ZyXEL Communications XGS4600 Series, User Manual

Page 1: ...ayer 3 Managed Stackable Gigabit Ethernet Switch Copyright 2020 Zyxel Communications Corporation Out of Band MGMT Port http 192 168 0 1 In Band Ports http DHCP assigned IP or http 192 168 1 1 User Name admin Password 1234 Version 4 70 Edition 1 12 2020 ...

Page 2: ...te Related Documentation User s Guide Go to the download library of the Zyxel website to get a myZyxel com User s Guide to see how to register your Zyxel Device and activate a license CLI Reference Guide This guide explains how to use the Command Line Interface CLI to configure the Switch Note It is recommended you use the Web Configurator to configure the Switch Web Configurator Online Help Click...

Page 3: ...s field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Basic Setting IP Setup IP Configuration Network Proxy Configuration means you first click Basic Setting in the navigation panel then the IP Setup sub menu then IP Configuration and finally Network Proxy Configuration to get to that screen Icons Used in Figures Figures ...

Page 4: ... Static MAC Forwarding 147 Static Multicast Forwarding 150 Filtering 153 Spanning Tree Protocol 155 Bandwidth Control 181 Broadcast Storm Control 184 Mirroring 187 Link Aggregation 198 Port Authentication 208 Port Security 225 Time Range 229 Classifier 231 Policy Rule 240 Queuing Method 245 VLAN Stacking 249 Multicast 257 AAA 283 IP Source Guard 296 DHCP Snooping 301 ARP Inspection 312 Loop Guard ...

Page 5: ...olicy Routing 439 RIP 443 OSPF 448 IGMP 470 DVMRP 474 Differentiated Services 478 DHCP 482 VRRP 501 Router Setup 510 ARP Setup 512 Maintenance 518 Access Control 535 Diagnostic 560 System Log 564 Syslog Setup 565 Cluster Management 568 MAC Table 574 IP Table 577 ARP Table 579 Routing Table 581 Path MTU Table 584 Configure Clone 585 IPv6 Neighbor Table 589 Port Status 591 Service Register 602 Troub...

Page 6: ...e 27 1 2 3 Gigabit Ethernet to the Desktop 27 1 2 4 IEEE 802 1Q VLAN Application Examples 28 1 2 5 IPv6 Support 29 1 3 Ways to Manage the Switch 29 1 4 Good Habits for Managing the Switch 29 Chapter 2 Hardware Installation and Connection 30 2 1 Safety Precautions 30 2 2 Freestanding Installation Procedure 30 2 3 Mounting the Switch on a Rack 31 2 3 1 Installation Requirements 31 2 3 2 Precautions ...

Page 7: ...equirements 48 4 3 2 Run the ZON Utility 48 4 4 Web Configurator Layout 52 4 4 1 Change Your Password 57 4 5 Save Your Configuration 58 4 6 Switch Lockout 58 4 7 Reset the Switch 59 4 7 1 Reload the Configuration File 59 4 8 Log Out of the Web Configurator 60 4 9 Help 60 Chapter 5 Initial Setup Example 61 5 1 Overview 61 5 1 1 Create a VLAN 61 5 1 2 Set Port VID 62 5 1 3 Configure Switch Managemen...

Page 8: ...p 87 8 4 Introduction to VLANs 89 8 5 Switch Setup 90 8 6 IP Setup 92 8 6 1 IP Interfaces 92 8 6 2 IP Status 92 8 6 3 IP Status Details 93 8 6 4 IP Configuration 94 8 7 Port Setup 97 8 8 Interface Setup 99 8 9 IPv6 100 8 9 1 IPv6 Status 100 8 9 2 IPv6 Interface Status 101 8 9 3 IPv6 Configuration 103 8 9 4 IPv6 Global Setup 104 8 9 5 IPv6 Interface Setup 104 8 9 6 IPv6 Link Local Address Setup 105...

Page 9: ... Port Settings 130 9 8 Subnet Based VLANs 132 9 8 1 Configuring Subnet Based VLAN 133 9 9 Protocol Based VLANs 135 9 9 1 Configuring Protocol Based VLAN 135 9 10 Voice VLAN 138 9 11 MAC Based VLAN 140 9 12 Vendor ID Based VLAN 141 9 13 Port Based VLAN Setup 143 9 13 1 Configure a Port Based VLAN 143 Chapter 10 Static MAC Forwarding 147 10 1 Overview 147 10 1 1 What You Can Do 147 10 2 Configure St...

Page 10: ...ing Tree Protocol Status 169 13 8 Configure Multiple Rapid Spanning Tree Protocol 173 13 9 Multiple Rapid Spanning Tree Protocol Status 175 13 10 Technical Reference 178 13 10 1 MSTP Network Example 178 13 10 2 MST Region 178 13 10 3 MST Instance 179 13 10 4 Common and Internal Spanning Tree CIST 179 Chapter 14 Bandwidth Control 181 14 1 Bandwidth Control Overview 181 14 1 1 What You Can Do 181 14...

Page 11: ...eed to Know 209 18 1 3 MAC Authentication 209 18 2 Port Authentication Configuration 210 18 3 Activate IEEE 802 1x Security 210 18 4 Activate MAC Authentication 213 18 5 Guest VLAN 216 18 6 Compound Authentication 219 18 7 Technical Reference 222 18 7 1 IEEE 802 1x 222 18 7 2 RADIUS 222 18 7 3 EAP Extensible Authentication Protocol Authentication 223 18 7 4 EAPOL EAP over LAN 224 Chapter 19 Port S...

Page 12: ...iguring Policy Rules 241 22 3 Policy Example 243 Chapter 23 Queuing Method 245 23 1 Queuing Method Overview 245 23 1 1 What You Can Do 245 23 1 2 What You Need to Know 245 23 2 Configuring Queuing 246 Chapter 24 VLAN Stacking 249 24 1 VLAN Stacking Overview 249 24 1 1 VLAN Stacking Example 249 24 2 VLAN Stacking Port Roles 250 24 3 VLAN Tag Format 250 24 3 1 Frame Format 251 24 4 Configuring VLAN ...

Page 13: ...You Can Do 283 26 1 2 What You Need to Know 283 26 2 AAA Screens 284 26 3 RADIUS Server Setup 285 26 4 TACACS Server Setup 286 26 5 AAA Setup 288 26 6 Technical Reference 290 26 6 1 Vendor Specific Attribute 290 26 6 2 Supported RADIUS Attributes 292 26 6 3 Attributes Used for Authentication 292 26 6 4 Attributes Used for Accounting 293 Chapter 27 IP Source Guard 296 27 1 IP Source Guard Overview ...

Page 14: ...19 29 5 IPv6 Static Binding Setup 320 29 6 IPv6 Source Guard Policy Setup 322 29 7 IPv6 Source Guard Port Setup 323 29 8 IPv6 Snooping Policy Setup 324 29 9 IPv6 Snooping VLAN Setup 325 29 10 IPv6 DHCP Trust Setup 326 29 11 Technical Reference 328 29 11 1 ARP Inspection Overview 328 Chapter 30 Loop Guard 330 30 1 Loop Guard Overview 330 30 1 1 What You Can Do 330 30 1 2 What You Need to Know 330 3...

Page 15: ...t 351 34 3 2 PPPoE IA Per Port Per VLAN 353 34 3 3 PPPoE IA for VLAN 354 Chapter 35 Error Disable 356 35 1 Error Disable Overview 356 35 1 1 CPU Protection Overview 356 35 1 2 Error Disable Recovery Overview 356 35 1 3 What You Can Do 356 35 2 Error Disable Settings 357 35 3 Error Disable Status 357 35 4 CPU Protection Configuration 359 35 5 Error Disable Detect Configuration 361 35 6 Error Disabl...

Page 16: ...Status Detail 384 40 6 LLDP Configuration 390 40 6 1 LLDP Configuration Basic TLV Setting 392 40 6 2 LLDP Configuration Org specific TLV Setting 393 40 7 LLDP MED Configuration 395 40 8 LLDP MED Network Policy 396 40 9 LLDP MED Location 398 Chapter 41 Anti Arpscan 403 41 1 Anti Arpscan Overview 403 41 1 1 What You Can Do 403 41 1 2 What You Need to Know 403 41 2 Anti Arpscan Status 404 41 3 Anti A...

Page 17: ...ter 45 NLB 428 45 1 NLB Overview 428 45 1 1 What You Can Do 428 45 1 2 What You Need to Know 429 45 2 MAC Forwarding 429 45 3 IP Configuration 431 Chapter 46 Wol Relay 433 46 1 Wol Relay Overview 433 46 2 Wol Relay 433 Chapter 47 Static Route 435 47 1 Static Routing Overview 435 47 1 1 What You Can Do 435 47 2 Static Routing 436 47 3 IPv4 Static Route 436 47 4 IPv6 Static Route 437 Chapter 48 Poli...

Page 18: ...onfiguration 453 50 5 Configure IPv4 OSPF Areas 454 50 5 1 View OSPF Area Information Table 456 50 6 Configuring IPv4 OSPF Redistribution 456 50 7 Configuring IPv4 OSPF Interfaces 458 50 8 IPv4 OSPF Virtual Links 460 50 9 IPv6 OSPF Status 462 50 10 IPv6 OSPF Configuration 464 50 11 IPv6 OSPF Redistribution 465 50 12 IPv6 OSPF Interfaces 466 50 13 IPv6 OSPF Virtual Links 467 Chapter 51 IGMP 470 51 ...

Page 19: ...l 484 54 4 DHCPv4 Relay 485 54 4 1 DHCPv4 Relay Agent Information 486 54 4 2 DHCPv4 Option 82 Profile 487 54 4 3 Configuring DHCPv4 Global Relay 488 54 4 4 Configure DHCPv4 Global Relay Port 489 54 4 5 Global DHCP Relay Configuration Example 490 54 4 6 DHCPv4 VLAN Setting 491 54 4 7 Configure DHCPv4 VLAN Port 492 54 4 8 Example DHCP Relay for Two VLANs 494 54 5 DHCPv6 Status 495 54 6 DHCPv6 Inform...

Page 20: ...Overview 518 58 1 1 What You Can Do 518 58 2 Maintenance Settings 518 58 2 1 Erase Running Configuration 520 58 2 2 Save Configuration 520 58 2 3 Reboot System 521 58 2 4 Stacking Default 521 58 2 5 Factory Default 522 58 2 6 Custom Default 522 58 3 Firmware Upgrade 523 58 4 Restore Configuration 525 58 5 Backup Configuration 525 58 6 Auto Configuration 526 58 7 Tech Support 527 58 7 1 Tech Suppor...

Page 21: ... Technical Reference 545 59 7 1 About SNMP 546 59 7 2 SSH Overview 552 59 7 3 Introduction to HTTPS 554 59 7 4 Google Chrome Warning Messages 558 Chapter 60 Diagnostic 560 60 1 Overview 560 60 2 Diagnostic 560 Chapter 61 System Log 564 61 1 Overview 564 61 2 System Log 564 Chapter 62 Syslog Setup 565 62 1 Syslog Overview 565 62 1 1 What You Can Do 565 62 2 Syslog Setup 565 Chapter 63 Cluster Manag...

Page 22: ...n Do 579 66 1 2 What You Need to Know 579 66 2 Viewing the ARP Table 579 Chapter 67 Routing Table 581 67 1 Routing Table Overview 581 67 2 The Routing Table Main Screen 581 67 3 IPv4 Routing Table 581 67 4 IPv6 Routing Table 582 Chapter 68 Path MTU Table 584 68 1 Path MTU Overview 584 68 2 Viewing the Path MTU Table 584 Chapter 69 Configure Clone 585 69 1 Overview 585 69 2 Configure Clone 585 Chap...

Page 23: ...er 72 Service Register 602 72 1 Service Register Overview 602 72 2 Service Register Screen 602 Part III Troubleshooting and Appendices 604 Chapter 73 Troubleshooting 605 73 1 Power Hardware Connections and LEDs 605 73 2 Switch Access and Login 606 73 3 Switch Configuration 607 Appendix A Customer Support 609 Appendix B Common Services 615 Appendix C IPv6 618 Appendix D Legal Information 627 Index ...

Page 24: ...24 PART I User s Guide ...

Page 25: ...wire speed layer 3 routing in addition to layer 2 switching This User s Guide covers the following models XGS4600 32 XGS4600 32F and XGS4600 52F See the datasheet for a full list of software features available on the Switch 1 1 1 License Option At the time of writing the following Switch license is available for purchase The following table shows the features supported for the new license 1 1 2 St...

Page 26: ... ZON Utility at www zyxel com and install it on a PC Windows operation system For more information on ZON Utility see Section 4 3 on page 48 1 2 Example Applications This section shows a few examples of using the Switch in various network environments Note that the Switch in the figure is just an example Switch and not your actual Switch 1 2 1 Bridging or Fiber Uplink Example Application In this e...

Page 27: ...igher capacity link Trunking can be used if for example it is cheaper to use multiple lower speed links than to under utilize a high speed but more costly single port link Figure 3 High Performance Switching 1 2 3 Gigabit Ethernet to the Desktop The Switch is an ideal solution for small networks which demand high bandwidth for a group of heavy traffic users You can connect computers and servers di...

Page 28: ...belong to one or more groups With VLAN a station cannot directly talk to or hear from stations that are not in the same groups unless such traffic first goes through a router 1 2 4 1 Tag based VLAN Example Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic VLAN groups can be modified at any time by adding moving or...

Page 29: ... to the Web Configurator and in some cases are necessary to configure advanced features See the CLI Reference Guide FTP Use File Transfer Protocol for firmware upgrades and configuration backup or restore See Section 58 9 1 on page 532 SNMP The Switch can be monitored and or managed by an SNMP manager See Section 59 7 1 on page 546 Cluster Management Cluster Management allows you to manage multipl...

Page 30: ...g Do NOT block the ventilation holes nor store cables or power cords on the Switch Allow clearance for the ventilation holes to prevent your Switch from overheating This is especially crucial when your Switch does not have fans Overheating could affect the performance of your Switch or even damage it The surface of the Switch could be hot when it is functioning Do NOT put your hands on it You may ...

Page 31: ...EIA standard size 19 inch rack or in a wiring closet with other equipment Follow the steps below to mount your Switch on a standard EIA rack using a rack mounting kit Note Make sure there is enough clearance between each equipment on the rack for air circulation 2 3 1 Installation Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and ...

Page 32: ... a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section 2 3 4 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack ...

Page 33: ... a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack Note Make sure you tighten all the four screws to prevent the Switch from getting slanted 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 34: ...ollowing table describes the ports Table 3 Front Panel Connections CONNECTOR DESCRIPTION 24 10 100 1000Base T RJ 45 Ethernet Ports or 24 SFP Slots or 48 SFP Slots Connect these ports to a computer a hub an Ethernet switch or router 4 GbE Combo Ports Dual Personality Interfaces Each interface has one 1000Base T copper RJ 45 port and one SFP slot with one port active at a time Four 1000Base T Ports ...

Page 35: ...FP transceiver The SFP SFP Plus is an enhanced version of the SFP and supports data rates of 10 Gbps A transceiver is a single unit that houses a transmitter and a receiver Use a transceiver to connect a fiber cable to the Switch The Switch does not come with transceivers You must use transceivers that comply 4 SFP Slots Use SFP transceivers in these ports for high bandwidth backbone connections Y...

Page 36: ...s are dust sensitive When not in use always keep the dust plug on Avoid getting dust and other contaminant into the optical bores as the optics do not work correctly when obstructed with dust 3 1 2 1 Transceiver Installation Use the following steps to install a transceiver 1 Attach an ESD preventive wrist strap to your wrist and to a bare metal surface 2 Align the transceiver in front of the slot ...

Page 37: ...shed all the way down so the transceiver can be pulled out successfully 4 Pull the latch or use your thumb and index finger to grasp the tabs on both sides of the transceiver and carefully slide it out of the slot Note Do NOT pull the transceiver out by force You could damage it If the transceiver will not slide out grasp the tabs on both sides of the transceiver with a slight up or down motion an...

Page 38: ...h through Telnet or the Web Configurator The default IP address of the management port is 192 168 0 1 with a subnet mask of 255 255 255 0 3 1 5 Console Port This console port is for troubleshooting only With instructions from customer support connect the male 9 pin end of the RS 232 console cable to the console port of the Switch Connect the female end to a serial port COM1 COM2 or other COM port ...

Page 39: ...llation of Ethernet cables must be separate from AC power lines To avoid electric surge and electromagnetic interference use a different electrical conduit or raceway tube trough or enclosed conduit for protecting electric wiring that is 15 cm apart or as specified by your country s electrical regulations Any device that is located outdoors and connected to this product must be properly grounded a...

Page 40: ...The grounding terminal of the server rack or on site grounding terminal must also be grounded and connected to the building s main grounding electrode Make sure the grounding terminal is connected to the buildings grounding electrode and has an earth resistance of less than 10 ohms or according to your country s electrical regulations Figure 24 Connecting to the Building s Main Grounding Electrode...

Page 41: ...ct the other end of the cord to a power outlet Disconnecting the Power The power input connectors can be disconnected from the power source individually 1 Disconnect the power cord from the power outlet 2 Disconnect the power cord from the AC power socket 3 2 3 DC Power Connection DC Models Only The Switch uses a single ETB series terminal block plug with four pins Use two wires to connect to a si...

Page 42: ...m the power module in the second power slot Amber Blinking The power module in the second power slot detects that the power system is under 10 8 voltage or not connected Off The system is not receiving power from the power module in the second power slot SYS System Green Blinking The system is rebooting and performing self diagnostic tests On The system is on and functioning properly Red On The sy...

Page 43: ...onnected 1G 10G SFP Slots 29 32 or 49 52 LNK ACT Green Left Blinking The port is receiving or transmitting data at 1000 Mbps On The port has a successful 1000 Mbps connection Blue Right Blinking The port is receiving or transmitting data at 10 Gbps On The port has a successful 10 Gbps connection Off This link is disconnected MGMT Manageme nt Green Right Blinking The system is transmitting or recei...

Page 44: ...44 PART II Technical Reference ...

Page 45: ...device JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 The Switch is a DHCP client by default Type http DHCP assigned IP in the Location or Address field Press ENTER If the Switch is not connected to a DHCP server type http and the static IP address of the Switch for example the default management IP address is 192 168 1 1 through an in...

Page 46: ...ociated default password is 1234 5 If you did not change the default administrator password and or SNMP community values a warning screen displays each time you log into the Web Configurator Click Password SNMP to open a screen where you can change the administrator password and SNMP community string simultaneously Otherwise click Ignore to close it Password SNMP Setting Figure 26 Web Configurator...

Page 47: ... SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community string which is the p...

Page 48: ...yxel com and install it in a computer Windows operating system 4 3 1 Requirements Before installing the ZON Utility in your computer please make sure it meets the requirements listed below Operating System At the time of writing the ZON Utility is compatible with Windows 7 both 32 bit 64 bit versions Windows 8 both 32 bit 64 bit versions Windows 8 1 both 32 bit 64 bit versions Windows 10 both 32 b...

Page 49: ...irmware versions later you can click the Show information about ZON icon in the upper right of the screen Then select the Supported model and firmware version link If your device is not listed here see the device release notes for ZON Utility support The release notes are in the firmware zip file on the Zyxel web site Figure 29 ZON Utility Screen ...

Page 50: ...cover all supported devices in your network Figure 31 Discovery 5 The ZON Utility screen shows the devices discovered Figure 32 ZON Utility Screen 6 Select a device and then use the icons to perform actions Some functions may not be available for your devices Note You must know the selected device admin password before taking actions on the device using the ZON Utility icons 1 2 3 4 5 6 7 8 9 10 1...

Page 51: ...d unzipped it in advance 8 Change Password Use this icon to change the admin password of the selected device You must know the current admin password before changing to a new one 9 Configure NCC Discovery You must have Internet access to use this feature Use this icon to enable or disable the Nebula Control Center NCC discovery feature on the selected device If it is enabled the selected device wi...

Page 52: ...scovered device is Status This field displays whether changes to the discovered device have been done successfully As the Switch does not support IP Configuration Renew IP address and Flash Locator LED this field displays Update failed Not support Renew IP address and Not support Flash Locator LED respectively Controller Discovery This field displays if the discovered device supports the Nebula Co...

Page 53: ...figuration into the Switch s non volatile memory Non volatile memory is the configuration of your Switch that stays the same even if the Switch s power is turned off D Click this link to go to the status page of the Switch E Click this link to log out of the Web Configurator F Click this link to display web help pages The help pages provide descriptions for all of the configuration screens G Click...

Page 54: ...gs System Info This link takes you to a screen that displays general system and hardware monitoring information General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch Switch Setup This link takes you to a screen where you can set up global Switch parameters such as VLAN type MAC address learning GARP and priority qu...

Page 55: ...here you can copy traffic from one port or ports to another port in order that you can examine the traffic from the first port without interference Link Aggregation This link takes you to a screen where you can logically aggregate physical links to form one logical higher bandwidth link Port Authentication This link takes you to a screen where you can configure IEEE 802 1x port authentication as w...

Page 56: ... the port state You can also create trusted hosts view blocked hosts and unblock them BPDU Guard This link takes you to screens where you can enable BPDU guard on the Switch and ports and view the port state OAM This link takes you to screens where you can enable Ethernet OAM on the Switch view the configuration of ports on which Ethernet OAM is enabled and perform remote loopback tests ZULD This ...

Page 57: ... link takes you to a screen where you can view system logs Syslog Setup This link takes you to a screen where you can setup system logs and a system log server Cluster Management This link takes you to a screen where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC address and VLAN ID of a device attach to a port You c...

Page 58: ...ory refers to the Switch s storage that remains even if the Switch s power is turned off Note Use the Save link when you are done with a configuration session 4 6 Switch Lockout You could block yourself and all others from using in band management managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU...

Page 59: ...ith the factory default configuration file This means that you will lose all previous configurations and the speed of the console port will be reset to the default of 115200 bps with 8 data bit no parity one stop bit and flow control set to none The password will also be reset to 1234 and the IP address to 192 168 1 1 or DHCP assigned IP To upload the configuration file do the following 1 Connect ...

Page 60: ...inish a management session for security reasons Figure 37 Web Configurator Logout Screen 4 9 Help The Web Configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a Web Configurator screen to view an online help description of that screen Bootbase Version V1 00 02 21 2016 15 43 29 RAM Size 1048576 Kbytes FLASH 64M ZyNOS Version V...

Page 61: ...Set Port VID Configure Switch Management IP Address 5 1 1 Create a VLAN VLANs confine broadcast frames to the VLAN group in which the ports belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 38 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN VLAN Configuration in t...

Page 62: ...ly 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Set Port VID Use PVID to add a tag to incoming untagged frames received on that...

Page 63: ...tain an IP address from a DHCP server the Switch will use 192 168 1 1 as the management IP address You can configure another IP address in a different subnet for management purposes The following figure shows an example Figure 40 Initial Setup Example Management IP Address 1 Connect your computer to any Ethernet port on the Switch Make sure your computer is in the same subnet as the Switch 2 Open ...

Page 64: ...s the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the Static VLAN screen 7 Click Add to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 65: ...er A connected to port 4 to assign IP addresses to all devices in VLAN network V Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 41 Tutorial DHCP Snooping Tutorial Overview The settings in this tutorial are as the following 1 Access the Switch through http 192 168 1 1 by default Log into the Switch by entering the user name default admin and passwo...

Page 66: ... in the Control field as shown De select Tx Tagging because you do not want outgoing traffic to contain this VLAN tag Click Add Figure 42 Tutorial Create a VLAN and Add Ports to It 3 Go to Advanced Application VLAN VLAN Configuration VLAN Port Setup and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 Figure 43 Tutorial Tag Untagged ...

Page 67: ...y VLAN 100 as the DHCP VLAN as shown Click Apply Figure 44 Tutorial Specify DHCP VLAN 5 Click the Port link at the top right 6 The DHCP Snooping Port Configure screen appears Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5 Keep ports 6 and 7 Untrusted because they are connected to DHCP clients Click Apply ...

Page 68: ...re VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen If you want to add more information in the DHCP request packets such as source VLAN ID or system name you can also select an Option82 Profile in the entry Figure 46 Tutorial Enable DHCP Snooping on this VLAN ...

Page 69: ...show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 3 How to Use DHCPv4 Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server The DHCP server can then assign a specific IP address based on the information in the DHCP requests 6 3 1 DHCP Relay Tutorial Introduction In this example you have con...

Page 70: ...torial Set VLAN Type to 802 1Q 3 Click Advanced Application VLAN VLAN Configuration Static VLAN Setup 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before ...

Page 71: ... and then the VLAN Port Setup link in the VLAN Configuration screen Figure 51 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 72: ...ts 1 Click IP Application DHCP DHCPv4 and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select default1 or default2 in the Option 82 Profile field 5 Click Apply to save your changes back to the run time memory Figure 53 Tutorial Set DHCP Server and Relay Informati...

Page 73: ...CP server and TFTP server first to use auto configuration Setting up a DHCP Server 1 Set up a dynamic IP addresses pool so the DHCP server will assign an IP address to the Switch in that range 2 Set up a TFTP server IP address so the Switch will know where to load the auto configuration file 3 Set up the filename of the auto configuration file so the Switch will know which file to load when you re...

Page 74: ...DHCP VLAN ID field Click Apply to save your changes Figure 55 Tutorial Enable Auto Configuration 3 Go to the Basic Setting IP Setup IP Configuration screen Select the check box in the DHCP Client field 4 If you want to load the auto configuration file with DHCP option 60 enabled and a Vendor Class Identifier assigned when you reboot the Switch follow the instruction below Otherwise skip this step ...

Page 75: ...server automatically when rebooting Go to the Management Maintenance screen Click the Config 1 Config 2 or Custom Default button next to the Save Configuration field 6 Click the same button next to Reboot System field to reboot the Switch and load the auto configuration setting as configured before For example if you save the auto configuration setting to Config 1 you need to click the Config 1 bu...

Page 76: ... see if auto configuration was performed successfully Figure 58 Tutorial Log 8 Check the screens to see if it is the configuration file you want to load If it is not go through the steps above to check your configurations If it is click Save at the top right corner of the Web Configurator to save the configuration permanently Figure 59 Tutorial Save ...

Page 77: ...u can also display other status screens for more information Use the Neighbor screen Section 7 2 1 on page 79 to view a summary and manage Switch s neighbor devices Use the Neighbor Detail screen Section 7 2 2 on page 80 to view more detailed information on the Switch s neighbor devices 7 2 Status The Status screen displays when you log into the Switch or click Status at the top right of the Web C...

Page 78: ...mm ss Hardware Version This field displays the hardware version number of the Switch The integer is the generation number of the Switch series and the decimal is the version of the hardware change For example V1 0 is a hardware version for the Switch where 1 identifies the first generation of the Switch series and 0 is the first hardware change System Up Time This field displays how long the Switc...

Page 79: ...y s 0 hour s for example Detail Click this link to go to the Basic Setting System Info screen to check other detailed information such as system resource usage and the Switch temperature fan speeds or voltage IP Address Information IPv4 Address This field displays the Switch s current IPv4 address Subnet Mask This field displays the Switch s subnet mask Default Gateway This field displays the IP a...

Page 80: ... for 10 Gbps and the duplex F for full duplex or H for half This field displays Down if the port is not connected to any device System Name This shows the system name of the neighbor device IPv4 This shows the IPv4 address of the neighbor device The IPv4 address is a hyper link that you can click to log into and manage the neighbor device through its Web Configurator IPv6 This shows the IPv6 addre...

Page 81: ...in the above screen Table 13 Status Neighbor Neighbor Detail LABEL DESCRIPTION Local Port This shows the port of the Switch on which the neighboring device is discovered Desc This shows the port description of the Switch Link This shows the speed either 10M for 10 Mbps 100M for 100 Mbps 1G for 1 Gbps or 10G for 10 Gbps and the duplex F for full duplex or H for half This field displays Down if the ...

Page 82: ...ighbor device The IPv6 address is a hyper link that you can click to log into and manage the neighbor device through its Web Configurator Port This show the number of the neighbor device s port which is connected to the Switch Desc This shows the description of the neighbor device s port which is connected to the Switch Location This shows the geographic location of the neighbor device This field ...

Page 83: ...Use the IP Setup screen Section 8 6 on page 92 to configure the Switch IP address default gateway device management VLAN ID and proxy server Use the Port Setup screen Section 8 7 on page 97 to configure Switch port settings Use the Interface Setup screens Section 8 8 on page 99 to configure Switch interface type and interface ID settings Use the IPv6 screens Section 8 9 on page 100 to view IPv6 st...

Page 84: ...Chapter 8 Basic Setting XGS4600 Series User s Guide 84 Figure 63 Basic Setting System Info Standalone Mode Figure 64 Basic Setting System Info Stacking Mode ...

Page 85: ... the temperature sensor on the Switch printed circuit board Current This shows the current temperature at this sensor MAX This field displays the maximum temperature measured at this sensor MIN This field displays the minimum temperature measured at this sensor Threshold This field displays the upper temperature limit at this sensor Status This field displays Normal for temperatures below the thre...

Page 86: ...tes the power module is connected to a power source but the Switch is NOT operating from it N A is displayed when the power module is not connected to a power source and there is no available power Hardware Status Stacking Mode Slot This number identifies the Switch in the stack Click the number to see more detailed information on the Switch Name This is the system name of the Switch in the stack ...

Page 87: ...ted cool operating environment in order for the device to stay within the temperature threshold Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown Current This field displays this fan s current speed in Revolutions Per Minute RPM MAX This field displays this fan s maximum speed measured in RPM MIN This field displays this fan s minimum...

Page 88: ...Daytime RFC 867 format the Switch displays the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None is the default value Enter the time ma...

Page 89: ...e 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones ...

Page 90: ...itch Setup Click Basic Setting Switch Setup in the navigation panel to display the screen as shown The VLAN setup screens change depending on whether you choose 802 1Q or Port Based in the VLAN Type field in this screen Figure 67 Basic Setting Switch Setup Standalone Mode Figure 68 Basic Setting Switch Setup Stacking Mode ...

Page 91: ...he chapter on VLAN setup for more background information Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds Each port has a single Leave Period timer Leave Time must be two times larger than Join Timer the default is 600 milliseconds Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds Each port has a sing...

Page 92: ...ame VLAN as long as the IP address ranges for the domains do not overlap To change the IP address of the Switch in a routing domain simply add a new routing domain entry with a different IP address in the same subnet You can configure up to 256 IP domains which are used to access and manage the Switch from the ports belonging to the pre defined VLANs Note You must configure a VLAN first Each VLAN ...

Page 93: ...mber of an entry IP Address This field displays the IP address of the Switch in the IP domain IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the Switch Type This shows whether this IP address is dynamically assigned from a DHCP server or manually assigned Static Renew Click this to renew t...

Page 94: ... use the current dynamic IP address from the DHCP server Renew Time This displays the length of time from the lease start that the Switch will request to renew its current dynamic IP address from the DHCP server Rebind Time This displays the length of time from the lease start that the Switch will request to get any dynamic IP address from the DHCP server Lease Time Start This displays the date an...

Page 95: ...is to send packets originating from itself such as SNMP traps or packets with unknown source Select Out of band to have the Switch send the packets to the management port labeled MGMT This means that devices connected to the other ports do not receive these packets Select In Band to have the Switch send the packets to all ports except the management port labeled MGMT to which connected devices do ...

Page 96: ... device identity you want the Switch to add in the DHCP discovery frames that go to the DHCP server This allows the Switch to identify itself to the DHCP server Class ID Type a string of up to 32 characters to identify this Switch to the DHCP server For example Zyxel TW Static IP Address Select this option if you do not have a DHCP server or if you wish to assign static IP address information to t...

Page 97: ...splay the configuration screen Figure 73 Basic Setting Port Setup Standalone Mode Figure 74 Basic Setting Port Setup Stacking Mode Delete Click Delete to remove the selected entry from the summary table Note Deleting all IP subnets locks you out of the Switch Cancel Click Cancel to clear the check boxes Table 21 Basic Setting IP Setup IP Configuration continued LABEL DESCRIPTION ...

Page 98: ... on a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode If the peer port does not support auto negotiation or turns off this feature the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode When the Switch s auto negotiation is turned off a port uses the pre configured speed and duplex mode ...

Page 99: ...ansparency in the Switch Setup screen first Select Peer to process any BPDU Bridge Protocol Data Units received on this port Select Tunnel to forward BPDUs received on this port Select Discard to drop any BPDU received on this port Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU Media Type You can insert either an SFP transceiver or an SFP Direct Attach Copper DAC cable...

Page 100: ...e ID number in the Advanced Application VLAN screens Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous conf...

Page 101: ...IPv6 Interface Status Table 24 Basic Setting IPv6 LABEL DESCRIPTION IPv6 Status Domain Name Server This field displays the IP address of the DNS server Source This field displays whether the DNS server address is configured manually Static or obtained automatically using DHCPv6 IPv6 Table Index This field displays the index number of an IPv6 interface Click on an index number to view more interfac...

Page 102: ...erface ND Reachable Time millisecond This field displays how long in milliseconds a neighbor is considered reachable for this interface DHCPv6 Client Active This field displays whether the Switch acts as a DHCPv6 client to get an IPv6 address from a DHCPv6 server Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and clie...

Page 103: ... information for this interface Table 25 Basic Setting IPv6 IPv6 Interface Status continued LABEL DESCRIPTION Table 26 Basic Setting IPv6 IPv6 Configuration LABEL DESCRIPTION IPv6 Global Setup Click the link to go to a screen where you can configure the global IPv6 settings on the Switch IPv6 Interface Setup Click the link to go to a screen where you can enable an IPv6 interface on the Switch IPv6...

Page 104: ...ing IPv6 IPv6 Configuration IPv6 Global Setup LABEL DESCRIPTION IPv6 Hop Limit Specify the maximum number of hops from 1 to 255 in router advertisements This is the maximum number of hops on which an IPv6 packet is allowed to transmit before it is discarded by an IPv6 router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages ...

Page 105: ...ext Figure 81 Basic Setting IPv6 IPv6 Configuration IPv6 Link Local Address Setup Table 28 Basic Setting IPv6 IPv6 Configuration IPv6 Interface Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure Active Select this option to enable the interface Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or...

Page 106: ...default gateway IPv6 address for the interface When an interface cannot find a routing information for a frame s destination it forwards the packet to the default gateway Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile me...

Page 107: ...v6 prefix length that specifies how many most significant bits start from the left in the address compose the network address EUI 64 Select this option to have the interface ID be generated automatically using the EUI 64 format Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Sa...

Page 108: ... time interval from 1000 to 3600000 milliseconds at which neighbor solicitations are re sent for this interface Reachable Time Specify how long from 1000 to 3600000 milliseconds a neighbor is considered reachable for this interface Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top...

Page 109: ...nterval from 3 to 1350 seconds at which the Switch sends router advertisements for this interface Note The minimum time interval cannot be greater than three quarters of the maximum time interval Maximum Interval Specify the maximum time interval from 4 to 1800 seconds at which the Switch sends router advertisements for this interface Lifetime Specify how long from 0 to 9000 seconds the router in ...

Page 110: ...can be used as a default router for this interface Suppress This field displays whether the Switch sends router advertisements and responses to router solicitations on this interface No or not Yes Table 32 Basic Setting IPv6 IPv6 Configuration IPv6 Router Discovery Setup continued LABEL DESCRIPTION Table 33 Basic Setting IPv6 IPv6 Configuration IPv6 Prefix Setup LABEL DESCRIPTION Interface Select ...

Page 111: ...nk on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click an index number to change the settings Interface This is the name of the IPv6 interface you created Prefix Prefix Length T...

Page 112: ... be reached through the interface MAC Specify the MAC address of the neighboring device which can be reached through the interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non ...

Page 113: ...94967295 seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin c...

Page 114: ...creen The following screen opens Figure 88 Basic Setting Loopback Interface 8 10 1 IPv4 Loopback Interface Use this screen to configure IPv4 loopback interfaces on the Switch Figure 89 Basic Setting Loopback Interface IPv4 Loopback Interface The following table describes the labels in this screen Table 36 Basic Setting Loopback Interface IPv4 Loopback Interface LABEL DESCRIPTION Loopback Interface...

Page 115: ...hanges if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to the factory defaults Clear Click Clear to begin configuring this screen afresh ID This field displays the identification number of the interface Active This field displays whether the IPv4...

Page 116: ...e Switches to increase or decrease the stack with minimum disruption to ongoing network traffic You can build a Switch stack using a ring or chain topology In a ring topology the last Switch is connected to the first Figure 91 Stacking Topology 8 11 1 Stacking Status Click Basic Setting Stacking in the navigation panel to display the Stacking Status screen as shown next Figure 92 Basic Setting Sta...

Page 117: ...e This field displays whether the Switch is a master backup or linecard There s only one master and one backup Switch in the stacking mode all others are linecard Switches Stacking Topology Ring Chain Slot No This field displays the slot ID number of the stacked Switch Stacking Channel1 Neighbor This field displays the neighbor Switch that is connected using slot channel 1 of the Switch Speed This...

Page 118: ...o Switches are set as masters they will have the same priority level but the Switch that has the longest active run time will be selected as the master Switch automatically Priority This field displays the priority level of the Switch A higher number represents higher priority Slot ID After Reboot This field displays the slot ID of the Switch after a reboot You can save the slot ID of the Switch a...

Page 119: ...ange Click OK to confirm and the Switch will reboot automatically using a new config01 and the default static IP address 192 168 1 1 2 After reboot completes the master LED will turn on 3 Configure the Switch stacking priority to a high value such as 63 4 Change a second Switch to stacking mode and wait for it to finish rebooting automatically This master LED will also turn on 5 Connect the two Sw...

Page 120: ...y Enter a number from1 to 63 to assign a priority for the stacking Switch The higher the number the higher the priority Apply Click Apply to save the Active Force Master Mode and System Priority fields Cancel Click Cancel to clear the Active Force Master Mode and System Priority fields Slot ID Freeze Click the Freeze button to have the Switch retain its slot ID after reboot Slot This field display...

Page 121: ...the source IP subnet you specify Use the Protocol Based VLAN Setup screen Section 9 9 on page 135 to set up VLANs that allow you to group traffic into logical VLANs based on the protocol you specify Use the Voice VLAN Setup screen Section 9 10 on page 138 to set up VLANs that allow you to group voice traffic with defined priority and enable the Switch port to carry the voice traffic separately fro...

Page 122: ...mes and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4094 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware switch to an 802 1Q VLAN unaware switch the Switch first decides where to forward the frame and then strips off the VLAN tag To forward a frame from an 802 1...

Page 123: ...A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking ports Figure 95 Port VLAN Trunking Table 41 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration or de regist...

Page 124: ...creen Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged from a port with the specified VID 9 3 VLAN Status Use this screen to view and search all stat...

Page 125: ...a and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click an index number to view more VLAN details VID This is the VLAN identification number that was configured in the corresponding VLAN configuration screen Name This fields shows the descriptive name of the VLAN Tagged Port This field shows the tag...

Page 126: ... configured in the corresponding VLAN configuration screen Slot Slot refers to a Switch in the virtual chassis stack This field displays the slot ID of the stacked Switch Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long i...

Page 127: ...N ID in a private VLAN Secondary VLAN This field shows the secondary VLAN ID in a private VLAN Type This field shows the type of private VLAN Primary Community or Isolated Port List This shows the ports mapped to the private VLAN using the Advanced Application Private VLAN or Advanced Application VLAN Static VLAN screen Change Pages Use the Previous and Next buttons to display different pages Tabl...

Page 128: ...creen to display the screen as shown next Figure 102 Advanced Application VLAN VLAN Configuration Static VLAN Setup Standalone Mode MAC Based VLAN Setup Click Click Here to configure the MAC Based VLAN for the Switch Vendor ID Based VLAN Setup Click Click Here to configure the Vendor ID Based VLAN for the Switch Table 45 Advanced Application VLAN VLAN Configuration continued LABEL DESCRIPTION ...

Page 129: ...between 1 and 4094 Note Do NOT add a VLAN ID that has been used in the Voice VLAN Setup VLAN Type Select Normal static or Private For Private VLANs select Primary Isolated or Community Association VLAN List Primary private VLANs can associate with several secondary Community private VLANs and up to one secondary Isolated private VLAN You only configure VLAN Association List for Primary private VLA...

Page 130: ...d with this VLAN Group ID Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh...

Page 131: ... VLAN XGS4600 Series User s Guide 131 Figure 104 Advanced Application VLAN VLAN Configuration VLAN Port Setup Standalone Mode Figure 105 Advanced Application VLAN VLAN Configuration VLAN Port Setup Stacking Mode ...

Page 132: ...mes on a port for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptab...

Page 133: ...en be configured to group incoming traffic based on the source IP subnet of incoming frames You configure a subnet based VLAN with priority 6 and VID of 100 for traffic received from IP subnet 172 16 1 0 24 voice services You also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you configure VLAN with priority 3 and V...

Page 134: ... the IP address of the subnet for which you want to configure this subnet based VLAN Mask Bits Enter the bit number of the subnet mask To find the bit number convert the subnet mask to binary format and add all the 1 s together Take 255 255 255 0 for example 255 converts to eight 1s in binary There are three 255s so add three eights together and you get the bit number 24 VID Enter the ID of a VLAN...

Page 135: ... grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 108 Protocol Based VLAN Application Example 9 9 1 Configuring Protocol Based VLAN Click the Protocol Based VLAN Setup link in the VLAN Configuration screen to display the configuration screen as...

Page 136: ...This port must belong to a static VLAN in order to participate in a protocol based VLAN Name Enter up to 32 alpha numeric characters to identify this protocol based VLAN Ethernet type Use the drop down list box to select a predefined protocol to be included in this protocol based VLAN or select Others and type the protocol number in hexadecimal notation For example the IP protocol in hexadecimal n...

Page 137: ...nfiguring Cancel Click Cancel to begin configuring this screen afresh Index This is the index number identifying this protocol based VLAN Click any of these numbers to edit an existing protocol based VLAN Active This field shows whether the protocol based VLAN is active or not Port This field shows which port belongs to this protocol based VLAN In stacking mode the first number represents the slot...

Page 138: ...ed priority into an assigned VLAN which enables the separation of voice and data traffic coming onto the Switch port The Switch can determine whether a received packet is an untagged voice packet when the incoming port is a fixed port for voice VLAN a tagged voice packet when the incoming port and VLAN tag belongs to a voice VLAN It then checks the source packet s MAC address against an OUI list I...

Page 139: ...n afresh Clear Click Clear to reset the fields to default settings Voice VLAN OUI Setup OUI address Enter the IP phone manufacturer s OUI MAC address The first 3 byes is the manufacturer identifier the last 3 bytes is a unique station ID OUI mask Enter the mask for the specified IP phone manufacturer s OUI MAC address to determine which bits a packet s MAC address should match Enter f for each bit...

Page 140: ...owing table describes the fields in the above screen OUI address This field displays the OUI address of the Voice VLAN OUI mask This field displays the OUI mask address of the Voice VLAN Description This field displays the description of the Voice VLAN with OUI address Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entri...

Page 141: ...ecify a weight number to define the rule s priority level As rules are processed one after the other stating a priority order will let you choose which rule has to be applied first and which second Click the Vendor ID Based VLAN Setup link in the VLAN Configuration screen to see the following screen Add Click Add to save the new MAC based VLAN entry Cancel Click Cancel to clear the fields in the M...

Page 142: ...ct the priority level that the Switch assigns to frames belonging to this VLAN The higher the numeric value you assign the higher the priority for this vendor ID based VLAN entry Weight Enter a number between 0 and 255 to specify the rule s weight This is to decide the priority in which the rule is applied The higher the number the higher the rule s priority Add Click Add to save the new vendor ID...

Page 143: ...s a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 9 13 1 Configure a Port Based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN ...

Page 144: ...Chapter 9 VLAN XGS4600 Series User s Guide 144 Figure 115 Advanced Application VLAN Port Based VLAN Setup All Connected The following screen shows users on a port based port isolated VLAN configuration ...

Page 145: ...CPU outgoing port is selected This option is the most limiting but also the most secure After you make your selection click Apply top right of screen to display the screens as mentioned above You can still customize these settings by adding or deleting incoming or outgoing ports but you must also click Apply at the bottom of the screen Incoming These are the ingress ports an ingress port is an inc...

Page 146: ...s a VLAN with all Ethernet ports If it does not form a VLAN with a particular port then the Switch cannot be managed from that port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Canc...

Page 147: ... 147 to assign static MAC addresses for a port 10 2 Configure Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Click Advanced Application Static MAC Forwarding in the na...

Page 148: ...e memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Ac...

Page 149: ...ng XGS4600 Series User s Guide 149 Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 54 Advanced Application Static MAC Forwarding continued LABEL DESCRIPTION ...

Page 150: ... group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to al...

Page 151: ...Forwarding to Multiple Ports 11 2 Configure Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific ports Click Advanced Application Static Multicast Forwarding to display the configuration screen as shown Figure 122 Advanced Application Static Multicast Forwarding ...

Page 152: ...umber Enter 1 1 1 24 2 23 for ports 1 to 24 for the Switch in slot 1 and port 23 for the Switch in slot 2 for example Add Click this to create a new entry or to update an existing one This saves your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when...

Page 153: ...urce and or destination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 153 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 123 Advanced ...

Page 154: ...te an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults...

Page 155: ...Protocol Status screen Section 13 4 on page 159 to view the RSTP status Use the Rapid Spanning Tree Protocol screen Section 13 5 on page 161 to configure RSTP settings Use the Multiple Spanning Tree Protocol screen Section 13 6 on page 163 to configure MSTP Use the Multiple Spanning Tree Protocol Status screen Section 13 7 on page 169 to view the MSTP status Use the Multiple Rapid Spanning Tree Pr...

Page 156: ...dge is selected This bridge has the lowest cost to the root among the bridges connected to the LAN How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port and the ports that are the designated ports for connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating an...

Page 157: ... and RSTP in networks to include the following features One Common and Internal Spanning Tree CIST that represents the entire network s connectivity Grouping of multiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balanc...

Page 158: ... Application Spanning Tree Protocol Stacking mode This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for each STP mode Click Configuration to activate one of the STP standards on the Switch 13 3 Spanning Tree Configuration Use the Spanning Tree Configuration screen t...

Page 159: ...on the Switch Figure 128 Advanced Application Spanning Tree Protocol Standalone Mode Figure 129 Advanced Application Spanning Tree Protocol Stacking Mode Table 59 Advanced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree Apply Cl...

Page 160: ...the first number represents the slot ID and the second is the port number Port State This field displays the port state in STP Discarding The port does not forward or process received frames or learn MAC addresses but still listens for BPDUs Learning The port learns MAC addresses and processes BPDUs but does NOT forward frames yet Forwarding The port is operating normally It learns MAC addresses p...

Page 161: ...he path cost to the LAN segment to which the port is connected when the port is a designated port Otherwise it displays the path cost to the root bridge from the designated port for the LAN segment to which this port is connected Root Guard State This field displays the state of the port on which root guard is enabled Root inconsistent the Switch receives superior BPDUs on the port and blocks the ...

Page 162: ...have the same priority the Switch with the lowest MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value you assign the higher the priority for this bridge Bridge Priority determines the root bridge which in turn determines Hello Time Max Age and Forwarding Delay Hello Time This is the time interval in seconds between BPDU Bridge Protoco...

Page 163: ...nges in this row are copied to all the ports as soon as you make them Active Select this check box to activate RSTP on this port Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after t...

Page 164: ...Chapter 13 Spanning Tree Protocol XGS4600 Series User s Guide 164 Figure 132 Advanced Application Spanning Tree Protocol MSTP Standalone Mode ...

Page 165: ... MSTP Status screen Port Click Port to display the MSTP Port screen Active Select this check box to activate MSTP on the Switch Clear this check box to disable MSTP on the Switch Note You must also activate Multiple Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to enable MSTP on the Switch Hello Time This is the time interval in seconds between BPDU Bridge P...

Page 166: ...mory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Instance Use this section to configure MSTI Multiple Spanning Tree Instance settings Instance Enter the number you want to use to identify this MST instance on the Switch The Switch supports instance numbers 0 15 Bridge Priority Set the priority of the Switch for the specific spanning tree instance The l...

Page 167: ...a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses this change if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Instance This field displays the ID of an MST instan...

Page 168: ...panning Tree Protocol XGS4600 Series User s Guide 168 Figure 134 Advanced Application Spanning Tree Protocol MSTP Port Standalone Mode Figure 135 Advanced Application Spanning Tree Protocol MSTP Port Stacking Mode ...

Page 169: ...n make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port ...

Page 170: ...Chapter 13 Spanning Tree Protocol XGS4600 Series User s Guide 170 Figure 136 Advanced Application Spanning Tree Protocol Standalone Mode ...

Page 171: ...oot and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay seco...

Page 172: ...ort state in STP Discarding The port does not forward or process received frames or learn MAC addresses but still listens for BPDUs Learning The port learns MAC addresses and processes BPDUs but does not forward frames yet Forwarding The port is operating normally It learns MAC addresses processes BPDUs and forwards received frames Port Role This field displays the role of the port in STP Root A f...

Page 173: ...e LAN segment to which the port is connected when the port is a designated port Otherwise it displays the path cost to the root bridge from the designated port for the LAN segment to which this port is connected Root Guard State This field displays the state of the port on which root guard is enabled Root inconsistent the Switch receives superior BPDUs on the port and blocks the port Forwarding th...

Page 174: ...omes the STP root switch If all switches have the same priority the switch with the lowest MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value you assign the higher the priority for this bridge Bridge Priority determines the root bridge which in turn determines Hello Time Max Age and Forwarding Delay Hello Time This is the time interv...

Page 175: ... computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Root Guard Select this check box to enable root guard on ...

Page 176: ...tings on the Switch Tree Select which STP tree configuration you want to view Bridge Root refers to the base of the spanning tree the root bridge Our Bridge is this switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Ti...

Page 177: ...esignated A forwarding port on the designated bridge for each connected LAN segment A designated bridge has the lowest path cost to the root bridge among the bridges connected to the LAN segment All the ports on a root bridge root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port moves to...

Page 178: ... Thus traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Figure 143 MSTP Network Example 13 10 2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost ...

Page 179: ...ample where there are two MST regions Regions 1 and 2 have two spanning tree instances Figure 144 MSTIs in Different Regions 13 10 4 Common and Internal Spanning Tree CIST A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CI...

Page 180: ...Chapter 13 Spanning Tree Protocol XGS4600 Series User s Guide 180 Figure 145 MSTP and Legacy RSTP Network Example ...

Page 181: ...the guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the i...

Page 182: ...width Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports...

Page 183: ...ommit rate should be less than the peak rate The sum of commit rates cannot be greater than or equal to the uplink bandwidth Active Select this check box to activate peak rate limits on this port Peak Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Active Select this check box to activate egress rate limits on this port Apply Click App...

Page 184: ...allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 1 1 What You Can Do Use the Broadcast Storm Control screen Section 15 2 on page 184 to limit the number of broadcast multicast and destination look...

Page 185: ...ontrol Stacking Mode The following table describes the labels in this screen Table 68 Advanced Application Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch Clear this check box to disable this feature SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack ...

Page 186: ...oadcast packets the Switch accepts per second on the port The Switch will generate a trap and or log when the actual rate is higher than the specified threshold Multicast pkt s Select this option to enable and specify how many multicast packets the Switch accepts per second on the port The Switch will generate a trap and or log when the actual rate is higher than the specified threshold DLF pkt s ...

Page 187: ...s through which traffic you copy passes and the monitor port are on the same device In remote port mirroring RMirror the mirroring ports and monitor port can be on different devices in a network You can use it to monitor multiple switches across your network The traffic from the source device s mirroring ports is sent to a reflector port for VLAN tagging and copied to the connected ports Traffic a...

Page 188: ...h you can disable the reflector port The Switch adds RMirror VLAN tag and forwards mirrored traffic from the mirroring port to the connected port directly Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port ...

Page 189: ...Chapter 16 Mirroring XGS4600 Series User s Guide 189 Figure 150 Advanced Application Mirroring Standalone Mode ...

Page 190: ...de the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments o...

Page 191: ...reen opens Table 70 Advanced Application Mirroring RMirror LABEL DESCRIPTION Active Select the option to enable the VLAN RMirror VLAN ID Specify the ID number of remote port mirroring RMirror VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your chan...

Page 192: ...Chapter 16 Mirroring XGS4600 Series User s Guide 192 Figure 153 Advanced Application Mirroring RMirror Source Standalone Mode Figure 154 Advanced Application Mirroring RMirror Source Stacking Mode ...

Page 193: ... are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify t...

Page 194: ...on the monitor port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh VLAN This field displays the ID number of RMirror VLAN o...

Page 195: ... ports that helps forward mirrored traffic to other connected switches and or receive mirrored traffic from other connected port in the same RMirror VLAN Click the Connected Port link in the RMirror screen The following screen opens Figure 157 Advanced Application Mirroring RMirror Connected Port Standalone Mode ...

Page 196: ...y port basis Note Changes in this row are copied to all the ports as soon as you make them Connected Port When the Switch is a source device in remote port mirroring select this option to have the port help forward mirrored traffic to the connected port of the intermediate or destination device in the same RMirror VLAN When the Switch is an intermediate device in remote port mirroring select this ...

Page 197: ... port mirroring VLAN over which the mirrored traffic is forwarded Connected Port This field displays the number of ports that helps forward mirrored traffic to other connected switches Table 73 Advanced Application Mirroring RMirror Connected Port continued LABEL DESCRIPTION ...

Page 198: ... transmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 3 on page 200 to configure static link aggregation Use the Link Aggregation Control Protocol screen Section 17 3 1 on page 203 to enable Link Aggregation Control Protocol LACP 17 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a prope...

Page 199: ...opology loops Link Aggregation ID LACP aggregation ID consists of the following information1 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Link Aggregation Status screen displays by default See Section 17 1 on page 198 for more information Figure 159 Advanced Application Link Aggregation Status Table 74 Link Aggregation ID Local Switch SYSTEM ...

Page 200: ...rity and port number The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distributes traffic based on the packet s source...

Page 201: ...XGS4600 Series User s Guide 201 Figure 160 Advanced Application Link Aggregation Link Aggregation Setting Standalone Mode ...

Page 202: ...the labels in this screen Table 77 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select this option to activate a trunk group ...

Page 203: ...n the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the packet s source and destination IP addresses SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stack...

Page 204: ...Chapter 17 Link Aggregation XGS4600 Series User s Guide 204 Figure 162 Advanced Application Link Aggregation Link Aggregation Setting LACP Standalone Mode ...

Page 205: ...tocol LACP System Priority LACP system priority is a number between 1 and 65535 The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol LACP The smaller the number the higher the priority l...

Page 206: ...t two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the...

Page 207: ...Chapter 17 Link Aggregation XGS4600 Series User s Guide 207 Figure 165 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete EXAMPLE ...

Page 208: ... authenticates using either IEEE 802 1x authentication or MAC Authentication Strict The client authenticates using both IEEE 802 1x authentication and MAC Authentication Note All types of authentication use the RADIUS Remote Authentication Dial In User Service RFC 2138 2139 protocol to validate users You must configure a RADIUS server before enabling port authentication Note If you enable IEEE 802...

Page 209: ...ogin information in the form of a user name and password after the client responds to its identity request When the client provides the login credentials the Switch sends an authentication request to a RADIUS server The RADIUS server validates whether this client is allowed access to the port Figure 166 IEEE 802 1x Authentication Process 18 1 3 MAC Authentication MAC authentication works in a very...

Page 210: ... the RADIUS server settings in the AAA RADIUS Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Select a port authentication method s link in the screen that appears Figure 168 Advanced Application Port Authentication 18 3 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication...

Page 211: ...Chapter 18 Port Authentication XGS4600 Series User s Guide 211 Figure 169 Advanced Application Port Authentication 802 1x Standalone Mode ...

Page 212: ...uthenticator the Switch directly over the LAN Note EAPOL flood will not take effect when 802 1x authentication is enabled SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the def...

Page 213: ... to the port Reauth period secs Specify the length of time required to pass before a client has to re enter his or her user name and password to stay connected to the port Quiet period secs Specify the number of seconds the port remains in the HELD state and rejects further authentication requests from the connected client after a failed authentication exchange Tx period secs Specify the number of...

Page 214: ...Chapter 18 Port Authentication XGS4600 Series User s Guide 214 Figure 171 Advanced Application Port Authentication MAC Authentication Standalone Mode ...

Page 215: ... ASCII characters If you leave this field blank then only the MAC address of the client is forwarded to the RADIUS server Delimiter Select the delimiter the RADIUS server uses to separate the pairs in MAC addresses used as the account user name and password You can select Dash Colon or None to use no delimiters at all in the MAC address Case Select the case Upper or Lower the RADIUS server require...

Page 216: ...red in the Switch Setup screen Note If the Aging Time in the Switch Setup screen is set to a lower value then it supersedes this setting SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please no...

Page 217: ...Figure 173 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication screen click Guest Vlan to display the configuration screen as shown Figure 174 Advanced Application Port Authentication Guest VLAN Standalone Mode ...

Page 218: ...lients that fail authentication are placed in the guest VLAN and can receive limited services Guest Vlan A guest VLAN is a pre configured VLAN on the Switch that allows non authenticated users to access limited network resources through the Switch You must also enable IEEE 802 1x authentication on the Switch and the associated ports Enter the number that identifies the guest VLAN Make sure this is...

Page 219: ...t Use the AAA RADIUS Server Setup screen to configure the RADIUS server In MAC authentication the login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch In the Port Authentication screen click Compound Authentication Mode to display the configuration screen as shown Ap...

Page 220: ...Chapter 18 Port Authentication XGS4600 Series User s Guide 220 Figure 176 Advanced Application Port Authentication Compound Authentication Mode Standalone Mode ...

Page 221: ...o all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Compound Authentication Mode Specify how the Switch authenticates clients for network access Select Strict to allow network access to clients on...

Page 222: ...on methods to be deployed with no changes to the switch or the wired clients 18 7 2 RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to the ne...

Page 223: ... in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server a switch helps a wired station and a RADIUS server perform authentication The type of authentication you use depends on the RADIUS server and an intermediary switch that supports IEEE 802 1x For EAP TLS authentication type you must first have a wired connection to the network an...

Page 224: ...ed EAP Like EAP TTLS server side certificate authentication is used to establish a secure connection then use simple user name and password methods through the secured connection to authenticate the clients thus hiding client identity However PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco...

Page 225: ... ports other than the sum cannot exceed 32K For maximum port security enable this feature disable MAC address learning and configure static MAC addresses for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activated 19 2 Port Securit...

Page 226: ...cified in the Port List Active Select this option to enable port security on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two p...

Page 227: ...d MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device must wait until one of the five learned MAC addresses ages out MAC address aging out time can be set in the Switch Setup screen The valid ...

Page 228: ...eate a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to reset the fie...

Page 229: ...s you to schedule the active time of configurations The time range can be configured in two ways Absolute and Periodic Absolute is a fixed time range with a start and end time Periodic is recurrence of a time range and does not have an end time 20 1 1 What You Can Do Use the Time Range screen Section 20 2 on page 229 to view or define a schedule on the Switch 20 2 Configuring Time Range Click Adva...

Page 230: ... the week hour and minute when the schedule begins and ends respectively Select the second option if you want to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the same day Add Clic...

Page 231: ...ility to deliver data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific cr...

Page 232: ...number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Weight This field displays the rule s weight This is to indicate a rule s priority when the match order is set to manual in the Classifier Classifier Configuration Classifier Global Setting screen The higher the number the higher the rule s priority Name...

Page 233: ...Chapter 21 Classifier XGS4600 Series User s Guide 233 Figure 184 Advanced Application Classifier Classifier Configuration ...

Page 234: ... default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Trunk Select Any to apply the rule to all trunk groups To specify a trunk group select the second choice and type a trunk group ID Packet Format Specify the format of the packet Choices are All 802 3 tagged 802 3 untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 in...

Page 235: ...cket length or manually enter a range of number from to of packet size in the field provided DSCP IPv4 IPv6 Select Any to classify traffic from any DSCP or select the second option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided Preceden ce Select Any to classify traffic from any precedence or select the second option and specify an IP Precedence the first 3 bi...

Page 236: ...Select Any to apply the rule to all TCP UDP protocol port numbers or select the second option and enter a TCP UDP protocol port number Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the ...

Page 237: ...ry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 89 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X 75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 08...

Page 238: ...onfigured in the rule Layer 4 items have the highest priority and layer 2 items has the lowest priority For example you configure a layer 2 item VLAN ID in classifier A and configure a layer 3 item source IP address in classifier B When an incoming packet matches both classifier rules classifier B has priority over classifier A Logging Active Select this to allow the Switch to create a log when pa...

Page 239: ...S4600 Series User s Guide 239 Figure 187 Classifier Example After you have configured a classifier you can configure a policy in the Policy screen to define actions on the classified traffic flow EXAMPLE ...

Page 240: ... DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 22 1 3 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to repla...

Page 241: ...pplication Policy Rule in the navigation panel to display the screen as shown Figure 188 Advanced Application Policy Rule The following table describes the labels in this screen Table 92 Advanced Application Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy Name Enter a descriptive name for identification purposes ...

Page 242: ...frames that were marked to be dropped before Priority Select No change to keep the priority setting of the frames Select Set the packet s 802 1p priority and send the packet to priority queue to replace the packet s 802 1p priority field with the value you set in the Priority field and put the packets in the designated queue Select Replace the 802 1p priority field with the IP TOS value and send t...

Page 243: ... one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This fiel...

Page 244: ...Chapter 22 Policy Rule XGS4600 Series User s Guide 244 Figure 189 Policy Example EXAMPLE ...

Page 245: ... Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth based on its bandwidth weight portion the number you configure in the Weight field whe...

Page 246: ...c than it can handle Queues with larger weights get more service than queues with smaller weights This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied 23 2 Configuring Queuing Use this screen to set priorities for the queues of the Switch This distributes bandwidth across the differ...

Page 247: ...ck Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row fi...

Page 248: ...ith larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ Lowest Queue This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use SPQ to service the subsequent queues after and including ...

Page 249: ...erent service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore there is no VLAN tag overlap among customers so traffic from di...

Page 250: ...so a second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Port Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network All VLANs belonging to a customer can be aggregated into a single service provider s VLAN using the outer VLAN tag defined by the Service Prov...

Page 251: ...ndard that allows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of the inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the highest VID is the VLAN ID SP VID is the VID for the second service provider s VLAN tag 24 3 1 Frame Format The frame format for an untagged E...

Page 252: ...ing LABEL DESCRIPTION Active Select this check box to enable VLAN stacking on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ...

Page 253: ...e of the service provider s network Select Tunnel Port to have the Switch add the Tunnel TPID tag to all outgoing frames sent on this port In order to support VLAN stacking on a port the port must be able to allow frames of 1526 Bytes 1522 Bytes 4 Bytes for the second tag to pass through it Tunnel TPID TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carr...

Page 254: ... Table 98 Advanced Application VLAN Stacking Port based QinQ LABEL DESCRIPTION SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of y...

Page 255: ... want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port Priority Select a priority level...

Page 256: ... this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This is the number of the se...

Page 257: ... network MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join 25 1 1 What You Can Do Use the Multicast Setup screen Section 25 2 on page 261 to display the links to the configuration screens where you can configure IPv4 multicast settings Use the IPv4 Multicast Status screen Section 25 3 on page 261 to view I...

Page 258: ... port IGMP Snooping A Switch can passively snoop on IGMP packets transferred between IP multicast routers or switches and IP multicast hosts to learn the IP multicast group membership It checks IGMP packets passing through it picks out the group registration information and configures multicasting accordingly IGMP snooping allows the Switch to learn multicast groups without you having to manually ...

Page 259: ...onnected upstream ports 1 7 are treated as one interface The connection between ports 8 and 9 is blocked by STP to break the loop If there is one query from a router X or MLD Done or Report message from any upstream port it will be broadcast to all connected upstream ports MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding t...

Page 260: ...witch and S Figure 199 MVR Network Example Types of MVR Ports In MVR a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic Once configured the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group MVR Modes You can set your Switch to operate in ...

Page 261: ...on the list of forwarding destination for the multicast traffic Otherwise the Switch removes the receiver port from the forwarding table Figure 200 MVR Multicast Television Example 25 2 Multicast Setup Use this screen to configure IGMP for IPv4 Click Advanced Application Multicast in the navigation panel Figure 201 Advanced Application Multicast Setup The following table describes the labels in th...

Page 262: ... page 257 for more information on multicasting Figure 203 Advanced Application Multicast IPv4 Multicast IGMP Snooping Standalone Mode Table 101 Advanced Application Multicast IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group In stacking mode the firs...

Page 263: ...MPv2 queries only Select v3 to allow the Switch to send IGMPv3 queries only Report Proxy Select this option to allow the Switch to act as the IGMP report proxy and leave proxy It will report group changes to a connected multicast router The Switch not only checks IGMP packets between multicast routers or switches and multicast hosts to learn the multicast group membership but also replaces the sou...

Page 264: ...3 does not include 52 Reserved Multicast Group The IP address range of 224 0 0 0 to 224 0 0 255 are reserved for multicasting on the local network only For example 224 0 0 1 is for all hosts on a local network segment and 224 0 0 9 is used to send RIP routing information to all RIP v2 routers on the same network segment A multicast router will not forward a packet with the destination IP address w...

Page 265: ...allowed to join Once a port is registered in the specified number of multicast groups any new IGMP join report frames is dropped on this port Throttling IGMP throttling controls how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding tab...

Page 266: ...ecify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs You must also enable IGMP snooping in the Multicast IPv4 Multicast IGMP Snooping screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to ...

Page 267: ...ew more details or change the settings Name This field displays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entries that you want to remove then click the Delete button Cancel Click Cancel to clear...

Page 268: ... displays the end of the multicast address range Delete Profile Select a profile s check box to select a specific profile Otherwise select the check box in the table heading row to select all profiles Delete Rule Select the check boxes of the rules that you want to remove from a profile Delete To delete the profiles and all the accompanying rules select the profiles that you want to remove in the ...

Page 269: ... Snooping proxy Use these settings to configure MLD snooping proxy Active Select Active to enable MLD snooping proxy on the Switch to minimize MLD control messages and allow better network performance 802 1p Priority Select a priority level 0 7 to which the Switch changes the priority in outgoing MLD messages Apply Click Apply to save your changes to the Switch s run time memory The Switch loses t...

Page 270: ...ticast router This value is used to calculate the amount of time an MLD snooping membership entry learned only on the upstream port can remain in the forwarding table Last Member Query Interval Enter the amount of time in miliseconds between the MLD group specific queries sent by an upstream port when an MLD Done message is received This value should be exactly the same as what s configured in the...

Page 271: ...n to display the screen as shown See Section 25 1 on page 257 for more information on multicasting Figure 210 Advanced Application Multicast IPv6 Multicast MLD Snooping proxy VLAN Port Role Setting Standalone Mode Delete Click Delete to remove the selected entries permanently Cancel Click Cancel to clear the check boxes Table 107 Advanced Application Multicast IPv6 Multicast MLD Snooping proxy VLA...

Page 272: ...t number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the por...

Page 273: ... to update the forwarding table for the specified downstream ports This defines how many seconds the Switch waits for an MLD report before removing an MLD snooping membership entry learned on a downstream port when an MLD Done message is received on this port from a host Fast Leave Timeout Enter the fast leave timeout in milliseconds for the specified downstream ports This defines how many seconds...

Page 274: ...be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Group Limit Select this option to limit the number of multicast gr...

Page 275: ...v6 Multicast MLD Snooping proxy Filtering Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes To configure additional rules for a profile that you have already added enter the profile name and specify a different IP multicast address range Start Address Type the starting multicast IPv6 address for a range of multicast IPv6 addresses...

Page 276: ...ulticast VLAN in this screen End Address This field displays the end of the multicast IPv6 address range To delete the profiles and all the accompanying rules select the profiles that you want to remove then click the Delete button You can select the check box in the table heading row to select all profiles To delete a rules from a profile select the rules that you want to remove then click the De...

Page 277: ...Chapter 25 Multicast XGS4600 Series User s Guide 277 Figure 215 Advanced Application Multicast MVR Standalone Mode ...

Page 278: ...priority level 0 7 with which the Switch replaces the priority in outgoing IGMP or MLD control packets belonging to this multicast VLAN Mode Specify the MVR mode on the Switch Choices are Dynamic and Compatible Select Dynamic to send IGMP reports or MLD messages to all MVR source ports in the multicast VLAN Select Compatible to set the Switch not to send IGMP reports or MLD messages SLOT This fiel...

Page 279: ...ffic is sent or received on this port Tagging Select this check box if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes...

Page 280: ...anges if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the multicast VLAN ID Group Name This field displays the descriptive name for this setting Start Address This field displays the starting IP addre...

Page 281: ...r S Computers A B and C in VLAN 1 are able to receive the traffic Figure 218 MVR Configuration Example To configure the MVR settings on the Switch create a multicast VLAN in the MVR screen and set the receiver and source ports Figure 219 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuratio...

Page 282: ...Chapter 25 Multicast XGS4600 Series User s Guide 282 Figure 220 MVR Group Configuration Example 1 Figure 221 MVR Group Configuration Example 2 EXAMPLE EXAMPLE ...

Page 283: ...ur TACACS authentication settings Use the AAA Setup screen Section 26 5 on page 288 to configure authentication authorization and accounting settings such as the methods used to authenticate users accessing the Switch and which database the Switch should use first 26 1 2 What You Need to Know Authentication is the process of determining who a user is and validating access to the Switch The Switch ...

Page 284: ... protocols used to authenticate users by means of an external server instead of or in addition to an internal device user database that is limited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some key differences between RADIUS and TACACS 26 2 AAA Screen...

Page 285: ... index priority and the Switch tries to authenticate with the first configured RADIUS server if the RADIUS server does not respond then the Switch tries to authenticate with the second RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request res...

Page 286: ...ng server Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alp...

Page 287: ...tication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first TACACS server for 15 seconds and then tries the second TACACS server Index This is a read only number representing a TACACS server entry IP Address Enter the IP address of an externa...

Page 288: ...your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters except or as the key to be shared between the external TACACS accounting server and the Switch This key is not sent over the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accoun...

Page 289: ...e set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate administrator accounts The Switch checks the methods in the order you configure them first Method 1 then Method 2 and finally Method 3 You must configure the settings in the Method 1 field If you want the Switch to check other sources for administrator accounts specify them in Met...

Page 290: ...a specified event type Broadcast Select this to have the Switch send accounting information to all configured accounting servers at the same time If you do not select this and you have two accounting servers set up then the Switch sends information to the first accounting server and if it does not get a response from the accounting server then it tries the second accounting server Mode The Switch ...

Page 291: ...l attributes on the RADIUS server refer to your RADIUS server documentation to assign a port on the Switch to a VLAN based on IEEE 802 1x authentication The port VLAN settings are fixed and untagged This will also set the port s VID The following table describes the values you need to configure Note that these attributes only work when you enable authorization see Section 26 5 on page 288 Table 11...

Page 292: ...ic format associated with it the format is specified 26 6 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 26 6 3 1 Attributes Used for Authenticating Privilege Access User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Ad...

Page 293: ...dress NAS Identifier Acct Status Type Acct Session ID The format of Acct Session Id is date time 8 digit sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 26 6 4 2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent the difference between Console an...

Page 294: ...ess Service Type Calling Station Id Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Session Time Acct Terminate Cause Table 119 RADIUS Attributes Exec Events through Console continued ATTRIBUTE START INTERIM UPDATE STOP Table 121 RADIUS Attributes Exec Events through Console ATTRIBUTE START INTERIM UPDATE STOP User Name NAS IP Address NAS Port Class Called Station Id Calling S...

Page 295: ...XGS4600 Series User s Guide 295 Acct Output Packets Acct Terminate Cause Acct Input Gigawords Acct Output Gigawords Table 121 RADIUS Attributes Exec Events through Console continued ATTRIBUTE START INTERIM UPDATE STOP ...

Page 296: ...he following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically ARP inspection Use this to filter unauthorized ARP packets on the network If you want to use dynamic bindings to filter unauthorized ARP packets typical implementation you have to enable DH...

Page 297: ...link to open screens where you can view and manage static bindings configure DHCP snooping or ARP inspection and look at various statistics IPv6 Source Binding Status Click the link to open a screen where you can view the current IPv6 dynamic and static bindings or remove dynamic bindings based on IPv6 address and or IPv6 prefix IPv6 Static Binding Setup Click the link to open a screen where you c...

Page 298: ... binding replaces the original one To open this screen click Advanced Application IP Source Guard IPv4 Source Guard Setup Static Binding Table 123 Advanced Application IP Source Guard IPv4 Source Guard Setup LABEL DESCRIPTION Index This field displays a sequential number for each binding IP Address This field displays the IP address assigned to the MAC address in the binding VLAN This field displa...

Page 299: ...er s Guide 299 Figure 229 Advanced Application IP Source Guard IPv4 Source Guard Setup Static Binding Standalone Mode Figure 230 Advanced Application IP Source Guard IPv4 Source Guard Setup Static Binding Stacking Mode ...

Page 300: ...to the right In stacking mode the first field is the slot ID and the second field is the port number If this binding applies to all ports select Any Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your c...

Page 301: ...istics about the DHCP snooping database Use this DHCP Snooping Configure screen Section 28 3 on page 304 to enable DHCP snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use the DHCP Snooping Port Configure screen Section 28 3 1 on page 306 to specify whether ports are trusted or untrusted ports for DHCP s...

Page 302: ...r the DHCP snooping database You can configure them in the DHCP Snooping Configure screen Agent URL This field displays the location of the DHCP snooping database Write delay timer This field displays how long in seconds the Switch tries to complete a specific update in the DHCP snooping database before it gives up Abort timer This field displays how long in seconds the Switch waits to update the ...

Page 303: ...read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database Successful transfers This field displays the number of times the Switch read bindings from or updated the bindings in the DHCP snooping database successfully Failed transfers This field displays the number of times the Switch was unable to read bindings from or update the bindings i...

Page 304: ...ored any bindings for any reason from the DHCP binding database Total ignored bindings counters This section displays the reasons the Switch has ignored bindings any time it read bindings from the DHCP binding database You can clear these counters by restarting the Switch or using CLI commands See the Ethernet Switch CLI Reference Guide Binding collisions This field displays the number of bindings...

Page 305: ...fore the current update has finished successfully or timed out In this case the Switch waits to start the next update until it completes the current one Agent URL Enter the location of the DHCP snooping database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65...

Page 306: ...IP Source Guard IPv4 Source Guard Setup DHCP Snooping Configure Port Figure 233 Advanced Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping Configure Port Standalone Mode Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the ...

Page 307: ...a trusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCP servers or other switches and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high Untrusted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for ...

Page 308: ...AN in the range specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option 82 Profile Select a pre defined DHCP option 82 profile that ...

Page 309: ...Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports in this VLAN The Switch adds the information such as slot number port number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen Note The profile you select he...

Page 310: ... DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the current bindings The rate at which DHCP packets arrive is too high 28 4 1 2 DHCP Snooping Database The Switch stores the binding table in vol...

Page 311: ...add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client DHCP request frames When the DHCP server responds the Switch removes the information in the Agent Information field before forwarding the response to the original source You ca...

Page 312: ...rs This field displays the current number of MAC address filters that were created because the Switch identified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field displays the source VLAN ID in the MAC address filter Port This field displays the source po...

Page 313: ...r a dash to indicates a range of VLANs For example 3 4 or 3 9 Search Click this to display the specified range of VLANs in the section below The Number of VLAN This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs VID This field displays the VLAN ID of each VLAN in the range spec...

Page 314: ... the first number represents the slot and the second the port number VID This field displays the source VLAN ID of the ARP packet Sender MAC This field displays the source MAC address of the ARP packet Sender IP This field displays the source IP address of the ARP packet Num Pkts This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates iden...

Page 315: ...iate for the specified Syslog rate and Log interval If the number of log messages in the Switch exceeds this number the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter Syslog rate Type the maximum number of ...

Page 316: ... IPv4 Source Guard Setup ARP Inspection Configure Port Standalone Mode Figure 243 Advanced Application IP Source Guard IPv4 Source Guard Setup ARP Inspection Configure Port Stacking Mode Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the...

Page 317: ... port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on u...

Page 318: ...ange of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log messages for receiving ARP packets from the VLAN None The Switch does not gen...

Page 319: ...s To open this screen click Advanced Application IP Source Guard IPv6 Source Binding Status Figure 245 Advanced Application IP Source Guard IPv6 Source Binding Status The following table describes the labels in this screen Table 136 Advanced Application IP Source Guard IPv6 Source Binding Status LABEL DESCRIPTION Clear Dynamic Source Binding Specify how you want the Switch to remove dynamic IPv6 s...

Page 320: ... address in the binding If the entry is blank this field will not be checked in the binding VLAN This field displays the source VLAN ID in the binding If the entry is blank this field will not be checked in the binding Port This field displays the port number in the binding If this field is blank the binding applies to all ports Lease This field displays how many days hours minutes and seconds the...

Page 321: ...nding applies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each binding Source Address This field displays the IPv6 address or IPv6 prefix and prefi...

Page 322: ... Guard Policy Setup LABEL DESCRIPTION Name Enter a descriptive name for identification purposes for this IPv6 source guard policy Validate Address Select Validate Address to have IPv6 source guard forward valid addresses that are stored in the binding table Validate Prefix Select Validate Prefix to have IPv6 source guard forward valid prefixes that are stored in the binding table Link Local Select...

Page 323: ...rce Guard Port Setup Figure 249 Advanced Application IP Source Guard IPv6 Source Guard Port Setup Standalone Mode Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Select an entry check box and click Delete to remove the specified entry Cancel Click this to clear the Delete check boxes above Table 138 Advance...

Page 324: ...ld appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row app...

Page 325: ...mit address count is the maximum size of the IPv6 source guard binding table See the product data sheet for the latest specifications Add Click this to create the IPv6 source guard policy or to update an existing one Cancel Click this to reset the values above or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for...

Page 326: ...ping VLAN Setup LABEL DESCRIPTION Interface Select the VLAN interface to apply the selected DHCPv6 snooping policy Policy Select the IPv6 snooping policy to apply to this VLAN interface Add Click this to create the IPv6 source guard policy or to update an existing one Cancel Click this to reset the values above or if not applicable to clear the fields above Clear Click this to clear the fields abo...

Page 327: ...ive Select this to specify whether ports are trusted or untrusted ports for DHCP snooping If you do not select this then IPv6 DHCP Trust is not used and all ports are automatically trusted Port Setting SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number r...

Page 328: ...make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCPv6 servers or other switches Untrusted ports are conn...

Page 329: ... untrusted setting for DHCP snooping You can also specify the maximum rate at which the Switch receives ARP packets on untrusted ports The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packet...

Page 330: ... on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re broadcast again and again causing a broadcast storm If a switch not in lo...

Page 331: ...returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 258 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loop guard also protects against standard network loops The following figure illustrates three switches forming a loop...

Page 332: ...n Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature cannot be enabled on the ports that have Spanning Tree Protocol RSTP MRSTP or MSTP enabled Figure 260 Advanced Application Loop Guard Standalone Mode Figure 261 Advanced Application Loop Guard Stacking Mode ...

Page 333: ... in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends broadcast and multicast pro...

Page 334: ...le before forwarding them through the Gigabit uplink port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID based on the VLAN setting Note You cannot enable VLAN mapping and VLAN stacking at the same time 31 1 1 VLAN Mapping Example In the following example figure pack...

Page 335: ...ch and ports Use the VLAN Mapping Configure screen Section 31 2 1 on page 336 to enable and edit the VLAN mapping rules 31 2 Enable VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown Figure 263 Advanced Application VLAN Mapping Standalone Mode Figure 264 Advanced Application VLAN Mapping Stacking Mode ...

Page 336: ...slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes...

Page 337: ...s Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Index This i...

Page 338: ...e packets 32 1 2 What You Need to Know Layer 2 protocol tunneling L2PT is used on the service provider s edge devices L2PT allows edge switches 1 and 2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure connected through the service provider s network Th...

Page 339: ...eling Mode Each port can have two layer 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 268 on page 339 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the se...

Page 340: ...32 Layer 2 Protocol Tunneling XGS4600 Series User s Guide 340 Figure 269 Advanced Application Layer 2 Protocol Tunneling Standalone Mode Figure 270 Advanced Application Layer 2 Protocol Tunneling Stacking Mode ...

Page 341: ... to have the Switch tunnel CDP Cisco Discovery Protocol packets so that other Cisco devices can be discovered through the service provider s network STP Select this option to have the Switch tunnel STP Spanning Tree Protocol packets so that STP can run properly across the service provider s network and spanning trees can be set up based on bridge information from all local and remote networks VTP ...

Page 342: ...sulates the encapsulated layer 2 protocol packets received on a tunnel port by changing the destination MAC address to the original one and then forward them to an access port If the services is not enabled on an access port the protocol packets are dropped Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so us...

Page 343: ...d sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output interface sampling process parameters and forwarding information sFlow minimizes impact on CPU load of the Switch as it analyzes sample data only sFlow can continuously monitor network traffic and create reports for network performance...

Page 344: ...e the sFlow agent on the Switch Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh SLOT This field appears only in stacking mod...

Page 345: ...end sFlow datagram to the specified collector Sample rate Enter a number N from 256 to 65535 The Switch captures every one out of N packets for this port and creates sFlow datagram poll interval Specify a time interval from 20 to 120 in seconds the Switch waits before sending the sFlow datagram and packet counters for this port to the collector Collector Address Enter the IP address of the sFlow c...

Page 346: ...e Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to reset the fields to the factory defaults Index This field displays the index number of this entry Click on an index number to change the settings Collector Address This field displays IP add...

Page 347: ...ain PPPoE screen Use the Intermediate Agent screen Section 34 3 on page 350 to enable the PPPoE Intermediate Agent on the Switch Use the PPPoE IA Per Port screen Section 34 3 1 on page 351 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use the PPPoE IA Per Port Per VLAN screen Section 34 3 2 on page 353 to configure PPPoE IA settings that apply to a sp...

Page 348: ...ircuit ID Syntax with Identifier String and Variables If you do not configure a Circuit ID string for a VLAN on a specific port or for a specific port the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or the VLAN ID on the PPPoE packet The identifier stri...

Page 349: ...Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the Switch forwards it to other trusted ports Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trusted ports Untrusted ports are conn...

Page 350: ...ecific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN screen has priority over this That means if you also want to configure PPPoE IA Per Port or Per Port Per VLAN setting leave the fields here empty and configure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string an...

Page 351: ... trusted ports Click the Port link in the Intermediate Agent screen to display the screen as shown Figure 277 Advanced Application PPPoE Intermediate Agent Port Standalone Mode Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volat...

Page 352: ...d port Untrusted Trusted ports are uplink ports connected to PPPoE servers If a PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the ...

Page 353: ...ackets received on this port Spaces are allowed If you do not specify a string here or in the Remote id field for a VLAN on a port the Switch automatically uses the PPPoE client s MAC address The Remote ID you configure for a specific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN screen has the highest priority Apply Click Apply to save your changes to the Switch s ...

Page 354: ...d above In stacking mode it displays the slot ID and port number specified above VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as s...

Page 355: ...settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Enabled Select this option to turn on the PPPoE Intermediate Agent on a VLAN Circuit id Select this option to make the Circuit ID settings for a specific VLAN take effe...

Page 356: ...op guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent out the ports loop back to the Switch the Switch can shut down the ports automatically After that you need to enable the ports or allow the packets on a port manually through the Web Configurator or the comma...

Page 357: ...to Errdisable Status in the Advanced Application Errdisable screen to display the screen as shown Table 158 Advanced Application Errdisable LABEL DESCRIPTION Errdisable Status Click this link to view whether the Switch detected that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related inf...

Page 358: ...pter 35 Error Disable XGS4600 Series User s Guide 358 Figure 283 Advanced Application Errdisable Errdisable Status Standalone Mode Figure 284 Advanced Application Errdisable Errdisable Status Stacking Mode ...

Page 359: ...first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Cause This displays the type of the control packet received on the port or the feature enabled on the port and causing the Switch to take the specified action Active This field displays whether t...

Page 360: ...rrdisable CPU protection LABEL DESCRIPTION Reason Select the type of control packet you want to configure here SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacki...

Page 361: ... or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 160 Advanced Application Errdisable CPU protection continued LABEL DESCRIPTION Table 161 Advanced Application Errdisable Errdisable Detect LABEL DESCRIPTION Cause This field displays the type...

Page 362: ...y LABEL DESCRIPTION Active Select this option to turn on the error disable recovery function on the Switch Reason This field displays the supported features that allow the Switch to shut down a port or discard packets on a port according to the feature requirements and what action you configure Use this row to make the setting the same for all entries Use this row first and then make adjustments t...

Page 363: ...ther ports in this VLAN to the isolated port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated port can communicate with the promiscuous ports only Note You can have up to one VLAN Isolation rule for each VLAN Figure 289 VLAN Isolation Example Note Make sure you keep at least one port in the promiscuous port list for a ...

Page 364: ...mmary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults In...

Page 365: ...ou to set a port or multiple ports to have priority over other ports in MAC address learning That means when a MAC address and VLAN ID is learned on a MAC pinning enabled port the MAC address will not be learned on any other port until the aging time for the dynamically learned MAC address in the table expires This helps enhance security For example when an attacker A sends packets to all connecte...

Page 366: ...L DESCRIPTION Active Select this option to turn on the MAC pinning function on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two...

Page 367: ...t this check box to enable MAC pinning on this port The port then has priority over other ports in MAC address learning Clear this check box to disable MAC pinning Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory wh...

Page 368: ...nity VLAN can communicate with promiscuous ports in an associated Primary VLAN and other community ports in the same Community VLAN They cannot communicate with ports in Isolated VLANs non associated Primary VLAN promiscuous ports nor community ports in different Community VLANs Isolated Ports in an Isolated VLAN can communicate with promiscuous ports in an associated Primary VLAN only They cannot...

Page 369: ...P VLAN 100 They cannot communicate with other isolated ports in I VLAN 102 nor community ports in C VLAN 101 Note Isolation in VLAN VLAN Port Setting has a higher priority than private VLAN settings so promiscuous ports with Isolation in VLAN VLAN Port Setting enabled will not be able to communicate with each other 38 1 1 Configuration You must go to the Static VLAN screen first to create VLAN IDs...

Page 370: ... Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports...

Page 371: ...non associated Primary VLAN Promiscuous ports nor any Community ports Associated VLAN Enter the VLAN ID of a previously created VLAN here Note The VLAN ID and Mode selected here must be the same as the VLAN ID and VLAN Type created in Advanced Application VLAN Static VLAN Tagged A VLAN ID tag identifies VLAN membership of a frame across switches Select this if the VLAN includes ports on multiple s...

Page 372: ...s traffic to be sent a WAKE signal is sent to the link partner to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Power Down and operates normally Sho...

Page 373: ...Chapter 39 Green Ethernet XGS4600 Series User s Guide 373 Figure 295 Advanced Application Green Ethernet Standalone Mode ...

Page 374: ...port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet...

Page 375: ...DUs LLDP data units in the form of TLV Type Length Value Device information carried in the received LLDPDUs is stored in the standard MIB The Switch supports these basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optio...

Page 376: ...ng for mis configured IP addresses There are three classes of endpoint devices that the LLDP MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the LLDP MED network conne...

Page 377: ...n next Figure 299 Advanced Application LLDP The following table describes the labels in this screen Table 169 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices LLDP Configuration Click here to show a screen to configure LL...

Page 378: ...nfiguration Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices parameters LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpo...

Page 379: ...ocal Switch that is the Switch you are configuring The chassis ID is identified by the chassis ID subtype Chassis ID Subtype this displays how the chassis of the Switch is identified Chassis ID This displays the chassis ID of the local Switch System Name TLV This shows the host name of the Switch System Description TLV This shows the firmware version of the Switch System Capabilities TLV This show...

Page 380: ...not supported Object Identifier 0 not supported LLDP Port Information This displays the local port information SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Local Port This displays the number of the Switch port which receives the LLDPDU from the remote device Click a port number to view the detailed LLDP status on this po...

Page 381: ...Protocol LLDP XGS4600 Series User s Guide 381 Figure 302 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail Basic TLV Figure 303 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail MED TLV ...

Page 382: ...ring link initiation or manual override AN Supported Displays if the port supports or does not support auto negotiation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capa...

Page 383: ...s the location information of a caller by its ELIN Emergency Location Identifier Number or the IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Coordinate based LCI latitude longitude and altitude coordinates of the location Configuration Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identi...

Page 384: ... the slot and the second the port number Chassis ID This displays the chassis ID of the remote device associated with the transmitting LLDP agent The chassis ID is identified by the chassis ID subtype For example the MAC address of the remote device Port ID This is an alpha numeric string that contains the specific identifier for the port from which this LLDPDU was transmitted The port ID is ident...

Page 385: ...fied Port ID this displays the port ID of the remote device The port ID is identified by the port ID subtype Time To Live TLV This displays the time to live TTL multiplier of LLDP frames The device information on the neighboring devices ages out and is discarded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval Port Descript...

Page 386: ...ed Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device Port Protocol VLAN ID TLV This displays the IEEE 802 1 Port Protocol VLAN ID TLV which indicates whether the VLAN ID and whether it is enabled and supported on the port of remote Switch which sent the LLDPDU ...

Page 387: ...ised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Aggregation Capability The current aggregation c...

Page 388: ...Chapter 40 Link Layer Discovery Protocol LLDP XGS4600 Series User s Guide 388 Figure 308 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Page 389: ...ler by its Coordinate base LCI latitude and longitude coordinates of the Location Configuration Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identifier Number Inventory TLV The majority of IP Phones lack support of management protocols such as SNMP so LLDP MED inventory TLVs are used to provide their inventory information to ...

Page 390: ... Guide 390 40 6 LLDP Configuration Use this screen to configure global LLDP settings on the Switch Click Advanced Application LLDP LLDP Configuration Click Here to display the screen as shown next Figure 309 Advanced Application LLDP LLDP Configuration Standalone Mode ...

Page 391: ... the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to beg...

Page 392: ...mission and or reception is allowed on this port Disable not allowed Tx Only transmit only Rx Only receive only Tx Rx transmit and receive Notification Select whether LLDP notification is enabled on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to sa...

Page 393: ...served for stacking only Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Management Address Select the check boxes to enable or disable the sending of Management Address TLVs on the ports Port Description Select the check boxes to enable or disable...

Page 394: ...displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row ar...

Page 395: ...ng of IEEE 802 3 MAC PHY Configuration Status TLVs on the ports All check boxes in this column are enabled by default Max Frame Size Select the check boxes to enable or disable the sending of IEEE 802 3 Max Frame Size TLVs on the ports Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the...

Page 396: ...that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Notification Topology Change Select to enable LLDP MED topology change traps ...

Page 397: ...d by no space comma or hyphen for a range For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 In stacking mode the first number represents the slot and the second the port number Enter 1 1 1 24 2 23 for ports 1 to 24 for the Switch in slot 1 and port 23 for the Switch in slot 2 for example Application Type Select the type of application used in the network policy voice voice ...

Page 398: ...ndex number to edit the rule Port This field displays the port number of the network policy In stacking mode the first number represents the slot and the second the port number Application Type This field displays the application type of the network policy Tag This field displays the Tag Status of the network policy VLAN This field displays the VLAN ID of the network policy Priority This field dis...

Page 399: ...Chapter 40 Link Layer Discovery Protocol LLDP XGS4600 Series User s Guide 399 Figure 319 Advanced Application LLDP LLDP MED Location Standalone Mode ...

Page 400: ... In stacking mode the first field is the slot ID and the second field is the port number Location Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitude altitude and datum Civic Address includes Country State County City Street and other related information Latitude Ent...

Page 401: ...ost Office Box Additional Code ELIN Number Enter a numerical digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP The valid length is from 10 to 25 characters Add Click Add after finish entering the location information Cancel Click Cancel to begin entering the location information afresh Index This lists the ind...

Page 402: ...emergency call services The valid length is form 10 to 25 characters Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the locations that you want to remove then click the Delete button Cancel Click Cancel to clear the selected check boxes Table 181 Advanced Application LLDP LLDP MED Location continued ...

Page 403: ...automatically after the MAC aging time expires Note A port based threshold must be larger than the host based threshold or the host based threshold will not work 41 1 1 What You Can Do Use the Anti Arpscan Status screen Section 41 1 on page 403 to see what ports are trusted and are forwarding traffic or are disabled Use the Anti Arpscan Host Status screen Section 41 3 on page 405 to view blocked h...

Page 404: ...i Arpscan Status Use this screen to see what ports are trusted and are forwarding traffic or are disabled To open this screen click Advanced Application Anti Arpscan Figure 321 Advanced Application Anti Arpscan Status Standalone Mode Figure 322 Advanced Application Anti Arpscan Status Stacking Mode The following table describes the fields in the above screen Table 182 Advanced Application Anti Arp...

Page 405: ...s whether the port can forward traffic normally Forwarding or is disabled Err Disable Table 182 Advanced Application Anti Arpscan Status continued LABEL DESCRIPTION Table 183 Advanced Application Anti Arpscan Host Status LABEL DESCRIPTION Clear Filtered host A filtered host is a blocked IP address Port List Type a port number or a series of port numbers separated by commas and spaces and then clic...

Page 406: ...tive name of up to 32 printable ASCII characters to identify this host Host IP Type the IP address of the host Mask A trusted host may consist of a subnet of IP addresses Type a subnet mask to create a single host or a subnet of hosts Add Click this to create the trusted host Cancel Click this to reset the values above based or if not applicable to clear the fields above Clear Click this to clear ...

Page 407: ...Chapter 41 Anti Arpscan XGS4600 Series User s Guide 407 Figure 325 Advanced Application Anti Arpscan Configure Standalone Mode Figure 326 Advanced Application Anti Arpscan Configure Stacking Mode ...

Page 408: ... second Note The port based threshold must be larger than the host based threshold or the host based threshold will not be applied SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note tha...

Page 409: ...es the ports automatically You can then enable the ports manually in the Basic Setting Port Setup screen or use the Errdisable Recovery screen see Section 35 6 on page 362 to have the ports become active after a certain time interval 42 1 1 What You Can Do Use the BPDU Guard Status screen Section 42 2 on page 409 to view the BPDU guard status Use the BPDU Guard Configuration screen Section 42 3 on...

Page 410: ...BPDU guard globally configuration This field displays whether BPDU guard is activated on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports th...

Page 411: ...tion BPDU Guard BPDU Guard Configuration LABEL DESCRIPTION Active Select this option to enable BPDU guard on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the defau...

Page 412: ...the BPDU guard feature on this port The Switch shuts down this port if there is any BPDU received on the port Clear this check box to disable the BPDU guard feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory w...

Page 413: ...oot network connection problems The Switch supports the following IEEE 802 3ah features Discovery this identifies the devices on each end of the Ethernet link and their OAM configuration Remote Loopback this can initiate a loopback test between Ethernet devices 43 1 1 What You Can Do Use the OAM Status screen Section 43 2 on page 413 to view the configuration of ports on which Ethernet OAM is enab...

Page 414: ...L DESCRIPTION SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Local This section displays information about the ports on the Switch Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports...

Page 415: ...the port to respond to Ethernet OAM commands Remote This section displays information about the remote device Mac Address This field displays the MAC address of the remote device OUI This field displays the OUI first 3 bytes of the MAC address of the remote device Mode This field displays the operational state of the port when OAM is enabled on the port Active Allows the port to issue and respond ...

Page 416: ...tions Mode This field displays the OAM mode The device in active mode typically the service provider s device controls the device in passive mode typically the subscriber s device Active The port initiates OAM discovery sends information PDUs and may send event notification PDUs variable request response PDUs or loopback control PDUs Passive The port waits for the remote device to initiate OAM dis...

Page 417: ...k The port is in loopback mode Discard The port is discarding non OAM PDUs because it is trying to or has put the remote device into loopback mode Discovery state This field indicates the state in the OAM discovery process OAM enabled devices use this process to detect each other and to exchange information about their OAM configuration and capabilities OAM discovery is a handshake protocol Fault ...

Page 418: ...ed on the port Loopback Control OAMPDU Tx This field displays the number of loopback control OAM PDUs sent on the port Loopback Control OAMPDU Rx This field displays the number of loopback control OAM PDUs received on the port Variable Request OAMPDU Tx This field displays the number of OAM PDUs sent to request MIB objects on the remote device Variable Request OAMPDU Rx This field displays the num...

Page 419: ...AM OAM Configuration Stacking Mode The following table describes the fields in the above screen Table 190 Advanced Application OAM OAM Configuration LABEL DESCRIPTION Active Select this option to enable Ethernet OAM on the Switch SLOT This field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack ...

Page 420: ...s check box to enable Ethernet OAM on this port Clear this check box to disable Ethernet OAM on the port Mode Specify the OAM mode on the port Select Active to allow the port to issue and respond to Ethernet OAM commands Select Passive to allow the port to respond to Ethernet OAM commands Remote Loopback Supported Select this check box to enable the remote loopback feature on the port Otherwise cl...

Page 421: ... allowable packet number of the loopback test frames Packet Size Define the allowable packet size of the loopback test frames Test Click Test to begin the test Remote Loopback Mode Port Enter the number of the port from which the Switch sends loopback control PDUs to initiate or terminate a remote loopback test In stacking mode the first field is the slot ID and the second field is the port number...

Page 422: ...s or communication malfunction In the figure below S1 A is a bidirectional link as both ends can send packets to each other S1 B is unidirectional as B cannot send packets to S1 although the S1 B link is up Similarly S2 S1 is unidirectional as S1 cannot send packets to S2 although the S1 S2 link is up Figure 338 ZULD Overview 44 1 1 What You Can Do Use the ZULD Status screen Section 44 2 on page 4...

Page 423: ...ink it sends a syslog and SNMP trap and may shut down the affected port Aggressive Mode If a port on the Switch is shut down by ZULD and you want to recover it then do one of the following Go to Basic Setting Port Setup Clear Active and click Apply Then select Active and click Apply again Go to Advanced Application Errdisable Errdisable Recovery and set the interval for ZULD After the interval exp...

Page 424: ...an ErrDisable state as well as sends a syslog and trap when it detects a unidirectional link Probe Time Probe time is the length of time that ZULD waits before declaring that a link is unidirectional When the probe time expires and one port either on the Switch or the connected device still has not received an OAMPDU then ZULD declares that the link is unidirectional Link State This field shows th...

Page 425: ...ion ZULD Configuration Figure 341 Advanced Application ZULD Configuration Standalone Mode Remote MAC Addr This is the MAC address of the port on the connected device to which the port of the Switch is connected Remote Port This is the port number of the port on the connected device to which the port of the Switch is connected Table 192 Advanced Application ZULD Status continued LABEL DESCRIPTION ...

Page 426: ... if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this to enable ZULD on the port ZULD must be enabled to detect an unidirectional link by monitoring OAMPDUs Mode Select Normal or Aggressive In Normal mod...

Page 427: ...s these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 193 Advanced Application ZULD Configuration continued LABEL DESCRIPTION ...

Page 428: ...stribution The Switch only supports up to two clusters for NLB traffic distribution Note NLB settings are configured on the servers See Section 45 1 2 on page 429 for more information about NLB 45 1 1 What You Can Do Use the MAC Forwarding screen Section 45 2 on page 429 to configure to which MAC addresses and ports the Switch should forward the incoming NLB traffic Use the IP Configuration screen...

Page 429: ...l ports of the switch to make sure the traffic is forwarded to the right destination The servers in a cluster cannot communicate with each other because they use the same unicast MAC address Multicast Mode NLB assigns a multicast MAC address to the servers in a cluster Therefore each server has two MAC addresses the real MAC address and the multicast MAC address Create static ARP entries on a swit...

Page 430: ...LAN group Port Enter the ports to which you want the Switch to forward the incoming NLB traffic You can enter multiple ports separated by no space comma or hyphen For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 In stacking mode the first number represents the slot and the second the port number Enter 1 1 1 24 2 23 for ports 1 to 24 for the Switch in slot 1 and port 23 for...

Page 431: ...tinued LABEL DESCRIPTION Table 195 Advanced Application NLB IP Configuration LABEL DESCRIPTION IP Configuration Name Enter a descriptive name for identification purposes for this rule IP Address Enter an IPv4 or IPv6 address for a cluster MAC Address Enter a multicast or unicast MAC address added in the Advanced Application NLB screen The last binary bit of the first octet pair in a multicast MAC ...

Page 432: ... rule IP Address This field displays the IP address of the cluster MAC Address This field displays the multicast or unicast MAC address of this rule Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes T...

Page 433: ... that you want to turn on is off so it cannot respond to a TCP packet Therefore It has to be a UDP broadcast packet to turn on a device Broadcast packets are generally not routed A magic packet cannot be routed This prevents DDoS attacks but also prohibits you from sending magic packets to other devices in different subnets The Switch s Wake On LAN relay feature allows you to send magic packets to...

Page 434: ...turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This field displays the index number of the rule UDP This field displays the UDP port of the rule Source VLAN This fiel...

Page 435: ...ic from A to the Internet through the Switch s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the Switch Figure 347 Example of Static Routing Topology 47 1 1 What You Can Do Use the Static Routing screen Section 47 2 on page 436 to displ...

Page 436: ...els you use to create a static route Table 197 IP Application Static Routing IPv4 Static Route LABEL DESCRIPTION Active This field allows you to activate or deactivate this static route Name Enter a descriptive name up to 10 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination IP Subnet Mask Enter the...

Page 437: ...evious configuration Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the descriptive name for this route This is for identification purposes only Destinat...

Page 438: ...y The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the route Click a number to edit the static route entry Interface This field displays the descripti...

Page 439: ...action to take when a packet meets the criteria in a specified classifier The action is taken only when all the criteria are met 48 1 1 Benefits Source Based Routing Network administrators can use policy based routing to direct traffic from different users through different connections Cost Savings Policy routing allows organizations to distribute interactive traffic on high bandwidth high cost pa...

Page 440: ...ate this policy routing profile and rules in the profile Profile Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Spaces are allowed Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top na...

Page 441: ...en which are not used by any policy rule or policy routing rule Select a classifier to which this policy routing rule applies Action Enter the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switc...

Page 442: ...ies Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entries from the summary table Cancel Click Cancel to clear the check boxes Table 200 IP Application Policy Routing Rule Configuration continued LABEL DESCRIPTION ...

Page 443: ...ersally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M send the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting The Switch also supports RIPng RIP next generation for IPv6 RIPv2 uses UDP port 520 and the multicast addres...

Page 444: ...P for IPv6 RIPng and configure the RIP timers and method of preventing routing loops for an IPv6 VLAN interface Figure 353 IP Application RIP 49 2 Configuring IPv4 RIP Click IP Application RIP IPv4 RIP in the navigation panel to display the screen as shown You cannot manually configure a new entry Each entry in the table is automatically created when you configure a new IP domain in the IP Setup s...

Page 445: ...the same for all entries Use this row first to set the common settings and then make adjustments on a per entry basis Note Changes in this row are copied to all the entries as soon as you make them Network This field displays the IP interface configured on the Switch Refer to the section on IP Setup for more information on configuring IP domains Direction Select the RIP direction from the drop dow...

Page 446: ...updates before a route is declared no longer valid The metric of route will then be set to 16 which means the route is considered unreachable Timeout Timer should be greater than Update Timer Garbage Collection Timer Specify how long in seconds the Switch waits before removing the invalid route from the routing table Distance Enter a number from 10 to 255 to specify the administrative distance tha...

Page 447: ...his also helps save bandwidth Select Poison Reverse to have the interface set the metric of routes learned from a neighbor to 16 and send the routing information back The neighbor will then delete the routes from its routing table Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connecte...

Page 448: ...Advertisements LSA types in OSPFv3 OSPFv2 uses plain text or MD5 authentication while no authentication is required for OSPFv3 on the Switch Their packet format is different too 50 1 1 OSPF Autonomous Systems and Areas An OSPF autonomous system AS can be divided into logical areas Each area represents a group of adjacent networks All areas are connected to a backbone also known as area 0 The backb...

Page 449: ...terface is a link between a layer 3 device and an OSPF network An interface has state information an IP address and subnet mask associated with it When you configure an OSPF interface you first set an interface to transmit OSPF traffic and add the interface to an area You can configure a virtual link to establish maintain connectivity between a non backbone area and the backbone The virtual link m...

Page 450: ...a priority of 0 to routers B and C thereby ensuring they do not become DR or BDR and assign a priority of 1 to router A to make sure that it does become the DR 50 1 5 Configuring OSPF To configure OSPF on the Switch do the following tasks 1 Enable OSPF 2 Create OSPF areas 3 Create and associate interfaces to an area 4 Create virtual links to maintain backbone connectivity 50 2 OSPF Screen Click IP...

Page 451: ...s LABEL DESCRIPTION OSPF This field displays whether OSPF is activated Running or not Down Interface The text box displays the OSPF status of the interfaces on the Switch Neighbor The text box displays the status of the neighboring router participating in the OSPF network Link State Database The text box displays information in the link state database which contains data in the LSAs Poll Interval ...

Page 452: ...the time intervals in seconds configured Neighbor Count This field displays the number of neighbor routers Adjacent Neighbor Count This field displays the number of neighbor routers that is adjacent to the Switch Neighbor Neighbor ID This field displays the router ID of the neighbor Pri This field displays the priority of the neighbor This number is used in the designated router election State Thi...

Page 453: ... Select this option to enable it Router ID Router ID uniquely identifies the Switch in an OSPF Enter a unique ID that uses the format of an IP address in dotted decimal notation for the Switch Distance Enter a number from 10 to 255 to specify the administrative distance that is assigned to routes learned by OSPF The lower the administrative distance value is the more preferable the routing protoco...

Page 454: ... a default cost metric of 20 and adds up the cost toward the destination Its external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added to the AB boundary router to the external metrics Select 2 to configure the default route as type 2 The route has a default cost of 20 and the metric will never change along a traffic path Its external ...

Page 455: ...h Authentication Select an authentication method Simple or MD5 to activate authentication Select None default to disable authentication Usually interfaces and virtual interfaces should use the same authentication method as the associated area If interfaces and virtual interfaces use different authentication methods than the associated area the authentication methods are based on the interfaces and...

Page 456: ...n the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to default settings Table 209 IP Application OSPF IPv4 OSPF Configuration Area Setup continued LABEL DESCRIPTION Table 210 IP Application OSPF IPv4 OSPF Configuration Summary Table LABEL DESCRIPTIO...

Page 457: ...alue Enter a route cost between 0 and 16777215 The default metric value is 15 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afres...

Page 458: ...dex number of the summary address Summary address This field displays the summary IP address Subnet mask This field displays the subnet mask for the summary IP address Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the rules that you want to remove and then click the Delete button Cancel Click Cancel...

Page 459: ...fy how long in seconds the Switch should wait for an acknowledgment packet from the interface s neighbor device before retransmitting link state advertisements LSAs on the interface The valid range for retransmitting is between 1 and 65535 The default value is 5 seconds Transmit Delay Set the estimated time in seconds that is required to transmit a link state update packet on the interface The val...

Page 460: ...routing table Priority This field displays the priority for this OSPF interface Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to begin configuring this screen afresh Table 212 IP Application OSPF IPv4 OSPF Configuration I...

Page 461: ...and 65535 The default value is 1 second Hello Interval Specify how often in seconds the Switch sends hello packets on the interface to check if the interface s neighbor devices still exist The valid range for hello interval is between 1 and 65535 The default value is 10 seconds Dead Interval Specify how long in seconds the Switch should wait for a hello packet from the interface s neighbor device ...

Page 462: ...OSPF This field displays whether OSPF is activated Running or not Down Interface The text box displays the OSPF status of the interface s on the Switch Neighbor The text box displays the status of the neighboring router participating in the OSPF network Link State Database The text box displays information in the link state database which contains data in the LSAs Poll Interval s The text box disp...

Page 463: ...Rother Duration This field displays how long a relationship between the neighbor and the Switch IPv6 interface has been established to exchange routing information I F State This field displays the name of the Switch IPv6 interface and whether it is a DR designated router BDR backup designated router or DRother Link State Database Type This field displays the type of the LSA Type 1 Router LSA Type...

Page 464: ...tation for the Switch Distance Enter a number from 10 to 255 to specify the administrative distance that is assigned to routes learned by OSPF The lower the administrative distance value is the more preferable the routing protocol is Note You cannot set two routing protocols to have the same administrative distance Apply Click Apply to save your changes to the Switch s run time memory The Switch l...

Page 465: ...domain If you do not set a route cost no default route is added Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clea...

Page 466: ... manually Static into the OSPF network transparently Active Select this option to activate route redistribution for routes learned through the selected protocol Type Select 1 for routing protocols such as RIP whose external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added to the AB boundary router to the external metrics Select 2 for r...

Page 467: ...d Hello Interval Specify how often in seconds the Switch sends hello packets on the interface to check if the interface s neighbor devices still exist The valid range for hello interval is between 1 and 65535 The default value is 10 seconds Dead Interval Specify how long in seconds the Switch should wait for a hello packet from the interface s neighbor device before declaring that the neighbor dev...

Page 468: ... sends hello packets on the interface to check if the interface s neighbor devices still exist The valid range for hello interval is between 1 and 65535 The default value is 10 seconds Dead Interval Specify how long in seconds the Switch should wait for a hello packet from the interface s neighbor device before declaring that the neighbor device is not available The valid range for dead interval i...

Page 469: ...ser s Guide 469 Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 219 IP Application OSPF IPv6 OSPF Configuration Virtual Link continued LABEL DESCRIPTION ...

Page 470: ... A host can decide to join or leave a multicast group at any time A host can also be a member of more than one multicast group Multicast groups are identified by IP addresses in the Class D range 224 0 0 0 to 239 255 255 255 A multicast server sends packets addressed to a particular multicast group multicast IP address IGMP Internet Group Management Protocol is used by multicast hosts to indicate ...

Page 471: ...ence in IGMP version 2 is that it provides a mechanism for a multicast group member to notify a multicast router that it is leaving a multicast group The multicast router then sends a group specific IGMP query to check if there are any members remaining in that group If the multicast router does not receive an IGMP report from any members it stops sending multicast traffic to that group This chang...

Page 472: ... The Switch then listens for IGMP Report packets and it records which port the messages came from It then delivers multicast traffic to only those ports from which it received a request to join a multicast group 51 3 Configuring IGMP Click IP Application IGMP in the navigation panel to display the screen as shown next Each entry in the table is automatically created when you configure a new IP dom...

Page 473: ...plays an index number of an entry Network This field displays the IP domain configured on the Switch Version Select an IGMP version from the drop down list box The choices are IGMP v1 IGMP v2 IGMP v3 and None Generally if you want to enable IGMP on the Switch you should choose IGMP v3 as it is compatible with older versions Choose an earlier version of IGMP IGMP v2 or IGMP v1 if the multicast host...

Page 474: ...ou must have IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 378 on page 476 52 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Multicast delivery tree Multicast packets are forwarded along these multicast tree branches DVMRP dynamically learns host membership information using Internet Group Management Protocol IGMP The trees...

Page 475: ...icast routing table that is used to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loops exist in the network topology DVMRP prunes trim the multicast delivery trees DVMRP grafts attach a branch back onto the multicast delivery tree 52 3 Configuring DVMRP Configure DVMRP on the Switch whe...

Page 476: ...reduce this value if you do not wish to flood Layer 3 devices many hops away with multicast traffic This applies only to multicast traffic this Switch sends out Index Index is the DVMRP configuration for the IP routing domain defined under Network The maximum number of DVMRP configurations allowed is the maximum number of IP routing domains allowed on the Switch Network This is the IP routing doma...

Page 477: ...The following are some default DVMRP timer values Table 222 DVMRP Default Timer Values DVMRP FIELD DEFAULT VALUE Probe interval 10 sec Report interval 35 sec Route expiration time 140 sec Prune lifetime Variable less than 2 hours Prune retransmission time 3 sec with exponential back off Graft retransmission time 5 sec with exponential back off ...

Page 478: ... give advanced notice of where the traffic is going 53 1 1 What You Can Do Use the DiffServ screen Section 53 2 on page 479 to activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the Switch Use the DSCP Setting screen Section 53 3 1 on page 481 to change the DSCP IEEE 802 1p mapping 53 1 2 What You Need to Know Read on for concepts on Differentiated Services that can help y...

Page 479: ...lows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as ...

Page 480: ... in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the index number of a port on the Switch In stacking mode the first number represents the slot and the second the port number means all ports on the same Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use t...

Page 481: ...hese changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 223 IP Application DiffServ continued LABEL DESCRIPTION Table 224 Default DSCP IEEE 802 1p Mapping DSCP VALUE 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 IEEE...

Page 482: ...d from the MAC address time vendor assigned ID and or the vendor s private enterprise number registered with the IANA It should not change over time even after you reboot the device 54 1 1 What You Can Do Use the DHCPv4 Status screen Section 54 3 on page 484 to display the server status and relay mode Use the DHCPv4 Server Status Detail screen Section 54 3 1 on page 484 to view details regarding D...

Page 483: ...ssigned information back to the computer DHCPv4 Configuration Options The DHCPv4 configuration on the Switch is divided into Global and VLAN screens The screen you should use for configuration depends on the DHCP services you want to offer the DHCP clients on your network Choose the configuration screen based on the following criteria Global The Switch forwards all DHCP requests to the same DHCP s...

Page 484: ...ex This is the index number Click an index number to change the settings VID This field displays the VLAN ID for which the Switch is a DHCP server Server Status This field displays the starting DHCP client IP address IP Pool Size This field displays the number of IP addresses that can be assigned to clients Relay Status This section displays configuration settings related to the Switch s DHCP rela...

Page 485: ...HCP server instance End IP Address This field displays the last IP address of the IP address pool configured for this DHCP server instance Subnet Mask This field displays the subnet mask value sent to clients from this DHCP server instance Default Gateway This field displays the default gateway value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary ...

Page 486: ...rmat i1 i2 and iN are DHCP relay agent sub options which contain additional information about the DHCP client You need to define at least one sub option 54 4 1 2 Sub Option Format There are two types of sub option Agent Circuit ID Sub option and Agent Remote ID Sub option They have the following formats The 1 in the first field identifies this as an Agent Circuit ID sub option and two identifies t...

Page 487: ... to a DHCP server slot port Select this option to have the Switch add the number of port that the DHCP client is connected to vlan Select this option to have the Switch add the ID of VLAN which the port belongs to hostname This is the system name you configure in the Basic Setting General Setup screen Select this option for the Switch to add the system name to the client DHCP requests that it rela...

Page 488: ...ion is added to client DHCP requests Field This field displays the information that is included in the Circuit ID sub option Remote ID This section displays the Remote ID sub option including information that identifies the relay agent the Switch Enable This field displays whether the Remote ID sub option is added to client DHCP requests Field This field displays the information that is included i...

Page 489: ... number represents the slot and the second the port number Enter 1 1 1 24 2 28 for ports 1 to 24 for the Switch in slot 1 and port 28 for the Switch in slot 2 for example Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it ...

Page 490: ...ion such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 393 DHCP Relay Configuration Example Profile Name This field displays the DHCP option 82 profile that the Switch applies to the ports Select an entry s check box to select a specific entry Otherwise select the check box in the t...

Page 491: ...EL DESCRIPTION VID Enter the ID number of the VLAN to which these DHCP settings apply DHCP Status Select whether the Switch should function as a DHCP Server or Relay for the specified VID If you select Server then fields related to DHCP relay configuration are grayed out and vice versa Server Use this section if you want to configure the Switch to function as a DHCP server for this VLAN Client IP ...

Page 492: ...ofile Select a pre defined DHCP option 82 profile that the Switch applies to all ports in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if ...

Page 493: ... priority over the one you select in the DHCP DHCPv4 VLAN screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to...

Page 494: ...tem is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 16 10 100 Figure 396 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 397 DHCP Relay for Two VLANs Configuration Example...

Page 495: ...er information VID This field displays the VLAN ID to which the DHCP server belongs DHCP Server A DHCPv6 server can assign and pass IPv6 network addresses prefixes and other configuration information to DHCP clients Information This field displays Yes when the entry supports display of the refresh time and DNS server it shows No when it does not Prefix Delegation This field displays Yes when the e...

Page 496: ...mber of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run...

Page 497: ...the first 32 bits 2001 db8 from the left is the network prefix Type the prefix address in this field For example type 2001 db8 1a2b 15 1a2f 0 Prefix Length Type the prefix length in this field For example type 32 Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power...

Page 498: ... panel to display the screen as shown Figure 401 IP Application DHCP DHCPv6 Relay The following table describes the labels in this screen Table 240 IP Application DHCP DHCPv6 Relay LABEL DESCRIPTION VID Enter the ID number of the VLAN to which the DHCPv6 server that will assign IP information belongs here Helper Address Enter the IPv6 address of the DHCPv6 server that will assign IP information he...

Page 499: ... the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to reset the fields to the factory defaults VID This field displays the VLAN ID number Click the VLAN ID to change the settings Helper Address This field displays the IPv6 address of the remote DHCPv6 server for...

Page 500: ... this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discar...

Page 501: ...th the virtual router A layer 3 device having the same IP address is the preferred master router while the other Layer 3 devices are the backup routers The master router forwards traffic for the virtual router When the master router becomes unavailable a backup router assumes the role of the master router until the master router comes back up and takes over The following figure shows a VRRP networ...

Page 502: ... and the subnet mask bits of an IP routing domain that is associated to a virtual router VRID This field displays the ID number of the virtual router VR Status This field displays the status of the virtual router This field is Master indicating that this Switch functions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when...

Page 503: ...ss and number of subnet mask bit of an IP domain Authentication Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key When you select Simple in the Authentication field enter a password key up to eight printable ASCII character long in this field Apply Click Apply to save your changes to ...

Page 504: ...VRRP router that owns the IP address es associated with the virtual router is 255 55 3 2 3 Preempt Mode If the master router is unavailable a backup router assumes the role of the master router However when another backup router with a higher priority joins the network it will preempt the lower priority backup router that is the master Disable preempt mode to prevent this from happening By default...

Page 505: ...on This field is ignored when you enter 0 0 0 0 Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to discard all ch...

Page 506: ...2 16 1 100 The host computer X is set to use VR1 as the default gateway Figure 409 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below Figure 410 VRRP Example 1 VRRP Parameter Settings on Switch A Delete Click Delete to remove the selected en...

Page 507: ...P Example 1 VRRP Status on Switch B 55 4 2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic Hosts in the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2 On the o...

Page 508: ... configuration in example 1 for virtual router VR1 refer to Section 55 4 2 on page 507 Configure the VRRP parameters on the switches as shown in the figures below Figure 415 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 416 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status screens for both switches are...

Page 509: ...Chapter 55 VRRP XGS4600 Series User s Guide 509 Figure 417 VRRP Example 2 VRRP Status on Switch A Figure 418 VRRP Example 2 VRRP Status on Switch B EXAMPLE EXAMPLE ...

Page 510: ...fferent routing paths 1 2 and 3 of equal path cost This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next hop ECMP works with static routes or a routing protocol such as OSPF With ECMP packets are routed through the paths of equal cost according to the hash algorithm output 56 2 Configuring Router Setup Click IP Applicati...

Page 511: ...est to update a resolved next hop s MAC address Discover Time Specify the time interval from 0 to 86400 in increments of 10 in seconds at which the Switch sends an ARP request to update an unresolved next hop s MAC address Maximum Paths Set the maximum number of paths for one ECMP Equal Cost MultiPath route The maximum number varies by Switch A smaller number of maximum paths means more ECMP route...

Page 512: ... this chapter 57 1 2 1 How ARP Works When an incoming packet destined for a host device on a local area network arrives at the Switch the Switch looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and p...

Page 513: ...orwards host A s ICMP request to host B After the Switch gets the ICMP reply from host B it sends out an ARP request to get host A s MAC address and updates the ARP table with host A s ARP reply The Switch then can forward host B s ICMP reply to host A Gratuitous ARP A gratuitous ARP is an ARP request in which both the source and destination IP address fields are set to the IP address of the devic...

Page 514: ...getting host B s MAC address and ICMP reply 57 2 ARP Setup Click IP Application ARP Setup in the navigation panel to display the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Click the link next to Static ARP to open a screen where you can create static ARP entries on the Switch Figure 420 IP Application ARP Setup 57 2 1 ...

Page 515: ... slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row only if you want to make some settings the...

Page 516: ...tch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request Select ARP Request to have the Switch update the ARP table with both ARP replies gratuitous ARP requests and ARP requests Apply Click Apply to save your changes to the Switch s run time memory Th...

Page 517: ...anges if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of an entry Click an index number to change the settings A...

Page 518: ...d in the Switch s RAM Use the Erase Running Configuration screen Section 58 2 1 on page 520 to reset the configuration to the Zyxel default configuration settings Use the Save Configuration screen Section 58 2 2 on page 520 to save the current configuration settings to a specific configuration file on the Switch Use the Reboot System screen Section 58 2 3 on page 521 to restart the Switch without ...

Page 519: ...figuration screen Auto Configuration Click Click Here to go to the Auto Configuration screen Erase Running Configuration Click Click Here to reset the configuration to the Zyxel default configuration settings Note that this will not reset the configuration to the factory default settings Save Configuration Click Config 1 to save the current configuration settings to Configuration 1 on the Switch C...

Page 520: ...on 1 on the Switch These configurations are set up according to your network environment Reboot System Click Config 1 to reboot the system and load Configuration 1 on the Switch Click Config 2 to reboot the system and load Configuration 2 on the Switch Click Stacking Default to reboot the system and load stacking configurations on the Switch Click Factory Default to reboot the system and load the ...

Page 521: ... that configuration file The confirmation screen displays 2 Click OK again and then wait for the Switch to restart This takes up to 2 minutes This does not affect the Switch s configuration Click Config 1 and follow steps 1 to 2 to reboot and load configuration one on the Switch Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch Click Stacking Default and fol...

Page 522: ... you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 or DHCP assigned IP 58 2 6 Custom Default Follow the steps below to reset the Switch back to the Custom Default configuration file you created This will save the custom default configuration settings to both Configuration 1 and Configuration 2 1 Click the Custom Def...

Page 523: ...pdated when firmware is uploaded using the Web Configurator and to specify which image is loaded when the Switch starts up Make sure you have downloaded and unzipped the correct model firmware and version to your computer before uploading to the device Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device Click Management Maintenance Firmware Upg...

Page 524: ...irmware version number Table 250 Management Maintenance Firmware Upgrade LABEL DESCRIPTION Slot This field appears only in stacking mode This is the slot index number Name This is the name of the Switch that you are configuring Status This field appears only in stacking mode This field displays the current stacking status on the Switch Version The Switch has 2 firmware sets Firmware 1 and Firmware...

Page 525: ...nges in the Current Boot Image field above as well Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh This field appears only i...

Page 526: ...e the file click Save or Save File to download it to the default downloads folder on your computer If a Save As screen displays after you click Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 58 6 Auto Configuration The Sw...

Page 527: ... the Switch rebooted It shows None if auto configuration was not enabled or not executed successfully Use this section to enable auto configuration and select the mode that you want to use for auto configuration Active Select the check box to enable auto configuration Mode Select DHCP to have the Switch use the TFTP server IP address and auto configuration file name assigned by a DHCP server to do...

Page 528: ...ans a log will be created when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save you...

Page 529: ...itch using the Web Configurator See Section 59 7 3 on page 554 for more information about HTTPS Certificates are based on public private key pairs A certificate contains the certificate owner s identity and public key Certificates provide a way to exchange public keys for use in authentication Click Management Maintenance Certificates to open the following screen Use this screen to import the Swit...

Page 530: ...if a CA signed certificate does not exist in the master Switch Otherwise disable this option Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring th...

Page 531: ...aintenance Certificates screen to open the following screen Figure 439 Management Maintenance Certificates HTTPS Select an entry s check box to select a specific entry Delete Click this button to delete the certificate or certification request You cannot delete a certificate that one or more features is configured to use Table 253 Management Maintenance Certificates continued LABEL DESCRIPTION ...

Page 532: ...ng the Web Configurator and to specify which image is loaded when the Switch starts up You can also use FTP commands to upload firmware to any image The Switch supports dual firmware images ras 0 and ras 1 You can switch from one to the other by using the boot image index command where index is 1 ras 0 or 2 ras 1 See the CLI Reference Guide for more information about using commands The system does...

Page 533: ...uter config cfg to the Switch and renames it to config Likewise get config config cfg transfers the configuration file on the Switch to your computer and renames it to config cfg See Table 254 on page 532 for more information on filename conventions 7 Enter quit to exit the ftp prompt 58 9 4 GUI based FTP Clients The following table describes some of the commands that you may see in GUI based FTP ...

Page 534: ...User s Guide 534 FTP service is disabled in the Service Access Control screen The IP addresses in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately ...

Page 535: ...1 on page 537 to specify the types of SNMP traps that should be sent to each SNMP manager Use the User Information screen Section 59 3 3 on page 540 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use the Logins screens Section 59 4 on page 542 to assign which users can access the Switch through Web Configurator at any one time Use the Service ...

Page 536: ... Management Access Control SNMP Table 257 Management Access Control LABEL DESCRIPTION SNMP Click this link to configure your SNMP settings Logins Click this link to assign which users can access the Switch through Web Configurator at any one time Service Access Control Click this link to decide what services you may use to access the Switch Remote Management Click this link to specify a group of o...

Page 537: ...s the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure wh...

Page 538: ...ct which traps the Switch sends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individual traps that you do not want th...

Page 539: ...e Click the drop down list to choose the slot number of the Switch in a stack Port This field displays the port number In stacking mode the first number represents the slot ID and the second is the port number Please note that the default stacking ports the last two ports of your Switch cannot be configured They are reserved for stacking only Settings in this row apply to all ports Use this row on...

Page 540: ... as soon as you make them Active Select this check box to enable the trap type of SNMP traps on this port The Switch sends the related traps received on this port to the SNMP manager Clear this check box to disable the sending of SNMP traps on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use th...

Page 541: ... SNMP managers in one group are assigned common access rights to MIBs Specify in which SNMP group this user is admin Members of this group can perform all types of system configuration including the management of administrator accounts readwrite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except the user account and AAA configur...

Page 542: ...ries depending on the user s privilege level Click Management Access Control Logins to view the screen as shown Figure 446 Management Access Control Logins The following table describes the labels in this screen Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to begin configuring this screen afresh Table 261 Management Access Control SNMP User continued ...

Page 543: ...nt configuration rights as shown below 0 Display basic system information 3 Display configuration or status 13 Configure features except for login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins administrator and enable passwords and configuration information display 14 Configure login accounts SNMP user accounts the authentication method s...

Page 544: ...w the new port number for that service Timeout Enter how many minutes from 1 to 255 a management session can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Login Timeout The Telnet or SSH server do not allow multiple user logins at the same time Enter how many seconds from 30 to 300 seconds a ...

Page 545: ... you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Se...

Page 546: ...managed objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request or response protocol based on the manag...

Page 547: ...unzip the correct model MIB from www zyxel com Support Download Library MIB File SNMP Traps The Switch sends traps to an SNMP manager when an event occurs The following tables outline the SNMP traps by category Table 266 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on warmstart warmStart 1 3 6 1 6 3 ...

Page 548: ...rap is sent when the Switch ceases the action taken on a port such as shutting down the port or discarding packets on the port after the specified recovery interval poe For PoE models only pethPsePortOnOffNotification 1 3 6 1 2 1 105 0 1 This trap is sent when the PoE port delivers power or delivers no power to a PD pethMainPowerUsageOnNo tification 1 3 6 1 2 1 105 0 2 This trap is sent when the u...

Page 549: ... new backup in stacking system zyStackingBackupTakeover 1 3 6 1 4 1 890 1 15 3 97 4 8 This trap is sent when a master Switch is loss and replaced by a backup to become the new master zyStackingNewMasterFromTak eover 1 3 6 1 4 1 890 1 15 3 97 4 9 This trap is sent when a new master Switch takes over from a former master zyStackingSyncConfFail 1 3 6 1 4 1 890 1 15 3 97 4 10 This trap is sent when a ...

Page 550: ...elow the normal operating range zyTransceiverDdmiTxBiasOutOf Range 1 3 6 1 4 1 890 1 15 3 84 3 5 This trap is sent when the transmitter laser bias current is above or below the normal operating range zyTransceiverDdmiTemperatur eOutOfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 6 This trap is sent when the transceiver temperature is recovered from the out of normal operating range zyTransceiverDdmiT...

Page 551: ... 15 3 71 2 2 This trap is sent when there is no response message from the RADIUS accounting server zyTacacsServerAccountingServ er Unreachable 1 3 6 1 4 1 890 1 15 3 83 2 2 This trap is sent when there is no response message from the TACACS accounting server zyRadiusServerAccountingServ erNotReachableRecovered 1 3 6 1 4 1 890 1 15 3 71 2 4 This trap is sent when there is a response message from th...

Page 552: ... This trap is sent when the MRSTP topology changes zyMstpTopologyChange 1 3 6 1 4 1 890 1 15 3 53 3 2 This trap is sent when the MSTP root switch changes mactable zyMacForwardingTableFull 1 3 6 1 4 1 890 1 15 3 48 2 1 This trap is sent when more than 99 of the MAC table is used zyMacForwardingTableFullRec overed 1 3 6 1 4 1 890 1 15 3 48 2 2 This trap is sent when the MAC address switching table h...

Page 553: ...cryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in...

Page 554: ...ch must always authenticate itself to the SSL client the computer which requests the HTTPS connection with the Switch whereas the SSL client only should authenticate itself when the SSL server requires it to do so Authenticating client certificates is optional and if selected means the SSL client must send the Switch a certificate You must apply for a certificate for the browser from a Certificate...

Page 555: ...locked Figure 453 Security Alert Dialog Box Internet Explorer 6 Internet Explorer 7 later version When you attempt to access the Switch HTTPS server a screen with the message There is a problem with this website s security certificate may display If that is the case click Continue to this website not recommended to proceed to the Web Configurator login screen Figure 454 Security Certificate Warnin...

Page 556: ...the on screen instructions to install the certificate in your browser Figure 456 Certificate Internet Explorer 11 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not secure screen may display If that is the case click I Understand the Risks and then the Add Exception button EXAMPLE EXAMPLE ...

Page 557: ...s Guide 557 Figure 457 Security Alert Mozilla Firefox Confirm the HTTPS server URL matches Click Confirm Security Exception to proceed to the Web Configurator login screen Figure 458 Security Alert Mozilla Firefox EXAMPLE ...

Page 558: ...he case click Advanced and then Proceed to x x x x unsafe to proceed to the Web Configurator login screen Figure 459 Security Alert Google Chrome 58 0 3029 110 59 7 4 1 Main Settings After you accept the certificate and enter the login user name and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secu...

Page 559: ...Chapter 59 Access Control XGS4600 Series User s Guide 559 Figure 460 Example Lock Denoting a Secure Connection EXAMPLE ...

Page 560: ...n You can use this screen to help you identify problems 60 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to ping IP addresses run a traceroute perform port tests or show the Switch s location between devices Figure 461 Management Diagnostic Standalone Mode ...

Page 561: ...MT If you select out of band the Switch sends the frames to the management port labeled MGMT Otherwise select to send ping requests to all VLANs on the Switch IPv6 Select this option if you want to ping an IPv6 address You can also select vlan and specify the ID number of the VLAN to which the Switch is to send ping requests Otherwise select to send ping requests to all VLANs on the Switch IP Addr...

Page 562: ...the number of the physical Ethernet port on the Switch Cable Diagnostics The slot field appears only in stacking mode Click the drop down list to choose the slot number of the Switch in a stack Enter an Ethernet port number and click Diagnose to perform a physical wire pair test of the Ethernet connections on the specified ports The following fields display when you diagnose a port This field is a...

Page 563: ...status is Ok This shows Unsupported if the Switch chipset does not support to show the distance Locator LED Enter a time interval in minutes and click Blink to show the actual location of the Switch between several devices in a rack The default time interval is 30 minutes Click Stop to have the Switch terminate the blinking locater LED Table 271 Management Diagnostic continued LABEL DESCRIPTION ...

Page 564: ...en a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 463 Management System Log The summary table shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is ...

Page 565: ...severity levels 62 1 1 What You Can Do Use the Syslog Setup screen Section 62 2 on page 565 to configure the device s system logging settings and configure a list of external syslog servers 62 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click Management Sy...

Page 566: ...igation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Active Select this check box to have the device send logs to this syslog server Clear the check box if you want to create a syslog server entry but not have the device send logs to it you can edit the entry later Server Address ...

Page 567: ...s not to send logs to the syslog server IP Address This field displays the IP address of the syslog server UDP Port This field displays the port of the syslog server Log Level This field displays the severity level of the logs that the device is to send to this syslog server Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all...

Page 568: ...o communicate with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 465 Clustering Application Example Table 274 Zyxel Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with Zyxel cluster management implementation...

Page 569: ...r you see this if you access this screen in the cluster member Switch directly and not through the cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager Switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You ...

Page 570: ...then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if the Switch is set to 802 1Q VLAN All switches must be directly connected and in the same VLAN group...

Page 571: ...m the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common Web Configurator password Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on...

Page 572: ...ster Management Cluster Member Web Configurator Screen 63 4 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example example ...

Page 573: ...K ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 460ABPI0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 277 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The Web Configurat...

Page 574: ...static 64 1 2 What You Need to Know The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC Table If the Switch has already learned the port for th...

Page 575: ...e Use this screen to search specific MAC addresses You can also directly add dynamic MAC addresses into the static MAC forwarding table or MAC filtering table from the MAC table using this screen Click Management MAC Table in the navigation panel to display the following screen Figure 471 Management MAC Table ...

Page 576: ...o display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forwarding screen Select Dynamic to MAC filtering and click the Transfer button to change all dynamically learned MAC address entr...

Page 577: ...e 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not already learned the port for this IP address th...

Page 578: ...e the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This field displays the index number IP Address This is the IP address of the device from which the incoming packets came VID This is the VLAN group to which the packet belongs Port This is the port fr...

Page 579: ...able and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Etherne...

Page 580: ...e factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the device belongs Port This field displays the port to which the device connects CPU means th...

Page 581: ...o display the main screen as shown Click the link next to IPv4 Routing Table to open a screen where you can view the IPv4 routing table information Click the link next to IPv6 Routing Table to open a screen where you can view the IPv6 routing table information Figure 475 Management Routing Table 67 3 IPv4 Routing Table Use this screen to view IPv4 routing table information Click Management Routing...

Page 582: ...the IPv4 Interface Metric This field displays the cost of the route Type This field displays the method used to learn the route STATIC added as a static entry LOCAL added as a local interface entry RIP added as a RIP entry OSPF added as an OSPF entry LOOPBACK added as a loopback interface entry Uptime This field displays how long the route has been running since the Switch learned the route and ad...

Page 583: ...he cost of the route Type This field displays the method used to learn the route STATIC added as a static entry Connect added as a local interface entry RIP added as a RIP entry OSPF added as an OSPF entry Table 282 Management Routing Table IPv6 Routing Table continued LABEL DESCRIPTION ...

Page 584: ...e Use this screen to view IPv6 path MTU information on the Switch Click Management Path MTU Table in the navigation panel to display the screen as shown Figure 478 Management Path MTU Table The following table describes the labels in this screen Table 283 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ag...

Page 585: ...69 1 Overview This chapter shows you how you can copy the settings of one port onto other ports 69 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen ...

Page 586: ...Chapter 69 Configure Clone XGS4600 Series User s Guide 586 Figure 479 Management Configure Clone Standalone Mode ...

Page 587: ...Chapter 69 Configure Clone XGS4600 Series User s Guide 587 Figure 480 Management Configure Clone Stacking Mode ...

Page 588: ...and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports In stacking mode you can select multiple destination slots Select to apply all settings to the port Use this first to select the common settings and then remove the settings you do not want copied Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the d...

Page 589: ... Switch cannot find an entry in the neighbor table or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages 70 2 Viewing the IPv6 Neighbor Table Use this screen to view IPv6 neighbor information on the Switch Click Management IPv6 Neighbor Table in the navigation panel to display the screen ...

Page 590: ... to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 address unknown The status of the neighboring interface cannot be determined for some reason incomplete I Address resolution is in progress and the link layer address of the neighbor has not yet been determined The interface of the...

Page 591: ...To view the port statistics click Status in all Web Configurator screens and then the Port Status link in the Quick Links section of the Status screen to display the Port Status screen as shown next You can also click Management Port Status to see the following screen Table 286 Status Port Status Status Stacking Mode LABEL DESCRIPTION System Up Time This field displays how long the stacked Switch ...

Page 592: ...Chapter 71 Port Status XGS4600 Series User s Guide 592 Figure 483 Management Port Status Standalone Mode Figure 484 Management Port Status Stacking Mode ...

Page 593: ...or 100 Mbps 1G for 1000 Mbps or 1 Gbps or 10G for 10 Gbps and the duplex F for full duplex It also shows the cable type Copper or Fiber for the combo ports This field displays Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port If STP is disabled this field displays FORWARDING if the link is up otherwise it di...

Page 594: ...Chapter 71 Port Status XGS4600 Series User s Guide 594 Figure 485 Management Port Status Port Details Standalone Mode ...

Page 595: ...1G for 1000 Mbps or 1 Gbps or 10G for 10 Gbps and the duplex F for full duplex It also shows the cable type Copper or Fiber for the combo ports This field displays Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP ...

Page 596: ...e number of 802 3x pause packets received Control This field shows the number of control packets received including those with CRC error but it does not include the 802 3x Pause packets TX Collision The following fields display information on collisions while transmitting Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision Multipl...

Page 597: ...umber of packets including bad packets received that were between 128 and 255 octets in length 256 to 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 to 1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 to 1518 This field shows the number of pac...

Page 598: ...MI screen to view current transceivers status Figure 489 Management Port Status DDMI DDMI Details Standalone Mode Part Number This displays the part number of the optical transceiver Serial Number This displays the serial number of the optical transceiver Revision This displays the revision number of the optical transceiver Date Code This displays the date when the optical transceiver was manufact...

Page 599: ...revision number of the optical transceiver Date Code This displays the date when the optical transceiver was manufactured Transceiver This displays details about the type of transceiver installed in the SFP slot Calibration This field is available only when an SFP transceiver is inserted into the SFP slot Internal displays if the measurement values are calibrated by the transceiver External displa...

Page 600: ... current status for each monitored DDMI parameter High Alarm Threshold This displays the high value alarm threshold for each monitored DDMI parameter An alarm signal is reported to the Switch if the monitored DDMI parameter reaches this value High Warn Threshold This displays the high value warning threshold for each monitored DDMI parameter A warning signal is reported to the Switch if the monito...

Page 601: ...nd is the port number Link This field displays the speed such as 100M for 100 Mbps 1000M for 1000 Mbps or 10G for 10 Gbps and the duplex F for full duplex This field displays Down if the port is not connected to any device Tx kB s This field shows the transmission speed of data sent on this port in kilobytes per second Tx Utilization This field shows the percentage of actual transmitted frames on ...

Page 602: ...ce Register to display the screen as shown Use this screen to display the status of your service registration Go to myZyxel to activate the subscription Figure 493 Management Service Register The following table describes the labels in this screen Table 292 Management Service Register LABEL DESCRIPTION Service This lists the name of the service that is available on the Switch Status This field dis...

Page 603: ... expires Note You can enable a standard license at myZyxel if the trial license expires Update Click this button to renew service license information such as the registration status and expiration day Note It is recommended you use this button after you register for a new service Table 292 Management Service Register continued LABEL DESCRIPTION ...

Page 604: ...604 PART III Troubleshooting and Appendices ...

Page 605: ... cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the Switch 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 3 3 on page 42 2 Check the hardware connections See S...

Page 606: ...creen in the Web Configurator 1 Make sure you are using the correct IP address If you changed the IP address use the new IP address The default in band IP address in standalone mode is http DHCP assigned IP when connecting to a DHCP server or 192 168 1 1 The default in band IP address in stacking mode is 192 168 1 1 If you changed the IP address and have forgotten it see the troubleshooting sugges...

Page 607: ...atch it Refer to the chapter on access control for details 3 Disconnect and re connect the cord to the Switch 4 If this does not work you have to reset the device to its factory defaults See Section 4 7 on page 59 Pop up Windows JavaScripts and Java Permissions In order to use the Web Configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java per...

Page 608: ...manently See also Section 58 2 2 on page 520 for more information about how to save your configuration I accidentally unplugged the Switch I am not sure which configuration file will be loaded If you plug the power cable back to the Switch it will reboot and load the configuration file that was used the last time For example if Config 1 was used on the Switch before you accidentally unplugged the ...

Page 609: ...ion Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation http www zyxel com Asia China Zyxel Communications Shanghai Corp Zyxel Comm...

Page 610: ...ilippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Belgium Zyxel Communications B V https www zyx...

Page 611: ...enmark Zyxel Communications A S https www zyxel com dk da Estonia Zyxel Estonia https www zyxel com ee et Finland Zyxel Communications https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Latvia Zyxel Latvia https www zy...

Page 612: ...land Zyxel Communications Poland https www zyxel com pl pl Romania Zyxel Romania https www zyxel com ro ro Russia Zyxel Russia https www zyxel com ru ru Slovakia Zyxel Communications Czech s r o organizacna zlozka https www zyxel com sk sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de ...

Page 613: ...merica Argentina Zyxel Communications Corporation https www zyxel com co es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Colombia Zyxel Communications Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Corporatio...

Page 614: ...munications Corporation https www zyxel com me en North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en Oceania Australia Zyxel Communications Corporation https www zyxel com au en Africa South Africa Nology Pty Ltd https www zyxel com za en ...

Page 615: ...ions in which this service is used Table 293 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOT...

Page 616: ...that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point ...

Page 617: ...CS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FT...

Page 618: ... 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means th...

Page 619: ...owing table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and cannot be assigned to a multicast group Table 295 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link FF...

Page 620: ...sing UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vendor assigned ID and or the vendor s private enterprise number registered with the IANA It should not change over time even after you reboot the device Identity Association An Identity Association I...

Page 621: ...d uplink router for its LAN The Switch uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Switch passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate their IPv6 addresses ICMPv6 Internet Control Message Protocol for IPv6 ICMPv6 or ICMP for IPv6 is defi...

Page 622: ...d as the next hop Otherwise the Switch determines the next hop from the default router list or routing table Once the next hop IP address is known the Switch looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Switch cannot find an entry in the neighbor cache or the state for the neighbor is not reachable it starts the address reso...

Page 623: ... DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 Afte...

Page 624: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 check box to enable it 3 Click OK to save the change ...

Page 625: ... DHCPv6 is enabled when you enable IPv6 on a Windows 10 PC To enable IPv6 in Windows 10 1 Select Control Panel Network and Sharing Center 2 On the left side of the Network and Sharing Center select Change adapter settings 3 Right click your network connection and select Properties C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address...

Page 626: ...your computer 1 Select Start Settings Network Internet 2 On the left side of the Network Internet select Ethernet Then select the Ethernet network you are connected to 3 Under IP assignment select Edit 4 Under Edit IP settings select Automatic DHCP or Manual Then click Save When you select Automatic DHCP the IP address settings and DNS server address setting are set automatically by your router Wh...

Page 627: ...CC rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested an...

Page 628: ...information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your device Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The POE Power over Ethernet devices that su...

Page 629: ... örtlichen Bestimmungen getrennt vom Hausmüll entsorgt werden muss Wenden Sie sich an eine Recyclingstation wenn dieses Produkt das Ende seiner Lebensdauer erreicht hat Zum Zeitpunkt der Entsorgung wird die getrennte Sammlung von Produkt und oder seiner Batterie dazu beitragen natürliche Ressourcen zu sparen und die Umwelt und die menschliche Gesundheit zu schützen El símbolo de abajo indica que s...

Page 630: ...損壞 請從插座拔除 若您還繼續插電使用 會有觸電死亡的風險 請勿試圖修理電源變壓器或電源變壓器的纜線 若有毀損 請直接聯絡您購買的店家 購買 個新的電源變壓器 請勿將此設備安裝於室外 此設備僅適合放置於室內 請勿隨 般垃圾丟棄 請參閱產品背貼上的設備額定功率 請參考產品型錄或是彩盒上的作業溫度 設備必須接地 接地導線不允許被破壞或沒有適當安裝接地導線 如果不確定接地方式是否符合要求可聯繫相應的電氣檢驗機構檢驗 如果您提供的系統中有提供熱插拔電源 連接或斷開電源請遵循以下指導原則 先連接電源線至設備連 再連接電源 先斷開電源再拔除連接至設備的電源線 如果系統有多個電源 需拔除所有連接至電源的電源線再關閉設備電源 產品沒有斷電裝置或者採用電源線的插頭視為斷電裝置的 部分 以下警語將適用 對永久連接之設備 在設備外部須安裝可觸及之斷電裝置 對插接式之設備 插座必須接近安裝之地點而且是易於觸及的 ...

Page 631: ...king conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose Zyxel shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the ser...

Page 632: ...406 status 404 trusted hosts 406 applications bridging 26 fiber uplink 26 IEEE 802 1Q VLAN 28 switched workgroup 27 Area Border Router ABR 448 area ID and OSPF 455 464 ARP how it works 512 learning mode 512 overview 512 setup 514 ARP Address Resolution Protocol 579 ARP inspection 296 328 and MAC filter 329 configuring 329 syslog messages 329 trusted ports 329 ARP Learning screen 514 ARP scan 403 A...

Page 633: ...l see CDP CIST 179 Class of Service 478 classifier 231 and QoS 231 editing 236 example 238 logging 237 match order 237 overview 231 setup 232 236 status 232 viewing 236 clearance Switch installation 30 cloning a port see port cloning cluster management 568 and switch passwords 571 cluster manager 568 570 cluster member 568 570 cluster member firmware upgrade 572 network example 568 setup 570 speci...

Page 634: ...Dentifier DUID 620 DHCP assigned IP 606 DHCPv4 global relay 488 global relay example 490 Option 82 486 option 82 profiles 487 Relay Agent Information 486 DHCPv4 relay 485 DHCPv6 DHCP Unique IDentifier 497 enable in Windows 10 626 enable in Windows XP 623 DHCPv6 client 29 DHCPv6 Client Setup screen 113 DHCPv6 relay 29 interface ID 498 remote ID 498 DHCPv6 Relay screen 498 diagnostics 560 Ethernet p...

Page 635: ...ttings default 35 example summary address 457 exchange RIP and OSPF information 456 465 external authentication server 284 F fan speed 86 87 FCC interference statement 627 fiber cable connecting 37 removal 37 file transfer using FTP command example 532 filename convention configuration file names 532 filtering 153 rules 153 filtering database MAC table 574 Filtering screen 153 firmware upgrade 523...

Page 636: ...mal 265 IGMP snooping 258 MVR 260 IGMP snooping and VLANs 258 IGMP throttling 265 ingress port 145 initial setup 61 Innovation Science and Economic Development Canada ICES statement 627 installation air circulation 30 desktop 30 freestanding 30 rack mounting 31 transceiver 36 installation requirements wall mounting 31 interface 451 462 and OSPF 458 466 Interface Setup screen 99 interface and OSPF ...

Page 637: ...neral settings 464 IPv6 screen 100 IPv6 static route configuration 437 J Java permission 45 607 JavaScript 45 607 L L2PT 338 access port 339 CDP 338 configuration 339 encapsulation 338 example 338 LACP 339 MAC address 338 341 mode 339 overview 338 PAgP 339 point to point 339 STP 338 tunnel port 339 UDLD 339 VTP 338 L3 routing advance features 25 LACP 198 341 system priority 205 timeout 206 Layer 2...

Page 638: ...sfer type 576 viewing 575 MAC based VLAN 140 maintenance 518 configuration backup 525 current configuration 519 firmware 523 main screen 519 restore configuration 525 Maintenance screen 518 Management Information Base MIB 546 management IP address 63 management port 38 146 default IP address 38 managing the device using the command line interface see command line interface 29 managing the Switch c...

Page 639: ...ery Protocol NDP 621 Neighbor screen 79 network applications 26 network management system NMS 546 NTP RFC 1305 88 O OAM 413 details 415 discovery 413 port configuration 413 remote loopback 413 420 Operations Administration and Maintenance 413 Option 82 486 Organizationally Unique Identifiers OUI 138 Org specific TLV Setting screen 393 OSPF 448 advantages 448 area 448 454 Area 0 448 area ID 455 464...

Page 640: ...93 egress 193 ingress 193 port redundancy 198 Port screen DHCPv4 Global Relay 489 DHCPv4 VLAN 492 port security 225 address learning 227 limit MAC address learning 227 setup 225 Port Setup screen 97 port status 591 port details 593 port utilization 600 port utilization 600 Port VID PVID 62 port VLAN ID see PVID 132 port VLAN trunking 123 port based VLAN 143 all connected 145 configure 143 port iso...

Page 641: ...g default settings 521 restore configuration 29 restore configuration 525 restoring configuration 59 Reverse Path Forwarding RPF 475 Reverse Path Multicasting RPM 474 RFC 3164 565 RIP 457 466 configuration 444 446 direction 443 overview 443 version 443 vs OSPF 448 RIP Routing Information Protocol 443 RMirror 187 monitor port 191 reflector port 191 source 191 RMirror see also remote port mirroring ...

Page 642: ...ng 147 Static MAC Forwarding screen 147 static multicast forwarding 150 Static Multicast Forwarding screen 151 static route 435 enable 436 metric 437 overview 435 static VLAN 128 control 130 tagging 130 status 52 77 MSTP 169 port 591 power 85 86 87 STP 159 VLAN 124 VRRP 502 Status screen 77 STP 341 bridge ID 160 176 bridge priority 162 174 designated bridge 156 edge port 163 175 forwarding delay 1...

Page 643: ...Trap Group screen 537 traps destination 537 troubleshooting 73 trunk group 198 trunking 198 trusted ports ARP inspection 329 DHCP snooping 310 PPPoE IA 349 tutorial basic setup 65 DHCP snooping 65 Type of Service 478 U UDLD 341 UniDirectional Link Detection see UDLD untrusted ports ARP inspection 329 DHCP snooping 310 PPPoE IA 349 uplink connection super fast 26 User Information screen SNMP 540 us...

Page 644: ...xample 249 frame format 251 port roles 250 253 port based Q in Q 253 priority 251 selective Q in Q 255 VLAN terminology 123 VLAN trunking 132 VLAN Trunking Protocol see VTP VLAN unaware devices 62 voice VLAN 138 Voice VLAN Setup screen 138 VRID Virtual Router ID 502 VRRP 501 advertisement interval 504 authentication 503 backup router 501 configuration example 506 Hello message 504 how it works 501...

Page 645: ...network adapter select 50 password prompt 51 run 48 supported firmware version 49 supported models 49 Switch IP address 45 ZULD example 422 probe time 425 status 423 ZULD Zyxel Unidirectional Link Detection 422 ZyNOS Zyxel Network Operating System 532 631 Zyxel AP Configurator ZAC 51 Zyxel Discovery Protocol ZDP 48 Zyxel One Network ZON Utility 26 Zyxel online services center 602 Zyxel Unidirectio...