ZyXEL Communications GS2210-24 User Manual Download | Manualshive

Page: 380 / 444

background image

Chapter 43 Access Control

GS2210 Series User’s Guide

380

43.7.3 Introduction to HTTPS

HTTPS ( Hyper Text  Transfer  Pr ot ocol over  Secur e Socket  Layer, or HTTP over  SSL)  is a w eb pr ot ocol
t hat  encr ypt s and decr ypt s w eb pages. Secur e Socket  Layer  ( SSL)  is an applicat ion- level pr ot ocol
t hat  enables secur e t ransact ions of dat a by ensur ing confident ialit y ( an unaut hor ized par t y cannot
r ead t he t ransfer r ed dat a) , aut hent icat ion ( one par t y  can ident ify  t he ot her  par t y )  and dat a
int egr it y ( you know  if dat a has been changed) .

I t r elies upon cer t ificat es, public keys, and pr ivat e keys.

HTTPS on t he Swit ch is used so t hat  you m ay secur ely access t he Swit ch using t he w eb
configurat or. The SSL pr ot ocol specifies t hat  t he SSL ser ver ( t he Sw it ch)  m ust  always aut hent icat e
it self t o t he SSL client  ( t he com put er  w hich r equest s t he HTTPS connect ion w it h t he Swit ch) ,
w her eas t he SSL client  only should aut hent icat e it self w hen t he SSL ser ver  r equir es it  t o do so.
Aut hent icat ing client  cer t ificat es is opt ional and if select ed m eans t he SSL- client  m ust  send t he
Swit ch a cer t ificat e. You m ust  apply for  a cer t ificat e for  t he br ow ser  fr om  a Cer t ificat e Aut hor it y
( CA)  t hat  is a t r ust ed CA on t he Sw it ch.

Please r efer t o t he following figur e.

1

HTTPS connect ion r equest s fr om an SSL- awar e w eb brow ser go t o port 443 ( by default ) on t he
Swit ch’s WS ( w eb ser ver ) .

2

HTTP connect ion r equest s fr om a web br owser go t o por t 80 ( by default ) on t he Swit ch’s WS ( web
ser ver ) .

Figure 266

HTTPS I m plem ent at ion

Not e: I f you disable HTTP in t he Ser v ice Access Cont r ol scr een, t hen t he Sw it ch block s all

HTTP connect ion at t em pt s.

43.7.3.1 HTTPS Example

I f you haven’t changed t he default HTTPS por t on t he Sw it ch, t hen in your br ow ser ent er “ ht t ps: / /
Swit ch I P Addr ess/ ” as t he w eb sit e addr ess w her e “ Sw it ch I P Addr ess” is t he I P addr ess or dom ain
nam e of t he Swit ch you w ish t o access.

Internet Explorer Warning Messages

I n t e r n e t Ex plor e r 6

«
...
378
379
380
381
382
...
»

Summary of Contents for GS2210-24

Page 1: ... com GS2 2 1 0 Series Intelligent Layer 2 GbE Switch Version 4 30 Edition 1 10 2015 Copyright 2015 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ...ter operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation CLI Reference Guide The CLI Reference Guide explains how to use the Command Line Interface CLI to configure the Switch Note It is recommended you use the Web Configurator to configure the Switch Web Configurator Online Help Click the help icon in any screen for help in co...

Page 3: ...C Forward Setup 114 Static Multicast Forward Setup 116 Filtering 119 Spanning Tree Protocol 121 Bandwidth Control 142 Broadcast Storm Control 144 Mirroring 146 Link Aggregation 148 Port Authentication 157 Port Security 165 Time Range 168 Classifier 170 Policy Rule 179 Queuing Method 183 Multicast 186 AAA 211 IP Source Guard 222 Loop Guard 257 Layer 2 Protocol Tunneling 261 PPPoE 265 Error Disable ...

Page 4: ...ute 330 Differentiated Services 333 DHCP 337 ARP Setup 349 Maintenance 353 Access Control 362 Diagnostic 385 System Log 388 Syslog Setup 389 Cluster Management 392 MAC Table 398 ARP Table 401 Path MTU Table 403 Configure Clone 404 IPv6 Neighbor Table 407 Troubleshooting 409 ...

Page 5: ... for Managing the Switch 23 Chapter 2 Hardware Installation and Connection 24 2 1 Installation Scenarios 24 2 2 Desktop Installation Procedure 24 2 3 Mounting the Switch on a Rack 24 2 3 1 Rack mounted Installation Requirements 24 2 3 2 Attaching the Mounting Brackets to the Switch 25 2 3 3 Mounting the Switch on a Rack 25 Chapter 3 Hardware Panels 27 3 1 Front Panel 27 3 1 1 Gigabit Ethernet Port...

Page 6: ...1 1 Creating a VLAN 42 5 1 2 Setting Port VID 43 5 2 Configuring Switch Management IP Address 44 Chapter 6 Tutorials 46 6 1 Overview 46 6 2 How to Use DHCPv4 Snooping on the Switch 46 6 3 How to Use DHCPv4 Relay on the Switch 49 6 3 1 DHCP Relay Tutorial Introduction 50 6 3 2 Creating a VLAN 50 6 3 3 Configuring DHCPv4 Relay 53 6 3 4 Troubleshooting 54 Chapter 7 Status and ZON 55 7 1 Overview 55 7...

Page 7: ...k Local Address Setup 86 8 10 6 IPv6 Global Address Setup 87 8 10 7 IPv6 Neighbor Discovery Setup 88 8 10 8 IPv6 Neighbor Setup 89 8 10 9 DHCPv6 Client Setup 90 8 11 DNS 92 Chapter 9 VLAN 93 9 1 Overview 93 9 1 1 What You Can Do 93 9 1 2 What You Need to Know 93 9 2 VLAN Status 96 9 2 1 VLAN Details 97 9 3 VLAN Configuration 98 9 4 Configure a Static VLAN 98 9 5 Configure VLAN Port Settings 100 9 ...

Page 8: ... 13 Spanning Tree Protocol 121 13 1 Spanning Tree Protocol Overview 121 13 1 1 What You Can Do 121 13 1 2 What You Need to Know 121 13 2 Spanning Tree Protocol Status Screen 124 13 3 Spanning Tree Configuration 124 13 4 Configure Rapid Spanning Tree Protocol 125 13 5 Rapid Spanning Tree Protocol Status 127 13 6 Configure Multiple Rapid Spanning Tree Protocol 129 13 7 Multiple Rapid Spanning Tree P...

Page 9: ...w 148 17 1 1 What You Can Do 148 17 1 2 What You Need to Know 148 17 2 Link Aggregation Status 149 17 3 Link Aggregation Setting 151 17 3 1 Link Aggregation Control Protocol 153 17 4 Technical Reference 155 17 4 1 Static Trunking Example 155 Chapter 18 Port Authentication 157 18 1 Port Authentication Overview 157 18 1 1 What You Can Do 157 18 1 2 What You Need to Know 157 18 1 3 MAC Authentication...

Page 10: ...1 5 Classifier Example 177 Chapter 22 Policy Rule 179 22 1 Policy Rules Overview 179 22 1 1 What You Can Do 179 22 2 Configuring Policy Rules 179 22 3 Policy Example 182 Chapter 23 Queuing Method 183 23 1 Queuing Method Overview 183 23 1 1 What You Can Do 183 23 1 2 What You Need to Know 183 23 2 Configuring Queuing 184 Chapter 24 Multicast 186 24 1 Multicast Overview 186 24 1 1 What You Can Do 18...

Page 11: ...19 25 6 2 Supported RADIUS Attributes 220 25 6 3 Attributes Used for Authentication 221 Chapter 26 IP Source Guard 222 26 1 IP Source Guard Overview 222 26 1 1 What You Can Do 222 26 1 2 What You Need to Know 223 26 2 IP Source Guard Screen 223 26 3 IPv4 Source Guard Setup 224 26 4 IPv4 Source Guard Static Binding 225 26 5 DHCP Snooping 227 26 6 DHCP Snooping Configure 230 26 6 1 DHCP Snooping Por...

Page 12: ...tup 259 Chapter 28 Layer 2 Protocol Tunneling 261 28 1 Layer 2 Protocol Tunneling Overview 261 28 1 1 What You Can Do 261 28 1 2 What You Need to Know 261 28 2 Configuring Layer 2 Protocol Tunneling 262 Chapter 29 PPPoE 265 29 1 PPPoE Intermediate Agent Overview 265 29 1 1 What You Can Do 265 29 1 2 What You Need to Know 265 29 2 PPPoE Screen 267 29 3 PPPoE Intermediate Agent 268 29 3 1 PPPoE IA P...

Page 13: ...DP Screens 286 33 4 LLDP Local Status 287 33 4 1 LLDP Local Port Status Detail 288 33 5 LLDP Remote Status 291 33 5 1 LLDP Remote Port Status Detail 292 33 6 LLDP Configuration 298 33 6 1 LLDP Configuration Basic TLV Setting 300 33 6 2 LLDP Configuration Org specific TLV Setting 301 33 7 LLDP MED Configuration 303 33 8 LLDP MED Network Policy 304 33 9 LLDP MED Location 305 Chapter 34 Anti Arpscan ...

Page 14: ...u Need to Know 326 37 2 ZULD Status 327 37 3 ZULD Configuration 328 Chapter 38 Static Route 330 38 1 Static Route Overview 330 38 1 1 What You Can Do 330 38 2 Static Routing 331 38 3 IPv4 Static Route 331 Chapter 39 Differentiated Services 333 39 1 Differentiated Services Overview 333 39 1 1 What You Can Do 333 39 1 2 What You Need to Know 333 39 2 Activating DiffServ 334 39 3 DSCP to IEEE 802 1p ...

Page 15: ...49 41 1 1 What You Can Do 349 41 1 2 What You Need to Know 349 41 2 ARP Setup 351 41 2 1 ARP Learning 351 Chapter 42 Maintenance 353 42 1 Overview 353 42 1 1 What You Can Do 353 42 2 The Maintenance Screen 353 42 2 1 Erase Running Configuration 354 42 2 2 Save Configuration 355 42 2 3 Reboot System 355 42 3 Firmware Upgrade 355 42 4 Restore a Configuration File 357 42 5 Backup a Configuration File...

Page 16: ... 3 Introduction to HTTPS 380 Chapter 44 Diagnostic 385 44 1 Overview 385 44 2 Diagnostic 385 Chapter 45 System Log 388 45 1 Overview 388 45 2 System Log 388 Chapter 46 Syslog Setup 389 46 1 Syslog Overview 389 46 1 1 What You Can Do 389 46 2 Syslog Setup 389 Chapter 47 Cluster Management 392 47 1 Cluster Management Overview 392 47 1 1 What You Can Do 393 47 2 Cluster Management Status 393 47 3 Clu...

Page 17: ...wing the Path MTU Table 403 Chapter 51 Configure Clone 404 51 1 Overview 404 51 2 Configure Clone 404 Chapter 52 IPv6 Neighbor Table 407 52 1 IPv6 Neighbor Table Overview 407 52 2 Viewing the IPv6 Neighbor Table 407 Chapter 53 Troubleshooting 409 53 1 Power Hardware Connections and LEDs 409 53 2 Switch Access and Login 410 53 3 Switch Configuration 412 Appendix A Customer Support 413 Appendix B Co...

Page 18: ...18 PART I User s Guide ...

Page 19: ...ffers a proprietary software program called ZyXEL One Network ZON Utility it is a utility tool that assists you to set up and maintain network devices in a more simple and efficient way You can download the ZON Utility at www zyxel com and install it on a PC For more information on ZON Utility see Section 7 3 on page 57 The following table describes the port features of the Switch by model The fol...

Page 20: ...l solution for small networks where rapid growth can be expected in the near future The Switch can be used standalone for a group of heavy traffic users You can connect computers and servers directly to the Switch s port or connect other switches to the Switch In this example all computers can share high speed applications on the server To expand the network simply add more networking devices such...

Page 21: ...abit Ethernet mini GBIC port on the Switch Moreover the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location Figure 2 Bridging Application 1 1 3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following example use trunking to connect these two networks Switching ...

Page 22: ...han one group With VLAN a station cannot directly talk to or hear from stations that are not in the same group s unless such traffic first goes through a router For more information on VLANs refer to Chapter 9 on page 93 1 1 4 1 Tag based VLAN Example Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic VLAN groups c...

Page 23: ...ement allowsyou to manage multiple switches through one switch called the cluster manager See Chapter 46 on page 389 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s noteasy to guess and that consists of different types of characters such as numbers and letter...

Page 24: ...level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 2 3 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size 19 inch rack or in a wiring closet with other equipment F...

Page 25: ...bracket with the screw holes on the side of the Switch Figure 5 Attaching the Mounting Brackets 2 Using a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section 2 3 3 Mounting the Switch ...

Page 26: ...s User s Guide 26 Figure 6 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 27: ...of the Switch Figure 7 Front Panel GS2210 8 Figure 8 Front Panel GS2210 8HP Figure 9 Front Panel GS2210 24 Figure 10 Front Panel GS2210 24HP Figure 11 Front Panel GS2210 48 Figure 12 Front Panel GS2210 48HP 3 1 1 Gigabit Ethernet Ports The Switch has 1000Base T auto negotiating auto crossover Ethernet ports In 10 100 1000 Mbps Gigabit the speed can be 10 Mbps 100 Mbps or 1000 Mbps and the duplex m...

Page 28: ...peed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect 3 1 1 1 Default Ethernet Negotiation Settings The factory default negotiation settings for the Gigabit ports on the Switch are Speed Auto Duplex Auto Flow control Off Link Aggregation Disabled 3 1 1 2 Auto crossover All ports are auto crossover ...

Page 29: ...he Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly 4 Close the transceiver s latch latch styles vary 5 Connect the fiber optic cables to the transceiver Figure 13 Transceiver Installation Example Figure 14 Connecting the Fiber Optic Cables 3 1 2 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module...

Page 30: ...utton see Section Figure 12 on page 27 to active PoE on the Switch view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting see Section 3 3 on page 31 3 2 Rear Panel The following figures show the rear panels of the Switch Figure 18 Rear Panel GS2210 8 Figure 19 Rear Panel GS2210 8HP Figure 20 Rear Panel GS2210 24 Figure 21 Rear Panel GS2210 24HP Figure 22 Rear Pan...

Page 31: ...plied power cord to a power outlet Make sure that no objects obstruct the airflow of the fans located on the side of the unit See Chapter 53 on page 409 for information on the Switch s power supply requirements 3 3 LEDs After you connect the power to the Switch view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting Table 4 LED Descriptions LED COLOR STATUS DESCRI...

Page 32: ...k On The link to a 100 Mbps Ethernet network is up Off The link to an Ethernet network is down PoE GS2210 8HP GS2210 24HP and GS2210 48HP only Green On Power supplied to all PoE Ethernet ports meets the I EEE 802 3at standard Amber On Power supplied to all PoE Ethernet ports meets the IEEE 802 3af standard Off There is no power supplied Mini GBIC Slots 9 10 GS2210 8 8HP0 25 28 GS2210 24 24HP 45 50...

Page 33: ...33 PART II Technical Reference ...

Page 34: ...ator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the default management IP address is 192 168 1 1 in the Location or Address field Press ENTER ...

Page 35: ...model s screens as an example The screens may very slightly for different models The following figure shows the navigating components of a web configurator screen Figure 25 Web Configurator Home Screen for PoE model s Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E F These are quick links which allow you to perform ...

Page 36: ...off D Click this link to go to the status page of the Switch E Click this link to log out of the web configurator F Click this link to display web help pages The help pages provide descriptions for all of the configuration screens G Click this link to go to the ZON Neighbor Management screen where you can see and manage neighbor devices learned by the Switch In the navigation panel click a main li...

Page 37: ...r a subnet based VLAN in these screens Static MAC Forwarding This link takes you to a screen where you can configure static MAC addresses for a port These static MAC addresses do not age out Static Multicast Forwarding This link takes you to a screen where you can configure static multicast MAC addresses for port s These static multicast MAC addresses do not age out Filtering This link takes you t...

Page 38: ...LDP This link takes you to screens where you can configure LLDP settings Anti Arpscan This link takes you to screens where you can enable anti arpscan on the Switch and ports and view the port state You can also create trusted hosts view blocked hosts and unblock them BPDU Guard This link takes you to screens where you can enable BPDU guard on the Switch and ports and view the port state OAM This ...

Page 39: ...eens where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC addresses and types of devices attached to what ports and VLAN I Ds ARP Table This link takes you to a screen where you can view the MAC addresses IP address resolution table Path MTU Table This link takes you to a screen where you can view the path MTU aging ...

Page 40: ... service port number but forget it Note Be careful not to lock yourself and others out of the Switch 4 6 Resetting the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to reload the factory default configuration file or reset the Switch back to the factory defaults 4 6 1 Reload the Configuration File Uploading the factory default configurati...

Page 41: ...tch is now reinitialized with a default configuration file including the default password of 1234 4 7 Logging Out of the Web Configurator Click Logout in a screen to exit the web configurator You have to log in with your password again after you log out This is recommended after you finish a management session for security reasons Figure 27 Web Configurator Logout Screen 4 8 Help The web configura...

Page 42: ...gure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 28 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN VLAN Configuration in the navigati...

Page 43: ...ent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Setting Port VID Use PVID to add a tag to incoming unt...

Page 44: ... D field for port 2 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 2 Configuring Switch Management IP Address The default management IP address of the Switch is 192 168 1 1 You can configure another IP address in a different subnet for management purposes The following figure shows an example Figure ...

Page 45: ...information 3 Click Basic Setting I P Setup in the navigation panel 4 Configure the related fields in the I P Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VI D field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the Static VLAN screen 7 ...

Page 46: ...LAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 31 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 26 1 on page 222 The settings in this tutorial are as the following 1 Access the Switch through http 1 9 2 1 6 8 1 1 by default Log into the Switch by entering the username default adm in and password defaul...

Page 47: ...d in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 32 Tutorial Create a VLAN and Add Ports to It 3 Go to Advanced Application VLAN VLAN Configuration VLAN Port Setup and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 Figure 33 Tutorial Tag Untagged F...

Page 48: ...shown Click Apply Figure 34 Tutorial Specify DHCP VLAN 5 Click the Port link at the top right corner 6 The DHCP Snooping Port Configure screen appears Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5 Keep ports 6 and 7 Untrusted because they are connected to DHCP clients Click Apply Figure 35 Tutorial Set the DHCP Server Port to Trusted ...

Page 49: ...r 7 The computer should be able to get an IP address from the DHCP server If you put the DHCP server on port 6 or 7 the computer will not able to get an IP address 10 To check if DHCP snooping works go to Advanced Application I P Source Guard I Pv4 Source Guard Setup you should see an IP assignment with the type DHCP Snooping as shown Figure 37 Tutorial Check the Binding If DHCP Snooping Works You...

Page 50: ...nd port number in the DHCP request Client A connects to the Switch s port 2 in VLAN 102 Figure 38 Tutorial DHCP Relay Scenario 6 3 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting Sw itch Setup and set the VLAN type to 8 0 2 1 Q Click Apply to save the settings to the run ti...

Page 51: ... VE enter a descriptive name VLAN 102 for example in the Nam e field and enter 102 in the VLAN Group I D field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned...

Page 52: ...and then the VLAN Port Setup link in the VLAN Configuration screen Figure 41 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVI D field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 53: ...ow to enable DHCP relay on the Switch and allow the Switch to add relay agent information such as the VLAN ID to DHCP requests 1 Click I P Application DHCP DHCPv4 and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Rem ote DHCP Server 1 field 4 Select default1 or default2 in the Option 8 2 Prof...

Page 54: ...ver can then assign a specific IP address based on the DHCP request 6 3 4 Troubleshooting Check the client A s IP address If it did not receive the IP address 172 16 1 18 make sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch...

Page 55: ...nformation Use theZON Utility screen Section 7 3 on page 57 to deploy and manage network devices Use theNeighbor screen Section 7 4 on page 58 to view and manage Switch s neighbor devices Use thePort Status Sum m ary screen Section 7 5 on page 59 to view the port statistics Use thePort Details screen Section 7 5 1 on page 61 to display individual port statistics 7 2 Status The Status screen displa...

Page 56: ...r and date of the firmware the Switch is currently running System Time This field displays the current date and time in the UAG The format is mm dd yyyy hh mm ss Serial Number This field displays the serial number of this Switch The serial number is used for device tracking and control System Up Time This field displays how long the Switch has been running since it last restarted or was turned on ...

Page 57: ... The following figure shows the ZON Utility screen I Pv4 Address This field displays the Switch s current IPv4 address Subnet Mask This field displays the Switch s subnet mask Default Gateway This field displays the IP address of the Switch s default gateway IP Setup Click the link to go to the Basic Setting I P Setup screen I PV6 Global Unicast Address This field displays the Switch s IPv6 global...

Page 58: ...uses Layer Link Discovery Protocol LLDP to discover all neighbor devices connected to the Switch including non ZyXEL devices You can perform tasks on the neighboring devices like login reboot turn the power off and then back on again and reset to factory default settings in the Neighbor Management screen For more information on LLDP see Section 33 1 on page 284 Click Status Neighbor to see the fol...

Page 59: ...bor device Firmware This shows the firmware version of the neighbor device This field will show for non ZyXEL devices I P This shows the I P address of the neighbor device The IP address is a hyper link that you can click to log into and manage the neighbor device through its web configurator This field will show for non ZyXEL devices MAC This shows the MAC address of the neighbor device This fiel...

Page 60: ... the duplex F for full duplex or H for half It also shows the cable type Copper or Fiber for the combo ports State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port See Section 13 1 on page 121 for more information If STP is disabled this field displays FORW ARDI NG if the link is up otherwise it displays STOP PD For PoE model s only This field displays whether...

Page 61: ...n the Switch Figure 48 Port Status Port Details Rx KB s This field shows the number of kilobytes per second received on this port Up Time This field shows the total amount of time in hours minutes and seconds the port has been up Clear Counter Select Port enter a port number and then click Clear Counter to erase the recorded statistical information for that port or select Any to clear statistics f...

Page 62: ...ansmitted Unicast This field shows the number of good unicast packets transmitted Multicast This field shows the number of good multicast packets transmitted Broadcast This field shows the number of good broadcast packets transmitted Pause This field shows the number of 802 3x Pause packets transmitted Rx Packet The following fields display detailed information about packets received Unicast This ...

Page 63: ...ws the number of packets including bad packets received that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of pack...

Page 64: ...teway device and the management VLAN ID Use thePort Setup screen Section 8 7 on page 72 to configure Switch port settings Use thePoE Status screens Section 8 8 on page 74 to view the current amount of power that PDs are receiving from the Switch and set the priority levels for the Switch in distributing power to PDs This screen is available for PoE model s only Use theI nterface Setup screens Sect...

Page 65: ...Media Access Control address of the Switch CPU Utilization CPU utilization quantifies how busy the system is Current displays the current percentage of CPU utilization Memory Utilization Memory utilization shows how much DRAM memory is available and in use It also displays the current percentage of memory utilization Hardware Monitor Temperature Unit The Switch has temperature sensors that are cap...

Page 66: ...um speed measured in Revolutions Per Minute RPM MIN This field displays this fan s minimum speed measured in Revolutions Per Minute RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Norm al indicates that this fan is functioning above the minimum speed Error indicates that this fan is function...

Page 67: ...ys the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Tim e RFC 8 6 8 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1 3 0 5 is similar to Tim e RFC 8 6 8 None is the default value Enter the time manually Each time you turn on th...

Page 68: ...les Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 0 0 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight...

Page 69: ... 93 for more information MAC Address Learning MAC address learning reduces outgoing traffic broadcasts For MAC address learning to occur on a port the port must be active Aging Time Enter a time from 10 to 1000000 seconds This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out and must be relearned ARP Aging Time Aging Time Enter a time from 60 to...

Page 70: ...has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p Level 7 Typically used for network control t...

Page 71: ... s Note You must configure a VLAN first Each VLAN can only have one management IP address Figure 52 Basic Setting IP Setup The following table describes the labels in this screen Table 15 Basic Setting IP Setup LABEL DESCRIPTION Default Management IP Address DHCP Client Select this option if you have a DHCP server that can assign the Switch an I P address subnet mask a default gateway IP address a...

Page 72: ... pre defined VLAN s You must configure a VLAN first I P Address Enter the IP address for managing the Switch by the members of the VLAN specified in the VI D field below I P Subnet Mask Enter the IP subnet mask in dotted decimal notation VID Type the VLAN group identification number Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation Add Click Add to ins...

Page 73: ...st to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable a port The factory default for all ports is enabled A port must be enabled for data transmission to occur Name Enter a descriptive name that identifies this port You can enter up to 64 alpha numerical ch...

Page 74: ...detecting the signal on the cable and using half duplex mode When the Switch s auto negotiation is turned off a port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer port are the same in order to connect Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing p...

Page 75: ...tch is able to reserve and allocate power to certain PDs Note The POE Power over Ethernet devices that supply or receive power and their connected Ethernet cables must all be completely indoors To view the current amount of power that PDs are receiving from the Switch click Basic Setting PoE Setup Figure 55 Basic Setting PoE Status ...

Page 76: ...eive power from the Switch You can set this in Section 8 8 2 on page 77 Disable The PD connected to this port cannot get power supply Enable The PD connected to this port can receive power Class This shows the power classification of the PD This is a number from 0 to 4 where each value represents a range of power W and power current mA that the PD requires to function The ranges are as follows Cla...

Page 77: ...schedule for the Switch in distributing power to PDs Click the PoE Setup link in the Basic Setting PoE Status screen The following screen opens Table 18 Basic Setting PoE Setup PoE Time Range Status LABEL DESCRIPTION Port This is the number of the port on the Switch Time Range This field displays the name of the schedule which is applied to the port PoE is enabled at the specified time date state ...

Page 78: ...itch to manage the total power supply so that each connected PD gets a resource However the power allocated by the Switch may be less than the Max Power mW of the PD PDs with higher priority also get more power than those with lower priority levels Port This is the port index number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports U...

Page 79: ...ut current drawn by the PD when first turned on Pre 8 0 2 3 at the Switch initially offers power on the port according to the IEEE 802 3af standard and then switches to support the IEEE 802 3at standard within 75 milliseconds after a PD is connected to the port Select this option if the Switch is performing 2 event Layer 1 classification PoE hardware classification or the connected PD is NOT perfo...

Page 80: ...screens Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration I ndex This field displays the inde...

Page 81: ...us and detailed information Click an interface index number in the Basic Setting I Pv6 screen The following screen opens Table 21 Basic Setting IPv6 LABEL DESCRIPTION I ndex This field displays the index number of an IPv6 interface Click on an index number to view more interface details I nterface This is the name of the IPv6 interface you created Active This field displays whether the IPv6 interf...

Page 82: ...s which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed I CMPv6 Rate Limit Error I nterval This field displays the time period in milliseconds during which I CMPv6 error messages of up to the bucket size can be transmitted 0 means no limit Stateless Address Autoconfig This field displays whether the Switch s interface can automaticall...

Page 83: ...on T1 This field displays the DHCPv6 T1 timer After T1 the Switch sends the DHCPv6 server a Renew message An I A_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lifetimes expire T2 This field displays the DHCPv6 T2 t...

Page 84: ...screen where you can configure the global IPv6 settings on the Switch I Pv6 Interface Setup Click the link to go to a screen where you can enable an IPv6 interface on the Switch I Pv6 Addressing IPv6 Link Local Address Setup Click the link to go to a screen where you can configure the IPv6 link local address for an interface IPv6 Global Address Setup Click the link to go to a screen where you can ...

Page 85: ...IPv6 packet is allowed to transmit before it is discarded by an IPv6 router which is similar to the TTL field in IPv4 I CMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed I CMPv6 Rate Limit Error I nterval Specify the time period from 0 t...

Page 86: ...on to enable the interface Address Autoconfig Select this option to allow the interface to automatically generate a link local address via stateless autoconfiguration Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory ...

Page 87: ...e index number Click on an index number to change the settings I nterface This is the name of the IPv6 interface you created IPv6 Link Local Address This is the static IPv6 link local address for the interface I Pv6 Default Gateway This is the default gateway IPv6 address for the interface Table 26 Basic Setting IPv6 IPv6 Configuration IPv6 Link Local Address Setup continued LABEL DESCRIPTION Tabl...

Page 88: ...o select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entry ies that you want to remove and then click Delete to remove the selected entry ies from the summary table Cancel Click Cancel to clear the check boxes Table 27 Basic Setting IPv6 IPv6 Configuration IPv6 Global Address Setup continued LABEL DESCRIPTION Table 28 Basic Settin...

Page 89: ...use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults I ndex This is the interface index number Click on an index number to change the settings I nterface This is the name of the IPv6 interface you created DAD...

Page 90: ...reached through the interface MAC Specify the MAC address of the neighboring device which can be reached through the interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolat...

Page 91: ...94967295 seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring Cancel Click Cancel to begin co...

Page 92: ...4 address in order to be able to use a domain name instead of an IP address Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous conf...

Page 93: ...able the switch port to carry the voice traffic separately from data traffic to ensure the sound quality does not deteriorate Use theMAC Based VLAN screen Section 9 9 on page 107 to set up VLANs that allow you to group untagged packets into logical VLANs based on the source MAC address of the packet This eliminates the need to reconfigure the switch when you change ports The switch will forward th...

Page 94: ...h to an 802 1Q VLAN aware switch the Switch first decides where to forward the frame and then inserts a VLAN tag reflecting the ingress port s default VID The default PVID is VLAN 1 for all ports but this can be changed A broadcast frame or a multicast frame for a multicast group that is known by the system is duplicated only on ports that are members of the VID except the ingress port itself thus...

Page 95: ...ort s Figure 70 Port VLAN Trunking 9 1 2 3 Select the VLAN Type Select a VLAN type in the Basic Setting Sw itch Setup screen Table 32 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed reg...

Page 96: ...us screen as shown next Figure 72 Advanced Application VLAN VLAN Status The following table describes the labels in this screen Table 33 Advanced Application VLAN VLAN Status LABEL DESCRIPTION VLAN Search by VID Enter an existing VLAN ID number s separated by a comma and click Search to display only the specified VLAN s in the list below Leave this field blank and click Search to display all VLANs...

Page 97: ...d VLAN Change Pages Click Previous or Next to show the previous next screen if all status information cannot be seen in one screen Table 33 Advanced Application VLAN VLAN Status continued LABEL DESCRIPTION Table 34 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Stat...

Page 98: ...ink in the VLAN Configuration screen to display the screen as shown next Table 35 Advanced Application VLAN VLAN Configuration LABEL DESCRIPTION Static VLAN Setup Click Click Here to configure the Static VLAN for the Switch VLAN Port Setup Click Click Here to configure the VLAN Port for the Switch Subnet Based VLAN Setup Click Click Here to configure the Subnet Based VLAN for the Switch Protocol B...

Page 99: ...nge is between 1 and 4094 Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Control Select Norm al f...

Page 100: ...e done configuring Cancel Click Cancel to change the fields back to their last saved values Clear Click Clear to start configuring the screen again VID This field displays the ID number of the VLAN group Click the number to edit the VLAN settings Active This field indicates whether the VLAN settings are enabled Yes or disabled No Name This field displays the descriptive name for this VLAN group Se...

Page 101: ...make them I ngress Check If this check box is selected the Switch discards incoming frames on a port for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and ...

Page 102: ...ure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly That is video services receive the highest priority and data the lowest Figure 77 Subnet Based VLAN Application Example 9 6 1 Configuring Subnet Based VLAN Click the Subnet Based VLAN Setup ...

Page 103: ...ha numeric characters to identify this subnet based VLAN IP Enter the IP address of the subnet for which you want to configure this subnet based VLAN Mask Bits Enter the bit number of the subnet mask To find the bit number convert the subnet mask to binary format and add all the 1 s together Take 255 255 255 0 for example 255 converts to eight 1s in binary There are three 255s so add three eights ...

Page 104: ...eam Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 79 Protocol Based VLAN Application Example 9 7 1 Configuring Protocol Based VLAN Click the Protocol Based VLAN Setup link in the VLAN Configuration screen to display the configuration screen as shown Active This field shows w...

Page 105: ...hexadecimal notation is 0800 and Novell IPX protocol is 8137 Note Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based VLANs VID Enter the ID of a VLAN to which the port belongs This must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belo...

Page 106: ...ue Identifiers OUI Click the Voice VLAN Setup link in the VLAN Configuration screen to display the configuration screen as shown Figure 81 Advanced Application VLAN VLAN Configuration Voice VLAN Setup VID This field shows the VLAN ID of the port Priority This field shows the priority which is assigned to frames belonging to this protocol based VLAN Select an entry s check box to select a specific ...

Page 107: ...ly Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to default settings Voice VLAN OUI Setup ...

Page 108: ...rom 1 to 4094 for the VLAN ID that is associated with the MAC based VLAN entry Priority Type a priority 0 7 for the MAC based VLAN entry The higher the numeric value you assign the higher the priority for this MAC based VLAN entry Add Click Add to save the new MAC based VLAN entry Cancel Click Cancel to clear the fields in the MAC based VLAN entry I ndex This field displays the index number of the...

Page 109: ...g port that is a port through which a data packet leaves for both ports Port based VLANs are specific only to the Switch on which they were created Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as I P Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU man...

Page 110: ...Chapter 9 VLAN GS2210 Series User s Guide 110 Figure 83 Advanced Application VLAN Port Based VLAN Setup All Connected ...

Page 111: ...Chapter 9 VLAN GS2210 Series User s Guide 111 Figure 84 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Page 112: ...ter you make your selection click Apply top right of screen to display the screens as mentioned above You can still customize these settings by adding deleting incoming or outgoing ports but you must also click Apply at the bottom of the screen I ncoming These are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscr...

Page 113: ... Figure 85 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 2 Change the value in the Port field to the next port you want to add 3 Click Add ...

Page 114: ...tatic MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to acce...

Page 115: ... the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh I ndex Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwarding rule is active Yes or not...

Page 116: ...t group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to a...

Page 117: ...rwarding to Multiple Ports 11 2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific port s Click Advanced Application Static Multicast Forw arding to display the configuration screen as shown Figure 90 Advanced Application Static Multicast Forwarding ...

Page 118: ... and 5 Enter 3 5 7 for ports 3 5 and 7 Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring th...

Page 119: ...r destination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 119 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 91 Advanced Application...

Page 120: ...the VLAN group identification number Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the f...

Page 121: ...Switch Use theRapid Spanning Tree Protocol screen Section 13 4 on page 125 to configure RSTP settings Use theRapid Spanning Tree Protocol Status screen Section 13 5 on page 127 to view the RSTP status Use theMultiple Rapid Spanning Tree Protocol screen Section 13 6 on page 129 to configure MRSTP Use theMultiple Rapid Spanning Tree Protocol Status screen Section 13 7 on page 131 to view the MRSTP s...

Page 122: ...is switch has been accepted as the root bridge of the spanning tree network For each LAN segment a designated bridge is selected This bridge has the lowest cost to the root among the bridges connected to the LAN How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port and the ports that are the designated ports for connected LANs and disables all othe...

Page 123: ...MRSTP on the Switch and specify which port s belong to which spanning tree Note Each port can belong to one STP tree only Figure 92 MRSTP Network Example Multiple STP Multiple Spanning Tree Protocol IEEE 802 1s is backward compatible with STP RSTP and addresses the limitations of existing spanning tree protocols STP and RSTP in networks to include the following features Table 47 STP Port States PO...

Page 124: ...col status screen changes depending on what standard you choose to implement on your network Click Advanced Application Spanning Tree Protocol to see the screen as shown Figure 93 Advanced Application Spanning Tree Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration ...

Page 125: ...ced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 121 for background information on STP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is tu...

Page 126: ... selected from among the Switch ports attached to the network The allowed range is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that w...

Page 127: ...ee Table 46 on page 122 for more information Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 49 Advanced Application S...

Page 128: ...ated bridge for each connected LAN segment A designated bridge has the lowest path cost to the root bridge among the bridges connected to the LAN segment All the ports on a root bridge root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port moves to the forwarding state when the designated...

Page 129: ...P The following table describes the labels in this screen Table 51 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure 98 on page 131 Tree This is a read only index number of the STP trees Active Select this check box to activate an STP tree Clear this checkbox to disable an STP tree Note You must also activate Multi...

Page 130: ... Age 2 Hello Time 1 Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate STP on th...

Page 131: ...afresh Table 51 Advanced Application Spanning Tree Protocol MRSTP continued LABEL DESCRIPTION Table 52 Advanced Application Spanning Tree Protocol Status MRSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate Click MRSTP to edit MRSTP settings on the Switch Tree Select which STP tree configuration you want to view Bridge Root refers to the base of ...

Page 132: ...ding port on the designated bridge for each connected LAN segment A designated bridge has the lowest path cost to the root bridge among the bridges connected to the LAN segment All the ports on a root bridge root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port moves to the forwarding st...

Page 133: ...otocol MSTP LABEL DESCRIPTION Port Click Port to display the MSTP Port screen see Figure 100 on page 136 Status Click Status to display the MSTP Status screen see Figure 101 on page 137 Active Select this to activate MSTP on the Switch Clear this to disable MSTP on the Switch Note You must also activate Multiple Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen ...

Page 134: ... memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Instance Use this section to configure MSTI Multiple Spanning Tree Instance settings I nstance Enter the number you want to use to identify...

Page 135: ...e according to the speed of the bridge The slower the media the higher the cost see Table 46 on page 122 for more information Add Click Add to save this MST instance to the Switch s run time memory The Switch loses this change if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Clic...

Page 136: ... soon as you make them Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge...

Page 137: ... after you activate MSTP on the Switch Figure 101 Advanced Application Spanning Tree Protocol Status MSTP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin c...

Page 138: ...ield displays the revision number for this MST region Configuration Digest A configuration digest is generated from the VLAN MSTI mapping information This field displays the 16 octet signature that is included in an MSTP BPDU This field displays the digest when MSTP is activated on the system Topology Changed Times This is the number of times the spanning tree has been reconfigured Time Since Last...

Page 139: ...designated port for the LAN segment fails Backup A blocked port which has a backup redundant path to a LAN segment where a designated port is already connected when a switch has two links to the same LAN segment Disabled Not strictly part of STP The port can be disabled manually Designated Bridge I D This field displays the identifier of the designated bridge to which this port belongs when the po...

Page 140: ...work devices that appears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the same MST region are configured to have the sa...

Page 141: ...MST regions Regions 1 and 2 have 2 spanning tree instances Figure 104 MSTIs in Different Regions 13 10 4 Common and Internal Spanning Tree CIST A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled networ...

Page 142: ...ndwidth control means defining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 1 1 What You Can Do Use the Bandw idth Control screen Section 14 2 on page 142 to limit the bandwidth for traffic going through the Switch 14 2 Bandwidth Control Setup Click Advanced Application Bandw idth Control in the navigation panel to bring up the screen as shown next ...

Page 143: ... to all the ports as soon as you make them Active Select this check box to activate ingress rate limits on this port I ngress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Note Ingress rate bandwidth control applies to layer 2 traffic only Active Select this check box to activate egress rate limits on this port Egress Rate Specify th...

Page 144: ...t multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 1 1 What You Can Do Use the Broadcast Storm Control screen Section 15 2 on page 144 to limit the number of broadcast multicast and destination lookup failure DLF pac...

Page 145: ...settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destina...

Page 146: ...can examine the traffic from the monitor port without interference 16 1 1 What You Can Do Use the Mirroring screen Section 16 2 on page 146 to select a monitor port and specify the traffic flow to be copied to the monitor port 16 2 Port Mirroring Setup Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify t...

Page 147: ...s row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by select...

Page 148: ...data as one logical link in the trunk group and so on Use theLink Aggregation Setting screen Section 17 3 on page 151 to configure to enable static link aggregation Use theLink Aggregation Control Protocol screen Section 17 3 1 on page 153 to enable Link Aggregation Control Protocol LACP 17 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a properly pl...

Page 149: ...switch to avoid causing network topology loops Link Aggregation ID LACP aggregation ID consists of the following information1 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Link Aggregation Status screen displays by default See Section 17 1 on page 148 for more information Table 59 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KE...

Page 150: ...ve configured in the Link Aggregation screen to be in the trunk group The port number s displays only when this trunk group is activated and there is a port belonging to this group Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group Aggregator ID Link Aggregator ID consists of the following system priority MAC address key port priorit...

Page 151: ...es traffic based on the packet s destination MAC address src dst m ac means the Switch distributes traffic based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes traffic based on the packet s destination IP address src dst ip means the Switch distributes traf...

Page 152: ...ls in this screen Table 62 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select this option to activate a trunk group ...

Page 153: ...on MAC address Select src dst m ac to distribute traffic based on a combination of the packet s source and destination MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the packet s source and destination IP addre...

Page 154: ... following table describes the labels in this screen Table 63 Advanced Application Link Aggregation Link Aggregation Setting LACP LABEL DESCRIPTION Link Aggregation Control Protocol Note Do not configure this screen unless you want to enable dynamic link aggregation Active Select this checkbox to enable Link Aggregation Control Protocol LACP ...

Page 155: ...on to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interva...

Page 156: ...on Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 113 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete A B ...

Page 157: ...thentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 18 1 1 What You Can Do Use thePort Authentication screen Section 18 2 on page 159 to display the links to the configuration screens where you can enable the port authentication methods Use the8 0 2 1 x screen Section 18 3 on page 159 to activate IEEE 802 1x security Use theMAC Authentica...

Page 158: ...lient for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch Figure 115 MAC Authentication Process New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied New Connection ...

Page 159: ...ver Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Select a port authentication method s link in the screen that appears Figure 116 Advanced Application Port Authentication 18 3 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication screen click 8 0 2 1 x to display the configurat...

Page 160: ...rmit 802 1x authentication on this port You must first allow 802 1x authentication on the Switch before configuring it on each port Max Req Specify the number of times the Switch tries to authenticate client s before sending unresponsive ports to the Guest VLAN This is set to 2 by default That is the Switch attempts to authenticate a client twice If the client does not respond to the first authent...

Page 161: ... VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication 8 0 2 1 x screen click Guest Vlan to display the configuration screen as shown Figure 119 Advanced Application Port Authentication 802 1x Guest VLAN Internet 2 VLAN 100 A VLAN 102 ...

Page 162: ...E 802 1x authentication on the Switch and the associated ports Enter the number that identifies the guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to authenticate only the first user that connects to this port I f the first user enters the correct credentia...

Page 163: ... Switch Note You must first enable MAC authentication on the Switch before configuring it on each port Name Prefix Type the prefix that is appended to all MAC addresses sent to the RADIUS server for authentication You can enter up to 32 printable ASCII characters If you leave this field blank then only the MAC address of the client is forwarded to the RADIUS server Password Type the password the S...

Page 164: ...he setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to permit MAC authentication on this port You must first allow MAC authentication on the Switch before configuring it on each port Trusted VLAN List Enter the ID number s of the trusted VLAN...

Page 165: ...urity enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activated 19 1 1 What You Can Do Use the Port Security screen Section 19 2 on page 165 to ...

Page 166: ... become static MAC addresses and display in the Static MAC Forw arding screen MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list Active Select this option to enable port security on the Switch Port This field displays the port number Settings in this row apply to all por...

Page 167: ...e number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device would have to wait until one of the five learned MAC addresses aged out MAC address aging out time can be set in the Sw itch Setup screen The valid range is from 0 to 16384 0 mea...

Page 168: ...me schedules are effective only once while recurring schedules usually repeat Both types of schedules are based on the current date and time in the Switch 20 1 1 What You Can Do Use the Tim e Range screen Section 20 2 on page 168 to view or define a schedule on the Switch 20 2 Configuring Time Range Click Advanced Application Tim e Range in the navigation panel to display the screen as shown Figur...

Page 169: ... week hour and minute when the schedule begins and ends respectively Select the second option if you want to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the same day Add Click Ad...

Page 170: ...data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific criteria such as th...

Page 171: ... LABEL DESCRIPTION I ndex This field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Weight This field displays the rule s weight This is to indicate a rule s priority when the match order is set to m anual in the Classifier Classifier Global Setting screen The higher the number the...

Page 172: ...Chapter 21 Classifier GS2210 Series User s Guide 172 Figure 124 Advanced Application Classifier Classifier Configuration ...

Page 173: ...on and specify a priority level in the field provided Ethernet Type Select an Ethernet type or select Other and enter the Ethernet type number in hexadecimal value Refer to Table 72 on page 175 for information Source MAC Address Select Any to apply the rule to all MAC addresses To specify a source select MAC Mask to enter the source MAC address of the packet in valid MAC address format six hexadec...

Page 174: ...decimal notation Specify the address prefix by entering the number of ones in the subnet mask A subnet mask can be represented in a 32 bit notation For example the subnet mask 255 255 255 0 can be represented as 11111111 11111111 11111111 00000000 and counting up the number of ones in this case results in 24 Socket Number Note You must select either UDP or TCP in the IP Protocol field before you c...

Page 175: ...ndex number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Weight The field displays the priority of the rule when the match order is in m anual mode A higher weight means a higher priority Name This field displays the descriptive name for this rule This is for identification purpose only Rule This field di...

Page 176: ...ormation on commonly used port numbers 21 4 Classifier Global Setting Use this screen to configure the match order and enable logging on the Switch In the Classifier Configuration screen click Classifier Global Setting to display the configuration screen as shown Figure 126 Advanced Application Classifier Classifier Configuration Classifier Global Setting Table 73 Common IP Protocol Types and Prot...

Page 177: ...e layer of the item configured in the rule Layer 4 items have the highest priority and layer 2 items has the lowest priority For example you configure a layer 2 item VLAN ID in classifier A and configure a layer 3 item source IP address in classifier B When an incoming packet matches both classifier rules classifier B has priority over classifer A Logging Active Select this to allow the Switch to ...

Page 178: ...Chapter 21 Classifier GS2210 Series User s Guide 178 Figure 127 Classifier Example ...

Page 179: ... ensures that a traffic flow gets the requested treatment in the network 22 1 1 What You Can Do Use the Policy screen Section 22 2 on page 179 to enable the policy and display the active classifier s you configure in the Classifier screen 22 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 21 3 on page 171 for more information Click Advance...

Page 180: ...er screen Select the classifier s to which this policy rule applies To select more than one classifier press SHIFT and select the choices at the same time Parameters Set the fields below for this policy You only have to set the field s that is related to the action s you configure in the Action field General VLAN ID Specify a VLAN ID number Egress Port Type the number of an outgoing port Priority ...

Page 181: ...itation the Switch will discard the packets immediately I f Policy 1 applies to Class 1 and the action is to forward the packets to the egress port Policy 2 applies to Class 2 and the action is to enable bandwidth limitation the Switch will forward the packets Forwarding Select No change to forward the packets Select Discard the packet to drop the packets Priority Select No change to keep the prio...

Page 182: ...gure a policy to limit bandwidth on a traffic flow classified using the Exam ple classifier refer to Section 21 5 on page 177 Figure 129 Policy Example Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 76 Advanced Application Policy Rule continued LABEL DESCRIPTION ...

Page 183: ...hen that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwid...

Page 184: ... field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than queues with smaller weights This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied 23 2 Configuring Queuing Use this sc...

Page 185: ...the W eight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue weight the number you configure in the queue W eight field Queues with larger weights get more service than queues with smaller weights Weight When you select W FQ or W RR enter the queue weight here Ban...

Page 186: ...24 3 1 on page 191 to enable IGMP snooping to forward group multicast traffic only to ports that are members of that group Use theI Pv6 Multicast Status screen Section 24 4 on page 196 to view multicast group information Use theMLD Snooping proxy screen Section 24 4 1 on page 197 to enable the upstream port to report group changes to a connected multicast router and forward MLD messages to other u...

Page 187: ...he VLANs that IGMP snooping should be performed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN MLD Snooping proxy MLD snooping proxy is a ZyXEL proprietary feature IPv6 MLD proxy allows only one upstream interface on a switch while MLD snooping proxy supports more than o...

Page 188: ...MVR Overview Multicast VLAN Registration MVR is designed for applications such as Media on Demand MoD that use multicast traffic across an Ethernet ring based service provider network MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network While isolated in different subscriber VLANs connected devices can subscribe to and unsubscribe from the multicast str...

Page 189: ...a multicast television example where a subscriber device such as a computer in VLAN 1 receives multicast traffic from the streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A sends an IGMP report to the Switch to join the appropriate multicast group If the ...

Page 190: ...Multicast I Pv4 Multicast to display the screen as shown This screen shows the IPv4 multicast group information See Section 24 1 on page 186 for more information on multicasting Figure 134 Advanced Application Multicast IPv4 Multicast S Multicast VLAN VLAN 1 A Table 78 Advanced Application Multicast Setup LABEL DESCRIPTION IPv4 Multicast Click the link to open screens where you can configure IGMP ...

Page 191: ...hown See Section 24 1 on page 186 for more information on multicasting Figure 135 Advanced Application Multicast IPv4 Multicast IGMP Snooping Table 79 Advanced Application Multicast IPv4 Multicast LABEL DESCRIPTION I ndex This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group T...

Page 192: ...r will not forward a packet with the destination IP address within this range to other networks See the IANA web site for more information The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01 00 0C CC CC CC and 01 00 0C CC CC CD are also included in this group Specify the action to perform when the Switch receives a frame with a reserved multicast address Select Drop to discard t...

Page 193: ...can join is reached Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table entry is aged out Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report s received on this port I GMP Filtering Profile Select the name of the IGMP filtering profile to use for this port Otherwise select Default to proh...

Page 194: ... Pv4 Multicast I GMP Snooping screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh VLAN Use this section of the scre...

Page 195: ... number of the IGMP snooping VLAN entry in the table Click on an index number to view more details or change the settings Name This field displays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entry ...

Page 196: ... multicast address range End Address This field displays the end of the multicast address range Delete Profile Select a profile s check box to select a specific profile Otherwise select the check box in the table heading row to select all profiles Delete Rule Select the check box es of the rule s that you want to remove from a profile Delete To delete the profile s and all the accompanying rules s...

Page 197: ...4 1 on page 186 for more information on multicasting Table 84 Advanced Application Multicast IPv6 Multicast MLD Snooping proxy LABEL DESCRIPTION MLD Snooping proxy Use these settings to configure MLD snooping proxy Active Select Active to enable MLD snooping proxy on the Switch to minimize MLD control messages and allow better network performance 802 1p Priority Select a priority level 0 7 to whic...

Page 198: ...mount of time in miliseconds the router connected to the upstream port waits for a response to an MLD general query message This value should be exactly the same as what s configured in the connected multicast router This value is used to calculate the amount of time an MLD snooping membership entry learned only on the upstream port can remain in the forwarding table When an MLD Report message is ...

Page 199: ...al query messages sent by the downstream port Maximum Response Delay Enter the maximum time in miliseconds that the Switch waits for a response to a general query message sent by the downstream port Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Sa...

Page 200: ...oxy Port Role Setting LABEL DESCRIPTION MLD Snooping proxy VLAN ID Select the VLAN ID for which you want to configure a port s MLD snooping proxy settings Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port...

Page 201: ...ve timeout Norm al or fast leave timeout Fast when an MLD leave message is received on this port from a host Leave Timeout Enter the MLD snooping normal leave timeout in milliseconds the Switch uses to update the forwarding table for the specified downstream port s This defines how many seconds the Switch waits for an MLD report before removing an MLD snooping membership entry learned on a downstr...

Page 202: ...t to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Group Limit Select this option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast group...

Page 203: ...ng proxy Filtering LABEL DESCRIPTION Table 88 Advanced Application Multicast IPv6 Multicast MLD Snooping proxy Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes To configure additional rule s for a profile that you have already added enter the profile name and specify a different IP multicast address range Start Address Type the s...

Page 204: ...descriptive name of the profile Start Address This field displays the start of the multicast IPv6 address range End Address This field displays the end of the multicast IPv6 address range To delete the profile s and all the accompanying rules select the profile s that you want to remove then click the Delete button You can select the check box in the table heading row to select all profiles To del...

Page 205: ...up to 32 printable ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP or MLD control packets belonging to this multicast VLAN Mode Specify the MVR mode on the Switch Choices are Dynam ic and Com patible Select Dynam ic to send IGMP r...

Page 206: ...fic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes t...

Page 207: ...ticast group Refer to IP Multicast Addresses on page 186 for more information on I P multicast addresses Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Cl...

Page 208: ...146 MVR Configuration Example To configure the MVR settings on the Switch create a multicast VLAN in the MVR screen and set the receiver and source ports Delete Select the entry ies that you want to remove then click the Delete button to remove the selected entry ies from the table If you delete a multicast VLAN all multicast groups in this VLAN will also be removed Cancel Select Cancel to clear t...

Page 209: ...mple To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two IPv4 multicast groups New s and Movie are configured for the multicast VLAN 200 EXAMPLE ...

Page 210: ...Chapter 24 Multicast GS2210 Series User s Guide 210 Figure 148 MVR Group Configuration Example 1 Figure 149 MVR Group Configuration Example 2 EXAMPLE EXAMPLE ...

Page 211: ...configure your RADIUS server settings Use theTACACS Server Setup screen Section 25 4 on page 214 to configure your TACACS authentication settings Use theAAA Setup screen Section 25 5 on page 216 to configure authentication authorization and accounting settings such as the methods used to authenticate users accessing the Switch and which database the Switch should use first 25 1 2 What You Need to ...

Page 212: ...users by means of an external server instead of or in addition to an internal device user database that is limited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some key differences between RADIUS and TACACS 25 2 AAA Screens The AAA screens allow you to e...

Page 213: ...y valid if you configure multiple RADIUS servers Select index priority and the Switch tries to authenticate with the first configured RADI US server if the RADI US server does not respond then the Switch tries to authenticate with the second RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in second...

Page 214: ...uring this screen afresh Accounting Server Use this section to configure your RADIUS accounting server settings Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the RADIUS accounting server I ndex This is a read only number representing a RADIUS accounting server entry I P Address Enter the I P address of an external RADIUS accounting serv...

Page 215: ...u are using index priority for your authentication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first TACACS server for 15 seconds and then tries the second TACACS server I ndex This is a read only number representing a TACACS server entry I ...

Page 216: ...r the I P address of an external TACACS accounting server in dotted decimal notation TCP Port The default port of a TACACS accounting server is 4 9 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external TACACS accounting server and the Switch This key is n...

Page 217: ...I Reference Guide for local authentication The TACACS and RADI US are external servers Before you specify the priority make sure you have set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate the access privilege level of administrators The Switch checks the methods in the order you configure them first Method 1 then Method 2 and final...

Page 218: ...e Select this to allow an administrator which logs in the Switch through the console port to have different access privilege level assigned via the external server Method Select whether you want to use RADIUS or TACACS for authorization of specific types of events RADIUS is the only method for IEEE 802 1x authorization Accounting Use this section to configure accounting settings on the Switch Upda...

Page 219: ...at comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server Mode The Switch supports two modes of recording login events Select start stop to have the Switch send information to the accounting server when a user begins a session during a user s session if it lasts past the Update Period and when a user ends a session stop only to have the Switch send in...

Page 220: ...d for authentication This section lists the attributes used by authentication functions on the Switch In cases where the attribute has a specific format associated with it the format is specified Table 95 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment Vendor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 ...

Page 221: ...User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 25 6 3 2 Attributes Used to Login Users User Name User Password NAS Identifier NAS IP Address 25 6 3 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS Identifier NAS IP Address NAS Port NAS Port Type This value is set to Ethernet 1 5 on the Switch Ca...

Page 222: ...indings for DHCP snooping and ARP inspection Use theDHCP Snooping screen Section 26 5 on page 227 to look at various statistics about the DHCP snooping database Use thisDHCP Snooping Configure screen Section 26 6 on page 230 to enable DHCP snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use theDHCP Snoop...

Page 223: ...ffic from all link local addresses Use theI Pv6 Source Guard Port Setup screen Section 26 15 on page 248 to apply configured IPv6 source guard policies to the ports you specify Use theI Pv6 Snooping Policy Setup screen Section 26 16 on page 249 to dynamically create an IPv6 source guard binding table using a DHCPv6 snooping policy A DHCPv6 snooping policy lets the Switch sniff DHCPv6 packets sent ...

Page 224: ...r ARP inspection and look at various statistics I Pv6 Source Binding Status Click the link to open a screen where you can view the current IPv6 dynamic and static bindings or remove dynamic bindings based on IPv6 address and or IPv6 prefix I Pv6 Static Binding Setup Click the link to open a screen where you can manually create IPv6 source guard static binding entries I Pv6 Source Guard Policy Setu...

Page 225: ...BEL DESCRIPTION I ndex This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding I P Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how many days hours minutes and seconds the binding is valid for example 2 d3 h4 m 5 s means the binding is still valid for 2 days 3 h...

Page 226: ...le Port List Select this and enter the number of the port s separated by a comma ARP entries learned on the specified port s are added to the static bindings table after you click ARP Freeze VLAN List Select this and enter the ID number of the VLAN s separated by a comma ARP entries for the specified VLAN s are added to the static bindings table after you click ARP Freeze Static Binding MAC Addres...

Page 227: ...w long the binding is valid Type This field displays how the Switch learned the binding static This binding was learned from information provided manually by an administrator VLAN This field displays the source VLAN ID in the binding Port This field displays the port number in the binding If this field is blank the binding applies to all ports Select an entry s check box to select a specific entry...

Page 228: ... labels in this screen Table 100 Advanced Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database You can configure them in the DHCP Snooping Configure screen See Section 26 6 on page 230 Agent URL This field displays the location of the DHCP snooping database ...

Page 229: ...g database unsuccessfully Last failed reason This field displays the reason the Switch updated the DHCP snooping database unsuccessfully This section displays historical information about the number of times the Switch successfully or unsuccessfully read or updated the DHCP snooping database Total attempts This field displays the number of times the Switch has tried to access the DHCP snooping dat...

Page 230: ...xpired leases This field displays the number of bindings the Switch ignored because the lease time had already expired Unsupported vlans This field displays the number of bindings the Switch ignored because the VLAN I D does not exist anymore Last ignored time This field displays the last time the Switch ignored any bindings for any reason from the DHCP binding database Total ignored bindings coun...

Page 231: ...en DHCP requests from different VLAN Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN Database If Tim eout interval is greater than W rite delay interval it is possible that the next update is scheduled to occur before the current update has finished successfully or timed out In this case the Switch waits to start the next update until it completes the curren...

Page 232: ...ad dynamic bindings from a different DHCP snooping database than the one specified in Agent URL When the Switch loads dynamic bindings from a DHCP snooping database it does not discard the current dynamic bindings first If there is a conflict the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen Section 26 5 on page 227 Apply...

Page 233: ... Source Guard Setup DHCP Snooping Configure Port LABEL DESCRIPTION Port This field displays the port number If you configure the port the settings are applied to all of the ports Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Chang...

Page 234: ...FER ACK or NACK The source MAC address and source IPaddress in the packet do not match any of the current bindings The packet is a RELEASE or DECLINEpacket and the source MAC address and source port do not match any of the current bindings The rate at which DHCP pa ckets arrive is too high Rate pps Specify the maximum number for DHCP packets 1 2048 that the Switch receives from each port each seco...

Page 235: ...n the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to all ports in the specified VLAN s The Switch adds the information such as slot number port number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts ...

Page 236: ...number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen see Section 26 6 on page 230 The profile you select here has priority over the one you select in the DHCP Snooping Configure VLAN screen Add Click this to create a new entry or to update an existing ...

Page 237: ...ID This field displays the source VLAN ID in the MAC address filter Port This field displays the source port of the discarded ARP packet Expiry sec This field displays how long in seconds the MAC address filter remains in the Switch You can also delete the record manually Delete Reason This field displays the reason the ARP packet was discarded MAC VLAN The MAC address and VLAN ID were not in the ...

Page 238: ...abled in the section below Selected VLAN Select this to look at all the VLANs in a specific range in the section below Then enter the lowest VLAN ID Start VI D and the highest VLAN ID End VI D you want to look at Apply Click this to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above Received This field displays th...

Page 239: ...RP packet Sender IP This field displays the source IP address of the ARP packet Num Pkts This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message You can configure this interval in the ARP I nspection Configure screen See Section 26 10 on ...

Page 240: ...fic VLAN and specify trusted ports Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters Enter how long 1 2147483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Enter 0 if you want the MAC address filter to be permanent Log Prof...

Page 241: ...ate and Log interval is illustrated in the following examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the Switch sends 5 syslog messages every 2 seconds Log interval Enter how often 1 86400 seconds the Switch sends a batch of syslog messages to the syslog ...

Page 242: ...me settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP...

Page 243: ...maximum of 75 ARP packets in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset t...

Page 244: ... or IPv6 prefix Bindings are used to distinguish between authorized and unauthorized packets in the network The Switch learns the bindings by snooping DHCP packets dynamic bindings and from information provided manually by administrators static bindings To open this screen click Advanced Application I P Source Guard I Pv6 Source Binding Status Log Specify when the Switch generates log messages for...

Page 245: ...ries according to your selections Cancel Click this to reset the values above based or if not applicable to clear the fields above I ndex This field displays a sequential number for each binding Source Address This field displays the source IP address in the binding If the entry is blank this field will not be checked in the binding MAC Address This field displays the source MAC address in the bin...

Page 246: ...se Any for all three of MAC Address VLAN and Port You must fill in at least one VLAN Enter the source VLAN ID in the binding If this binding doesn t check this field select Any Port Specify the port s in the binding If this binding has one port select the first radio button and enter the port number in the field to the right If this binding applies to all ports select Any Add Click this to create ...

Page 247: ...n traffic matching either IPv6 address or prefix will be forwarded Figure 171 Advanced Application IP Source Guard IPv6 Source Guard Policy Setup The following table describes the labels in this screen Port This field displays the port number in the binding If this field is blank the binding applies to all ports Select an entry s check box to select a specific entry Otherwise select the check box ...

Page 248: ... the values above or if not applicable to clear the fields above Clear Click this to clear the fields above I ndex This field displays a sequential number for each policy Name This field displays the descriptive name for identification purposes for this IPv6 source guard policy Validate Address This field displays the Validate Address status for this IPv6 source guard policy Validate Prefix This f...

Page 249: ...eld displays the port number I f you configure the port the settings are applied to all of the ports Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Policy Nam...

Page 250: ...xes learned using the IPv6 snooping policy Note The maximum limit address count is the maximum size of the IPv6 source guard binding table At the time of writing it is 50 for the GS2210 Switch series See the product datasheet for the latest specifications Add Click this to create the specified IPv6 snooping policy or to update an existing one Cancel Click this to reset the values above based or if...

Page 251: ...urce Guard IPv6 Snooping VLAN Setup LABEL DESCRIPTION I nterface Select the VLAN interface to apply the selected DHCPv6 snooping policy Policy Select the IPv6 snooping policy to apply to this VLAN interface Add Click this to create the VLAN interface to IPv6 snooping policy association Cancel Click this to reset the values above based or if not applicable to clear the fields above Clear Click this...

Page 252: ...rt are discarded Use port to have all ports be Untrusted or Trusted Figure 175 Advanced Application IP Source Guard IPv6 DHCP Trust Setup The following table describes the labels in this screen Table 117 Advanced Application IP Source Guard IPv6 DHCP Trust Setup LABEL DESCRIPTION Active Select this to specify whether ports are trusted or untrusted ports for DHCP snooping If you do not select this ...

Page 253: ...packet is a DHCP server packet for example O FFER ACK or NACK The source MAC address and source IP address in th e packet do not match any of the current bindings Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row a...

Page 254: ...een the bindings in the latest update and the bindings from previous updates Each binding consists of 72 bytes a space and another checksum that is used to validate the binding when it is read If the calculated checksum is not equal to the checksum in the file that binding and all others after it are ignored 26 19 1 3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests...

Page 255: ...epts the ARP request for computer A Then computer X does the following things It pretends to be computerA and responds to computer B It pretends to be computerB and sends a message to computer A As a result all the communication between computer A and computer B passes through computer X Computer X can read and alter the information passed between them 26 19 2 1 ARP Inspection and MAC Address Filt...

Page 256: ... The rate at which ARP packets arrive is too high 26 19 2 3 Syslog The Switch can send syslog messages to the specified syslog server Chapter 46 on page 389 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient 26 19 2 4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the ...

Page 257: ...nformation 27 1 1 What You Can Do Use the Loop Guard screen Section 27 2 on page 259 to enable loop guard on the Switch and in specific ports 27 1 2 What You Need to Know Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a sw...

Page 258: ... is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 180 Loop Gua...

Page 259: ...ia the web configurator see Section 8 7 on page 72 or via commands See the CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Application Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol RSTP MRSTP or MSTP enabled Figure 182 Advanced Application Loop Guard A P P N P ...

Page 260: ...ke adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the switch it is connected to is in loop state If the switch that this port is connected is in loop state the Switch will shut down this port Clear th...

Page 261: ...TP VLAN Trunking Protocol packets between customer switches A B and C in the following figure connected through the service provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 183 Layer 2 Protocol Tunneling Network Scenario In the following example if you enable ...

Page 262: ... Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports TheTunnel port is an egress port at the edge of the service provider s network and connected to another service provider s switch Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port 28 2 Configuring Layer 2 Protocol Tunnel...

Page 263: ... either a unicast MAC address or multicast MAC address If you use a unicast MAC address make sure the MAC address does not exist in the address table of a switch on the service provider s network Note All the edge switches in the service provider s network should be set to use the same MAC address for encapsulation Port This field displays the port number Use this row to make the setting the same ...

Page 264: ...ption to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups UDLD Select this option to have the Switch send UDLD packets to a peer s port it connected to monitor the physical status of a link Mode Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and forward them to the tunnel port s Select Access for ingress ports at the ed...

Page 265: ...on the Switch Use thePPPoE I A Per Port screen Section 29 3 1 on page 269 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use thePPPoE I A Per Port Per VLAN screen Section 29 3 2 on page 270 to configure PPPoE IA settings that apply to a specific VLAN on a port Use thePPPoE I A for VLAN Section 29 3 3 on page 271 to enable the PPPoE Intermediate Agent o...

Page 266: ...he Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or the VLAN ID on the PPPoE packet The identifier string slot ID port number and VLAN ID are separated from each other by a pound key semi colon period comma forward slash or space An Agent Circuit ID Sub o...

Page 267: ...ent but received on a trusted port the Switch forwards it to other trusted port s Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trusted ports Untrusted ports are connected to subscribers If a PADI PADR or PADT packet is sent from aPPPoE client and received on an untrusted port the Switch adds a vendor specific tag to the packet an...

Page 268: ... specific port in the Advanced Application PPPoE I nterm ediate Agent Port screen or for a specific VLAN on a port in the Advanced Application PPPoE I nterm ediate Agent Port VLAN screen has priority over this That means if you also want to configure PPPoE IA Per Port or Per Port Per VLAN setting leave the fields here empty and configure circuit id and remote id in the Per Port or Per Port Per VLA...

Page 269: ...creen as shown Figure 188 Advanced Application PPPoE Intermediate Agent Port delimiter Select a delimiter to separate the identifier string slot ID port number and or VLAN ID from each other You can use a pound key semi colon period comma forward slash or space Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power s...

Page 270: ...DI PADR or PADT packet is sent from a PPPoE client and received on an untrusted port the Switch adds a vendor specific tag to the packet and then forwards it to the trusted port s The Switch discards PADO and PADS packets which are sent from a PPPoE server but received on an untrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub opt...

Page 271: ...D This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Circuit id Enter a string of up to 63 ASCII characters that th...

Page 272: ... If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Enabled Select this option to turn on the PPPoE Intermediate Agent on a VLAN Circuit id Select this option to make the Circuit ID setting...

Page 273: ...loop guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent out the port s loop back to the Switch the Switch can shut down the port s automatically After that you need to enable the port s or allow the packets on a port manually via the web configurator or the comm...

Page 274: ... following screen Figure 191 Advanced Application Errdisable 30 3 Error Disable Status Use this screen to view whether the Switch detected that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related information Click the Click here link next to Errdisable Status in the Advanced Application ...

Page 275: ... a comma on which you want to reset inactive reason status Cause Select the cause of inactive reason mode you want to reset here Reset Press to reset the specified port s to handle ARP BPDU or IGMP packets instead of ignoring them if the port s is in inactive reason mode Errdisable Status Port This is the number of the port on which you want to configure Errdisable Status Cause This displays the t...

Page 276: ...disables the port inactive reason The Switch drops all the specified control packets such as BPDU on the port rate lim itation The Switch drops the additional control packets the port s has to handle in every one second Rate This field displays how many control packets this port can receive or transmit per second It can be adjusted in CPU Protection 0 means no rate limit Status This field displays...

Page 277: ...ry Changes in this row are copied to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure the action that the Switch takes when the limit is exceeded See Section 30 5 on page 278 for detailed information Apply Click Apply to save your changes to t...

Page 278: ... Use this row to make the setting the same for all entries Use this row first and then make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Active Select this option to have the Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below Mode Select the action that the Swit...

Page 279: ...r all entries Use this row first and then make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Timer Status Select this option to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port after the error was gone Deselect this option to turn off this rule Interval Enter the numbe...

Page 280: ...ed port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated port can communicate with the promiscuous port s only Note You can have up to one private VLAN rule for each VLAN Figure 196 Private VLAN Example Note Make sure you keep at least one port in the promiscuous port list for a VLAN with private VLAN enabled Otherwise...

Page 281: ... table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults I ndex ...

Page 282: ...ignal is sent to the link partner to return the link to active mode Auto Power Down Auto Pow er Dow n turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Pow er Dow n and operates normally Short Reach Traditional Ethe...

Page 283: ...he same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Short Reach Select this to activate Short Reach on this port Apply Click Apply to save your change...

Page 284: ...se basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optional The Switch also supports the IEEE 802 1 and IEEE 802 3 organizationally specific TLVs IEEE 802 1 specific TLVs Port VLAN ID TLV optional Port and Protocol VL...

Page 285: ...MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the LLDP MED network connectivity devices NCD like Switches and Routers will transmit LLDP TLV to endpoint device ED li...

Page 286: ...e labels in this screen Table 135 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices LLDP Configuration Click here to show a screen to configure LLDP parameters LLDP MED LLDP MED Configuration Click here to show a screen to...

Page 287: ...as shown next Figure 202 Advanced Application LLDP LLDP Local Status LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices location parameters Table 135 Advanced Applicatio...

Page 288: ...Switch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management The TLV may also include the system interface number and an object identifier OID that are associated with this management...

Page 289: ...Chapter 33 Link Layer Discovery Protocol LLDP GS2210 Series User s Guide 289 Figure 203 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail ...

Page 290: ...e AN Supported Displays if the port suppo rts or does not support auto negotiation AN Enabled The current auto neg otiation status of the port AN Advertised Capability The auto n egotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the...

Page 291: ...nfiguration Information LCI Table 137 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail LABEL DESCRIPTION Table 138 Advanced Application LLDP LLDP Remote Status LABEL DESCRIPTION Index The index number shows the number of remote devices that are connected to the Switch Click on an index number to view the detailed LLDP status for this remote device in the LLDP Rem ote Port ...

Page 292: ... for example 1 in the I ndex column in the LLDP Rem ote Status screen to display the screen as shown next Figure 205 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV The following table describes the labels in Basic TLV part of the screen Table 139 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV LABEL DESCRIPTION Local Port...

Page 293: ...arded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval Port Description TLV This displays the remote port description System Name TLV This displays the system name of the remote device System Description TLV This displays the system description of the remote device System Capabilities TLV This displays whether the system ca...

Page 294: ...DP Remote Port Status Detail Dot 1 and Dot3 TLV The following table describes the labels in the Dot1 and Dot3 parts of the screen Table 140 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device ...

Page 295: ...e AN Supported Displays if the port suppo rts or does not support auto negotiation AN Enabled The current auto neg otiation status of the port AN Advertised Capability The auto n egotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the...

Page 296: ...Chapter 33 Link Layer Discovery Protocol LLDP GS2210 Series User s Guide 296 Figure 207 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Page 297: ...his displays the MED capabilities the remote port supports Network Policy Location Extend Power via MDI PSE Extend Power via MDI PD Inventory Management Device Type TLV LLDP MED endpoint device classes Endpoint Class I Endpoint Class II Endpoint Class III Network Connectivity Network Policy TLV This displays a network policy for the specified application Voice Voice Signaling Guest Voice Guest Voi...

Page 298: ...xtended Power via MDI TLV Extended Power Via MDI Discovery enables detailed power information to be advertised by Media Endpoints such as I P phones and Network Connectivity Devices such as the Switch Power Type whether it is currently oper ating from primary power or is on backup power backup power may indicate to the Endpoint Device that it should move to a power conservation mode Power Source w...

Page 299: ... discarded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your ch...

Page 300: ...s row are copied to all the ports as soon as you make them Admin Status Select whether LLDP transmission and or reception is allowed on this port Disable not allowed Tx Only transmit only Rx Only receive only Tx Rx transmit and receive Notification Select whether LLDP notification is enabled on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these ...

Page 301: ...em Management Address Select the check box es to enable or disable the sending of Management Address TLVs on the port s Port Description Select the check box es to enable or disable the sending of Port Description TLVs on the port s System Capabilities Select the check box es to enable or to disable the sending of System Capabilities TLVs on the port s System Description Select the check box es to...

Page 302: ...em Dot1 TLV Port Protocol VLAN ID Select the check box es to enable or disable the sending of IEEE 802 1 Port and Protocol VLAN ID TLVs on the port s Port VLAN ID Select the check box es to enable or disable the sending of IEEE 802 1 Port VLAN I D TLVs on the port s All check boxes in this column are enabled by default Dot3 TLV Link Aggregation Select the check box es to enable or disable the send...

Page 303: ...MDI power support capabilities of the sending port on the remote device Port Class MDI Supported MDI Enabled Pair Controlable PSE Power Pairs Power Class Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are...

Page 304: ...he same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Notification Topology Change Select to enable LLDP MED topology change traps on this port MED TLV Setting Location Select to enable transmitting LLDP MED location TLV Network Policy Select to enable transmitting LLDP MED Network Polic...

Page 305: ... 0 representing use of the default DSCP value Priority Enter the priority value for the network policy Add Click Add after finish entering the network policy information A summary table will list all the Switch you ve added Cancel Click Cancel to begin entering the information afresh I ndex This field displays the of index number of the network policy Click an index number to edit the rule Port Th...

Page 306: ...cation Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitude altitude and datum Civic Address includes Country State County City Street and other related information Latitude Enter the latitude information The value should be from 0º to 90º The negative value represent...

Page 307: ...cal digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or I SDN trunk based PSAP The valid length is from 10 to 25 characters Add Click Add after finish entering the location information Cancel Click Cancel to begin entering the location information afresh Index This lists the index number of the location configuration Click an index n...

Page 308: ... select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the locations that you want to remove then click the Delete button Cancel Click Cancel to clear the selected check boxes Table 147 Advanced Application LLDP LLDP MED Location LABEL DESCRIPTION ...

Page 309: ...lly after the MAC aging time expires Note A port based threshold must be larger than the host based threshold or the host based threshold will not work 34 1 1 What You Can Do Use theAnti Arpscan Status screen Section 34 2 on page 310 to see what ports are trusted and are forwarding traffic or are disabled Use theAnti Arpscan Host Status screen Section 34 3 on page 310 to view blocked hosts and cle...

Page 310: ...k Advanced Application Anti Arpscan Figure 214 Advanced Application Anti Arpscan Status The following table describes the labels in this screen 34 3 Anti Arpscan Host Status Use this screen to view blocked hosts and unblock ones connected to certain ports To open this screen click Advanced Application Anti Arpscan Host Status Table 148 Advanced Application Anti Arpscan Status LABEL DESCRIPTION Ant...

Page 311: ...r Filtered host A filtered host is a blocked IP address Port List Type a port number or a series of port numbers separated by commas and spaces and then click Clear to unblock all hosts connected to these ports Filtered host This table lists information on blocked hosts I ndex This displays the index number of an IP address a host that has been blocked Host IP This displays the IP address of the b...

Page 312: ...bnet of IP addresses Type a subnet mask to create a single host or a subnet of hosts Add Click this to create the trusted host Cancel Click this to reset the values above based or if not applicable to clear the fields above Clear Click this to clear the fields above I ndex This field displays a sequential number for each trusted host Name This field displays the name of the trusted host Host IP Th...

Page 313: ... threshold rate for all hosts If the rate of a host is over the threshold then that host is blocked by using a MAC address filter A blocked host is released automatically after the MAC aging time expires Type the maximum number of ARP request packets allowed by a host before it is blocked Note The allowed range is 2 to 100 ARP request packets per second Note The port based threshold must be larger...

Page 314: ...ses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 151 Advanced Application Anti Arpscan Configure continued LABEL DESCRIPTION ...

Page 315: ...tch disables the port s automatically You can then enable the port s manually in the Basic Setting Port Setup screen Section 8 7 on page 72 or use the Errdisable Recovery screen see Section 30 6 on page 278 to have the port s become active after a certain time interval 35 1 1 What You Can Do Use theBPDU Guard Status screen Section 35 2 on page 315 to view the BPDU guard status Use theBPDU Guard Co...

Page 316: ...e BPDU Guard Status screen click Configuration to display the configuration screen as shown Table 152 Advanced Application BPDU Guard Staus LABEL DESCRIPTION BPDU guard globally configuration This field displays whether BPDU guard is activated on the Switch Port This is the number of the port on the Switch Active This shows whether BPDU guard is activated on the port Status This shows whether the ...

Page 317: ... then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the BPDU guard feature on this port The Switch shuts down this port if there is any BPDU received on the port Clear this check box to disable the BPDU guard feature Apply Click Apply to save your changes to the Switch s run time memory ...

Page 318: ...work connection problems The Switch supports the following IEEE 802 3ah features Discovery this identifies the devices oneach end of the Ethernet link and their OAM configuration Remote Loopback this can initiate a loopback tes t between Ethernet devices 36 1 1 What You Can Do Use theOAM Status screen Section 36 2 on page 318 to view the configuration of ports on which Ethernet OAM is enabled Use ...

Page 319: ...ows the port to issue and respond to Ethernet OAM commands Passive Allows the port to respond to Ethernet OAM commands Remote This section displays information about the remote device Mac Address This field displays the MAC address of the remote device OUI This field displays the OUI first three bytes of the MAC address of the remote device Mode This field displays the operational state of the por...

Page 320: ... OAM Details Use this screen to view OAM configuration details and operational status of a specific port Click a number in the Port column in the OAM Status screen to display the screen as shown next Figure 221 Advanced Application OAM Staus OAM Details ...

Page 321: ... loopback control PDUs to put the remote device into loopback mode Link events This field indicates whether or not the port can interpret link events such as link fault and dying gasp Link events are sent in event notification PDUs and indicate when the number of errors in a given interval time number of frames number of symbols or number of errored frame seconds exceeds a specified threshold Orga...

Page 322: ...umber of OAM packets transferred on the port of the Switch I nformation OAMPDU Tx This field displays the number of OAM PDUs sent on the port I nformation OAMPDU Rx This field displays the number of OAM PDUs received on the port Event Notification OAMPDU Tx This field displays the number of unique or duplicate OAM event notification PDUs sent on the port Event Notification OAMPDU Rx This field dis...

Page 323: ...ibes the labels in this screen Table 156 Advanced Application OAM OAM Configuration LABEL DESCRIPTION Active Select this option to enable Ethernet OAM on the Switch Port This field displays the Switch s port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon...

Page 324: ...the Switch to process loopback commands received on the port Otherwise clear the check box to have the Switch ignore loopback commands received on the port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you a...

Page 325: ...te or terminate a remote loopack test Start Click Start to initiate a remote loopback test from the specified port by sending Enable Loopback Control PDUs to the remote device Stop Click Stop to terminate a remote loopback test from the specified port by sending Disable Loopback Control PDUs to the remote device Table 157 Advanced Application OAM OAM Remote Loopback continued LABEL DESCRIPTION ...

Page 326: ...munication malfunction In the figure below S1 A is a bidirectional link as both ends can send packets to each other S1 B is unidirectional as B cannot send packets to S1 although the S1 B link is up Similarly S2 S1 is unidirectional as S1 cannot send packets to S2 although the S1 S2 link is up Figure 224 ZULD Overview 37 1 1 What You Can Do Use theZULD Status screen Section 37 2 on page 327 to see...

Page 327: ...ollowing Go toBasic Setting Port Setup Clear Active and click Apply Then select Active and click Apply again Go toApplication Errdiable Errdisable Recovery and set the interval for ZULD After the interval expires the closed port s will become active and start receiving packets again Use the commandport no inactive Refer to the ZULD logs to see when a unidirection al link is detected and when it is...

Page 328: ...ate where the port is not yet up Probe This indicates that ZULD is discovering the connected device on this link Bidirectional Traffic sent by the Switch is received by the connected device on this link and traffic from the connected device on this link is received by the Switch Unidirectional The state of the link between the port and its connected port cannot be determined either because no ZULD...

Page 329: ...irectional link by monitoring OAMPDUs Mode Select Norm al or Aggressive In Norm al mode ZULD only sends a syslog and trap when it detects a unidirectional link In Aggressive mode ZULD shuts down the port puts it into an ErrDisable state as well as sends a syslog and trap when it detects a unidirectional link Probe Time Type the length of time that ZULD waits before declaring that a link is unidire...

Page 330: ...through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from network N1 The Switch sends reply traffic to default gateway R1 which routes it back to the manager s computer The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2 Figure 227 Static Routin...

Page 331: ...ing IPv4 Static Route The following table describes the related labels you use to create a static route Table 160 IP Application Static Routing IPv4 Static Route LABEL DESCRIPTION Active This field allows you to activate deactivate this static route Name Enter a descriptive name up to 10 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP n...

Page 332: ...to your previous configuration Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the descriptive name for this route This is for identification purposes onl...

Page 333: ...ormation for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 39 1 1 What You Can Do Use theDiffServ screen Section 39 2 on page 334 to activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the Switch Use theDSCP screen Section 39 3 1 on page 336 to change the DSCP IEEE 802 1p mapping 39 1 2 ...

Page 334: ... marks with a DSCP value the incoming packets into different traffic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped wh...

Page 335: ...d displays the index number of a port on the switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable Diffserv on the port Apply Click ...

Page 336: ...pping DSCP VALUE 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 I EEE 802 1p 0 1 2 3 4 5 6 7 Table 163 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Page 337: ... on the VLAN domain of the DHCPv4 clients Use theDHCPv6 Relay screen Section 40 5 on page 347 to enable and configure DHCPv6 relay 40 1 2 What You Need to Know Read on for concepts on DHCP that can help you configure the screens in this chapter DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request fro...

Page 338: ...ay on the Switch if the DHCP clients and the DHCP server are not in the same broadcast domain During the initial IP address leasing the Switch helps to relay network information such as the IP address and subnet mask between a DHCP client and a DHCP server Once the DHCP client obtains an IP address and can connect to the network network information renewal is done between the DHCP client and the D...

Page 339: ...ct this option You can change the System Nam e in Basic Settings General Setup The following describes the DHCP relay agent information that the Switch sends to the DHCP server 40 4 1 1 DHCPv4 Relay Agent Information Format A DHCP Relay Agent Information option has the following format i1 i2 and iN are DHCP relay agent sub options which contain additional information about the DHCP client You need...

Page 340: ...able 169 IP Application DHCP DHCPv4 Option 82 Profile LABEL DESCRIPTION Name Enter a descriptive name for the profile for identification purposes You can use up to 32 ASCII characters Spaces are allowed Circuit ID Use this section to configure the Circuit ID sub option to include information that is specific to the relay agent the Switch Enable Select this option to have the Switch add the Circuit...

Page 341: ...one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Profile Name This field displays the descriptive name of the profile Click the n...

Page 342: ...equests that it relays to a DHCP server Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 171 IP Application DHCP DHCPv4...

Page 343: ...or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values above based on the last selected entry or if not applicable to clear the fields above Clear Click Clear to reset the fields to the factory defaults I ndex This field displays a sequential number for each entry Click an i...

Page 344: ...the Switch See Section 5 2 on page 44 for information on how to do this Figure 241 IP Application DHCP DHCPv4 VLAN The following table describes the labels in this screen EXAMPLE Table 172 IP Application DHCP DHCPv4 VLAN LABEL DESCRIPTION VID Enter the I D number of the VLAN to which these DHCP settings apply Remote DHCP Server 1 3 Enter the I P address of a DHCP server in dotted decimal notation ...

Page 345: ...f the VLAN group to which this DHCP settings apply Type This field displays Relay for the DHCP mode DHCP Status For DHCP server configuration this field displays the starting IP address and the size of the IP address pool For DHCP relay configuration this field displays the first remote DHCP server IP address Select an entry s check box to select a specific entry Otherwise select the check box in ...

Page 346: ...anges to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values above based on the last selected entry or if not applicable to clear the fields above Clear Click Clear to reset the fields to the ...

Page 347: ...ion and the interface ID option to the Relay Forward DHCPv6 messages The remote ID option carries a user defined string such as the system name The interface ID option provides slot number port information and the VLAN ID to the DHCPv6 server The remote ID option if any is stripped from the Relay Reply messages before the relay agent sends the packets to the clients The DHCPv6 server copies the in...

Page 348: ... saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to reset the fields to the factory defaults VID This field displays th...

Page 349: ...P broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP address of the device being sought or ...

Page 350: ... both the source and destination IP address fields are set to the IP address of the device that sends this request and the destination MAC address field is set to the broadcast address There will be no reply to a gratuitous ARP request A device may send a gratuitous ARP packet to detect IP collisions If a device restarts or its MAC address is changed it can also use gratuitous ARP to inform other ...

Page 351: ...ication ARP Setup in the navigation panel to display the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Figure 246 IP Application ARP Setup 41 2 1 ARP Learning Use this screen to configure each port s ARP learning mode Click the link next to ARP Learning in the I P Application ARP Setup screen to display the screen as show...

Page 352: ...Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request Select ARP Request to have the Switch update the ARP table with both ARP replies gratuitous ...

Page 353: ...m w are Upgrade screen Section 42 3 on page 355 to upload the latest firmware Use theRestore Configuration screen Section 42 4 on page 357 to upload a stored device configuration file Use theBackup Configuration screen Section 42 5 on page 357 to save your configurations for later use 42 2 The Maintenance Screen Use this screen to manage firmware and your configuration files Click Managem ent Main...

Page 354: ...store Configuration screen Backup Configuration Click Click Here to go to the Backup Configuration screen Erase Running Configuration Click Click Here to reset the configuration to the factory default settings Save Configuration Click Config 1 to save the current configuration settings to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on ...

Page 355: ...eboot the Switch 42 2 3 Reboot System Reboot System allows you to restart the Switch without physically turning the power off It also allows you to load configuration one Config 1 configuration two Config 2 or the factory deault configuration when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load co...

Page 356: ...irmware After the firmware upgrade process is complete see the System I nfo screen to verify your current firmware version number Table 177 Management Maintenance Firmware Upgrade LABEL DESCRIPTION Name This is the name of the Switch that you re configuring Version The Switch has two firmware sets Firm w are 1 and Firm w are 2 residing in flash Running shows the version number and model code and M...

Page 357: ...up your current Switch configuration to a computer using the Backup Configuration screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this s...

Page 358: ...lays after you click Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File nam e list box Click Save to save the configuration file to your computer 42 6 Tech Support The Tech Support feature is a log enhancement tool that logs useful information such as CPU utilization history memory and Mbuf Memory...

Page 359: ...x The Mbuf log report is stored in flash permanent memory For example Mbuf 50 means a log will be created when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned...

Page 360: ...u to have a destination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 42 7 3 FTP Command Line Procedure 1 Launch the FTP client on your computer 2 Enter open followed by...

Page 361: ...estrictions FTP will not work when FTP service is disabled in theService Access Control screen The IP address es in theRem ote Managem ent screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is...

Page 362: ...specify the types of SNMP traps that should be sent to each SNMP manager Use theUser I nform ation screen Section 43 3 3 on page 366 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use theLogins screens Section 43 4 on page 368 to assign which users can access the Switch via web configurator at any one time Use theService Access Control screen ...

Page 363: ...L DESCRIPTION General Setting Use this section to specify the SNMP version and community password values Version Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2 c SNMP version 3 v3 or both v3 v2 c SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Com m unity string which...

Page 364: ...ion 2c or lower Trap Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages I P Enter the I P addresses of up to four managers to send your SNMP traps to Port Enter the port number upon which the manager listens for SNMP traps Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap This...

Page 365: ...ends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See SNMP Traps on page 373 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individ...

Page 366: ...same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the trap type of SNMP traps on this port Clear this check box to disable the sending of SNMP traps on this port Apply Click Apply to save your changes to the Switch s run ti...

Page 367: ...ers in one group are assigned common access rights to MIBs Specify in which SNMP group this user is adm in Members of this group can perform all types of system configuration including the management of administrator accounts readw rite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except the user account and AAA configuration rea...

Page 368: ...gure Switch settings Click Managem ent Access Control Logins to view the screen as shown Figure 260 Management Access Control Logins The following table describes the labels in this screen Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to begin configuring this screen afresh Table 184 Management Access Control SNMP User continued LABEL DESCRIPTION Table...

Page 369: ...s shown below 0 Display basic system information 3 Display configuration or status 13 Configure features except for lo gin accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins administrator and enable passwords and configuration information display 14 Configure login accounts SNMP useraccounts the authentication method sequence and authorization...

Page 370: ...ere Active Select this option for the corresponding services that you want to allow to access the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Service Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Tim...

Page 371: ... you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Se...

Page 372: ...e managed devices contain object variables managed objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple requ...

Page 373: ...ry An OID Object ID that begins with 1 3 6 1 4 1 8 9 0 1 1 5 is defined in private MIBs Otherwise it is a standard MIB OID Table 189 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on warmstart warmStart 1 3 6 1 6 3 1 1 5 2 This trap is sent when the Switch restarts fanspeed zyHwMonitorFanSpeedOut OfRan...

Page 374: ...5 3 61 3 2 This trap is sent when intrusion lock occurs on a port loopguard zyLoopGuardLoopDetect 1 3 6 1 4 1 890 1 15 3 45 2 1 This trap is sent when loopguard shuts down a port errdisable zyErrdisableDetect 1 3 6 1 4 1 890 1 15 3 24 4 1 This trap is sent when an error is detected on a port such as a loop occurs or the rate limit for specific control packets is exceeded zyErrdisableRecovery 1 3 6...

Page 375: ...nued OPTION OBJECT LABEL OBJECT ID DESCRIPTION Table 190 SNMP Interface Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION linkup linkUp 1 3 6 1 6 3 1 1 5 4 This trap is sent when the Ethernet link is up linkdown linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down lldp lldpRemTablesChange 1 0 8802 1 1 2 0 0 1 The trap is sent when entries in the remote database have any upda...

Page 376: ...ting range zyTransceiverDdmiTxPowerOut OfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 7 This trap is sent when the transmitted optical power is recovered from the out of normal operating range zyTransceiverDdmiRxPowerOut OfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 8 This trap is sent when the received optical power is recovered from the out of normal operating range zyTransceiverDdmiVoltageOut OfRa...

Page 377: ...rizationFailure 1 3 6 1 4 1 890 1 15 3 8 3 2 This trap is sent when management connection authorization failed accounting zyRadiusServerAccountingServe rNotReachable 1 3 6 1 4 1 890 1 15 3 71 2 2 This trap is sent when there is no response message from the RADIUS accounting server zyTacacsServerAccountingServe rUnreachable 1 3 6 1 4 1 890 1 15 3 83 2 2 This trap is sent when there is no response m...

Page 378: ...logyChange 1 3 6 1 2 1 17 0 2 This trap is sent when the STP topology changes zyMrstpTopologyChange 1 3 6 1 4 1 890 1 15 3 52 3 2 This trap is sent when the MRSTP topology changes zyMstpTopologyChange 1 3 6 1 4 1 890 1 15 3 53 3 2 This trap is sent when the MSTP root switch changes mactable zyMacForwardingTableFull 1 3 6 1 4 1 890 1 15 3 48 2 1 This trap is sent when more than 99 of the MAC table ...

Page 379: ... on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in to the server 43 7 2 2 SSH Implementation on the Switch Your Switch supports SSH version...

Page 380: ... whereas the SSL client only should authenticate itself when the SSL server requires it to do so Authenticating client certificates is optional and if selected means the SSL client must send the Switch a certificate You must apply for a certificate for the browser from a Certificate Authority CA that is a trusted CA on the Switch Please refer to the following figure 1 HTTPS connection requests fro...

Page 381: ...67 Security Alert Dialog Box Internet Explorer 6 I nternet Explorer 7 or 8 When you attempt to access the Switch HTTPS server a screen with the message There is a problem with this website s security certificate may display If that is the case click Continue to this w ebsite not recom m ended to proceed to the web configurator login screen Figure 268 Security Certificate Warning Internet Explorer ...

Page 382: ...the on screen instructions to install the certificate in your browser Figure 270 Certificate Internet Explorer 7 or 8 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the Add Exception button EXAMPLE EXAMPLE ...

Page 383: ... Series User s Guide 383 Figure 271 Security Alert Mozilla Firefox Confirm the HTTPS server URL matches Click Confirm Security Exception to proceed to the web configurator login screen Figure 272 Security Alert Mozilla Firefox EXAMPLE ...

Page 384: ...er you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection Figure 273 Example Lock Denoting a Secure Connection EXAMPLE ...

Page 385: ...c screen You can use this screen to help you identify problems 44 2 Diagnostic Click Managem ent Diagnostic in the navigation panel to open this screen Use this screen to ping IP addresses run a traceroute perform port tests or show the Switch s location between devices Figure 274 Management Diagnostic ...

Page 386: ...ber of the hops routers a packet can travel through Each router along the path will decrement the TTL value by one and forward the packets When the TTL value becomes zero and the destination is not found the router drops the packets and informs the sender Wait Time Specify how many seconds the Switch waits for a response to a probe before running another traceroute Queries Specify how many times t...

Page 387: ...to show the cable length Distance to fault This displays the distance between the port and the location where the cable is open or shorted This shows N A if the Pair status is Ok This shows Unsupported if the Switch chipset does not support to show the distance Locator LED Enter a time interval in minutes and click Blink to show the actual location of the Switch between several devices in a rack T...

Page 388: ...ches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 275 Management System Log The summary table shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is currently di...

Page 389: ...levels 46 1 1 What You Can Do Use theSyslog Setup screen Section 46 2 on page 389 to configure the device s system logging settings and configure a list of external syslog servers 46 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click Managem ent Syslog in t...

Page 390: ...ur syslog program for more details Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Active Select this ch...

Page 391: ...slog server entry Click this number to edit the entry Active This field displays Yes if the device is to send logs to the syslog server No displays if the device is not to send logs to the syslog server I P Address This field displays the IP address of the syslog server Log Level This field displays the severity level of the logs that the device is to send to this syslog server Select an entry s c...

Page 392: ...th one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 277 Clustering Application Example Table 197 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager...

Page 393: ...owing table describes the labels in this screen Table 198 Management Cluster Management Status LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster Manager Mem ber you see this if you access this screen in the cluster member switch directly and not via the cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster man...

Page 394: ...figuration Model This field displays the model name Status This field displays Online the cluster member switch is accessible Error for example the cluster member switch password was changed or the switch was set as the manager and so left the member list etc Offline the switch is disconnected Offline shows approximately 1 5 minutes after the link between cluster member and manager goes down Table...

Page 395: ...very is shown here The switches must be directly connected Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate list Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list Password Each cluster member s password is its web configurator password Select a member in the Clustering Candidat...

Page 396: ...select an I ndex hyperlink from the list of members to go to that cluster member switch s web configurator home page This cluster member web configurator home page and the home page that you d see if you accessed it directly are different Figure 280 Cluster Management Cluster Member Web Configurator Screen 47 4 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to...

Page 397: ...K ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 430AAHW0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 200 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The web configurat...

Page 398: ...dress is dynamic or static 48 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already lea...

Page 399: ... 399 Figure 282 MAC Table Flowchart 48 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static Click Managem ent MAC Table in the navigation panel to display the following screen Figure 283 Management MAC Table ...

Page 400: ... VI D to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynam ic to MAC forw arding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forw arding screen Select Dynam ic to MAC filtering a...

Page 401: ...it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast ...

Page 402: ...l Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number I P Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the device belongs Port This field displays the port...

Page 403: ...reen to view IPv6 path MTU information on the Switch Click Managem ent Path MTU Table in the navigation panel to display the screen as shown Figure 285 Management Path MTU Table The following table describes the labels in this screen Table 203 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ages out and n...

Page 404: ...This chapter shows you how you can copy the settings of one port onto other ports 51 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Managem ent Configure Clone to open the following screen ...

Page 405: ...Chapter 51 Configure Clone GS2210 Series User s Guide 405 Figure 286 Management Configure Clone ...

Page 406: ... 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings you configured in the Advanced Application menus should be copied to the destination ports Apply Cl...

Page 407: ...tch cannot find an entry in the neighbor table or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages 52 2 Viewing the IPv6 Neighbor Table Use this screen to view IPv6 neighbor information on the Switch Click Managem ent I Pv6 Neighbor Table in the navigation panel to display the screen as...

Page 408: ...s sending request packets for a short to give upper layer protocols a chance to determine reachability probe P The Switch is sending request pa ckets and waiting for the neighbor s response invalid IV The neighbor address is with an inva lid I Pv6 address unknown The status of the neighborin g interface can not be determined for some reason incomplete I Address resoluti on is in progress and the l...

Page 409: ...re the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the Switch 4 If the problem continues contact the vendor The ALM LED is on 1 Disconnect and re connect the power adaptor or cord to the Switch 2 If the problem continues contact the vendor One of the L...

Page 410: ... 6 on page 40 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is192 168 1 1 If you changed the IP address use the new IP addr ess If you changed the IP address and have forgotten i t see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardware connections and make sure the...

Page 411: ...again later Check that you have enabled logins for HTTP or Telnet If you have configured a secured client IP address your computer s IP address must match it Refer to the chapter on access control for details 3 Disconnect and re connect the cord to the Switch 4 If this does not work you have to reset the device to its factory defaults See Section 4 6 on page 40 Pop up Windows JavaScripts and Java ...

Page 412: ...or telnet HTTP and SSH see Section 43 6 on page 370 Computers not belonging to the secured client set cannot get permission to access the Switch 53 3 Switch Configuration I lost my configuration settings after I restart the Switch Make sure you save your configuration into the Switch s nonvolatile memory each time you make changes Click Save at the top right corner of the web configurator to save ...

Page 413: ...ase have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps youtook to solve it Corporate Headquarters Worldwide Taiwan ZyXEL Communications Corporation http www zyxel com Asia China ZyXEL Communications Shanghai Corp ZyXEL Communicatio...

Page 414: ...el com pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com Thailand ZyXEL Thailand Co Ltd http www zyxel co th Vietnam ZyXEL Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria ZyXEL Deutschland GmbH http www zyxel de Belarus ZyXEL BY http www zyxel by...

Page 415: ...EL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXEL France http www zyxel fr Germany ZyXEL Deutschland GmbH http www zyxel de Hungary ZyXEL Hungary SEE http www zyxel hu Latvia ZyXEL Latvia http www zyxel com l v lv homepage shtml ...

Page 416: ...yXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Communications Czech s r o organizacna zloz ka http www zyxel sk Spain ZyXEL Spain http www zyxel es Sweden ZyXEL Communications http www zyxel se Switzerland Studerus AG http www zyxel ch ...

Page 417: ...l com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Israel ZyXEL Communication Corporation http il zyxel com homepage shtml Middle East ZyXEL Communication Corporation http www zyxel com me en North America USA ZyXEL Communications Inc North America Headqua rters http www us zyxel com ...

Page 418: ...Appendix A Customer Support GS2210 Series User s Guide 418 Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Page 419: ...ations that use this service or the situations in which this service is used Table 206 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH I PSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some serve...

Page 420: ...ork environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or ...

Page 421: ...mote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to all...

Page 422: ...0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length i...

Page 423: ...group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 208 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0...

Page 424: ... the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able ...

Page 425: ...Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lif...

Page 426: ...s Neighbor solicitation A request from a host to de termine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it responds to a neighbor solicitation message from the host with a neighbor advertisement message Neighbor advertisement A response froma node to announce its link layer address Router solicitation A request from a h...

Page 427: ...to generated IP addresses IPv6 is installed and enabled by default in Windows Vista Use the ipconfig command to check your automatic configured IPv6 address as well You should see at least one IPv6 address available for the interface on your computer Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assignment you have to additional...

Page 428: ...rom a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Netw ork and Sharing Center Local Area Connection 2 Select the I nternet Protocol Version 6 TCP I Pv6 checkbox to enable it 3 Click OK to save the change ...

Page 429: ...our dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 1...

Page 430: ...America The following information applies if you use the product within USA area Federal Communications Commission FCC EMC Statement This device complies with Part 15 of FCC rules Op eration is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Change...

Page 431: ...adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cordis damaged as it might cause electrocution If the power adaptor or cord is damaged remo ve it from the device and the power source Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Fuse Warning Replace a fuse...

Page 432: ...da útil llévelo a un punto limpio Cuando llegue el momento de desechar el producto la recogida por separado éste y o su batería ayudará a salvar los recursos naturales y a proteger la salud humana y medioambiental Le symbole ci dessous signifie que selon les réglementations locales votre produit et ou sa batterie doivent être éliminés séparément des ordures ménagères Lorsque ce produit atteint sa ...

Page 433: ...Appendix D Legal Information GS2210 Series User s Guide 433 Environmental Product Declaration ...

Page 434: ...amaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential da...

Page 435: ... 22 switched workgroup 21 ARP how it works 349 learning mode 349 overview 349 setup 351 ARP Address Resolution Protocol 401 ARP inspection 223 255 ARP scan 309 ARP Reply 349 ARP Request 350 authentication setup 216 authentication authorization and accounting 211 Authentication Authorization and Accounting see AAA 211 authorization privilege levels 217 setup 216 auto crossover 28 automatic VLAN reg...

Page 436: ...ving 39 configuration file 40 backup 357 restore 40 357 saving 355 console port 31 contact information 413 copying port settings See port cloning copyright 430 CoS 333 CPU management port 109 CPU protection 273 current date 67 current time 67 customer support 413 D daylight saving time 68 default Ethernet settings 28 default IP 34 71 DHCP configuration options 337 Dynamic Host Configuration Protoc...

Page 437: ...interference statement 430 file transfer using FTP command example 360 filename convention configuration configuration file names 360 filtering 119 rules 119 filtering database MAC table 398 firmware 65 upgrade 356 396 flow control back pressure 74 IEEE802 3x 74 forwarding delay 134 frames tagged 101 untagged 101 front panel 27 FTP 359 file transfer procedure 360 restrictions over WAN 361 G GARP 9...

Page 438: ... mask 72 IPv4 source guard 222 IPv6 422 addressing 422 EUI 64 424 global address 423 interface ID 424 link local address 422 Neighbor Discovery Protocol 422 neighbor table 407 ping 422 prefix 422 prefix length 422 stateless autoconfiguration 424 unspecified address 423 IPv6 interface 79 DHCPv6 client 90 enable 85 global address 87 global unicast address 83 link local address 86 link local IP 82 ne...

Page 439: ...ddress 65 401 maximum number per port 167 MAC address learning 69 167 specify limit 167 MAC freeze 166 MAC table 398 display criteria 400 how it works 398 sorting criteria 400 transfer type 400 viewing 399 MAC based VLAN 107 maintanence configuration backup 357 firmware 356 restoring configuration 357 maintenance 353 current configuration 354 main screen 354 Management Information Base MIB 372 man...

Page 440: ...plications 20 network management system NMS 372 NTP RFC 1305 67 O OAM 318 details 320 discovery 318 discovery state 322 packets statistics 322 PDU size 321 port configuration 318 port operational state 319 remote loopback 318 remote loopback 324 one time schedule 168 Operations Administration and Maintenance 318 Option 82 339 P PAGP 264 password 39 administrator 368 Path MTU 403 Path MTU Discovery...

Page 441: ...iority queue assignment 70 private VLAN 280 configuration 280 isolated port 280 overview 280 promiscuous port 280 product registration 434 protocol based VLAN 104 and IEEE 802 1Q tagging 104 application example 104 configuration example 112 isolate traffic 104 priority 105 setup 104 un tagged packets 104 PVID 94 Q QoS 333 and classifier 170 Quality of Service 333 queue weight 184 queuing 183 SPQ 1...

Page 442: ...t works 378 implementation 379 SSH Secure Shell 378 SSL Secure Socket Layer 380 standby ports 149 static bindings 223 static MAC address 114 static MAC forwarding 114 static multicast address 116 static multicast forwarding 116 static route enable 331 metric 332 static routes 330 static VLAN 98 control 99 tagging 99 status 35 55 MRSTP 131 MSTP 137 port 59 power 66 RSTP 127 VLAN 96 STP 121 264 brid...

Page 443: ...ol attribute and RADIUS 220 tutorials 46 DHCP snooping 46 Type of Serivce 333 U UDLD 264 UniDirectional Link Detection see UDLD untrusted ports DHCP snooping 253 PPPoE IA 267 user name 34 default 34 user profiles 212 V Vendor Specific Attribute See VSA 219 ventilation 24 VID 97 number of possible VIDs 94 priority frame 94 VID VLAN Identifier 94 Virtual Local Area Network 68 VLAN 68 acceptable fram...

Page 444: ...vigation panel 36 weight queuing 184 Weighted Round Robin Scheduling WRR 184 WRR Weighted Round Robin Scheduling 183 Z ZDP 57 ZON neighbor management 58 ZON Utility 57 ZULD 326 and Error Disable 327 example 326 mode 329 probe time 328 status 327 ZULD ZyXEL Unidirectional Link Detection 326 ZyNOS ZyXEL Network Operating System 360 ZyXEL Discovery Protocol 57 ZyXEL Unidirectional Link Detection 326 ...

Reviews:

No comments

Related manuals for GS2210-24

Brand: 3Com Pages: 2

CoreBuilder 5000

Brand: 3Com Pages: 16

CoreBuilder 9000

Brand: 3Com Pages: 24

Brand: protech Pages: 4

Brand: Crestron Pages: 2

QuantaMesh T1048-LB9M

Brand: QCT Pages: 34

Brand: SMART-AVI Pages: 2

Brand: Wavetronix Pages: 3

Brand: Lantech Pages: 119

Brand: Accton Technology Pages: 7

Brand: TCi Pages: 11

Brand: Aruba Networks Pages: 40

SMT-8-...-B Series

Brand: Festo Pages: 2

Brand: Icy Box Pages: 10

Brand: Led Control Pages: 22

Sierra Video 3264V5Sxl

Brand: Kramer Pages: 1

Brand: NightStick Pages: 2

Brand: NETGEAR Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands