2 PoE Switch Copyright 2020 Zyxel Communications Corporation Management IP Address http DHCP assigned IP or http 192 168 1 1 User Name admin Password 1234 Version 4 70 Edition 1 06 2020 ...

Page 2: ...ade to ensure that the information in this manual is accurate Related Documentation CLI Reference Guide The CLI Reference Guide explains how to use the Command Line Interface CLI to configure the Switch Note It is recommended you use the Web Configurator to configure the Switch Quick Start Guide The Quick Start Guide shows how to connect the Switch Online Help Click the help link for a description...

Page 3: ...s field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Basic Setting IP Setup IP Configuration Network Proxy Configuration means you first click Basic Setting in the navigation panel then the IP Setup sub menu then IP Configuration and finally Network Proxy Configuration to get to that screen Icons Used in Figures Figures ...

Page 4: ...ic MAC Forwarding 136 Static Multicast Forwarding 138 Filtering 142 Spanning Tree Protocol 144 Bandwidth Control 150 Broadcast Storm Control 152 Mirroring 154 Link Aggregation 156 Port Security 163 Time Range 165 Queuing Method 167 Multicast 170 AAA 176 DHCP Snooping 185 Loop Guard 196 Error Disable 199 Green Ethernet 206 Link Layer Discovery Protocol LLDP 208 Auto PD Recovery 230 ONVIF 235 Differ...

Page 5: ...nagement 299 MAC Table 305 ARP Table 308 Path MTU Table 310 Configure Clone 311 IPv6 Neighbor Table 313 Port Status 315 Surveillance Mode 322 Quick Setup 327 System 328 Port 333 Switching 343 Networking 360 Security 364 Maintenance 376 Troubleshooting and Appendices 381 Troubleshooting 382 ...

Page 6: ... Fiber Uplink Example Application 23 1 2 4 High Performance Switching Example 24 1 2 5 IEEE 802 1Q VLAN Application Examples 24 1 3 Ways to Manage the Switch 25 1 4 Good Habits for Managing the Switch 25 Chapter 2 Hardware Installation and Connection 26 2 1 Installation Scenarios 26 2 1 1 Safety Precautions 26 2 2 Desktop Installation Procedure 27 2 3 Wall Mounting 27 2 3 1 Installation Requiremen...

Page 7: ...ical Reference 42 Chapter 4 Web Configurator 43 4 1 Overview 43 4 2 System Login 43 4 3 Zyxel One Network ZON Utility 47 4 3 1 Requirements 47 4 3 2 Run the ZON Utility 48 4 4 Wizard 51 4 4 1 Basic 52 4 4 2 Protection 56 4 4 3 VLAN 58 4 4 4 QoS 59 4 5 Web Configurator Layout 60 4 5 1 Change Your Password 66 4 6 Save Your Configuration 66 4 7 Switch Lockout 67 4 8 Reset the Switch 67 4 8 1 Restore ...

Page 8: ...6 3 4 Troubleshooting 81 Chapter 7 Status 82 7 1 Overview 82 7 1 1 What You Can Do 82 7 2 Status 82 7 2 1 Neighbor Screen 84 7 2 2 Neighbor Detail 86 Chapter 8 Basic Setting 88 8 1 Overview 88 8 1 1 What You Can Do 88 8 2 System Information 88 8 3 General Setup 90 8 4 Introduction to VLANs 92 8 5 Switch Setup 92 8 6 IP Setup 94 8 6 1 IP Interfaces 94 8 6 2 IP Status 94 8 6 3 IP Status Details 95 8...

Page 9: ...ration 120 Chapter 9 VLAN 121 9 1 Overview 121 9 1 1 What You Can Do 121 9 1 2 What You Need to Know 121 9 2 VLAN Status 123 9 2 1 VLAN Details 124 9 3 VLAN Configuration 125 9 4 Configure a Static VLAN 126 9 5 Configure VLAN Port Settings 127 9 6 Voice VLAN 128 9 7 MAC Based VLAN 130 9 8 Vendor ID Based VLAN 131 9 9 Port Based VLAN Setup 133 9 9 1 Configure a Port Based VLAN 133 Chapter 10 Static...

Page 10: ...th Control Overview 150 14 1 1 What You Can Do 150 14 2 Bandwidth Control Setup 150 Chapter 15 Broadcast Storm Control 152 15 1 Broadcast Storm Control Overview 152 15 1 1 What You Can Do 152 15 2 Broadcast Storm Control Setup 152 Chapter 16 Mirroring 154 16 1 Mirroring Overview 154 16 1 1 What You Can Do 154 16 2 Port Mirroring Setup 154 Chapter 17 Link Aggregation 156 17 1 Link Aggregation Overv...

Page 11: ...ng Queuing 168 Chapter 21 Multicast 170 21 1 Multicast Overview 170 21 1 1 What You Can Do 170 21 1 2 What You Need to Know 170 21 2 Multicast Setup 171 21 3 IPv4 Multicast Status 171 21 3 1 IGMP Snooping 172 21 3 2 IGMP Snooping VLAN 174 Chapter 22 AAA 176 22 1 AAA Overview 176 22 1 1 What You Can Do 176 22 1 2 What You Need to Know 176 22 2 AAA Screens 177 22 3 RADIUS Server Setup 177 22 4 AAA S...

Page 12: ...isable 199 25 1 Error Disable Overview 199 25 1 1 CPU Protection Overview 199 25 1 2 Error Disable Recovery Overview 199 25 1 3 What You Can Do 199 25 2 Error Disable Settings 200 25 3 Error Disable Status 200 25 4 CPU Protection Configuration 202 25 5 Error Disable Detect Configuration 203 25 6 Error Disable Recovery Configuration 204 Chapter 26 Green Ethernet 206 26 1 Green Ethernet Overview 206...

Page 13: ...u Can Do 235 29 2 ONVIF Screen 235 Chapter 30 Differentiated Services 237 30 1 DiffServ Overview 237 30 1 1 What You Can Do 237 30 1 2 What You Need to Know 237 30 2 Activating DiffServ 238 30 3 DSCP Settings 239 30 3 1 Configuring DSCP Settings 240 Chapter 31 DHCP 241 31 1 DHCP Overview 241 31 1 1 What You Can Do 241 31 1 2 What You Need to Know 241 31 2 DHCP Configuration 242 31 3 DHCPv4 Status ...

Page 14: ...3 Reboot System 259 33 3 Firmware Upgrade 260 33 4 Restore Configuration 261 33 5 Backup Configuration 262 33 6 Tech Support 262 33 7 Certificates 264 33 7 1 HTTPS Certificates 265 33 8 Technical Reference 266 33 8 1 FTP Command Line 266 33 8 2 Filename Conventions 266 33 8 3 FTP Command Line Procedure 266 33 8 4 GUI based FTP Clients 267 33 8 5 FTP Restrictions 267 Chapter 34 Access Control 268 3...

Page 15: ...295 36 2 System Log 295 Chapter 37 Syslog Setup 296 37 1 Syslog Overview 296 37 1 1 What You Can Do 296 37 2 Syslog Setup 296 Chapter 38 Cluster Management 299 38 1 Cluster Management Overview 299 38 1 1 What You Can Do 299 38 2 Cluster Management Status 300 38 3 Clustering Management Configuration 301 38 4 Technical Reference 302 38 4 1 Cluster Member Switch Management 302 Chapter 39 MAC Table 30...

Page 16: ...IPv6 Neighbor Table 313 43 1 IPv6 Neighbor Table Overview 313 43 2 Viewing the IPv6 Neighbor Table 313 Chapter 44 Port Status 315 44 1 Overview 315 44 2 Port Status 315 44 2 1 Port Details 316 44 2 2 DDMI 319 44 2 3 DDMI Details 319 44 2 4 Port Utilization 321 Chapter 45 Surveillance Mode 322 45 1 Overview 322 45 1 1 What You Can Do 322 45 2 Summary 322 45 2 1 Neighbor Detail Screen 324 Chapter 46...

Page 17: ... 344 49 4 Link Aggregation Setting 345 49 5 Link Aggregation Control Protocol 347 49 6 Loop Guard 348 49 6 1 What You Need to Know 349 49 7 VLAN 351 49 7 1 What You Can Do 351 49 7 2 What You Need to Know 351 49 8 VLAN Status 354 49 8 1 VLAN Detail 355 49 9 Static VLAN 356 49 10 VLAN Port Setting 358 Chapter 50 Networking 360 50 1 IP Interfaces 360 50 1 1 What You Can Do 360 50 2 IP Setup 360 50 3...

Page 18: ... 2 Backup Configuration 376 52 3 Firmware Upgrade 377 52 4 Reboot System 378 52 5 Restore Configuration 379 52 6 Save Configuration 379 52 7 Tech Support 380 Part III Troubleshooting and Appendices 381 Chapter 53 Troubleshooting 382 53 1 Power Hardware Connections and LEDs 382 53 2 Switch Access and Login 383 53 3 Switch Configuration 384 Appendix A Customer Support 386 Appendix B Common Services ...

Page 19: ...19 PART I User s Guide ...

Page 20: ...ghboring devices is easy In addition Zyxel offers a proprietary software program called Zyxel One Network ZON Utility it is a utility tool that assists you to set up and maintain network devices in a more simple and efficient way You can download the ZON Utility at www zyxel com and install it on a PC Windows operation system For more information on ZON Utility see Section 4 3 on page 47 Table 1 G...

Page 21: ... The following table describes the PoE features of the Switch by model 1 2 Example Applications This section shows a few examples of using the Switch in various network environments Note that the Switch in the figure is just an example Switch and not your actual Switch 1 2 1 PoE Example Application The following example figure shows a Switch supplying PoE Power over Ethernet to Powered Devices PDs...

Page 22: ... can be expected in the near future The Switch can be used standalone for a group of heavy traffic users You can connect computers and servers directly to the Switch s port or connect other switches to the Switch In this example all computers can share high speed applications on the server To expand the network simply add more networking devices such as switches routers computers print servers and...

Page 23: ...ent company departments RD and Sales to the corporate backbone It can alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast uplink connection by using a Gigabit Ethernet SFP port on the Switch Figure 3 Bridging Fiber Uplink Example Application ...

Page 24: ...group Application 1 2 5 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one group A station can belong to more than one group With VLAN a station cannot directly talk to or hear from stations that are not in the same groups unless such traffic first goes throug...

Page 25: ...a network more efficiently See Section 4 3 on page 47 NCC Zyxel Nebula Control Center With the NCC you can remotely manage and monitor the Switch through a cloud based network management system See Section 8 11 on page 119 or the NCC User s Guide for detailed information about how to access the NCC and manage your Switch via the NCC See the NCC User s Guide for how to configure Nebula managed devi...

Page 26: ...ere is at least 2 cm of clearance on the top and bottom of the Switch and at least 5 cm of clearance on all four sides of the Switch This allows air circulation for cooling Do NOT block the ventilation holes nor store cables or power cords on the Switch Allow clearance for the ventilation holes to prevent your Switch from overheating This is especially crucial when your Switch does not have fans O...

Page 27: ...d cables Make sure there is a power outlet nearby Cautions Avoid stacking fanless Switches to prevent overheating Ensure enough clearance around the Switch to allow air circulation for cooling Do NOT remove the rubber feet as it provides space for air circulation 2 3 Wall Mounting The Switch can be mounted on a wall see Table 1 on page 20 You may need screw anchors if mounting on a concrete or bri...

Page 28: ...into the wall Push the anchors into the full depth of the holes then insert the screws into the anchors Do NOT insert the screws all the way in leave a small gap of about 0 5 cm If not using screw anchors use a screwdriver to insert the screws into the wall Do NOT insert the screws all the way in leave a gap of about 0 5 cm 4 Make sure the screws are fastened well enough to hold the weight of the ...

Page 29: ...e facing up or down as this position is less safe 2 4 Rack Mounting The Switch can be mounted on an EIA standard size 19 inch rack or in a wiring closet with other equipment see Table 1 on page 20 Follow the steps below to mount your Switch on a standard EIA rack using a rack mounting kit Note Make sure there is enough clearance between each equipment on the rack for air circulation 2 4 1 Installa...

Page 30: ... to the Switch 1 Position a mounting bracket on one side of the Switch lining up the four screw holes on the bracket with the screw holes on the side of the Switch Figure 7 Attaching the Mounting Brackets 2 Using a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side ...

Page 31: ...e 9 Mounting the Switch on a Rack GS1350 26HP 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack Note Make sure you tighten all the four screws to prevent the Switch from getting slanted 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 32: ... following table describes the ports Table 3 Panel Connections CONNECTOR DESCRIPTION 5 10 16 24 1000Base T RJ 45 Ethernet Ports These are 10 100 1000Base T auto negotiating and auto crossover Ethernet ports Connect these ports to a computer a hub a router or an Ethernet switch 5 8 16 24 1000Base T RJ 45 PoE Ports These are 10 100 1000Base T auto negotiating and auto crossover Ethernet ports Connec...

Page 33: ...ation is turned off an Ethernet port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect 3 1 1 1 Default Ethernet Negotiation Settings The factory default negotiation settings for the Gigabit ports on the Switch are Speed Auto 2 GbE Combo Ports Dual Personality Interfaces...

Page 34: ... transceivers You must use transceivers that comply with the Small Form factor Pluggable SFP Transceiver MultiSource Agreement MSA See the SFF committee s INF 8074i specification Rev 1 0 for details You can change transceivers while the Switch is operating You can use different transceivers to connect to Ethernet switches with different types of fiber optic or even copper cable connectors WARNING ...

Page 35: ...he transceiver Insert the fiber cable into the transceiver Figure 14 Latch in the Lock Position Figure 15 Transceiver Installation Example Figure 16 Connecting the Fiber Cables 3 1 3 2 Transceiver Removal Use the following steps to remove an SFP transceiver 1 Attach an ESD preventive wrist strap to your wrist and to a bare metal surface on the chassis 2 Remove the fiber optic cables from the trans...

Page 36: ... 18 Opening the Transceiver s Latch Example Figure 19 Transceiver Removal Example 3 1 4 Dual Personality Interfaces A combo port is for uplink connections It consists of a Gigabit Ethernet port for Ethernet connection and a SFP transceiver slot for fiber connection The fiber connection takes priority if the corresponding Gigabit port is also connected 100 Mbps 1 Gbps Connect these ports to high ba...

Page 37: ...inals Installation of Ethernet cables must be separate from AC power lines To avoid electric surge and electromagnetic interference use a different electrical conduit or raceway tube trough or enclosed conduit for protecting electric wiring that is 15 cm apart or as specified by your country s electrical regulations Any device that is located outdoors and connected to this product must be properly...

Page 38: ...le to Grounding Bar or On site Grounding Terminal 4 The grounding terminal of the server rack or on site grounding terminal must also be grounded and connected to the building s main grounding electrode Make sure the grounding terminal is connected to the buildings grounding electrode and has an earth resistance of less than 10 ohms or according to your country s electrical regulations Figure 27 C...

Page 39: ...shooting only With instructions from customer support connect the 4 pin connector of the USB Type A console cable to the console port of the Switch Then connect the other end to a USB port on your computer You can use a computer with terminal emulation software configured to the following parameters VT100 terminal emulation 115200 bps No parity 8 data bits 1 stop bit No flow control 3 3 LEDs After...

Page 40: ...budget Bar 2 PoE power usage is below 40 percent of the power supplied budget but over 20 percent of the power supplied budget Bar 3 PoE power usage is below 60 percent of the power supplied budget but over 40 percent of the power supplied budget Yellow Bar4 On PoE power usage is below 80 percent of the power supplied budget but over 60 percent of the power supplied budget Red Bar5 On PoE power us...

Page 41: ... Switch is transmitting or receiving data at 100 Mbps Off There is no link or port the uplink port is shut down 10 100 1000Base T Ethernet Ports 9 10 GS1350 12HP Green Blinking The Switch is transmitting or receiving to or from a 1000 Mbps Ethernet network On The link to a 1000 Mbps Ethernet network is up Amber Blinking The Switch is transmitting or receiving to or from a 10 Mbps or a 100 Mbps Eth...

Page 42: ...42 PART II Technical Reference ...

Page 43: ...ndows from your device JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 The Switch is a DHCP client by default Type http DHCP assigned IP in the Location or Address field Press ENTER If the Switch is not connected to a DHCP server type http and the static IP address of the Switch for example the default management IP address is 192 168 1...

Page 44: ...r s Guide 44 Figure 27 Web Configurator Login 4 Click Login to log into the Web Configurator to manage the Switch directly The default username is admin and associated default password is 1234 5 The following screen appears Figure 28 Select Mode ...

Page 45: ... the settings take effect and save your configuration into the Switch s non volatile memory at once Check the screens to see if the settings are applied Note Once you click the Apply Save button the settings configured in the Setup Wizard screen will overwrite the existing settings Otherwise click the Exit button You can select the Ignore this wizard next time check box and click Apply Save if you...

Page 46: ...default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation General Setting Use this section to specify the SNMP version and community password values Version Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or...

Page 47: ... bit 64 bit versions Windows 8 both 32 bit 64 bit versions Windows 8 1 both 32 bit 64 bit versions Window 10 both 32 bit 64 bit versions Note To check for your Windows operating system version right click on My Computer Properties You should see this information in the General tab Hardware Here are the minimum hardware requirements to use the ZON Utility on your PC Core i3 processor 2GB RAM Set Co...

Page 48: ...ZON Utility Click the OK button to close this screen Figure 32 Supported Devices and Versions If you want to check the supported models and firmware versions later you can click the Show information about ZON icon in the upper right hand corner of the screen Then select the Supported model and firmware version link If your device is not listed here see the device release notes for ZON utility supp...

Page 49: ...lity Screen 3 Select a network adapter to which your supported devices are connected Figure 34 Network Adapter 4 Click the Go button for the ZON Utility to discover all supported devices in your network Figure 35 Discovery 5 The ZON Utility screen shows the devices discovered ...

Page 50: ...Renew IP Address Update a DHCP assigned dynamic IP address 3 Reboot Device Use this icon to restart the selected devices This may be useful when troubleshooting or upgrading new firmware 4 Reset Configuration to Default Use this icon to reload the factory default configuration file This means that you will lose all previous configurations 5 Locator LED Use this icon to locate the selected device b...

Page 51: ...twork adapter for the computer on which the ZON utility is installed and the utility language Table 6 ZON Utility Fields LABEL DESCRIPTION Type This field displays an icon of the kind of device discovered Model This field displays the model name of the discovered device Firmware Version This field displays the firmware version of the discovered device MAC Address This field displays the MAC addres...

Page 52: ...ield displays a host name IP Interface Select DHCP Client if the Switch is connected to a router with the DHCP server enabled You then need to check the router for the IP address assigned to the Switch in order to access the Switch s Web Configurator again Select Static IP Address when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the V...

Page 53: ...word LABEL DESCRIPTION Administrator s Password Current password Type the existing system password 1234 is the default password when shipped New password Enter your new system password Confirm password Retype your new system password for confirmation SNMP SNMP Select Enabled to let the Switch act as an SNMP agent which allows a manager station to manage and monitor the Switch through the network S...

Page 54: ... only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Previous Click Previous to show the previous screen Next Click Next to show the next screen Cancel Click Cancel to exit this screen without savin...

Page 55: ... IP address VID This field displays the VLAN ID IP Address The Switch needs an IP address for it to be managed over the network IP Subnet Mask The subnet mask specifies the network number portion of an IP address Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 1 254 DNS Server DNS Domain Name System is for mapping a domain name to ...

Page 56: ...P version for the Switch Get Community This field displays the Get Community string Set Community This field displays the Set Community string Trap Community This field displays the Trap Community string Link Aggregation Group This field displays the group number Type This field displays Static or LACP of this group Member This field displays the members of this group Previous Click Previous to sh...

Page 57: ...t all ports to enable the loop guard feature on all ports You can select a port by clicking it Next Click Next to show the next screen Cancel Click Cancel to exit this screen without saving Table 12 Wizard Protection Step 2 Broadcast Storm Control LABEL DESCRIPTION Broadcast Storm Control Select all ports Select all ports to apply settings on all ports You can select a port by clicking it Broadcas...

Page 58: ...Step 3 Summary LABEL DESCRIPTION Summary Loop Guard If the loop guard feature is enabled on a port the Switch will prevent loops on this port Broadcast Storm Control If the broadcast storm control feature is enabled on a port the number of broadcast packets the Switch receives per second will be limited on this port Previous Click Previous to show the previous screen Finish Review the information ...

Page 59: ...SCRIPTION VLAN Setting Default VLAN 1 Access Untagged port After you create a VLAN and select the VLAN ID from the drop down list box select ports and use the right arrow to add them as the untagged ports to a VLAN group VLAN member port VLAN Type a number between 2 and 4094 to create a VLAN Trunk Tagged port Select ports and use the downward arrow to add them as the tagged ports to the VLAN group...

Page 60: ...h button so they will have high priority The port s IEEE 802 1p priority level will be set to 5 Use the Basic Setting Port Setup screen to adjust the value Medium Select ports and click the Medium button and so they will have medium priority The port s IEEE 802 1p priority level will be set to 3 Use the Basic Setting Port Setup screen to adjust the value Low Select ports and click the Low button s...

Page 61: ...nto the Switch s non volatile memory Non volatile memory is the configuration of your Switch that stays the same even if the Switch s power is turned off D Click this link to go to the status page of the Switch E Click this icon to open the wizard screen where you can configure the Switch s IP login password SNMP community link aggregation and so on F Click this link to log out of the Web Configur...

Page 62: ...igure general identification information about the Switch Switch Setup This link takes you to a screen where you can set up global Switch parameters such as VLAN type and priority queues IP Setup This link takes you to a screen where you can configure the IP address and subnet mask necessary for Switch management and set up to 64 IP routing domains Port Setup This link takes you to a screen where ...

Page 63: ...ere you can logically aggregate physical links to form one logical higher bandwidth link Port Security This link takes you to a screen where you can activate MAC address learning and set the maximum number of MAC addresses to learn on a port Time Range This link takes you to a screen where you can define different schedules Queuing Method This link takes you to a screen where you can configure que...

Page 64: ...screens where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC addresses and types of devices attached to what ports and VLAN IDs ARP Table This link takes you to a screen where you can view the MAC addresses IP address resolution table Path MTU Table This link takes you to a screen where you can view the path MTU agin...

Page 65: ...ontrol This link takes you to a screen to set up broadcast filters Link Aggregation This link takes you to screens where you can logically aggregate physical links to form one logical higher bandwidth link Loop Guard This link takes you to a screen where you can configure protection against network loops that occur on the edge of your network VLAN This link takes you to screens where you can confi...

Page 66: ...torage that remains even if the Switch s power is turned off Maintenance Backup Configuration This link takes you to a screen where you can save your Switch s configurations settings for later use Firmware Upgrade This link takes you to a screen to upload firmware to your Switch Reboot System This link takes you to a screen to reboot the Switch without turning the power off Restore Configuration T...

Page 67: ... out of the Switch 4 8 Reset the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to reload the factory default configuration file or reset the Switch back to the factory defaults 4 8 1 Restore Button Press the RESTORE button for more than 7 seconds to have the Switch automatically reboot and restore the factory default file See Section 3 3 ...

Page 68: ...ur password again after you log out This is recommended after you finish a management session for security reasons Figure 49 Web Configurator Logout Screen 4 10 Help The Web Configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a Web Configurator screen to view an online help description of that screen ...

Page 69: ...Set Port VID Configure Switch Management IP Address 5 1 1 Create a VLAN VLANs confine broadcast frames to the VLAN group in which the ports belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 50 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN VLAN Configuration in t...

Page 70: ...to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Set Port VID Use PVID to add a tag to in...

Page 71: ...eld for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 3 Configure Switch Management IP Address If the Switch fails to obtain an IP address from a DHCP server the Switch will use 192 168 1 1 as the management IP address You can configure another IP address in a different subnet for managemen...

Page 72: ...ter to any Ethernet port on the Switch Make sure your computer is in the same subnet as the Switch 2 Open your web browser and enter 192 168 1 1 the default IP address in the address bar to access the Web Configurator See Section 4 2 on page 43 for more information 3 Click Basic Setting IP Setup IP Configuration in the navigation panel ...

Page 73: ... IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the Static VLAN screen 7 Click Add to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 74: ...twork V Create a VLAN containing ports 4 5 and 6 Connect a computer M to the Switch for management Figure 53 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 23 2 on page 185 The settings in this tutorial are as the following 1 Access the Switch through http 192 168 1 1 by default Log into the Switch by entering the user name default admin and p...

Page 75: ...ou do not want outgoing traffic to contain this VLAN tag Click Add Figure 54 Tutorial Create a VLAN and Add Ports to It 3 Go to Advanced Application VLAN VLAN Configuration VLAN Port Setup and set the PVID of the ports 4 5 and 6 to 100 This tags untagged incoming frames on ports 4 5 and 6 with the tag 100 Figure 55 Tutorial Tag Untagged Frames 4 Go to Advanced Application DHCP Snooping Configure a...

Page 76: ... they are connected to DHCP clients Click Apply Figure 57 Tutorial Set the DHCP Server Port to Trusted 7 Go to Advanced Application DHCP Snooping Configure VLAN show VLAN 100 by entering 100 in the VLAN Search by VID field and click Search Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen If you want to add more information in the DHCP request pac...

Page 77: ... the DHCP snooping binding table as shown next 6 3 How to Use DHCPv4 Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server The DHCP server can then assign a specific IP address based on the information in the DHCP requests 6 3 1 DHCP Relay Tutorial Introduction In this example you have configured your DHCP server 192 168 ...

Page 78: ...ure 60 Tutorial Set VLAN Type to 802 1Q 3 Click Advanced Application VLAN VLAN Configuration Static VLAN Setup 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tag...

Page 79: ... and then the VLAN Port Setup link in the VLAN Configuration screen Figure 62 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 80: ...s 1 Click IP Application DHCP DHCPv4 and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select default1 or default2 in the Option 82 Profile field 5 Click Apply to save your changes back to the run time memory Figure 64 Tutorial Set DHCP Server and Relay Informatio...

Page 81: ... it did not receive the IP address 172 16 1 18 make sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch You clicked the Save link on the Switch to have your settings take effect ...

Page 82: ...n also display other status screens for more information Use the Neighbor screen Section 7 2 1 on page 84 to view a summary and manage Switch s neighbor devices Use the Neighbor Detail screen Section 7 2 2 on page 86 to view more detailed information on the Switch s neighbor devices 7 2 Status The Status screen displays when you log into the Switch or click Status at the top right corner of the We...

Page 83: ...ing System Time This field displays the current date and time in the UAG The format is mm dd yyyy hh mm ss Hardware Version This field displays the hardware version number of the Switch The integer is the model version and the decimal is the version of the hardware change For example V1 0 is a hardware version for the Switch where 1 identifies the GS1350 Series and 0 is the first hardware change S...

Page 84: ...nd connected to the NCC Disconnected The Switch is not connected to the NCC Unregistered The Switch is not registered with the NCC PoE Usage This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices and the total power the Switch can provide to the connected PDs It also shows the percentage of PoE power usage When PoE usage reaches 100 the Switc...

Page 85: ...e Active switch in the Advanced Application Auto PD Recovery screen see Section 28 2 on page 230 for details It will wait until the configured Resume Polling Interval sec has lapsed Link This shows the speed either 10M for 10Mbps 100M for 100Mbps or 1G for 1 Gbps and the duplex F for full duplex or H for half This field displays Down if the port is not connected to any device PoE Draw W This shows...

Page 86: ...ick the Reset button to reset the neighboring device to its factory default settings A warning message Are you sure you want to load factory default appears prompting you to confirm the action After confirming the action a count down button from 5 to 0 starts Note The Switch must support power sourcing PSE or the network device is a powered device PD If multiple neighbor devices use the same port ...

Page 87: ... show for devices that do not support the ZON utility Firmware This shows the firmware version of the neighbor device This field will show for devices that do not support the ZON utility IPv4 This shows the IPv4 address of the neighbor device The IPv4 address is a hyper link that you can click to log into and manage the neighbor device through its Web Configurator IPv6 This shows the IPv6 address ...

Page 88: ...AN ID and proxy server Use the Port Setup screen Section 8 7 on page 99 to configure Switch port settings Use the PoE Setup screens Section 8 8 on page 101 to view the current amount of power that PDs are receiving from the Switch and set the priority levels for the Switch in distributing power to PDs This screen is available for PoE model s only Use the Interface Setup screens Section 8 9 on page...

Page 89: ... utilization Memory Utilization Memory utilization shows how much DRAM memory is available and in use It also displays the current percentage of memory utilization Name This field displays the name of memory pool Total byte This field displays the total number of bytes in this memory pool Used byte This field displays the number of bytes being used in this memory pool Utilization This field displa...

Page 90: ...tus This field displays Normal for temperatures below the threshold and Error for those above Table 24 Basic Setting System Info continued LABEL DESCRIPTION Table 25 Basic Setting General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes This name consists of up to 64 printable characters spaces are allowed Location Enter the geographic location of your Swit...

Page 91: ...aving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Select this option if you use Daylight Saving Time Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Saving Time The time is displayed in the 24 hour format Here are a couple of examples ...

Page 92: ...more manageable logical broadcast domain In traditional switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain Note VLAN is unidirectional it only governs outgoing traffic See Chapter 9 on page 121 for information on port based and 802 1Q tagged VLANs 8 5 Switch Setup Click Basic Setting Switch Setup in ...

Page 93: ...eight separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Frames without an explicit priority tag are given the default priority of the ingress port Use the next fields to configure the priority level to physical queue mapping The Switch has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to h...

Page 94: ...p To change the IP address of the Switch in a routing domain simply add a new routing domain entry with a different IP address in the same subnet You can configure up to 64 IP domains which are used to access and manage the Switch from the ports belonging to the pre defined VLANs Note You must configure a VLAN first Each VLAN can have multiple management IP addresses and you can log into the Switc...

Page 95: ...umber of an entry IP Address This field displays IP address of the Switch in the IP domain IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the Switch Type This shows whether this IP address is dynamically assigned from a DHCP server or manually assigned Static Renew Click this to renew the ...

Page 96: ...se the current dynamic IP address from the DHCP server Renew Time This displays the length of time from the lease start that the Switch will request to renew its current dynamic IP address from the DHCP server Rebind Time This displays the length of time from the lease start that the Switch will request to get any dynamic IP address from the DHCP server Lease Time Start This displays the date and ...

Page 97: ...entifier on the DHCP server The Switch adds it in the initial DHCP discovery message that a DHCP client broadcasts in search of an IP address The DHCP server can assign different IP addresses or options to clients with the specific VCI or reject the request from clients without the specific VCI Select this and enter the device identity you want the Switch to add in the DHCP discovery frames that g...

Page 98: ...of your Switch in dotted decimal notation for example 255 255 255 0 VID Enter the VLAN identification number to which an IP routing domain belongs Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 0 254 Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it i...

Page 99: ... name up to 128 alphanumeric characters are allowed for the Server including special characters inside the square quotes _ Port Enter the port number of the proxy server 1 65535 Authentication Select this option to enable proxy server authentication using a Username and Password Username Enter a login user name from the proxy server administrator Up to 32 alphanumeric characters are allowed for th...

Page 100: ...cated in some Web Configurator screens Speed Duplex Select the speed and the duplex mode of the Ethernet connection on this port Choices are Auto 10 an 10M auto negotiation 10M Half Duplex 10M Full Duplex 100 an 100M auto negotiation 100M Half Duplex 100M Full Duplex and 1G Full Duplex Gigabit connections only Selecting Auto auto negotiation allows one port to negotiate with a peer port automatica...

Page 101: ...n the extend range feature is disabled Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE8...

Page 102: ...E devices PDs as a percentage of the total PoE power the Switch can supply When PoE usage reaches 100 the Switch will shut down PDs one by one according to the PD priority which you configured in Basic Setting PoE Setup PoE Usage Threshold This field displays the percentage of PoE usage The Switch will generate a trap and or a log when the usage exceeds the specified threshold Consuming Power W Th...

Page 103: ... 60 W Note You can extend or set a limit on the maximum power the connected PD can use on a port in Basic Setting PoE Setup PoE Setup Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch you can set the PD priority to allow the Switch to provide power to ports with higher priority first Critical has the highest priority High has the Switch assign powe...

Page 104: ...to provide power on the port To select more than one schedule press SHIFT and select the choices at the same time Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to c...

Page 105: ...ile the Switch is restarting after a warm reboot The Switch will NOT perform a power cycle on the connected PDs If you do a cold reboot the Switch also restarts the connected PDs PoE Usage Threshold Enter a number ranging from 1 to 99 to set the threshold The Switch will generate a trap and or log when the actual PoE usage is higher than the specified threshold Port This is the port index number S...

Page 106: ...power on the port according to the IEEE 802 3bt standard Select this option if the connected PD was developed before the IEEE 802 3bt standard is implemented but requires power between 33 W and 60 W 802 3bt the Switch supports the IEEE 802 3bt standard and can supply power of up to 60 W per Ethernet port to the connected PDs at power up Max Power mW Specify the maximum amount of power the PD could...

Page 107: ...ncel Click Cancel to begin configuring this screen afresh Table 35 Basic Setting PoE Setup continued LABEL DESCRIPTION Table 36 Basic Setting Interface Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure The Switch supports the VLAN interface type for IPv6 at the time of writing Interface ID Specify a unique identification number from 1 to 4094 ...

Page 108: ...rom a combination of the interface type and ID number Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 36 Basic Setting Interface Setup continued LABEL DESCRIPTION Table 37 Basic Setting IPv6 L...

Page 109: ...Pv6 packets on this interface ICMPv6 Rate Limit Bucket Size This field displays the maximum number of ICMPv6 error messages which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 Rate Limit Error Interval This field displays the time period in milliseconds during which ICMPv6 error messages of up to the bucket size can be transm...

Page 110: ...TA is an identity association for temporary addresses IAID Each IA consists of a unique IAID and associated IP information T1 This field displays the DHCPv6 T1 timer After T1 the Switch sends the DHCPv6 server a Renew message An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server t...

Page 111: ...n where you can configure the global IPv6 settings on the Switch IPv6 Interface Setup Click the link to go to a screen where you can enable an IPv6 interface on the Switch IPv6 Addressing IPv6 Link Local Address Setup Click the link to go to a screen where you can configure the IPv6 link local address for an interface IPv6 Global Address Setup Click the link to go to a screen where you can configu...

Page 112: ... IPv6 packet is allowed to transmit before it is discarded by an IPv6 router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 Rate Limit Error Interval Specify the time period from 0 to ...

Page 113: ...ically generate a link local address via stateless auto configuration Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear ...

Page 114: ...mber Click on an index number to change the settings Interface This is the name of the IPv6 interface you created IPv6 Link Local Address This is the static IPv6 link local address for the interface IPv6 Default Gateway This is the default gateway IPv6 address for the interface Table 42 Basic Setting IPv6 IPv6 Configuration IPv6 Link Local Address Setup continued LABEL DESCRIPTION Table 43 Basic S...

Page 115: ...turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click on an index number to change the settings Interface This is the name of the IP...

Page 116: ...this interface Enter 0 to turn off DAD NS Interval Specify the time interval from 1000 to 3600000 milliseconds at which neighbor solicitations are re sent for this interface Reachable Time Specify how long from 1000 to 3600000 milliseconds a neighbor is considered reachable for this interface Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if i...

Page 117: ...reached through the interface MAC Specify the MAC address of the neighboring device which can be reached through the interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolat...

Page 118: ...967295 seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin con...

Page 119: ...ber and MAC address for handy registration of the Switch at NCC Click Basic Setting Cloud Management in the navigation panel to display this screen Figure 93 Basic Setting Cloud Management 8 11 1 Nebula Center Control Discovery Click Basic Setting Cloud Management Nebula Control Center Discovery to display this screen Figure 94 Basic Setting Cloud Management Nebula Control Center Discovery Select ...

Page 120: ...h Registration Click Basic Setting Cloud Management Nebula Switch Registration to display this screen Figure 95 Basic Setting Cloud Management Nebula Switch Registration This screen has a QR code containing the Switch s serial number and MAC address for handy NCC registration of the Switch using the Nebula Mobile app First download the app from the Google Play store for Android devices or the App ...

Page 121: ...tch when you change ports The Switch will forward the packets based on the source MAC address you set up previously Use the Vendor ID Based VLAN Setup screen Section 9 8 on page 131 to set up VLANs that allow you to group untagged packets into logical VLANs based on the source MAC address of the packet You can specify a mask for the MAC address to create a MAC address filter and enter a weight to ...

Page 122: ...VID is VLAN 1 for all ports but this can be changed A broadcast frame or a multicast frame for a multicast group that is known by the system is duplicated only on ports that are members of the VID except the ingress port itself thus confining the broadcast to a specific domain 9 1 2 1 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through...

Page 123: ...ting Switch Setup screen Figure 97 Basic Setting Switch Setup Select VLAN Type Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged from a po...

Page 124: ...is is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the corresponding VLAN configuration screen Name This fields shows the desc...

Page 125: ...ber This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up Status This field shows how this VLAN was added to the Switch Static added as a permanent entry Table 49 ...

Page 126: ...x to activate the VLAN settings Name Enter a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters Spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Note Do NOT add a VLAN ID that has been used in the Voice VLAN Setup Port The port number identifies the port you are configurin...

Page 127: ...e sending Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to change the fields back to their last saved values Clear Click Clear to start configuring the screen again V...

Page 128: ...elected the Switch discards incoming frames on a port for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID Acceptable Frame Type ...

Page 129: ... value you assign the higher the priority for this voice traffic Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this section afresh Clear Clic...

Page 130: ...he following screen Figure 104 Advanced Application VLAN VLAN Configuration MAC Based VLAN Setup Description Type an description up to 32 characters for the Voice VLAN device For example Siemens Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to...

Page 131: ...Setup link in the VLAN Configuration screen to see the following screen Table 53 Advanced Application VLAN VLAN Configuration MAC Based VLAN Setup LABEL DESCRIPTION Name Type a name up to 32 alpha numeric characters for the MAC based VLAN entry MAC Address Type a MAC address that is bind to the MAC based VLAN entry This is the source MAC address of the data packet that is looked up when untagged p...

Page 132: ...this criteria VLAN Type an ID from 1 to 4094 for the VLAN that is associated with the vendor ID based VLAN entry Priority Select the priority level that the Switch assigns to frames belonging to this VLAN The higher the numeric value you assign the higher the priority for this vendor ID based VLAN entry Weight Enter a number between 0 and 255 to specify the rule s weight This is to decide the prio...

Page 133: ...rt based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 9 9 1 Configure a Port Based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click...

Page 134: ...Chapter 9 VLAN GS1350 Series User s Guide 134 Figure 106 Advanced Application VLAN Port Based VLAN Setup All Connected Figure 107 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Page 135: ...s a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with a pa...

Page 136: ...een Section 10 2 on page 136 to assign static MAC addresses for a port 10 2 Configure Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Click Advanced Application Static ...

Page 137: ...s to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwarding rule is active Yes or not No You may temporarily deactivate a rule with...

Page 138: ... group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to al...

Page 139: ... Figure 111 Static Multicast Forwarding to Multiple Ports 11 2 Configure Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific ports Click Advanced Application Static Multicast Forwarding to display the configuration screen as shown ...

Page 140: ... address that matched the entry above are forwarded You can enter multiple ports separated by no space comma or hyphen For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non ...

Page 141: ...try Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 57 Advanced Application Static Multicast Forwarding continued LABEL DESCRIPTION ...

Page 142: ...urce and or destination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 142 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 113 Advanced ...

Page 143: ...dd Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index Th...

Page 144: ... R STP compliant switches in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the de...

Page 145: ...Units transmitted from the root bridge If a bridge does not get a Hello BPDU after a predefined interval Max Age the bridge assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology STP Port States STP assigns five port states to eliminate packet looping A bridge port is not allowe...

Page 146: ...same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding ...

Page 147: ...LAN segment All the ports on a root bridge root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port moves to the forwarding state when the designated port for the LAN segment fails Backup A blocked port which has a backup redundant path to a LAN segment where a designated port is already co...

Page 148: ... Time This is the time interval in seconds between BPDU Bridge Protocol Data Units configuration message generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds the Switch can wait without receiving a BPDU before attempting to reconfigure All Switch ports except for designated ports should receive BPDUs at regular intervals Any port that ages...

Page 149: ...receives a Bridge Protocol Data Unit BPDU Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that ...

Page 150: ...ntrol means defining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 1 1 What You Can Do Use the Bandwidth Control screen Section 14 2 on page 150 to limit the bandwidth for traffic going through the Switch 14 2 Bandwidth Control Setup Click Advanced Application Bandwidth Control in the navigation panel to bring up the screen as shown next Figure 116 Advanced...

Page 151: ...hem Active Select this check box to activate ingress rate limits on this port Ingress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Note Ingress rate bandwidth control applies to layer 2 traffic only Active Select this check box to activate egress rate limits on this port Egress Rate Specify the maximum bandwidth allowed in kilobits ...

Page 152: ... and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 1 1 What You Can Do Use the Broadcast Storm Control screen Section 15 2 on page 152 to limit the number of broadcast multicast and destination lookup failure DLF packets the Sw...

Page 153: ...by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF packets the port rece...

Page 154: ... the traffic from the monitor port without interference 16 1 1 What You Can Do Use the Mirroring screen Section 16 2 on page 154 to select a monitor port and specify the traffic flow to be copied to the monitor port 16 2 Port Mirroring Setup Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic ...

Page 155: ...is row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box...

Page 156: ... transmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 3 on page 158 to configure static link aggregation Use the Link Aggregation Control Protocol screen Section 17 3 1 on page 160 to enable Link Aggregation Control Protocol LACP 17 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a prope...

Page 157: ...pology loops Link Aggregation ID LACP aggregation ID consists of the following information1 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Link Aggregation Status screen displays by default See Section 17 1 on page 156 for more information Figure 119 Advanced Application Link Aggregation Status Table 66 Link Aggregation ID Local Switch SYSTEM P...

Page 158: ...gregation ID on page 157 for more information on this field The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distribut...

Page 159: ...runking can work properly Select src mac to distribute traffic based on the packet s source MAC address Select dst mac to distribute traffic based on the packet s destination MAC address Select src dst mac to distribute traffic based on a combination of the packet s source and destination MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to dis...

Page 160: ...Note Do NOT configure this screen unless you want to enable dynamic link aggregation Active Select this check box to enable Link Aggregation Control Protocol LACP System Priority LACP system priority is a number between 1 and 65535 The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP ...

Page 161: ...w only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still u...

Page 162: ...GS1350 Series User s Guide 162 Figure 123 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete ...

Page 163: ...n individual ports other than the sum cannot exceed 32K For maximum port security enable this feature disable MAC address learning and configure static MAC addresses for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activated 18 2 ...

Page 164: ...nable the port security feature on this port The Switch forwards packets whose MAC addresses is in the MAC address table on this port Packets with no matching MAC addresses are dropped Clear this check box to disable the port security feature The Switch forwards all packets on this port Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a ...

Page 165: ...dules One time schedules are effective only once while recurring schedules usually repeat Both types of schedules are based on the current date and time in the Switch 19 1 1 What You Can Do Use the Time Range screen Section 19 2 on page 165 to view or define a schedule on the Switch 19 2 Configuring Time Range Click Advanced Application Time Range in the navigation panel to display the screen as s...

Page 166: ...the week hour and minute when the schedule begins and ends respectively Select the second option if you want to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the same day Add Click...

Page 167: ... empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth based on its bandwidth weight portion the number you configure in the Weight field when t...

Page 168: ...d returns to queues that have not yet emptied 20 2 Configuring Queuing Use this screen to set priorities for the queues of the Switch This distributes bandwidth across the different traffic queues Click Advanced Application Queuing Method in the navigation panel Figure 126 Advanced Application Queuing Method The following table describes the labels in this screen Table 73 Advanced Application Queu...

Page 169: ...ith larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ Lowest Queue This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use SPQ to service the subsequent queues after and including ...

Page 170: ... IGMP snooping to forward group multicast traffic only to ports that are members of that group 21 1 2 What You Need to Know Read on for concepts on Multicasting that can help you configure the screens in this chapter IP Multicast Addresses In IPv4 a multicast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address repres...

Page 171: ...LANs other than those explicitly added as an IGMP snooping VLAN 21 2 Multicast Setup Use this screen to configure IGMP for IPv4 Click Advanced Application Multicast in the navigation panel Figure 127 Advanced Application Multicast Setup The following table describes the labels in this screen 21 3 IPv4 Multicast Status Click Advanced Application Multicast IPv4 Multicast to display the screen as sho...

Page 172: ...plays the port number that belongs to the multicast group Multicast Group This field displays IP multicast group addresses Table 75 Advanced Application Multicast IPv4 Multicast continued LABEL DESCRIPTION Table 76 Advanced Application Multicast IPv4 Multicast IGMP Snooping LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP snooping Active Select Active to enable IGMP Snooping to...

Page 173: ...rd a packet with the destination IP address within this range to other networks See the IANA web site for more information The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01 00 0C CC CC CC and 01 00 0C CC CC CD are also included in this group Specify the action to perform when the Switch receives a frame with a reserved multicast address Select Drop to discard the frames Select...

Page 174: ...MP query port if the port receives IGMP query packets Select Fixed to have the Switch always use the port as an IGMP query port Select this when you connect an IGMP multicast server to the port Select Edge to stop the Switch from using the port as an IGMP query port The Switch will not keep any record of an IGMP router being connected to this port The Switch does not forward IGMP join or leave pac...

Page 175: ... Use this section of the screen to add VLANs upon which the Switch is to perform IGMP snooping Name Enter the descriptive name of the VLAN for identification purposes VID Enter the ID of a static VLAN the valid range is between 1 and 4094 Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is...

Page 176: ...d to authenticate users accessing the Switch and which database the Switch should use first 22 1 2 What You Need to Know Authentication is the process of determining who a user is and validating access to the Switch The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself The Switch can also use an external authentication server to authenticate a l...

Page 177: ... allows you to validate an unlimited number of users from a central location 22 2 AAA Screens The AAA screens allow you to enable authentication and authorization or both of them on the Switch First configure your authentication server settings and then set up the authentication priority activate authorization Click Advanced Application AAA in the navigation panel to display the screen as shown Fi...

Page 178: ...e RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the RADIUS server If you are using index priority for your authentication and you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds...

Page 179: ...nting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external RADIUS accounting server and the Switch This key is not sent over the network This...

Page 180: ...ts via commands See the CLI Reference Guide for local authentication The RADIUS is an external server Before you specify the priority make sure you have set up the corresponding database correctly first You can specify up to two methods for the Switch to authenticate the access privilege level of administrators The Switch checks the methods in the order you configure them first Method 1 and then M...

Page 181: ... method for authorization of the Exec type of service Accounting Use this section to configure accounting settings on the Switch Update Period This is the amount of time in minutes before the Switch sends an update to the accounting server This is only valid if you select the start stop option for the Exec entries Type The Switch supports the following types of events to be sent to the accounting ...

Page 182: ...ndor ID An identification number assigned to the company by the IANA Internet Assigned Numbers Authority Zyxel s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS ...

Page 183: ...tribute has a specific format associated with it the format is specified 22 5 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 22 5 3 1 Attributes Used for Authenticating Privilege Access User Name Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal fo...

Page 184: ...er s Guide 184 The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 22 5 3 2 Attributes Used to Login Users User Name User Password NAS Identifier NAS IP Address ...

Page 185: ...various statistics about the DHCP snooping database Use this DHCP Snooping Configure screen Section 23 3 on page 188 to enable DHCP snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use the DHCP Snooping Port Configure screen Section 23 3 1 on page 190 to specify whether ports are trusted or untrusted port...

Page 186: ...RIPTION Database Status This section displays the current settings for the DHCP snooping database You can configure them in the DHCP Snooping Configure screen See Section 23 3 on page 188 Agent URL This field displays the location of the DHCP snooping database Write delay timer This field displays how long in seconds the Switch tries to complete a specific update in the DHCP snooping database befo...

Page 187: ...mes the Switch successfully or unsuccessfully read or updated the DHCP snooping database Total attempts This field displays the number of times the Switch has tried to access the DHCP snooping database for any reason Startup failures This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the D...

Page 188: ...displays the number of bindings the Switch ignored because the VLAN ID does not exist anymore Last ignored time This field displays the last time the Switch ignored any bindings for any reason from the DHCP binding database Total ignored bindings counters This section displays the reasons the Switch has ignored bindings any time it read bindings from the DHCP binding database You can clear these c...

Page 189: ... Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN Database If Timeout interval is greater than Write delay interval it is possible that the next update is scheduled to occur before the current update has finished successfully or timed out In this case the Switch waits to start the next update until it completes the current one Agent URL Enter the location of ...

Page 190: ...discard the current dynamic bindings first If there is a conflict the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen Section 23 2 on page 185 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation pa...

Page 191: ...dress in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the current bindings The rate at which DHCP packets arrive is too high Rate pps Specify the maximum number for DHCP packets 1 256 that the Switch receives from each port each second The Switch discards any additional DHCP packets Ente...

Page 192: ... or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen see Section 23 3 on page 188 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to...

Page 193: ...ion such as slot number port number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen see Section 23 3 on page 188 The profile you select here has priority over the one you select in the DHCP Snooping Configure VLAN screen Add Click this to create a new en...

Page 194: ...oping Database File Format The initial checksum helps distinguish between the bindings in the latest update and the bindings from previous updates Each binding consists of 72 bytes a space and another checksum that is used to validate the binding when it is read If the calculated checksum is not equal to the checksum in the file that binding and all others after it are ignored 23 4 1 3 DHCP Relay ...

Page 195: ...teps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trusted and untrusted ports and specify the maximum number of DHCP packets that each port can receive per second 4 Configure static bindings ...

Page 196: ...n the Switch and in specific ports 24 1 2 What You Need to Know Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the message...

Page 197: ... probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 143 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loop guard also protects against standa...

Page 198: ...se this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the switch it is co...

Page 199: ...res such as loop guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent out the ports loop back to the Switch the Switch can shut down the ports automatically After that you need to enable the ports or allow the packets on a port manually via the Web Configurator or...

Page 200: ...to Errdisable Status in the Advanced Application Errdisable screen to display the screen as shown Table 88 Advanced Application Errdisable LABEL DESCRIPTION Errdisable Status Click this link to view whether the Switch detected that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related info...

Page 201: ...de you want to reset here Reset Press to reset the specified ports to handle ARP BPDU or IGMP packets instead of ignoring them if the ports is in inactive reason mode Errdisable Status Port This is the number of the port on which you want to configure Errdisable Status Cause This displays the type of the control packet received on the port or the feature enabled on the port and causing the Switch ...

Page 202: ...ntrol packets such as BPDU on the port rate limitation The Switch drops the additional control packets the ports has to handle in every one second Rate This field displays how many control packets this port can receive or transmit per second It can be adjusted in CPU Protection 0 means no rate limit Status This field displays the errdisable status Forwarding The Switch is forwarding packets Rate l...

Page 203: ... as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure the action that the Switch takes when the limit is exceeded See Section 25 5 on page 203 for detailed information Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes...

Page 204: ...se changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 91 Advanced Application Errdisable Errdisable Detect continued LABEL DESCRIPTION Table 92 Advanced Application Errdisable Errdisable Recovery LABEL DESCRIPTION A...

Page 205: ...itch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 92 Advanced Application Errdisable Errdisable Recovery continued LABEL DESCRIPTION ...

Page 206: ... signal is sent to the link partner to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Power Down and operates normally Short Reach Traditional Ethern...

Page 207: ...e same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Short Reach Select this to activate Short Reach on this port Apply Click Apply to save your changes...

Page 208: ...the form of TLV Type Length Value Device information carried in the received LLDPDUs is stored in the standard MIB The Switch supports these basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optional The Switch also sup...

Page 209: ... and easy trouble shooting for mis configured IP addresses There are 3 classes of endpoint devices that the LLDP MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the LL...

Page 210: ...on panel to display the screen as shown next Figure 154 Advanced Application LLDP The following table describes the labels in this screen Table 94 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices ...

Page 211: ...een to configure LLDP parameters LLDP MED LLDP MED Configuration Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices parameters LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure L...

Page 212: ...itch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management The TLV may also include the system interface number and an object identifier OID that are associated with this management a...

Page 213: ...Chapter 27 Link Layer Discovery Protocol LLDP GS1350 Series User s Guide 213 Figure 156 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail ...

Page 214: ...ation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identifi...

Page 215: ...ion Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identifier Number Table 96 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail continued LABEL DESCRIPTION Table 97 Advanced Application LLDP LLDP Remote Status LABEL DESCRIPTION Index The index number shows the number of remote devices that are connected ...

Page 216: ...tion LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV The following table describes the labels in Basic TLV part of the screen System Name This displays the system name of the remote device Management Address This displays the management address of the remote device It could be the MAC address or IP address Table 97 Advanced Application LLDP LLDP Remote Status continued LABEL DESCR...

Page 217: ... discarded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval Port Description TLV This displays the remote port description System Name TLV This displays the system name of the remote device System Description TLV This displays the system description of the remote device System Capabilities TLV This displays whether the syst...

Page 218: ...d Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device Port Protocol VLAN ID TLV This displays the IEEE 802 1 Port Protocol VLAN ID TLV which indicates whether the VLAN ID and whether it is enabled and supported on the port of remote Switch which sent the LLDPDU P...

Page 219: ...ised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Aggregation Capability The current aggregation c...

Page 220: ...Chapter 27 Link Layer Discovery Protocol LLDP GS1350 Series User s Guide 220 Figure 160 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Page 221: ...ler by its Coordinate base LCI latitude and longitude coordinates of the Location Configuration Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identifier Number Inventory TLV The majority of IP Phones lack support of management protocols such as SNMP so LLDP MED inventory TLVs are used to provide their inventory information to ...

Page 222: ...ded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your changes t...

Page 223: ...ile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 101 Advanced Application LLDP LLDP Configuration continued LABEL DESCRIPTION Table 102 Advanced Application LLDP LLDP Configuration Basic TLV Setting LABEL DESCRIPTION Port This displays the Switch s port number Use this row to make the setting the same for all ports Use this row first and th...

Page 224: ...N Port This displays the Switch s port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Dot1 TLV Port VLAN ID Select the check boxes to enable or disable the sending of IEEE 802 1 Port VLAN ID TLVs on the ports All check boxes in this column ...

Page 225: ...all ports simultaneously Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Notification Topology Change Select to enable LLDP MED topology change traps on this port MED TLV Setting Location Select to enable transmitting LLDP MED location TLV Network ...

Page 226: ...fined from 0 through 63 with the 0 representing use of the default DSCP value Priority Enter the priority value for the network policy Add Click Add after finish entering the network policy information A summary table will list all the Switch you have added Cancel Click Cancel to begin entering the information afresh Index This field displays the of index number of the network policy Click an inde...

Page 227: ...DP MED Location Click Here to display the screen as shown next Figure 166 Advanced Application LLDP LLDP MED Location Delete Check the rules that you want to remove then click the Delete button Cancel Click Cancel to clear the selected check boxes Table 105 Advanced Application LLDP LLDP MED Network Policy continued LABEL DESCRIPTION ...

Page 228: ...er the altitude information The value should be from 2097151 to 2097151 in meters or in floors meters floor Datum Select the appropriate geodetic datum used by GPS WGS84 NAD83 NAVD88 NAD83 MLLW Civic Address Enter the Civic Address by providing information such as Country State County City Street Number ZIP code and other additional information Enter at least 2 fields in this configuration includi...

Page 229: ... and datum Civic Address This field displays the Civic Address for the remote device using information such as Country State County City Street Number ZIP code and additional information ELIN Number This field shows the Emergency Location Identification Number ELIN which is used to identify endpoint devices when they issue emergency call services The valid length is form 10 to 25 characters Select...

Page 230: ...igure automatic PD recovery on the Switch 28 2 Auto PD Recovery This screen lets you turn on automatic PD recovery on the Switch and its Ethernet ports You can configure whether the Switch uses LLDP or ping to check the current status of a connected PD The ping is sent through the Switch s default management IP address to the designated port To ping the PD the port must share the same VLAN as the ...

Page 231: ...h Neighbor table on the PD see Section 7 2 1 on page 84 for details Select Ping to have the Switch ping the IP address of the connected PD to test whether the PD is reachable or not Neighbor If Mode is set to LLDP the system name of the connected PD displays automatically If Mode is set to Ping and the PD supports LLDP the connected PD s IPv4 or IPv6 address to which the Switch sends ping requests...

Page 232: ...MP trap and generate a log message Resume Polling Interval Specify the number of seconds the Switch waits before monitoring the PD status again after it restarts the PD on the port PD Reboot Count Specify how many times the Switch attempts to restart the PD on the port The PD Reboot Count will reset as soon as a ping is successful or when any modification to the Auto PD Recovery screen is applied ...

Page 233: ...nsmit interval for LLDP feature Likewise the Switch sends out LLDP packets to the PD every 30 seconds to update the Status Neighbor screen see Section 7 2 1 on page 84 for details Once the LLDP table s counter reaches the default 120 seconds the Switch will cause a Reboot Alarm on the PD as selected in Action 4 After sending an SNMP trap and generating a log message the connected PD will restart t...

Page 234: ...e event of a PD performing firmware upgrade the PD may stop responding to ping or fail to provide LLDP packets for an extended period of time When the Switch resets power to the PD before firmware upgrade is finished it may permanently damage the PD or require a hard reset to recover it It is strongly advised to disable the Switch s Auto PD Recovery function before upgrading the PD s firmware This...

Page 235: ... configured the Switch can obtain information from connected ONVIF compatible devices such as a device s system name and IP address This lets you know which ONVIF compatible devices for example IP cameras and NVR network video recorders are connected to the Switch 29 1 1 What You Can Do Use the ONVIF screen Section 29 2 on page 235 to enable the ONVIF protocol on the Switch 29 2 ONVIF Screen This ...

Page 236: ...overy of ONVIF compatible devices You can enter multiple ports separated by comma or hyphen without spaces For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top...

Page 237: ...Use the DiffServ screen Section 30 2 on page 238 to activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the Switch Use the DSCP Setting screen Section 30 3 1 on page 240 to change the DSCP IEEE 802 1p mapping 30 1 2 What You Need to Know Read on for concepts on Differentiated Services that can help you configure the screens in this chapter DSCP and Per Hop Behavior DiffServ...

Page 238: ...red marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network Figure 173 Diff...

Page 239: ...e Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable Diffserv on the port Apply Click Apply to save your changes to the Switch s ...

Page 240: ... 111 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel t...

Page 241: ...d on the VLAN domain of the DHCPv4 clients Use the DHCPv6 Relay screen Section 31 5 on page 251 to enable and configure DHCPv6 relay 31 1 2 What You Need to Know Read on for concepts on DHCP that can help you configure the screens in this chapter DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request f...

Page 242: ...ng the Switch helps to relay network information such as the IP address and subnet mask between a DHCP client and a DHCP server Once the DHCP client obtains an IP address and can connect to the network network information renewal is done between the DHCP client and the DHCP server without the help of the Switch The Switch can be configured as a global DHCP relay This means that the Switch forwards...

Page 243: ...rmat i1 i2 and iN are DHCP relay agent sub options which contain additional information about the DHCP client You need to define at least one sub option 31 4 1 2 Sub Option Format There are 2 types of sub option Agent Circuit ID Sub option and Agent Remote ID Sub option They have the following formats The 1 in the first field identifies this as an Agent Circuit ID sub option and two identifies thi...

Page 244: ...cuit ID sub option to client DHCP requests that it relays to a DHCP server slot port Select this option to have the Switch add the number of port that the DHCP client is connected to vlan Select this option to have the Switch add the ID of VLAN which the port belongs to hostname This is the system name you configure in the Basic Setting General Setup screen Select this option for the Switch to add...

Page 245: ...ble This field displays whether the Circuit ID sub option is added to client DHCP requests Field This field displays the information that is included in the Circuit ID sub option Remote ID Enable This field displays whether the Remote ID sub option is added to client DHCP requests Field This field displays the information that is included in the Remote ID sub option Select an entry s check box to ...

Page 246: ...e enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server The profile you select here has priority over the one you select in the DHCP DHCPv4...

Page 247: ...le to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 182 DHCP Relay Configuration Example Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Sel...

Page 248: ...ports in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel ...

Page 249: ... Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server The profile you select here has priority over the one you select in the DHCP DHCPv4 VLAN screen Add Click this to create a new entry ...

Page 250: ...h an IP address of 172 16 10 100 Figure 185 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Profile Name This field displays the DHCP option 82 profile that the Switch applies to the ports in this VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Select the ent...

Page 251: ...tion and the interface ID option to the Relay Forward DHCPv6 messages The remote ID option carries a user defined string such as the system name The interface ID option provides slot number port information and the VLAN ID to the DHCPv6 server The remote ID option if any is stripped from the Relay Reply messages before the relay agent sends the packets to the clients The DHCPv6 server copies the i...

Page 252: ...ne This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to reset the fields to the factory defaults VID This field disp...

Page 253: ...ts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP address of the device being sought or the router...

Page 254: ...s are set to the IP address of the device that sends this request and the destination MAC address field is set to the broadcast address There will be no reply to a gratuitous ARP request A device may send a gratuitous ARP packet to detect IP collisions If a device restarts or its MAC address is changed it can also use gratuitous ARP to inform other devices in the same network to update their ARP t...

Page 255: ...ay the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Figure 188 IP Application ARP Setup 32 2 1 ARP Learning Use this screen to configure each port s ARP learning mode Click the link next to ARP Learning in the IP Application ARP Setup screen to display the screen as shown next ...

Page 256: ...Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request Select ARP Request to have the Switch update the ARP table with both ARP replies gratuitous ...

Page 257: ...n Section 33 2 1 on page 258 to reset the configuration to the Zyxel default configuration settings Use the Save Configuration screen Section 33 2 2 on page 259 to save the current configuration settings to a specific configuration file on the Switch Use the Reboot System screen Section 33 2 3 on page 259 to restart the Switch without physically turning the power off and load a specific configurat...

Page 258: ...current configuration settings to a customized default file on the Switch This file can be used instead of the Zyxel factory default configuration file Reboot System Click Config 1 to reboot the Switch and load Configuration 1 on the Switch Click Config 2 to reboot the Switch and load Configuration 2 on the Switch Click Factory Default to reboot the Switch and load the Zyxel factory default config...

Page 259: ...iguration settings permanently to Configuration 2 on the Switch These configurations are set up according to your network environment Click Custom Default to save the current configuration settings permanently to a customized default file on the Switch Note If a customized default file was not saved clicking Custom Default loads the factory default configuration on the Switch Alternatively click S...

Page 260: ...h This will save the custom default configuration settings to both Configuration 1 and Configuration 2 33 3 Firmware Upgrade Use the following screen to upgrade your Switch to the latest firmware The Switch supports dual firmware images Firmware 1 and Firmware 2 Use this screen to specify which image is updated when firmware is uploaded using the Web Configurator and to specify which image is load...

Page 261: ... Switch Firmware 1 or Firmware 2 The firmware information is also displayed at System Information in Basic Settings Firmware 1 shows its version number and model code and MM DD YYYY creation date Firmware 2 shows its version number and model code and MM DD YYYY creation date Current Boot Image This displays which firmware is currently in use on the Switch Firmware 1 or Firmware 2 Config Boot Image...

Page 262: ... place If a dialog box pops up asking whether you want to open or save the file click Save or Save File to download it to the default downloads folder on your computer If a Save As screen displays after you click Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save t...

Page 263: ...x The Mbuf log report is stored in flash permanent memory For example Mbuf 50 means a log will be created when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned...

Page 264: ...Click Download to see the Read Only Memory ROM log report This report is stored in flash memory Table 126 Management Maintenance Tech Support continued LABEL DESCRIPTION Table 127 Management Maintenance Certificates LABEL DESCRIPTION File Path Click Choose File or Browse to find the certificate file you want to upload Password Type the certificate file s password that was created when the PKCS 12 ...

Page 265: ...agement Maintenance Certificates HTTPS Valid From This field displays the date that the certificate becomes applicable Valid To This field displays the date that the certificate expires Select an entry s check box to select a specific entry Delete Click this button to delete the certificate or certification request You cannot delete a certificate that one or more features is configured to use Tabl...

Page 266: ...ansfer of the computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both...

Page 267: ...s that you may see in GUI based FTP clients 33 8 5 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP addresses in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately Table 129 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address ...

Page 268: ...3 1 on page 270 to specify the types of SNMP traps that should be sent to each SNMP manager Use the User Information screen Section 34 3 3 on page 272 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use the Logins screens Section 34 4 on page 274 to assign which users can access the Switch via Web Configurator at any one time Use the Service Ac...

Page 269: ...00 Management Access Control SNMP Table 131 Management Access Control LABEL DESCRIPTION SNMP Click this link to configure your SNMP settings Logins Click this link to assign which users can access the Switch via Web Configurator at any one time Service Access Control Click this link to decide what services you may use to access the Switch Remote Management Click this link to specify a group of one...

Page 270: ...is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure w...

Page 271: ... to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See SNMP Traps on page 280 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individual ...

Page 272: ...t number Settings in this row apply to all ports Use this row only if you want to make some of the settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the trap type of SNMP traps on this port Clear this check box...

Page 273: ...t authentication and encryption for SNMP messages sent by this user This is the highest security level Note The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch Authentication Select an authentication algorithm MD5 Message Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authent...

Page 274: ...he user can collect information from the Switch Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fiel...

Page 275: ...234 is the default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users These users can have read only or read write access You can give users higher privileges via the Web Configurator or the CLI For more information on assigning privileges via the CLI see t...

Page 276: ...and enable passwords and display configuration information Users can run command lines if the session s privilege level is greater than or equal to the command s privilege level The session privilege initially comes from the privilege of the login account For example if the user has a privilege of 5 he she can run commands that requires privilege level of 5 or less but not more Apply Click Apply t...

Page 277: ... The Telnet or SSH server do not allow multiple user logins at the same time Enter how many seconds from 30 to 300 seconds a login session times out After it times out you have to start the login session again Very long login session timeouts may have security risks For example if User A attempts to connect to the Switch via SSH but during the login stage do not enter the user name and or password...

Page 278: ... you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Se...

Page 279: ...ged objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request or response protocol based on the manager o...

Page 280: ...1 4 1 890 1 15 is defined in private MIBs Otherwise it is a standard MIB OID Table 140 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on warmstart warmStart 1 3 6 1 6 3 1 1 5 2 This trap is sent when the Switch restarts fanspeed zyHwMonitorFanSpeedOutO fRange 1 3 6 1 4 1 890 1 15 3 26 2 1 This trap is ...

Page 281: ...e limit for specific control packets is exceeded zyErrdisableRecovery 1 3 6 1 4 1 890 1 15 3 24 4 2 This trap is sent when the Switch ceases the action taken on a port such as shutting down the port or discarding packets on the port after the specified recovery interval poe For PoE models only zyPoePowerPortOverload 1 3 6 1 4 1 890 1 15 3 59 4 1 This trap is sent when the port is turned off to sup...

Page 282: ...4 3 4 This trap is sent when the transceiver supply voltage is above or below the normal operating range zyTransceiverDdmiTxBiasOutOfR ange 1 3 6 1 4 1 890 1 15 3 84 3 5 This trap is sent when the transmitter laser bias current is above or below the normal operating range zyTransceiverDdmiTemperature OutOfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 6 This trap is sent when the transceiver temperatu...

Page 283: ...counting server zyRadiusServerAccountingServer NotReachableRecovered 1 3 6 1 4 1 890 1 15 3 71 2 4 This trap is sent when there is a response message from the previously unreachable RADIUS accounting server Table 143 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1 3 6 1 2 1 80 0 1 This trap is sent when a single ping probe fails pingTestFailed 1 3 6 1 2 1 80 0 2 This...

Page 284: ... hosts over an unsecured network Figure 208 SSH Communication Example 34 7 2 1 How SSH Works The following table summarizes how a secure connection is established between two remote hosts rmon RmonRisingAlarm 1 3 6 1 2 1 16 0 1 This trap is sent when a variable goes over the RMON rising threshold RmonFallingAlarm 1 3 6 1 2 1 16 0 2 This trap is sent when the variable falls below the RMON falling t...

Page 285: ...cryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in...

Page 286: ...h must always authenticate itself to the SSL client the computer which requests the HTTPS connection with the Switch whereas the SSL client only should authenticate itself when the SSL server requires it to do so Authenticating client certificates is optional and if selected means the SSL client must send the Switch a certificate You must apply for a certificate for the browser from a Certificate ...

Page 287: ...tor access is blocked Figure 211 Security Alert Dialog Box Internet Explorer 6 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server a screen with the message There is a problem with this website s security certificate may display If that is the case click Continue to this website not recommended to proceed to the Web Configurator login screen Figure 212 Security Certificate ...

Page 288: ...he on screen instructions to install the certificate in your browser Figure 214 Certificate Internet Explorer 7 or 8 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not secure screen may display If that is the case click I Understand the Risks and then the Add Exception button EXAMPLE EXAMPLE ...

Page 289: ... Series User s Guide 289 Figure 215 Security Alert Mozilla Firefox Confirm the HTTPS server URL matches Click Confirm Security Exception to proceed to the Web Configurator login screen Figure 216 Security Alert Mozilla Firefox EXAMPLE ...

Page 290: ...he case click Advanced and then Proceed to x x x x unsafe to proceed to the Web Configurator login screen Figure 217 Security Alert Google Chrome 58 0 3029 110 34 7 4 1 Main Settings After you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secur...

Page 291: ...GS1350 Series User s Guide 291 Figure 218 Example Lock Denoting a Secure Connection EXAMPLE ...

Page 292: ...he Diagnostic screen You can use this screen to help you identify problems 35 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to ping IP addresses run a traceroute perform port tests or show the Switch s location between devices Figure 219 Management Diagnostic ...

Page 293: ...with an IPv6 address IP Address Host Name Enter the IP address or host name of a device to which you want to perform a traceroute Click Trace Route to have the Switch perform the traceroute function This determines the path a packet takes to the specified device TTL Enter the Time To Live TTL value for the ICMP Echo Request packets This is to set the maximum number of the hops routers a packet can...

Page 294: ...pset supports this feature This shows N A if the Pair status is Open or Short Check the Distance to fault This shows Unsupported if the Switch chipset does not support to show the cable length Distance to fault This displays the distance between the port and the location where the cable is open or shorted This shows N A if the Pair status is Ok This shows Unsupported if the Switch chipset does not...

Page 295: ...n a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 220 Management System Log The summary table shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is c...

Page 296: ...els 37 1 1 What You Can Do Use the Syslog Setup screen Section 37 2 on page 296 to configure the device s system logging settings and configure a list of external syslog servers 37 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click Management Syslog Setup i...

Page 297: ...tation of your syslog program for more details Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Active Se...

Page 298: ...faults Index This is the index number of a syslog server entry Click this number to edit the entry Active This field displays Yes if the device is to send logs to the syslog server No displays if the device is not to send logs to the syslog server IP Address This field displays the IP address of the syslog server UDP Port This field displays the port of the syslog server Log Level This field displ...

Page 299: ...her switches on the upper floors of the building are cluster members Figure 222 Clustering Application Example 38 1 1 What You Can Do Use the Cluster Management Status screen Section 38 2 on page 300 to view the role of the Switch within the cluster and to access a cluster member Switch s Web Configurator Table 148 Zyxel Clustering Management Specifications Maximum number of cluster members 24 Clu...

Page 300: ...e cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager Switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager Switch Each number in the Index column...

Page 301: ...h that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if the Switch is set t...

Page 302: ...ch administrator changes the Web Configurator password afterwards then it cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common Web Configurator password Add Click Add to save your changes to the Switch s run time m...

Page 303: ...Figure 225 Cluster Management Cluster Member Web Configurator Screen 38 4 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example example ...

Page 304: ...K ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 460ABPI0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 151 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The Web Configurat...

Page 305: ... or static 39 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already learned the port fo...

Page 306: ...ies User s Guide 306 39 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static Click Management MAC Table in the navigation panel to display the following screen Figure 228 Management MAC Table ...

Page 307: ...he data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forwarding screen Select Dynamic to MAC filtering and click the Transfer button to ch...

Page 308: ... it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast...

Page 309: ...el Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the device belongs Port This field displays the port...

Page 310: ...een to view IPv6 path MTU information on the Switch Click Management Path MTU Table in the navigation panel to display the screen as shown Figure 230 Management Path MTU Table The following table describes the labels in this screen Table 154 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ages out and nee...

Page 311: ...you how you can copy the settings of one port onto other ports 42 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 231 Management Configure Clone ...

Page 312: ...indicates that ports 2 through 6 are the destination ports Basic Setting Select to apply all settings to the port Use this first to select the common settings and then remove the settings you do not want copied Select which port settings you configured in the Basic Setting menus should be copied to the destination ports Advanced Application Select which port settings you configured in the Advanced...

Page 313: ...ind an entry in the neighbor table or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages 43 2 Viewing the IPv6 Neighbor Table Use this screen to view IPv6 neighbor information on the Switch Click Management IPv6 Neighbor Table in the navigation panel to display the screen as shown Figure ...

Page 314: ...to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 address unknown The status of the neighboring interface cannot be determined for some reason incomplete I Address resolution is in progress and the link layer address of the neighbor has not yet been determined The interface of the ...

Page 315: ...ber to display the Port Details screen refer to Figure 234 on page 317 Name This is the name you assigned to this port in the Basic Setting Port Setup screen Link This field displays the speed either 10M for 10 Mbps 100M for 100 Mbps or 1G for 1 Gbps and the duplex F for full duplex or H for half It also shows the cable type Copper or Fiber for the combo ports This field displays Down if the port ...

Page 316: ...s port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx KB s This field shows the number of kilobytes per second transmitted on this port Rx KB s This field shows the number of kilobytes per second received on this port Up Time This field shows the total amount of time in hours minutes and seconds the port has ...

Page 317: ...r 10 Mbps 100M for 100 Mbps or 1G for 1 Gbps and the duplex F for full duplex or H for half duplex It also shows the cable type Copper or Fiber for the combo ports This field displays Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port See Section 13 1 on page 144 for more information If STP is disabled this f...

Page 318: ...umber of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the number of 802 3x Pause packets received TX Collision The following fields display information on collisions while transmitting Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision Multiple Thi...

Page 319: ...shows the number of packets including bad packets received that were between 128 and 255 octets in length 256 to 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 to 1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 to 1518 This field shows the nu...

Page 320: ...e This displays the date when the optical transceiver was manufactured Transceiver This displays details about the type of transceiver installed in the SFP slot Calibration This field is available only when an SFP transceiver is inserted into the SFP slot Internal displays if the measurement values are calibrated by the transceiver External displays if the measurement values are raw data which the...

Page 321: ...alue Low Warn Threshold This displays the low value warning threshold for each monitored DDMI parameter A warning signal is reported to the Switch if the monitored DDMI parameter reaches this value Low Alarm Threshold This displays the low value alarm threshold for each monitored DDMI parameter An alarm signal is reported to the Switch if the monitored DDMI parameter reaches this value Table 160 M...

Page 322: ...nce mode Click Surveillance at the top right corner of the Web Configurator to switch between the Web Configurator s Standard or Surveillance mode Figure 238 Web Configurator Surveillance Mode This section describes the screens for System Status and Neighbor Details 45 1 1 What You Can Do Use the Summary screen Section 45 2 on page 322 to see the Switch s general device information system status a...

Page 323: ...d to the Switch s ping requests Yellow The Switch is restarting the connected PD by turning the power off and turning it on again Green The Switch successfully discovered the connected PD using LLDP or ping Auto PD Recovery is not enabled on the Switch and the port or the Switch does not supply power to the connected PD Note The status will NOT be updated instantaneously after enabling or disablin...

Page 324: ...ew device records automatically overwrite existing offline device records starting with the oldest existing offline device record first Click Summary Neighbor Detail to see the following screen Figure 240 Summary Neighbor Detail Extended Range This field shows whether PoE range is extended up to 250 meters for the port on this Switch Device Type This field displays the model name of this Switch Sy...

Page 325: ...hows the speed either 10M for 10Mbps 100M for 100Mbps or 1G for 1 Gbps and the duplex F for full duplex or H for half This field displays Down if the port is not connected to any device PoE Draw W This shows the consumption that the neighboring device connected to this port draws from the Switch This allows you to plan and use within the power budget of the Switch Action Click the Reboot button to...

Page 326: ...ation This shows the geographic location of the neighbor device This field will show for devices that do not support the ZON utility Desc This shows the description of the neighbor device s port which is connected to the Switch Firmware This shows the firmware version of the neighbor device This field will show for devices that do not support the ZON utility MAC This shows the MAC address of the n...

Page 327: ...network number portion of an IP address Default Gateway This displays the IP address of the default outgoing gateway in dotted decimal notation IP Setup This link takes you to a screen where you can configure the IP address and subnet mask necessary for Switch management and set up to 64 IP routing domains Quick Links Auto Camera Recovery This link takes you to a screen where you can enable and co...

Page 328: ...figure general settings such as the system name and time Use the Cloud Management screen Section 47 4 on page 331 to display links to Nebula Control Center Discovery and Nebula Switch Registration screens 47 2 System Information In the navigation panel click System System Information to display the screen as shown Use this screen to view general system information You can check the firmware versio...

Page 329: ...emory Utilization Memory utilization shows how much DRAM memory is available and in use It also displays the current percentage of memory utilization Name This field displays the name of memory pool Total byte This field displays the total number of bytes in this memory pool Used byte This field displays the number of bytes being used in this memory pool Utilization This field displays the percent...

Page 330: ...he Daytime RFC 867 format the Switch displays the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None is the default value Enter the time...

Page 331: ... on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European...

Page 332: ...es the Switch will upgrade the firmware immediately If the firmware does not need to be upgraded but there is newer firmware available for the Switch then it will be upgraded according to the firmware upgrade schedule for the Switch on the NCC Below is the process for upgrading firmware 1 Download firmware via the NCC 2 Upgrade the firmware and reboot Note While the Switch is rebooting do NOT turn...

Page 333: ...ity levels power up mode and the maximum amount of power for the connected PDs Use the Port Setup screen Section 48 5 on page 340 to configure Switch port settings 48 2 Auto PD Recovery This screen lets you turn on automatic PD recovery on the Switch and its Ethernet ports You can configure whether the Switch uses LLDP or ping to check current status of a connected PD The ping is sent through the ...

Page 334: ...ct LLDP to have the Switch passively monitor current status of the connected PD by reading LLDP packets from the PD on the port The Switch also sends out LLDP packets to the PD to update the Switch Neighbor table on the PD see Section 45 2 1 on page 324 for details Select Ping to have the Switch ping the IP address of the connected PD to test whether the PD is reachable or not Neighbor If Mode is ...

Page 335: ...n it back ON again to restart the PD after sending an SNMP trap and generating a log message When restarting the PD entry disappears from the Switch s LLDP table and the PD Health status LED will turn to yellow in the Status Neighbor screen see Section 45 2 1 on page 324 for details Select Alarm to have the Switch send an SNMP trap and generate a log message Resume Polling Interval sec Specify the...

Page 336: ...re 248 Port PoE Setup PoE Status The following table describes the labels in this screen Table 168 Port PoE Setup PoE Status LABEL DESCRIPTION PoE Mode This field displays the power management mode used by the Switch whether it is in Classification or Consumption mode Total Power W This field displays the total power the Switch can provide to the connected PoE enabled devices on the PoE ports ...

Page 337: ...ted to this port can receive power Class This shows the power classification of the PD Each PD has a specified maximum power that fall under one of the classes The Class is a number from 0 to 6 where each value represents the range of power that the Switch provides to the PD The power ranges in PoE standards are as follows Class 0 default 0 44 W to 15 4 W Class 1 default 0 44 W to 4 W Class 2 defa...

Page 338: ...the actual power that the PD needs The Switch also allocates power based on a port s Max Power and the PD s power class and priority level The Switch puts a limit on the maximum amount of power the PD can request and use In this mode the default maximum power that can be delivered to the PD is 33 W IEEE 802 3at Class 4 or 22 W IEEE 802 3af Classes 0 to 3 Continuous PoE Select ON to guarantee conti...

Page 339: ...s An IEEE 802 3at compatible device is referred to as Type 2 Power Class 4 High Power can only be used by Type 2 devices If the connected PD requires a Class 4 current when it is turned on it will be powered up in this mode Force 802 3at the Switch offers power of up to 33 W on the port without performing PoE hardware classification Select this option if the connected PD does not comply with any P...

Page 340: ...st be able to request PoE power through LLDP The Power Via MDI TLV allows PoE devices to advertise and discover the MDI power support capabilities of the sending port on the remote device Port Class MDI Supported MDI Enabled Pair Controllable PSE Power Pairs Power Class Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or lose...

Page 341: ...red speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer port are the same in order to connect Extended Range Select this check box to extend the PoE range up to 250 meters After you enable this feature the port will transfer data at a rate up to10 Mbps in full duplex mode If a PD is connected to the port the Switch follows the IEEE 802 3at P...

Page 342: ...memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 170 Port Port Setup continued LABEL DESCRIPTION ...

Page 343: ...each port Click Switching Broadcast Storm Control in the navigation panel to display the screen as shown next Figure 251 Switching Broadcast Storm Control The following table describes the labels in this screen Table 171 Switching Broadcast Storm Control LABEL DESCRIPTION Active Set this switch to ON to enable traffic storm control on the Switch Otherwise select OFF to disable this feature Port Th...

Page 344: ...to configure to enable static link aggregation Use the Link Aggregation Control Protocol screen Section 49 5 on page 347 to enable Link Aggregation Control Protocol LACP 49 3 Link Aggregation Status Use the Link Aggregation Status screen to view ports you have configured to be in the trunk group ports that are currently transmitting data as one logical link in the trunk group and so on Click Switc...

Page 345: ...t are currently transmitting data as one logical link in this trunk group Aggregator ID Link Aggregator ID consists of the following system priority MAC address key port priority and port number The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Pack...

Page 346: ...he Switch is behind a router the packet s destination or source MAC address will be changed In this case set the Switch to distribute traffic based on its IP address to make sure port trunking can work properly Select src mac to distribute traffic based on the packet s source MAC address Select dst mac to distribute traffic based on the packet s destination MAC address Select src dst mac to distri...

Page 347: ...egation Control Protocol to display the screen shown next See Dynamic Link Aggregation on page 156 for more information on dynamic link aggregation Figure 254 Switching Link Aggregation Link Aggregation Control Protocol Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation ...

Page 348: ...ol Protocol LACP The smaller the number the higher the priority level Group ID The field identifies the link aggregation group that is one logical link containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this...

Page 349: ...at it sends out as they loop back It will then re broadcast those messages again The following figure shows port N on switch A connected to switch B Switch B has two ports x and y mistakenly connected to each other It forms a loop When broadcast or multicast packets leave port N and reach switch B they are sent back to port N on A as they are rebroadcast from B Figure 256 Switch in Loop State The ...

Page 350: ...from port N and returns on another port As long as loop guard is enabled on port N The Switch will shut down port N if it detects that the probe packet has returned to the Switch Figure 258 Loop Guard Network Loop Note After resolving the loop problem on your network you can re activate the disabled port via the Web Configurator or via commands See the CLI Reference Guide Click Switching Loop Guar...

Page 351: ...syslog internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all t...

Page 352: ...dependent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame Of the 4096 possible VIDs a VID of 0 is used to identify priority frames and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4 094 Forwarding Tagged and U...

Page 353: ...ing figure Suppose you want to create VLAN groups 1 and 2 V1 and V2 on devices A and B Without VLAN Trunking you must configure VLAN groups 1 and 2 on all intermediary switches C D and E otherwise they will drop frames with unknown VLAN group tags However with VLAN Trunking enabled on ports in each intermediary switch you only need to create VLAN groups in the end devices Table 176 IEEE 802 1Q VLA...

Page 354: ...VLAN ID numbers separated by a comma and click Search to display only the specified VLANs in the list below Leave this field blank and click Search to display all VLANs configured on the Switch The Number of VLAN This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field di...

Page 355: ...ck the forward or back icon to show the previous or next screen if all status information cannot be seen in one screen Or enter the page number Table 177 Switching VLAN VLAN Status continued LABEL DESCRIPTION Table 178 Switching VLAN VLAN Status VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the...

Page 356: ...N The following table describes the related labels in this screen Click Add or Edit button to open the following screen Use this screen to configure a static VLAN for the Switch Table 179 Switching VLAN Static VLAN LABEL DESCRIPTION Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries VID This field displays the ID num...

Page 357: ...Note Changes in this row are copied to all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select Forbidden if you want to prohibit the port from joining this VLAN group Tagging Select TX Tagging if you want outgoing traffic to contain this V...

Page 358: ...ng frames on a port for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID Acceptable Frame Type Specify the type of frames allowed...

Page 359: ...bled Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 181 Switching VLAN VLAN Port Setting continued LABEL DESCRIPTION ...

Page 360: ...ltiple routing domains on the same VLAN as long as the IP address ranges for the domains do not overlap To change the IP address of the Switch in a routing domain simply add a new routing domain entry with a different IP address in the same subnet You can configure up to 64 IP domains which are used to access and manage the Switch from the ports belonging to the pre defined VLANs Note You must con...

Page 361: ...or example 172 21 40 x This is the IP address of the Switch in an IP routing domain IP Subnet Mask Enter the IP subnet mask of an IP routing domain in dotted decimal notation for example 255 255 252 0 Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation for example 172 21 43 254 VID Enter the VLAN identification number to which an IP routing domain belongs...

Page 362: ...he IP address of the DNS server Management IP Address Use these fields to set the settings for the management port Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Index This field displays the index number of an entry IP Address This field displays IP address of the Switch in the IP domain IP Subnet Mask This fiel...

Page 363: ...ink on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Index This is the index number of the ONVIF entry in the table VID This ...

Page 364: ...or may use a service to manage the Switch Use the SNMP screen Section 51 4 on page 368 to configure your SNMP settings Use the Service Access Control screen Section 51 8 on page 374 to decide what services you may use to access the Switch 51 2 Set Up Login Accounts Up to 5 people one administrator and four non administrators may access the Switch via Web Configurator at any one time An administrat...

Page 365: ... shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users These users can have read only or read write access You can give users higher privileges via the Web Configurator or the CLI For more information on assigning privileges via the CLI see the Ethernet Switch CLI Reference...

Page 366: ...information display 14 Configure login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins and administrator and enable passwords and display configuration information Users can run command lines if the session s privilege level is greater than or equal to the command s privilege level The session privilege initially comes from the privilege of...

Page 367: ...t Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Select services that may be used for managing the Switch from the s...

Page 368: ...object variables or managed objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request or response protoco...

Page 369: ...1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community which is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using ...

Page 370: ...k Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 188 Security Access Control SNMP SNMP continued LABEL DESCRIPTION Table 189 Secu...

Page 371: ... boxes for individual traps that you do not want the Switch to send to the SNMP station Clearing a category s check box automatically clears all of the category s trap check boxes the Switch only sends traps from selected categories Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the to...

Page 372: ...power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 190 Security Access Control SNMP Trap Group Port continued LABEL DESCRIPTION Table 191 Security Access Control SNMP User Information LABEL DESCRIPTION Select an entry s check box to select a specific e...

Page 373: ... authentication algorithm MD5 Message Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Password Enter the password of up to 32 ASCII characters for SNMP user authentication Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following...

Page 374: ...re done configuring Clear Click Clear to reset the fields to the factory defaults Cancel Click Cancel to reset the fields to your previous configuration Table 192 Security Access Control SNMP User Information Add or Edit User Information LABEL DESCRIPTION Table 193 Security Access Control Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here Ac...

Page 375: ... SSH but during the login stage do not enter the user name and or password User B cannot connect to the Switch via SSH before the Login Timeout for User A expires default 150 seconds Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non...

Page 376: ...ed device configuration file Use the Save Configuration screen Section 52 6 on page 379 to save the current configuration settings to a specific configuration file on the Switch Use the Tech Support screen Section 52 7 on page 380 to create reports for customer support if there are problems with the Switch 52 2 Backup Configuration Backing up your Switch configurations allows you to create various...

Page 377: ... wish to upload to the Switch Firmware upgrades are only applied after a reboot Click Upgrade to load the new firmware After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number Table 194 Maintenance Maintenance Firmware Upgrade LABEL DESCRIPTION Name This is the name of the Switch that you are configuring Version This is the version nu...

Page 378: ...ot System 1 In the Reboot System screen click a configuration button next to Reboot System with to reboot and load that configuration file The following screen displays If you select Current Configuration make sure to save the Switch settings as the current configuration in the Maintenance Maintenance Save Configuration screen Figure 281 Reboot System Use the Current Configuration Confirmation If ...

Page 379: ...h 52 5 Restore Configuration You can restore a previously saved device configuration from your computer Click Maintenance Maintenance Restore Configuration to display the screen as shown next Use this screen to restore a previously saved configuration from your computer Figure 284 Maintenance Maintenance Restore Configuration Follow the steps below to restore a previously saved configuration from ...

Page 380: ...t tool that logs useful information such as CPU utilization history memory and Mbuf Memory Buffer log and crash reports for issue analysis by customer support should you have difficulty with your Switch The Tech Support menu eases your effort in obtaining reports and it is also available in CLI command by typing Show tech support command Click Maintenance Maintenance Tech Support to see the follow...

Page 381: ...381 PART III Troubleshooting and Appendices ...

Page 382: ...e the power adapter or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Switch off and on 5 Disconnect and re connect the power adapter or cord to the Switch 6 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 3 ...

Page 383: ...IP when connecting to a DHCP server or 192 168 1 1 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardware connections and make sure the LEDs are behaving as expected See Section 3 3 on page 39 3 Make sure your Internet browser does not block pop up w...

Page 384: ...efaults See Section 4 8 on page 67 Pop up Windows JavaScripts and Java Permissions In order to use the Web Configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by default There is unauthorized access to my Switch via telnet HTTP and SSH To avoid unauthorized access configure the secured client setting in the Management A...

Page 385: ...not sure which configuration file will be loaded If you plug the power cable back to the Switch it will reboot and load the configuration file that was used the last time For example if Config 1 was used on the Switch before you accidentally unplugged the Switch Config 1 will be loaded when rebooting ...

Page 386: ...ion Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation http www zyxel com Asia China Zyxel Communications Shanghai Corp Zyxel Comm...

Page 387: ...ilippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Belgium Zyxel Communications B V https www zyx...

Page 388: ...nmark Zyxel Communications A S https www zyxel com dk da Estonia Zyxel Estonia https www zyxel com ee et Finland Zyxel Communications https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Latvia Zyxel Latvia https www zyx...

Page 389: ...land Zyxel Communications Poland https www zyxel com pl pl Romania Zyxel Romania https www zyxel com ro ro Russia Zyxel Russia https www zyxel com ru ru Slovakia Zyxel Communications Czech s r o organizacna zlozka https www zyxel com sk sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de ...

Page 390: ...merica Argentina Zyxel Communications Corporation https www zyxel com co es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Colombia Zyxel Communications Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Corporatio...

Page 391: ...unications Corporation https www zyxel com me en North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en Oceania Australia Zyxel Communications Corporation https www zyxel com au en Africa South Africa Nology Pty Ltd https www zyxel com za en ...

Page 392: ...ons in which this service is used Table 196 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOTP...

Page 393: ...at sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to...

Page 394: ...S UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP...

Page 395: ...1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means tha...

Page 396: ...owing table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and cannot be assigned to a multicast group Table 198 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link FF...

Page 397: ... and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful auto configuration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to generate its own and unique IP address automatically when IPv6 is initiated on its interface It combines the prefix and the interface ID generated from...

Page 398: ...lable server S2 For an IA_TA the client may send a Renew or Rebind message at the client s discretion DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients When a client cannot use its link local address and a well known multicast address to locate a DHCP server on its network it then needs a DHCP relay agent t...

Page 399: ...s its IPv6 caches constantly using the information from response messages In IPv6 the Switch configures a link local address automatically and then sends a neighbor solicitation message to check if the address is unique If there is an address to be resolved or verified the Switch also sends out a neighbor solicitation message When the Switch receives a neighbor advertisement in response it stores ...

Page 400: ...HCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 After ...

Page 401: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 check box to enable it 3 Click OK to save the change ...

Page 402: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Page 403: ...itions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested and found to comply with the limits for a Class A digital...

Page 404: ...led information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your device Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The POE Power over Ethernet devices tha...

Page 405: ...na y medioambiental Le symbole ci dessous signifie que selon les réglementations locales votre produit et ou sa batterie doivent être éliminés séparément des ordures ménagères Lorsque ce produit atteint sa fin de vie amenez le à un centre de recyclage Au moment de la mise au rebut la collecte séparée de votre produit et ou de sa batterie aidera à économiser les ressources naturelles et protéger l ...

Page 406: ...y replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of Zyxel This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of th...

Page 407: ...me 93 All connected Setting Wizard 135 applications backbone 22 bridging 23 fiber uplink 23 IEEE 802 1Q VLAN 24 PoE 21 switched workgroup 24 ARP how it works 253 learning mode 253 overview 253 setup 255 ARP Address Resolution Protocol 308 ARP Learning screen 255 ARP Setup screen 255 ARP Table screen 308 ARP Reply 253 ARP Request 254 authentication setup 179 authentication authorization and account...

Page 408: ...reen 301 cluster manager 299 configuration change running config 259 378 save 380 saving 66 configuration file backup 262 376 restore 261 379 save 259 380 Configure Clone screen 311 console port settings 38 contact information customer support 386 copying port settings see port cloning copyright 403 CoS 237 CPU management port 133 CPU protection 199 current date 91 330 current time 91 330 custom d...

Page 409: ...n EU 405 DS Differentiated Services 237 DSCP 237 what it does 237 dual firmware images 260 377 dual personality interface 40 Dynamic Host Configuration Protocol for IPv6 DHCPv6 397 dynamic link aggregation 156 E egress port 135 egress rate 151 electrostatic discharge ESD 33 Environment Statement 405 Errdisable Detect screen 203 Errdisable Recovery screen 204 Errdisable screen 200 errdisable status...

Page 410: ...gistration Protocol 353 H hardware installation 26 hardware monitor 89 329 hardware overview 32 HTTPS 286 certificates 286 implementation 286 public keys private keys 286 HTTPS Certificates screen 265 HTTPS example 286 I IANA Internet Assigned Number Authority 392 Identity Association IA 398 IEEE 802 3af 21 IEEE 802 3at 21 IEEE 802 3az 206 IEEE 802 3bt 21 IGMP snooping 170 IGMP snooping and VLANs ...

Page 411: ...13 IPv6 Neighbor Table screen 313 IPv6 screen 108 J Java permission 43 384 JavaScript 43 384 L LACP 156 system priority 160 348 timeout 161 348 Layer Link Discovery Protocol LLDP 324 LED description 39 LEDs 39 limit MAC address learning 164 link aggregation 54 156 dynamic 156 ID information 157 setup 158 345 traffic distribution algorithm 158 345 traffic distribution type 159 346 trunk group 156 L...

Page 412: ... address 71 management port 135 managing the device cluster management 25 good habits 25 NCC 25 using FTP see FTP 25 using SNMP 25 using Telnet see command interface 25 using the command interface see command interface 25 ZON Utility 25 maximum transmission unit 310 Maximum Transmission Unit MTU 109 Mbuf Memory Buffer 263 380 MD5 Message Digest 5 373 MDIX Media Dependent Interface Crossover 33 Med...

Page 413: ...102 PoE Time Range Setup screen 104 port setup 99 speed duplex 100 Port Based VLAN Setup screen 134 port cloning 311 312 advanced settings 311 312 basic settings 311 312 port details 316 port isolation Setting Wizard 135 port mirroring 154 port redundancy 156 Port screen DHCP snooping 192 DHCPv4 Global Relay 246 DHCPv4 VLAN 249 SNMP traps 371 port security 163 address learning 164 limit MAC addres...

Page 414: ...recurring schedule 165 registration product 406 Regulatory Notice and Statement 403 remote management 277 366 service 278 367 trusted computers 278 367 Remote Management screen 366 RESET button 36 67 resetting 35 67 258 to factory default settings 258 restore configuration file 379 RESTORE button 36 67 restore configuration 261 restoring configuration 35 67 RFC 3164 296 Round Robin Scheduling 167 ...

Page 415: ...284 implementation 285 SSH Secure Shell 284 SSL Secure Socket Layer 286 standby ports 157 static MAC address 136 static MAC forwarding 136 Static MAC Forwarding screen 136 static multicast forwarding 138 Static Multicast Forwarding screen 139 static VLAN 126 356 control 127 357 tagging 127 357 Static VLAN screen 70 356 status 60 82 322 port 315 STP 146 VLAN 123 354 Status screen 82 STP 144 bridge ...

Page 416: ...rial DHCP snooping 74 tutorials 74 Type of Service 237 U untrusted ports DHCP snooping 193 User Information screen SNMP 272 372 user name 44 default 44 user profiles 177 UTC Universal Time Coordinated 91 V Vendor ID Based VLAN screen 131 Vendor Specific Attribute see VSA 182 VID 98 124 125 354 355 361 number of possible VIDs 122 352 priority frame 122 352 VID VLAN Identifier 122 352 View based Acc...

Page 417: ...tting help 68 home 60 home screen 61 login 43 logout 68 navigating components 61 navigation panel 62 online help 68 usage prerequisite 43 weight 168 Windows OS version check 47 wizard setup 51 WRR Weighted Round Robin Scheduling 167 Z ZDP 47 ZON Zyxel One Network 406 ZON Utility 47 compatible OS 47 fields description 51 icon description 50 installation requirements 47 introduction 20 minimum hardw...