ZyXEL Communications XS1930-10, User Manual

Page 1: ...t Multi Gigabit Smart Managed L2 Switch 12 port Multi Gigabit Smart Managed L2 PoE Switch Copyright 2019 Zyxel Communications Corporation Management IP Address http DHCP assigned IP or 192 168 1 1 User Name admin Password 1234 Version 4 60 Edition 1 12 2019 ...

Page 2: ...very effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the Switch Online Help Click the help link for a description of the fields in the Switch menus Nebula Control Center NCC User s Guide Go to nebula zyxel com or support zyxel com to get this User s Guide on how to configure the Switch...

Page 3: ...Static MAC Forward Setup 129 Static Multicast Forwarding 131 Filtering 135 Spanning Tree Protocol 137 Bandwidth Control 154 Broadcast Storm Control 156 Mirroring 158 Link Aggregation 160 Port Authentication 167 Port Security 175 Time Range 177 Classifier 179 Policy Rule 188 Queuing Method 192 Multicast 195 AAA 203 Loop Guard 211 Layer 2 Protocol Tunneling 214 PPPoE 218 Error Disable 226 Green Ethe...

Page 4: ... Access Control 293 Diagnostic 313 System Log 316 Syslog Setup 317 Cluster Management 320 MAC Table 326 IP Table 329 ARP Table 331 Routing Table 333 Path MTU Table 335 Configure Clone 336 IPv6 Neighbor Table 339 Port Status 341 Troubleshooting 348 ...

Page 5: ...r Uplink Example Application 24 1 2 4 High Performance Switching Example 24 1 2 5 IEEE 802 1Q VLAN Application Examples 25 1 3 Ways to Manage the Switch 25 1 4 Good Habits for Managing the Switch 26 Chapter 2 Hardware Installation and Connection 27 2 1 Installation Scenarios 27 2 2 Desktop Installation Procedure 27 2 3 Mounting the Switch on a Rack 28 2 3 1 Rack mounted Installation Requirements 2...

Page 6: ...3 VLAN 55 4 4 4 QoS 56 4 5 The Web Configurator Layout 57 4 5 1 Change Your Password 61 4 6 Saving Your Configuration 62 4 7 Switch Lockout 62 4 8 Resetting the Switch 62 4 8 1 The Restore Button 62 4 9 Logging Out of the Web Configurator 63 4 10 Help 63 Chapter 5 Initial Setup Example 64 5 1 Overview 64 5 1 1 Creating a VLAN 64 5 1 2 Setting Port VID 65 5 2 Configuring Switch Management IP Addres...

Page 7: ...P Interfaces 85 8 6 2 IP Status Details 86 8 6 3 IP Configuration 87 8 7 Port Setup 89 8 8 PoE Setup 90 8 8 1 PoE Time Range Setup 93 8 8 2 PoE Setup 94 8 9 Interface Setup 97 8 10 IPv6 98 8 10 1 IPv6 Interface Status 98 8 10 2 IPv6 Configuration 100 8 10 3 IPv6 Global Setup 101 8 10 4 IPv6 Interface Setup 102 8 10 5 IPv6 Link Local Address Setup 103 8 10 6 IPv6 Global Address Setup 104 8 10 7 IPv...

Page 8: ...atic MAC Forward Setup 129 10 1 Overview 129 10 1 1 What You Can Do 129 10 2 Configuring Static MAC Forwarding 129 Chapter 11 Static Multicast Forwarding 131 11 1 Static Multicast Forward Setup Overview 131 11 1 1 What You Can Do 131 11 1 2 What You Need To Know 131 11 2 Configuring Static Multicast Forwarding 132 Chapter 12 Filtering 135 12 1 Filtering Overview 135 12 1 1 What You Can Do 135 12 2...

Page 9: ...trol Overview 154 14 1 1 What You Can Do 154 14 2 Bandwidth Control Setup 154 Chapter 15 Broadcast Storm Control 156 15 1 Broadcast Storm Control Overview 156 15 1 1 What You Can Do 156 15 2 Broadcast Storm Control Setup 156 Chapter 16 Mirroring 158 16 1 Mirroring Overview 158 16 1 1 What You Can Do 158 16 2 Port Mirroring Setup 158 Chapter 17 Link Aggregation 160 17 1 Link Aggregation Overview 16...

Page 10: ...w 177 20 1 1 What You Can Do 177 20 2 Configuring Time Range 177 Chapter 21 Classifier 179 21 1 Classifier Overview 179 21 1 1 What You Can Do 179 21 1 2 What You Need to Know 179 21 2 Classifier Status 179 21 3 Classifier Configuration 180 21 3 1 Viewing and Editing Classifier Configuration Summary 184 21 4 Classifier Global Setting Configuration 185 21 5 Classifier Example 186 Chapter 22 Policy ...

Page 11: ...Know 204 25 2 AAA Screens 204 25 3 RADIUS Server Setup 204 25 4 AAA Setup 206 25 5 Technical Reference 208 25 5 1 Vendor Specific Attribute 208 25 5 2 Supported RADIUS Attributes 209 25 5 3 Attributes Used for Authentication 209 Chapter 26 Loop Guard 211 26 1 Loop Guard Overview 211 26 1 1 What You Can Do 211 26 1 2 What You Need to Know 211 26 2 Loop Guard Setup 213 Chapter 27 Layer 2 Protocol Tu...

Page 12: ...PU Protection Configuration 229 29 5 Error Disable Detect Configuration 230 29 6 Error Disable Recovery Configuration 231 Chapter 30 Green Ethernet 233 30 1 Green Ethernet Overview 233 30 2 Configuring Green Ethernet 233 Chapter 31 Link Layer Discovery Protocol LLDP 235 31 1 LLDP Overview 235 31 2 LLDP MED Overview 236 31 3 LLDP Screens 237 31 4 LLDP Local Status 238 31 4 1 LLDP Local Port Status ...

Page 13: ...al Relay 266 33 4 4 DHCPv4 Global Relay Port Configure 267 33 4 5 Global DHCP Relay Configuration Example 268 33 4 6 Configuring DHCP VLAN Settings 269 33 4 7 DHCPv4 VLAN Port Configure 271 33 4 8 Example DHCP Relay for Two VLANs 272 33 5 DHCPv6 Relay 273 Chapter 34 ARP Setup 275 34 1 ARP Overview 275 34 1 1 What You Can Do 275 34 1 2 What You Need to Know 275 34 2 ARP Setup 277 34 2 1 ARP Learnin...

Page 14: ...ss Control 293 36 1 Access Control Overview 293 36 1 1 What You Can Do 293 36 2 The Access Control Main Screen 293 36 3 Configuring SNMP 294 36 3 1 Configuring SNMP Trap Group 295 36 3 2 Enabling Disabling Sending of SNMP Traps on a Port 296 36 3 3 Configuring SNMP User 297 36 4 Logins 299 36 5 Service Access Control 300 36 6 Remote Management 301 36 7 Technical Reference 302 36 7 1 About SNMP 303...

Page 15: ... Table 326 41 1 MAC Table Overview 326 41 1 1 What You Can Do 326 41 1 2 What You Need to Know 326 41 2 Viewing the MAC Table 327 Chapter 42 IP Table 329 42 1 IP Table Overview 329 42 2 Viewing the IP Table 329 Chapter 43 ARP Table 331 43 1 ARP Table Overview 331 43 1 1 What You Can Do 331 43 1 2 What You Need to Know 331 43 2 Viewing the ARP Table 331 Chapter 44 Routing Table 333 44 1 Overview 33...

Page 16: ...ighbor Table 339 Chapter 48 Port Status 341 48 1 Port Status 341 48 1 1 Port Details 342 48 1 2 DDMI 345 48 1 3 DDMI Details 345 48 1 4 Port Utilization 347 Chapter 49 Troubleshooting 348 49 1 Power Hardware Connections and LEDs 348 49 2 Switch Access and Login 349 49 3 Switch Configuration 350 Appendix A Customer Support 352 Appendix B Common Services 358 Appendix C IPv6 361 Appendix D Legal Info...

Page 17: ...17 PART I User s Guide ...

Page 18: ...be managed and provisioned by the Zyxel Nebula Control Center NCC see Section 8 12 on page 112 The following table describes the hardware features of the Switch by model 1 1 1 Multi Gigabit A 10 Gigabit Ethernet port supports speeds of 10 Gbps if the connected device supports 10 Gbps and a Cat 6a up to 100 m or Cat 6 cable up to 50 m is used Some network devices such as gaming computers servers ne...

Page 19: ...n set the Switch to operate in either direct standalone or cloud mode but not both at the same time Use the web configurator to configure and manage the Switch directly in standalone mode or use Nebula Control Center NCC to configure and manage the Switch in cloud mode The Nebula Control Center NCC is an alternative cloud based network management system that allows you to remotely manage and monit...

Page 20: ...ferences between standalone and Nebula cloud management modes You can find the Switch s datasheet at the Zyxel website See the NCC Nebula Control Center User s Guide for how to configure the Switch using Nebula 1 1 3 Mode Changing This section describes how to change the Switch s management mode Note If you change the Switch s management mode from standalone mode to Nebula managed mode the configu...

Page 21: ...e found in the Status screen or the device back label on the Switch Use the Zyxel Nebula Mobile App to Register the Switch 1 Download and open the Zyxel Nebula Mobile app in your mobile device Click Sign Up to create a myZyxel account or enter your existing account information to log in 2 You should already have created an organization and a site 3 Select a site and scan the Switch s QR code to ad...

Page 22: ...net port is a Powered Device PD The Switch can adjust the power supplied to each PD according to the PoE standard the PD supports PoE standards are IEEE 802 3af Power over Ethernet PoE IEEE 802 3at Power over Ethernet PoE Plus IEEE 802 3bt 4PPoE 4 pair PoE The following table describes the PoE features of the Switch by model 1 2 Example Applications This section shows a few examples of using the S...

Page 23: ...cted in the near future The Switch can be used standalone for a group of heavy traffic users You can connect computers and servers directly to the Switch s port or connect other switches to the Switch In this example all computers can share high speed applications on the server To expand the network simply add more networking devices such as switches routers computers print servers etc Figure 3 Ba...

Page 24: ...gure 4 Bridging Fiber Uplink Example Application 1 2 4 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following example use link aggregation trunking to connect these two networks The Switch can provide high bandwidth at much lower cost while still being able to use existing network adapters and switches Moreover the current LAN s...

Page 25: ... any re cabling Shared resources such as a server can be used by all ports in the same VLAN as the server In the following figure only ports that need access to the server need to be part of VLAN 1 Ports can belong to other VLAN groups too Figure 6 Shared Server Using VLAN Example 1 3 Ways to Manage the Switch Use any of the following methods to manage the Switch Web Configurator This is recommend...

Page 26: ...gularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if th...

Page 27: ...dren are likely to be present 2 2 Desktop Installation Procedure 1 Make sure the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is at least 40 mm of clearance from the bottom to the Switch and make sure there is enough clearance around the Switch...

Page 28: ...be mounted on an EIA standard size 17 inch rack or in a wiring closet with other equipment Follow the steps below to mount your Switch on a standard EIA rack using a rack mounting kit Note Make sure there is enough clearance between each equipment on the rack for air circulation 2 3 1 Rack mounted Installation Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver...

Page 29: ... a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section 2 3 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack ...

Page 30: ... a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack Note Make sure you tighten all the four screws to prevent the Switch from getting slanted ...

Page 31: ... Ports These are 10GBase T auto negotiating and auto crossover Ethernet ports Connect these ports to a computer a hub a router or an Ethernet switch 2 10 GbE SFP Slots Use SFP transceivers in these ports for high bandwidth backbone connections You can also insert an SFP Direct Attach Copper DAC in the SFP slot Reset Press the RESET button to reboot the Switch without turning the power off See Sect...

Page 32: ...ation settings for the Gigabit ports on the Switch are Speed Auto Duplex Auto Flow control Off Link Aggregation Disabled 3 1 1 2 Auto crossover All ports support auto crossover that is auto MDIX ports Media Dependent Interface Crossover so you may use either a straight through Ethernet cable or crossover Ethernet cable for all Gigabit port connections Auto crossover ports automatically sense wheth...

Page 33: ...cate the transmit Tx and the receive Rx markings on the SFP module to identify the top 2 Insert the transceiver into the slot 3 Press the transceiver firmly until it clicks into place 4 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly 5 Close the transceiver s latch latch styles vary 6 Connect the fiber optic cables to the transcei...

Page 34: ...he following figures show the rear panels of the Switch Figure 17 Rear Panel XS1930 10 Figure 18 Rear Panel XS1930 12HP 3 2 1 Grounding Grounding is a safety measure to have unused electricity return to the ground It prevents damage to the Switch and protects you from electrocution Note The Switch must be grounded by qualified service personnel 1 Remove the M4 ground screw from the Switch s rear p...

Page 35: ...ect power to the Switch insert the female end of the power cord to the AC power receptacle on the rear panel Connect the other end of the supplied power cord to a power outlet Make sure that no objects obstruct the airflow of the fans located on the side of the unit Note Make sure you are using the correct power source as shown on the panel See Chapter 49 on page 348 for information on the Switch ...

Page 36: ...he power supplied budget but over 20 percent of the power supplied budget Bar 3 PoE power usage is below 60 percent of the power supplied budget but over 40 percent of the power supplied budget Yellow Bar4 On PoE power usage is below 80 percent of the power supplied budget but over 60 percent of the power supplied budget Red Bar5 On PoE power usage is more than 80 percent of the power supplied bud...

Page 37: ...a 100 Mbps Ethernet network is up Blinking The Switch is transmitting receiving to from a 100 Mbps Ethernet network Off The link to an Ethernet network is down PoE Mode 1 8 XS1930 12HP Blue On Power supplied to all PoE Ethernet ports meets the IEEE 802 3bt standard Green On Power supplied to all PoE Ethernet ports meets the IEEE 802 3at standard Yellow On Power supplied to all PoE Ethernet ports m...

Page 38: ...38 PART II Technical Reference ...

Page 39: ...d on the Switch in standalone mode 4 2 System Login 1 Start your web browser 2 The Switch is a DHCP client by default Type http DHCP assigned IP in the Location or Address field Press ENTER If the Switch is not connected to a DHCP server type http and the static IP address of the Switch for example the default management IP address is 192 168 1 1 in the Location or Address field Press ENTER Your c...

Page 40: ...is 1234 Figure 21 Web Configurator Login Standalone Mode 5 After you log into the web configurator you will see the following screen encouraging you to use NCC The screen has a QR code containing the Switch s serial number and MAC address for NCC registration of the Switch using the Nebula Mobile app First download the app from the Google Play store for Android devices or the App Store for iOS dev...

Page 41: ...ct Check the screens to see if the settings are applied and click the Save button in the top to save your configuration into the Switch s nonvolatile memory You can also just click the Apply Save button to make the settings takes effect and save your configuration into the Switch s nonvolatile memory at once Note Once you click the Apply or Apply Save button the settings configured in the Wizard s...

Page 42: ...ge the default administrator password and or SNMP community values a warning screen displays each time you log into the web configurator Click Password SNMP to open a screen where you can change the administrator and SNMP passwords simultaneously Otherwise click Ignore to close it Figure 24 Web Configurator Warning ...

Page 43: ... 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community string which is the password for the incoming Set requ...

Page 44: ...lling the ZON Utility on your PC please make sure it meets the requirements listed below Operating System At the time of writing the ZON Utility is compatible with Windows 7 both 32 bit 64 bit versions Windows 8 both 32 bit 64 bit versions Windows 8 1 both 32 bit 64 bit versions Window 10 both 32 bit 64 bit versions Note To check for your Windows operating system version right click on My Computer...

Page 45: ...Show information about ZON icon in the upper right hand corner of the screen Then select the Supported model and firmware version link If your device is not listed here see the device release notes for ZON utility support The release notes are in the firmware zip file on the Zyxel web site Figure 27 ZON Utility Screen 3 Select a network adapter to which your supported devices are connected ...

Page 46: ... network Figure 29 Discovery 5 The ZON Utility screen shows the devices discovered Figure 30 ZON Utility Screen 6 Select a device and then use the icons to perform actions Some functions may not be available for your devices Note You must know the selected device admin password before taking actions on the device using the ZON utility icons 1 2 3 4 5 6 7 8 9 10 11 12 13 ...

Page 47: ...om the Zyxel website to your computer and unzipped it in advance 8 Change Password Use this icon to change the admin password of the selected device You must know the current admin password before changing to a new one 9 Configure NCC Discovery You must have Internet access to use this feature Use this icon to enable or disable the Nebula Control Center NCC discovery feature on the selected device...

Page 48: ...rface on the discovered device that first received an ZDP discovery request from the ZON utility System Name This field displays the system name of the discovered device Location This field displays where the discovered device is Status This field displays whether changes to the discovered device have been done successfully As the Switch does not support IP Configuration Renew IP address and Flash...

Page 49: ... Address when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the VLAN ID IP Address The Switch needs an IP address for it to be managed over the network IP Subnet Mask The subnet mask specifies the network number portion of an IP address Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation for ex...

Page 50: ...NMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNextrequests from the management station The Get Community string is only used by SNMP managers using SNMP versi...

Page 51: ...en without saving Table 11 Wizard Basic Step 3 Link Aggregation LABEL DESCRIPTION Link Aggregation T1 T5 Click the arrows to add or delete icons located on the left to desired preference Select Static if the ports are configured as static members of a trunk group Select LACP if the ports are configured to join a trunk group via LACP Previous Click Previous to show the previous screen Next Click Ne...

Page 52: ...notation for example 192 168 1 254 DNS Server DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa Enter a domain name server IP address in order to be able to use a domain name instead of an IP address Change administrator s password and activate SNMP New Password This field displays asterisks when a new password has been created SNMP This field displ...

Page 53: ...cking Next the Broadcast Storm Control screen appears Previous Click Previous to show the previous screen Finish Review the information and click Finish to create the task Cancel Click Cancel to exit this screen without saving Table 12 Wizard Basic Step 4 Summary LABEL DESCRIPTION Table 13 Wizard Protection Step 1 Loop Guard LABEL DESCRIPTION Loop Guard Select all ports Select all ports to enable ...

Page 54: ...14 Wizard Protection Step 2 Broadcast Storm Control LABEL DESCRIPTION Broadcast Storm Control Select all ports Select all ports to apply settings on all ports You can select a port by clicking it Broadcast pkt s Specify how many broadcast packets the port receives per second Previous Click Previous to show the previous screen Next Click Next to show the next screen Cancel Click Cancel to exit this...

Page 55: ...n Step 3 Summary LABEL DESCRIPTION Summary Loop Guard If the loop guard feature is enabled on a port the Switch will prevent loops on this port Broadcast Storm Control If the broadcast storm control feature is enabled on a port the number of broadcast packets the Switch receives per second will be limited on this port Previous Click Previous to show the previous screen Finish Review the informatio...

Page 56: ...DESCRIPTION VLAN Setting Default VLAN 1 Access Untagged port After you create a VLAN and select the VLAN ID from the drop down list box select ports and use the right arrow to add them as the untagged ports to a VLAN group VLAN member port VLAN Type a number between 2 and 4094 to create a VLAN Trunk Tagged port Select ports and use the downward arrow to add them as the tagged ports to the VLAN gro...

Page 57: ...lect a port by clicking it High Select ports and click the High button so they will have high priority The port s IEEE 802 1p priority level will be set to 5 Use Basic Setting Port Setup to adjust the value Medium Select ports and click the Medium button and so they will have medium priority The port s IEEE 802 1p priority level will be set to 3 Use Basic Setting Port Setup to adjust the value Low...

Page 58: ...emory is the configuration of your Switch that stays the same even if the Switch s power is turned off D Click this link to go to the status page of the Switch E Click this icon to open the Wizard screen where you can configure the Switch s IP login password SNMP community link aggregation and so on F Click this link to log out of the web configurator G Click this link to display web help pages Th...

Page 59: ...ort Setup This link takes you to a screen where you can configure settings for individual Switch ports PoE Setup For PoE model s This link takes you to a screen where you can set priorities PoE power up settings and schedule so that the Switch is able to reserve and allocate power to certain PDs Interface Setup This link takes you to a screen where you can configure settings for individual interfa...

Page 60: ...erent schedules Classifier This link takes you to screens where you can configure the Switch to group packets based on the specified criteria Policy Rule This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets Queuing Method This link takes you to a screen where you can configure queuing with associated queue weights for each port Mult...

Page 61: ...ystem log server Cluster Management This link takes you to screens where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC addresses and types of devices attached to what ports and VLAN IDs IP Table This link takes you to a screen where you can view the IP addresses and VLAN ID of a device attached to a port You can als...

Page 62: ...anaging the Switch if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is the management port of the Switch 3 Filter all traffic to the CPU port 4 Disable all ports 5 Misconfigure the text configuration file 6 Forget the password and or IP address 7 Prevent all services from accessing the Switch 8 Ch...

Page 63: ...h your password again after you log out This is recommended after you finish a management session for security reasons Figure 43 Web Configurator Logout Screen 4 10 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen ...

Page 64: ...gure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 44 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN VLAN Configuration in the navigati...

Page 65: ...ure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Setting Port VID Use PVID to ...

Page 66: ...ield for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 2 Configuring Switch Management IP Address If the Switch fails to obtain an IP address from a DHCP server the Switch will use 192 168 1 1 as the management IP address You can configure another IP address in a different subnet for manageme...

Page 67: ...age 39 for more information 3 Click Basic Setting IP Setup IP Configuration in the navigation panel 4 Configure the related fields in the IP Configuration screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you ...

Page 68: ... a specific DHCP server The DHCP server can then assign a specific IP address based on the information in the DHCP requests 6 2 1 DHCP Relay Tutorial Introduction In this example you have configured your DHCP server 192 168 2 3 and want to have it assign a specific IP address say 172 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to ...

Page 69: ...AN Configuration Static VLAN Setup 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field Use the default VLAN type Normal in the VLAN Type field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 C...

Page 70: ...creen and then the VLAN Port Setup link in the VLAN Configuration screen Figure 50 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 71: ...y on the Switch and allow the Switch to add relay agent information such as the VLAN ID to DHCP requests 1 Click IP Application DHCP DHCPv4 and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select default1 or default2 in the Option 82 Profile field 5 Click Apply t...

Page 72: ...ecific IP address based on the DHCP request 6 2 4 Troubleshooting Check the client A s IP address If it did not receive the IP address 172 16 1 18 make sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch to have your settings t...

Page 73: ...vice information system status and IP addresses You can also display other status screens for more information Use the Neighbor screen Section 7 2 1 on page 75 to view and manage Switch s neighbor devices 7 2 Status The Status screen displays when you log into the Switch or click Status at the top right corner of the web configurator The Status screen displays general device information system sta...

Page 74: ...te of the firmware the Switch is currently running System Time This field displays the current date and time in the Switch The format is mm dd yyyy hh mm ss Hardware Version This field displays the hardware version number of the Switch The integer is the generation number of the Switch series and the decimal is the version of the hardware change For example V1 0 is a hardware version for the Switc...

Page 75: ... Disconnected Connected The Switch is registered with and connected to the NCC Disconnected The Switch is not connected to the NCC Unregistered The Switch is not registered with the NCC PoE Usage This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices and the total power the Switch can provide to the connected PDs It also shows the percentage ...

Page 76: ...lan and use within the power budget of the Switch System Name This shows the system name of the neighbor device IP This shows the IP address of the neighbor device The IP address is a hyper link that you can click to log into and manage the neighbor device through its web configurator PWR Cycle Click the Cycle button to turn OFF the power of the neighboring device and turn it back ON again A count...

Page 77: ... describes the fields in the above screen Select an entry s check box to select a specific port Otherwise select the check box in the table heading row to select all ports Flush Click the Flush button to remove information about neighbors learned on the selected ports Table 21 Status Neighbor LABEL DESCRIPTION Table 22 Status Neighbor Neighbor Detail LABEL DESCRIPTION Local Port This shows the por...

Page 78: ... through its web configurator Port This shows the number of the neighbor device s port which is connected to the Switch Desc This shows the description of the neighbor device s port which is connected to the Switch Location This shows the geographic location of the neighbor device This field will show for devices that do not support the ZON utility MAC This shows the MAC address of the neighbor de...

Page 79: ...on 8 7 on page 89 to configure Switch port settings Use the PoE Setup screens Section 8 8 on page 90 to view the current amount of power that PDs are receiving from the Switch and set the priority levels for the Switch in distributing power to PDs This screen is available for PoE model s only Use the Interface Setup screens Section 8 9 on page 97 to configure Switch interface type and interface ID...

Page 80: ... CPU utilization quantifies how busy the system is Current displays the current percentage of CPU utilization Memory Utilization Memory utilization shows how much DRAM memory is available and in use It also displays the current percentage of memory utilization Name This field displays the name of memory pool Total byte This field displays the total number of bytes in this memory pool Used byte Thi...

Page 81: ...splays this fan s current speed in Revolutions Per Minute RPM MAX This field displays this fan s maximum speed measured in Revolutions Per Minute RPM MIN This field displays this fan s minimum speed measured in Revolutions Per Minute RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal ind...

Page 82: ...ys the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 2016 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 If you select None enter the time manually Each time you turn on the Switch the tim...

Page 83: ...mples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Dayligh...

Page 84: ... the port must be active Aging Time Enter a time from 10 to 1000000 seconds This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out and must be relearned ARP Aging Time Aging Time Enter a time from 60 to 1000000 seconds This is how long dynamically learned ARP entries remain in the ARP table before they age out and must be relearned The setting he...

Page 85: ...s to define class of service Frames without an explicit priority tag are given the default priority of the ingress port Use the next fields to configure the priority level to physical queue mapping The Switch has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if...

Page 86: ...dex This field displays the index number of an entry IP Address This field displays IP address of the Switch in the IP domain IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the Switch Type This shows whether this IP address is dynamically assigned from a DHCP server or manually assigned St...

Page 87: ...the length of time in seconds that this interface can use the current dynamic IP address from the DHCP server Renew Time This displays the length of time from the lease start that the Switch will request to renew its current dynamic IP address from the DHCP server Rebind Time This displays the length of time from the lease start that the Switch will request to get any dynamic IP address from the D...

Page 88: ...option if you don t have a DHCP server or if you wish to assign static IP address information to the Switch You need to fill in the following fields when you select this option IP Address Enter the IP address of your Switch in dotted decimal notation for example 192 168 1 1 This is the IP address of the Switch in an IP routing domain IP Subnet Mask Enter the IP subnet mask of an IP routing domain ...

Page 89: ... from the summary table Note Deleting all IP subnets locks you out of the Switch Cancel Click Cancel to clear the check boxes Table 29 Basic Setting IP Setup IP Configuration continued LABEL DESCRIPTION Table 30 Basic Setting Port Setup LABEL DESCRIPTION Port This is the port index number means all ports Settings in this row apply to all ports Use this row only if you want to make some settings th...

Page 90: ... order to connect Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE802 3x flow control is...

Page 91: ...wer over Ethernet devices that supply or receive power and their connected Ethernet cables must all be completely indoors To view the current amount of power that PDs are receiving from the Switch click Basic Setting PoE Setup Figure 65 Basic Setting PoE Setup The following table describes the labels in this screen Table 31 Basic Setting PoE Setup LABEL DESCRIPTION PoE Status PoE Mode This field d...

Page 92: ...ection 8 8 2 on page 94 Disable The PD connected to this port cannot get power supply Enable The PD connected to this port can receive power Class This shows the power classification of the PD Each PD has a specified maximum power that fall under one of the classes The Class is a number from 0 to 8 where each value represents the range of power that the Switch provides to the PD The power ranges i...

Page 93: ...is field displays the maximum amount of power the PD could use from the Switch on this port Time Range State This field shows whether or not the port currently receives power from the Switch according to its schedule It shows In followed by the time range name if PoE is currently enabled on the port It shows Out if PoE is currently disabled on the port It shows if no schedule is applied to the por...

Page 94: ...ly Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click this button to reset the Port and Time Range fields Port This is the number of the port on the Switch Click this number to conf...

Page 95: ... can request and use In this mode the default maximum power that can be delivered to the PD is 33 W IEEE 802 3at Class 4 or 22 W IEEE 802 3af Classes 0 to 3 Pre Allocate Select this to have the Switch pre allocate power to each port based on the classification of the PD device Power Up Sequence Delay Select this to allow PoE ports to be powered up one by one randomly or clear to allow them all to ...

Page 96: ...s PoE or PoE Plus An IEEE 802 3at compatible device is referred to as Type 2 Power Class 4 High Power can only be used by Type 2 devices If the connected PD requires a Class 4 current when it is turned on it will be powered up in this mode Force 802 3at the Switch offers power of up to 33W on the port without performing PoE hardware classification Select this option if the connected PD doesn t com...

Page 97: ...est PoE power through LLDP The Power Via MDI TLV allows PoE devices to advertise and discover the MDI power support capabilities of the sending port on the remote device Port Class MDI Supported MDI Enabled Pair Controllable PSE Power Pairs Power Class Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the...

Page 98: ...ick Cancel to reset the fields to your previous configuration Index This field displays the index number of an entry Interface Type This field displays the type of interface Interface ID This field displays the identification number of the interface Interface This field displays the interface s descriptive name which is generated automatically by the Switch The name is from a combination of the in...

Page 99: ...ror messages are suppressed ICMPv6 Rate Limit Error Interval This field displays the time period in milliseconds during which ICMPv6 error messages of up to the bucket size can be transmitted 0 means no limit Link Local Address This field displays the Switch s link local IP address and prefix generated by the interface It also shows whether the IP address is preferred which means it is a valid add...

Page 100: ...ver a Renew message An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lifetimes expire T2 This field displays the DHCPv6 T2 timer If the time T2 is reached and the server does not respond the Switch sends a Rebin...

Page 101: ... Local Address Setup Click the link to go to a screen where you can configure the IPv6 link local address for an interface IPv6 Global Address Setup Click the link to go to a screen where you can configure the IPv6 global address for an interface IPv6 Neighbor Discovery IPv6 Neighbor Discovery Setup Click the link to go to a screen where you can configure the IPv6 neighbor discovery settings IPv6 ...

Page 102: ... router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 Rate Limit Error Interval Specify the time period from 0 to 2147483647 milliseconds during which ICMPv6 error messages of up to t...

Page 103: ...x This is the interface index number Click on an index number to change the settings Interface This is the name of the IPv6 interface you created Active This field displays whether the IPv6 interface is activated or not Table 39 Basic Setting IPv6 IPv6 Configuration IPv6 Interface Setup continued LABEL DESCRIPTION Table 40 Basic Setting IPv6 IPv6 Configuration IPv6 Link Local Address Setup LABEL D...

Page 104: ... Specify an IPv6 prefix length that specifies how many most significant bits start from the left in the address compose the network address EUI 64 Select this option to have the interface ID be generated automatically using the EUI 64 format Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on t...

Page 105: ...Pv6 address is already in use before assigning it to an interface such as the link local address it creates through stateless address autoconfiguration Specify the number of consecutive neighbor solicitations from 0 to 600 the Switch sends for this interface Enter 0 to turn off DAD NS Interval Specify the time interval from 1000 to 3600000 milliseconds at which neighbor solicitations are re sent f...

Page 106: ...o have the Switch set the managed address configuration flag the M flag to 1 in IPv6 router advertisements which means IPv6 hosts use DHCPv6 to obtain IPv6 stateful addresses Deselect the option to set the flag to 0 and the host will not use DHCPv6 to obtain IPv6 stateful addresses Select the Other Config Flag option to have the Switch set the Other stateful configuration flag the O flag to 1 in I...

Page 107: ...afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click on an index number to change the settings Interface This is the name of the IPv6 interface you created Flags This field displays whether IPv6 hosts use DHCPv6 to obtain IPv6 stateful addresses M and or additional configuration settings O Minimum Interval This field displays the minim...

Page 108: ...utoconfiguration Select No Onlink Flag to not allow the specified prefix to be used for on link determination Select No Advertise Flag to set the Switch to not include the specified IPv6 prefix prefix length in router advertisements for this interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these cha...

Page 109: ...which can be reached through the interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring Cancel Click Cancel to begin configuring th...

Page 110: ...e it work well Options Select DNS to have the Switch obtain DNS server IPv6 addresses and or select Domain List to have the Switch obtain a list of domain names from the DHCP server Information Refresh Minimum Specify the time interval from 600 to 4294967295 seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Apply Click Apply to save your changes to th...

Page 111: ... Table 47 Basic Setting DNS LABEL DESCRIPTION Static Domain Name Server Preference This is the priority of the DNS server address Server Address Enter a domain name server IPv6 IPv4 address in order to be able to use a domain name instead of an IP address Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use ...

Page 112: ...d Management 8 12 1 Nebula Control Center Discovery Click Basic Setting Cloud Management Nebula Control Center Discovery to display this screen Figure 83 Basic Setting Cloud Management Nebula Control Center Discovery Select Active to turn on NCC discovery on the Switch If the Switch has Internet access and has been registered in the NCC it will go into cloud management mode In cloud management mod...

Page 113: ...his screen Figure 84 Basic Setting Cloud Management Nebula Switch Registration This screen has a QR code containing the Switch s serial number and MAC address for handy NCC registration of the Switch using the Nebula Mobile app First download the app from the Google Play store for Android devices or the App Store for iOS devices and create an organization and site ...

Page 114: ...ter a weight to set the VLAN rule s priority Use the Port Based VLAN screen Section 9 8 on page 126 to set up VLANs where the packet forwarding decision is based on the destination MAC address and its associated port 9 1 2 What You Need to Know Read this section to know more about VLAN and how to configure the screens IEEE 802 1Q Tagged VLANs A tagged VLAN uses an explicit tag VLAN ID in the MAC h...

Page 115: ... confining the broadcast to a specific domain 9 1 2 1 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches GARP GARP Generic Attribute Registration Protocol allows network switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism f...

Page 116: ...en a packet is received the Switch processes the VLAN rules in sequence The sequence priority of the VLANs is 1 Vendor ID Based VLAN 2 Voice VLAN If the packet matches a VLAN rule that has a higher priority for example an entry with weight 250 in the vendor ID to VLAN mapping table the Switch assigns the corresponding VLAN ID to the packet and stops checking the subsequent VLAN rules VLAN Administ...

Page 117: ... VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged from a port with the specified VID 9 2 VLAN Status Use this screen to view and search all VLAN groups Click Advanced Application VLAN from the navigation panel to display the VLAN Sta...

Page 118: ... Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the Static VLAN screen Name This fields shows the descriptive name of the VLAN Tagged Port This field shows the tagged ports that are participating in the VLAN Untagged Port This field shows the untagged ports that are participating in the VLAN E...

Page 119: ...own next Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up Status This field shows how this VLAN was added to the Switch Dynamic using GVRP Static added as a permanent entry Table 50 Advanced Application VLAN VLAN Detail continued LABEL DESCRIPTION Table 51 Advanced Application VLAN VLAN Configuration LABEL DESCRIPTION Static VLAN Set...

Page 120: ...ange is between 1 and 4094 Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Control Select Normal f...

Page 121: ...e done configuring Cancel Click Cancel to change the fields back to their last saved values Clear Click Clear to start configuring the screen again VID This field displays the ID number of the VLAN group Click the number to edit the VLAN settings Active This field indicates whether the VLAN settings are enabled Yes or disabled No Name This field displays the descriptive name for this VLAN group Se...

Page 122: ... Check If this check box is selected the Switch discards incoming frames on a port for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port V...

Page 123: ... save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to default settings Voice VLAN OUI Setup OUI address Type ...

Page 124: ...ne the rule s priority level As rules are processed one after the other stating a priority order will let you choose which rule has to be applied first and which second Click the Vendor ID Based VLAN Setup link in the VLAN Configuration screen to see the following screen Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses p...

Page 125: ...ssociated with the vendor ID based VLAN entry Priority Select the priority level that the Switch assigns to frames belonging to this VLAN The higher the numeric value you assign the higher the priority for this vendor ID based VLAN entry Weight Enter a number between 0 and 255 to specify the rule s weight This is to decide the priority in which the rule is applied The higher the number the higher ...

Page 126: ...to the Switch on which they were created Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 9 8 1 Configure a Port Based VLAN Select Port Based as the...

Page 127: ...Chapter 9 VLAN XS1930 Series User s Guide 127 Figure 94 Advanced Application VLAN Port Based VLAN Setup All Connected Figure 95 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Page 128: ...hat is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with...

Page 129: ...ic MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch See Chapter 1...

Page 130: ...to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwarding rule is active Yes or not No You may temporarily dea...

Page 131: ...oup A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to all p...

Page 132: ...Figure 99 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific port s Click Advanced Application Static Multicast Forwarding to display the configuration screen as shown ...

Page 133: ...ultiple ports separated by no space comma or hyphen For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel t...

Page 134: ...ing XS1930 Series User s Guide 134 Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 58 Advanced Application Static Multicast Forwarding continued LABEL DESCRIPTION ...

Page 135: ... destination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 135 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 101 Advanced Application...

Page 136: ... your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index This field displays th...

Page 137: ...se the Multiple Spanning Tree Protocol screen Section 13 6 on page 144 to configure MSTP Use the Multiple Spanning Tree Protocol Status screen Section 13 7 on page 148 to view the MSTP status 13 1 2 What You Need to Know Read on for concepts on STP that can help you configure the screens in this chapter Rapid Spanning Tree Protocol R STP detects and breaks network loops and provides backup links b...

Page 138: ... between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the root bridge If a bridge does not get a Hello BPDU after ...

Page 139: ...2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network Click Advanced Application Spanning Tree Protocol to see the screen as shown Figure 102 Advanced Application Spanning Tree Protocol This screen differs depending on which STP mode RSTP or MSTP you configure on the Switch This screen is described...

Page 140: ...137 for more information on RSTP Click RSTP in the Advanced Application Spanning Tree Protocol screen Table 62 Advanced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 137 for background information on STP Apply Click Apply to save ...

Page 141: ...tches have the same priority the switch with the lowest MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value you assign the higher the priority for this bridge Bridge Priority determines the root bridge which in turn determines Hello Time Max Age and Forwarding Delay Hello Time This is the time interval in seconds between BPDU Bridge P...

Page 142: ...k box to activate RSTP on this port Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becom...

Page 143: ...d This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait before changing states that is listening to learning to forwarding Note The listening state does not exist in RSTP Cost to Bridge This is the path cost from the root port on this Switch to ...

Page 144: ...warding state when the designated port for the LAN segment fails Backup A blocked port which has a backup redundant path to a LAN segment where a designated port is already connected when a switch has two links to the same LAN segment Disabled Not strictly part of STP The port can be disabled manually Designated Bridge ID This field displays the identifier of the designated bridge to which this po...

Page 145: ...otocol MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen see Figure 108 on page 149 Port Click Port to display the MSTP Port screen see Figure 107 on page 147 Active Select this to activate MSTP on the Switch Clear this to disable MSTP on the Switch Note You must also activate Multiple Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen ...

Page 146: ...it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Instance Use this section to configure MSTI Multiple Spanning Tree Instance settings Instance Enter the number you want to use to identify this MST instance on the Switch Note The S...

Page 147: ...ing to the speed of the bridge The slower the media the higher the cost see Table 60 on page 138 for more information Add Click Add to save this MST instance to the Switch s run time memory The Switch loses this change if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel...

Page 148: ... row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Edge Select this check box to configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listen...

Page 149: ...s the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the ...

Page 150: ... of the port on the Switch Port State This field displays the port state in STP Discarding The port does not forward process received frames or learn MAC addresses but still listens for BPDUs Learning The port learns MAC addresses and processes BPDUs but does not forward frames yet Forwarding The port is operating normally It learns MAC addresses processes BPDUs and forwards received frames Port R...

Page 151: ...o different spanning trees in the network Thus traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Figure 110 MSTP Network Example Designated Port ID This field displays the priority and number of the bridge port on the designated bridge through which the designated bridge transmits the stored configuration messages Designated Cost This fi...

Page 152: ... Instance mapping 13 8 3 MST Instance An MST Instance MSTI is a spanning tree instance VLANs can be configured to run on a specific MSTI Each created MSTI is identified by a unique number known as an MST ID known internally to a region Thus an MSTI does not span across MST regions The following figure shows an example where there are two MST regions Regions 1 and 2 have 2 spanning tree instances F...

Page 153: ...Chapter 13 Spanning Tree Protocol XS1930 Series User s Guide 153 Figure 112 MSTP and Legacy RSTP Network Example ...

Page 154: ...fining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 1 1 What You Can Do Use the Bandwidth Control screen Section 14 2 on page 154 to limit the bandwidth for traffic going through the Switch 14 2 Bandwidth Control Setup Click Advanced Application Bandwidth Control in the navigation panel to bring up the screen as shown next Figure 113 Advanced Application B...

Page 155: ... as soon as you make them Active Select this check box to activate ingress rate limits on this port Ingress Rate Specify the maximum bandwidth allowed in kilobits per second kbps for the incoming traffic flow on a port Note Ingress rate bandwidth control applies to layer 2 traffic only Active Select this check box to activate egress rate limits on this port Egress Rate Specify the maximum bandwidt...

Page 156: ...ts is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 1 1 What You Can Do Use the Broadcast Storm Control screen Section 15 2 on page 156 to limit the number of broadcast multicast and destination lookup failure DLF packets the Switch receives per...

Page 157: ...ke adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure ...

Page 158: ...ic from the monitor port without interference 16 1 1 What You Can Do Use the Mirroring screen Section 16 2 on page 158 to select a monitor port and specify the traffic flow to be copied to the monitor port 16 2 Port Mirroring Setup Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be...

Page 159: ...to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the...

Page 160: ...ink Aggregation Setting screen Section 17 3 on page 162 to configure to enable static link aggregation Use the Link Aggregation Control Protocol screen Section 17 3 1 on page 164 to enable Link Aggregation Control Protocol LACP 17 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a properly planned network it is recommended to implement static link aggr...

Page 161: ...formation Figure 116 Advanced Application Link Aggregation The following table describes the labels in this screen Table 71 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 Table 72 Link Aggregation ID Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 1 Port Priorit...

Page 162: ...ts from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distributes traffic based on the packet s source MAC address dst mac means the Switch distributes traffic based on the packet s destination MAC address src dst mac means the Switch distributes traffic based on a combination of the packet s source and destination MAC addresse...

Page 163: ...nk within the trunk By default the Switch uses the src dst mac distribution type If the Switch is behind a router the packet s destination or source MAC address will be changed In this case set the Switch to distribute traffic based on its IP address to make sure port trunking can work properly Select src mac to distribute traffic based on the packet s source MAC address Select dst mac to distribu...

Page 164: ...o which a port belongs Note When you enable the port security feature on the Switch and configure port security settings for a port you cannot include the port in an active trunk group Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the n...

Page 165: ...gation Control Protocol LACP The smaller the number the higher the priority level Group ID The field identifies the link aggregation group that is one logical link containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number means all ports Settings in this row apply to all ports Use this row only if you want to make some settings the...

Page 166: ...tion Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 120 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete ...

Page 167: ...tion first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 18 1 1 What You Can Do Use the Port Authentication screen Section 18 2 on page 169 to display the links to the configuration screens where you can enable the port authentication methods Use the 802 1x screen Section 18 3 on page 169 to activate IEEE 802 1x security Use the MAC Authentication scr...

Page 168: ...a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch Figure 122 MAC Authentication Process ...

Page 169: ...rver Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Select a port authentication method s link in the screen that appears Figure 123 Advanced Application Port Authentication 18 3 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication screen click 802 1x to display the configuratio...

Page 170: ...ke adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this to permit 802 1x authentication on this port You must first allow 802 1x authentication on the Switch before configuring it on each port Max Req Specify the number of times the Switch tries to authenticate client s before sending unresponsive ports to the Guest VL...

Page 171: ...on 802 1x Guest VLAN The following table describes the labels in this screen Table 77 Advanced Application Port Authentication 802 1x Guest VLAN LABEL DESCRIPTION Port This field displays a port number means all ports Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustm...

Page 172: ...t user enters the correct credential any other users are allowed to access the port without authentication If the first user fails to enter the correct credential they are all put in the guest VLAN Once the first user who did authentication logs out or disconnects from the port rest of the users are blocked until a user does the authentication process again Select Multi Secure to authenticate each...

Page 173: ...ASCII characters If you leave this field blank then only the MAC address of the client is forwarded to the RADIUS server Delimiter Select the delimiter the RADIUS server uses to separate the pairs in MAC addresses used as the account username and password You can select Dash Colon or None to use no delimiters at all in the MAC address Case Select the case Upper or Lower the RADIUS server requires ...

Page 174: ...etting See Section 8 5 on page 84 Port This field displays a port number means all ports Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to permit MAC authentication on this port You must first allow MAC authenticati...

Page 175: ...urity enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activated 19 1 1 What You Can Do Use the Port Security screen Section 19 2 on page 175 to ...

Page 176: ...ck box to disable the port security feature The Switch forwards all packets on this port Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For e...

Page 177: ... time schedules are effective only once while recurring schedules usually repeat Both types of schedules are based on the current date and time in the Switch 20 1 1 What You Can Do Use the Time Range screen Section 20 2 on page 177 to view or define a schedule on the Switch 20 2 Configuring Time Range Click Advanced Application Time Range in the navigation panel to display the screen as shown Figu...

Page 178: ...the week hour and minute when the schedule begins and ends respectively Select the second option if you want to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the same day Add Click...

Page 179: ...er data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific criteria such as...

Page 180: ...field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Weight This field displays the rule s weight This is to indicate a rule s priority when the match order is set to manual in the Classifier Classifier Configuration Classifier Global Setting screen The higher the number the higher...

Page 181: ...assifier Classifier Configuration The following table describes the labels in this screen Table 82 Advanced Application Classifier Classifier Configuration LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes ...

Page 182: ...ormation Source MAC Address Select Any to apply the rule to all MAC addresses To specify a source select MAC Mask to enter the source MAC address of the packet in valid MAC address format six hexadecimal character pairs and type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified MAC address that the traffic s MAC...

Page 183: ...he subnet mask A subnet mask can be represented in a 32 bit notation For example the subnet mask 255 255 255 0 can be represented as 11111111 11111111 11111111 00000000 and counting up the number of ones in this case results in 24 Destination IP Address Address Prefix Enter a destination IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet m...

Page 184: ...ndex number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Weight The field displays the priority of the rule when the match order is in manual mode A higher weight means a higher priority Name This field displays the descriptive name for this rule This is for identification purpose only Rule This field dis...

Page 185: ...on on commonly used port numbers 21 4 Classifier Global Setting Configuration Use this screen to configure the match order and enable logging on the Switch In the Classifier Configuration screen click Classifier Global Setting to display the configuration screen as shown Figure 133 Advanced Application Classifier Classifier Configuration Classifier Global Setting Table 85 Common IP Protocol Types ...

Page 186: ...e layer of the item configured in the rule Layer 4 items have the highest priority and layer 2 items has the lowest priority For example you configure a layer 2 item VLAN ID in classifier A and configure a layer 3 item source IP address in classifier B When an incoming packet matches both classifier rules classifier B has priority over classifier A Logging Active Select this to allow the Switch to...

Page 187: ...Chapter 21 Classifier XS1930 Series User s Guide 187 Figure 134 Classifier Example ...

Page 188: ...sures that a traffic flow gets the requested treatment in the network 22 1 1 What You Can Do Use the Policy Rule screen Section 22 2 on page 188 to enable the policy and display the active classifier s you configure in the Classifier screen 22 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 21 3 on page 180 for more information Click Advan...

Page 189: ...ule applies To select more than one classifier press SHIFT and select the choices at the same time Parameters Set the fields below for this policy You only have to set the field s that is related to the action s you configure in the Action field General VLAN ID Specify a VLAN ID Egress Port Type the number of an outgoing port Priority Specify a priority level Rate Limit You can configure the desir...

Page 190: ...o forward the packets to the egress port Policy 2 applies to Class 2 and the action is to enable bandwidth limitation the Switch will forward the packets Forwarding Select No change to forward the packets Select Discard the packet to drop the packets Priority Select No change to keep the priority setting of the frames Select Set the packet s 802 1p priority to replace the packet s 802 1p priority ...

Page 191: ... Guide 191 22 3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier refer to Section 21 5 on page 186 Figure 136 Policy Example ...

Page 192: ... empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth based on its bandwidth weight portion the number you configure in the Weight field when t...

Page 193: ... traffic than it can handle Queues with larger weights get more service than queues with smaller weights This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied 23 2 Configuring Queuing Use this screen to set priorities for the queues of the Switch This distributes bandwidth across the...

Page 194: ...nfigure in the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue weight the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight h...

Page 195: ...hat group Use the IGMP Snooping VLAN screen Section 24 3 2 on page 200 to perform IGMP snooping on up to 16 VLANs Use the IGMP Filtering Profile Section 24 3 3 on page 201 to specify a range of multicast groups that clients connected to the Switch are able to join 24 1 2 What You Need to Know Read on for concepts on Multicasting that can help you configure the screens in this chapter IP Multicast ...

Page 196: ...ng should be performed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN 24 2 Multicast Setup Use this screen to configure IGMP for IPv4 and set up multicast VLANs Click Advanced Application Multicast in the navigation panel Figure 138 Advanced Application Multicast Setup T...

Page 197: ...scribes the labels in this screen Table 91 Advanced Application Multicast IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group This field displays IP multicast group addresses Table 92 Advanced Application Multicast IPv4 Multicast IGMP S...

Page 198: ... to perform when the Switch receives an unknown multicast frame Select Drop to discard the frame s Select Flooding to send the frame s to all ports Unknown Multicast Frame to Querier Port Specify the action to perform when Unknown Multicast Frame is set to Drop Select Drop to discard the frame s Select Forwarding to send the frame s to all querier ports Select Forwarding on VLAN and enter the VLAN...

Page 199: ...wed to join Once a port is registered in the specified number of multicast groups any new IGMP join report frame s is dropped on this port Throttling IGMP throttling controls how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table ...

Page 200: ...up to 16 VLANs Note The Switch drops any IGMP control messages which do not belong to these 16 VLANs You must also enable IGMP snooping in the Multicast IPv4 Multicast IGMP Snooping screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your change...

Page 201: ...y defaults Index This is the index number of the IGMP snooping VLAN entry in the table Click on an index number to view more details or change the settings Name This field displays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select a...

Page 202: ... name of the profile Start Address This field displays the start of the multicast address range End Address This field displays the end of the multicast address range Delete Profile Select a profile s check box to select a specific profile Otherwise select the check box in the table heading row to select all profiles Delete Rule Select the check box es of the rule s that you want to remove from a ...

Page 203: ...arge number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when users log in log out and so on Accounting can also record system related actions such as boot up and shut down times of the Switch The external servers that perform authentication authorization and accounting functions are known as AAA servers The Switch supports RAD...

Page 204: ...following table describes some key features of RADIUS 25 2 AAA Screens The AAA screens allow you to enable authentication and authorization or both of them on the Switch First configure your authentication server settings RADIUS and then set up the authentication priority activate authorization Click Advanced Application AAA in the navigation panel to display the screen as shown Figure 144 Advance...

Page 205: ...tication and you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server Index This is a read only number representing a RADIUS server entry IP Address Enter the IP address of an externa...

Page 206: ... this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external RADIUS accounting server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existing RADI...

Page 207: ...the external server Active Select this to activate authorization for a specified event types Method This field displays the authorization protocol used for the corresponding event type Accounting Use this section to configure accounting settings on the Switch Update Period This is the amount of time in minutes before the Switch sends an update to the accounting server This is only valid if you sel...

Page 208: ...ned to the company by the IANA Internet Assigned Numbers Authority Zyxel s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server The following table describes t...

Page 209: ...d by authentication functions on the Switch In cases where the attribute has a specific format associated with it the format is specified 25 5 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format P...

Page 210: ... level 1 14 User Password NAS Identifier NAS IP Address 25 5 3 2 Attributes Used to Login Users User Name User Password NAS Identifier NAS IP Address 25 5 3 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS Identifier NAS IP Address NAS Port NAS Port Type This value is set to Ethernet 15 on the Switch Calling Station Id Frame MTU EAP Message State Message Authenticator ...

Page 211: ...le loop guard on the Switch and in specific ports 26 1 2 What You Need to Know Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messa...

Page 212: ...witch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 149 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loop guard also protects against standard network loops The...

Page 213: ...o all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the sw...

Page 214: ...edge devices L2PT allows edge switches 1 and 2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure connected through the service provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them acros...

Page 215: ...e Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 153 on page 215 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the service provider s network and connected to another service provider s switch Incoming en...

Page 216: ...he service provider s network should be set to use the same MAC address for encapsulation Port This field displays the port number means all ports Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them CDP Select this option to have the Switch tunnel C...

Page 217: ...tus of a link Mode Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and forward them to the tunnel port s Select Access for ingress ports at the edge of the service provider s network Note You can enable L2PT services for STP LACP VTP CDP UDLD and PAGP on the access port s only Select Tunnel for egress ports at the edge of the service provider s network The Switch...

Page 218: ...ntermediate Agent on the Switch Use the PPPoE IA Per Port screen Section 28 3 1 on page 222 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use the PPPoE IA Per Port Per VLAN screen Section 28 3 2 on page 223 to configure PPPoE IA settings that apply to a specific VLAN on a port Use the PPPoE IA for VLAN Section 28 3 3 on page 224 to enable the PPPoE In...

Page 219: ...dds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or the VLAN ID on the PPPoE packet The identifier string slot ID port number and VLAN ID are separated from each other by a pound key semi colon period comma forward slash or space An Agent Circuit ID Sub option examp...

Page 220: ...eived on a trusted port the Switch forwards it to other trusted port s Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trusted ports Untrusted ports are connected to subscribers If a PADI PADR or PADT packet is sent from a PPPoE client and received on an untrusted port the Switch adds a vendor specific tag to the packet and then for...

Page 221: ... for a specific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN screen has priority over this That means if you also want to configure PPPoE IA Per Port or Per Port Per VLAN setting leave the fields here empty and configure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier ...

Page 222: ...es the labels in this screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 107 Advanced Application PPPoE Intermedia...

Page 223: ...ds PADO and PADS packets which are sent from a PPPoE server but received on an untrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The Circuit ID you configure for a specific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN sc...

Page 224: ...his field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Circuit id Enter a string of up to 63 ASCII characters that the S...

Page 225: ...settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Enabled Select this option to turn on the PPPoE Intermediate Agent on a VLAN Circuit id Select this option to make the Circuit ID settings for a specific VLAN take effe...

Page 226: ...ch as loop guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent out the port s loop back to the Switch the Switch can shut down the port s automatically After that you need to enable the port s or allow the packets on a port manually via the web configurator With ...

Page 227: ... Errdisable Status in the Advanced Application Errdisable screen to display the screen as shown Table 111 Advanced Application Errdisable LABEL DESCRIPTION Errdisable Status Click this link to view whether the Switch detected that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related infor...

Page 228: ...inactive reason mode you want to reset here Reset Press to reset the specified port s to handle ARP BPDU or IGMP packets instead of ignoring them if the port s is in inactive reason mode Errdisable Status Port This is the number of the port on which you want to configure Errdisable Status Cause This displays the type of the control packet received on the port or the feature enabled on the port and...

Page 229: ... port rate limitation The Switch drops the additional control packets the port s has to handle in every one second Rate This field displays how many control packets this port can receive or transmit per second It can be adjusted in CPU Protection 0 means no rate limit Status This field displays the errdisable status Forwarding The Switch is forwarding packets Rate limitation mode is always in Forw...

Page 230: ... Port This field displays the port number means all ports Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate...

Page 231: ...ntries as soon as you make them Active Select this option to have the Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Switch disables...

Page 232: ...r all entries Use this row first and then make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Timer Status Select this option to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port after the error was gone Deselect this option to turn off this rule Interval Enter the numbe...

Page 233: ... signal is sent to the link partner to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Power Down and operates normally Short Reach Traditional Ethern...

Page 234: ...etting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Short Reach Select this to activate Short Reach on this port Apply Click Apply to save you...

Page 235: ...gth Value Device information carried in the received LLDPDUs is stored in the standard MIB The Switch supports these basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optional The Switch also supports the IEEE 802 1 and...

Page 236: ...and easy trouble shooting for misconfigured IP addresses There are three classes of endpoint devices that the LLDP MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the ...

Page 237: ...e labels in this screen Table 117 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices LLDP Configuration Click here to show a screen to configure LLDP parameters LLDP MED LLDP MED Configuration Click here to show a screen to...

Page 238: ...as shown next Figure 169 Advanced Application LLDP LLDP Local Status LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices location parameters Table 117 Advanced Applicatio...

Page 239: ... Switch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management The TLV may also include the system interface number and an object identifier OID that are associated with this managemen...

Page 240: ... Protocol LLDP XS1930 Series User s Guide 240 Figure 170 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail Basic TLV Figure 171 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail MED TLV ...

Page 241: ... auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Ag...

Page 242: ...nformation ELIN Emergency Location Identifier Number Table 119 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail LABEL DESCRIPTION Table 120 Advanced Application LLDP LLDP Remote Status LABEL DESCRIPTION Index The index number shows the number of remote devices that are connected to the Switch Click on an index number to view the detailed LLDP status for this remote device ...

Page 243: ... following table describes the labels in Basic TLV part of the screen Table 121 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV LABEL DESCRIPTION Local Port This displays the number of the Switch s port to which the remote device is connected Basic TLV Chassis ID TLV Chassis ID Subtype this displays how the chassis of the remote device is identified Chassis ID...

Page 244: ...TLV This displays the system name of the remote device System Description TLV This displays the system description of the remote device System Capabilities TLV This displays whether the system capabilities are enabled and supported on the remote device System Capabilities Supported System Capabilities Enabled Management Address TLV This displays the following management address parameters of the r...

Page 245: ...ed Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device Port Protocol VLAN ID TLV This displays the IEEE 802 1 Port Protocol VLAN ID TLV which indicates whether the VLAN ID and whether it is enabled and supported on the port of remote Switch which sent the LLDPDU ...

Page 246: ...N Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Aggregation Capability The current aggre...

Page 247: ...Chapter 31 Link Layer Discovery Protocol LLDP XS1930 Series User s Guide 247 Figure 175 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Page 248: ...ler by its Coordinate base LCI latitude and longitude coordinates of the Location Configuration Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identifier Number Inventory TLV The majority of IP Phones lack support of management protocols such as SNMP so LLDP MED inventory TLVs are used to provide their inventory information to ...

Page 249: ...L multiplier of LLDP frames The device information on the neighboring devices ages out and is discarded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the numbe...

Page 250: ...ification is enabled on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 124 Advanced Application LLDP LLDP C...

Page 251: ...h s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 125 Advanced Application LLDP LLDP Configuration Basic TLV Setting LABEL DESCRIPTION Table 126 Advanced Application LLDP ...

Page 252: ...t is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 126 Advanced Application LLDP LLDP Configuration Org specific TLV Setting LABEL DESCRIPTION Table 127 Advanced Application LLDP LLDP MED Configuration LABEL DESCRIPTION Port Th...

Page 253: ...to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 127 Advanced Application LLDP LLDP MED Configuration LABEL DESCRIPTION Table 128 Advanced Application LLDP LLDP MED Network Policy LABEL DESCRIPTION Port Enter the port number to set up the LLDP MED network policy Application Type Select the type of applic...

Page 254: ...f index number of the network policy Click an index number to edit the rule Port This field displays the port number of the network policy Application Type This field displays the application type of the network policy Tag This field displays the Tag Status of the network policy VLAN This field displays the VLANID of the network policy Priority This field displays the priority value of the network...

Page 255: ...cation Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitude altitude and datum Civic Address includes Country State County City Street and other related information Latitude Enter the latitude information The value should be from 0º to 90º The negative value represent...

Page 256: ...ical digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP The valid length is from 10 to 25 characters Add Click Add after finish entering the location information Cancel Click Cancel to begin entering the location information afresh Index This lists the index number of the location configuration Click an index n...

Page 257: ... select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the locations that you want to remove then click the Delete button Cancel Click Cancel to clear the selected check boxes Table 129 Advanced Application LLDP LLDP MED Location LABEL DESCRIPTION ...

Page 258: ...fic from A to the Internet through the Switch s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the Switch Figure 182 Example of Static Routing Topology 32 1 1 What You Can Do Use the Static Routing screen Section 32 2 on page 259 to disp...

Page 259: ...shown Figure 184 IP Application Static Routing IPv4 Static Route The following table describes the related labels you use to create a static route Table 130 IP Application Static Routing IPv4 Static Route LABEL DESCRIPTION Active This field allows you to activate deactivate this static route Name Enter a descriptive name up to 10 printable ASCII characters for identification purposes Destination I...

Page 260: ...u are done configuring Cancel Click Cancel to reset the above fields to your previous configuration Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the de...

Page 261: ...o the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the route Click a number to edit the static route entry Interface This...

Page 262: ...d on the VLAN domain of the DHCPv4 clients Use the DHCPv6 Relay screen Section 33 5 on page 273 to enable and configure DHCPv6 relay 33 1 2 What You Need to Know Read on for concepts on DHCP that can help you configure the screens in this chapter DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request f...

Page 263: ...e 187 IP Application DHCP DHCPv4 The following table describes the labels in this screen Table 132 IP Application DHCP DHCPv4 LABEL DESCRIPTION Relay Status This section displays configuration settings related to the Switch s DHCP relay mode Relay Mode This field displays None if the Switch is not configured as a DHCP relay agent Global if the Switch is configured as a DHCP relay agent only VLAN f...

Page 264: ...s based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field also known as the Option 82 field to DHCP requests The Option 82 field is in the DHCP headers of client DHCP request frames that the Switch relays to a DHCP server Relay Agent Information can include the System Name of the Switch if you select this option Y...

Page 265: ... the length of the field 33 4 2 DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles Click IP Application DHCP DHCPv4 in the navigation panel and click the Option 82 Profile link to display the screen as shown Figure 188 IP Application DHCP DHCPv4 Option 82 Profile Table 135 DHCP Relay Agent Circuit ID Sub option Format SubOpt Code Length Value 1 1 byte N 1 byte Slot ID Por...

Page 266: ...n to include information that identifies the relay agent the Switch Enable Select this option to have the Switch append the Remote ID sub option to the option 82 field of DHCP requests mac Select this option to have the Switch add its MAC address to the client DHCP requests that it relays to a DHCP server string Enter a string of up to 64 ASCII characters for the remote ID information in this fiel...

Page 267: ...box to enable DHCPv4 relay Remote DHCP Server 1 3 Enter the IP address of a DHCPv4 server in dotted decimal notation Option 82 Profile Select a pre defined DHCPv4 option 82 profile that the Switch applies to all ports The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Apply Click Apply to save your changes...

Page 268: ...over the one you select in the DHCP DHCPv4 Global screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset t...

Page 269: ...ver to assign the appropriate IP address according to the VLAN ID Figure 192 DHCP Relay Configuration Example 33 4 6 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients Click IP Application DHCP DHCPv4 in the navigation panel then click the VLAN link In the DHCP Status screen that displays Note You must set up a management IP ...

Page 270: ...pre defined DHCP option 82 profile that the Switch applies to all ports in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned of...

Page 271: ...ed by no space comma or hyphen For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified port s in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server The profile you select here ...

Page 272: ...he example network configure the VLAN Setting screen as shown Figure 196 DHCP Relay for Two VLANs Configuration Example Port This field displays the port s to which the Switch applies the settings Profile Name This field displays the DHCP option 82 profile that the Switch applies to the port s in this VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the...

Page 273: ...e this screen to configure DHCPv6 relay settings for a specific VLAN on the Switch Click IP Application DHCP DHCPv6 in the navigation panel to display the screen as shown Figure 197 IP Application DHCP DHCPv6 The following table describes the labels in this screen Table 142 IP Application DHCP DHCPv6 LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here Helper Address En...

Page 274: ...r the interface ID option is added to DHCPv6 requests from clients in this VLAN Remote ID This field displays whether the remote ID option is added to DHCPv6 requests from clients in this VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entry ies that you want to remove and then click the Dele...

Page 275: ... Switch the Switch looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC f...

Page 276: ... ARP table with host A s ARP reply The Switch then can forward host B s ICMP reply to host A Gratuitous ARP A gratuitous ARP is an ARP request in which both the source and destination IP address fields are set to the IP address of the device that sends this request and the destination MAC address field is set to the broadcast address There will be no reply to a gratuitous ARP request A device may ...

Page 277: ...ation ARP Setup in the navigation panel to display the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Click the link next to Static ARP to open a screen where you can create static ARP entries on the Switch Figure 198 IP Application ARP Setup 34 2 1 ARP Learning Use this screen to configure each port s ARP learning mode Cl...

Page 278: ...en make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them ARP Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply...

Page 279: ... off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of an entry Click an index number to change the settings Active This field disp...

Page 280: ...Erase Running Configuration screen Section 35 3 on page 282 to reset the configuration to the Zyxel default configuration settings Use the Save Configuration screen Section 35 4 on page 282 to save the current configuration settings to a specific configuration file on the Switch Use the Reboot System screen Section 35 5 on page 283 to restart the Switch without physically turning the power off and...

Page 281: ...ig 1 to reboot the system and load Configuration 1 on the Switch Click Config 2 to reboot the system and load Configuration 2 on the Switch Click Factory Default to reboot the system and load the default configuration settings on the Switch Click Custom Default to reboot the system and load a saved custom default file on the Switch This will save the custom default configuration settings to both C...

Page 282: ...rator again you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 or DHCP assigned IP 35 4 Save Configuration Click Config 1 to save the current configuration settings permanently to configuration one on the Switch Click Config 2 to save the current configuration settings permanently to configuration two on the Switch C...

Page 283: ...ct the Switch s configuration Click Config 1 and follow steps 1 to 2 to reboot and load configuration one on the Switch Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch Click Factory Default and follow steps 1 to 2 to reboot and load default configuration settings on the Switch Click Custom Default and follow steps 1 to 2 to reboot and load Custom Default c...

Page 284: ...to abort Note If you did not save a custom default file in the web configurator then the factory default file is restored after you press click Custom Default next to Reboot System on the Switch You will then have to make all your configurations again on the Switch Figure 205 Load Custom Default Confirmation 35 6 Firmware Upgrade The Switch supports dual firmware images Firmware 1 and Firmware 2 U...

Page 285: ...e version number and model code and MM DD YYYY creation date of the firmware currently in use on the Switch Firmware 1 or Firmware 2 The firmware information is also displayed at System Information in Basic Settings Firmware 1 shows its version number and model code and MM DD YYYY creation date Firmware 2 shows its version number and model code and MM DD YYYY creation date Current Boot Image This ...

Page 286: ...u may restore at a later date Back up your current Switch configuration to a computer using the Backup Configuration screen Figure 208 Management Maintenance Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen 1 Select which Switch configuration file you want to download to your computer 2 Click Backup File Path Type the path and ...

Page 287: ...a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 35 9 Tech Support The Tech Support feature is a log enhancement tool that logs useful information such as CPU utilization history memory and Mbuf Memory Buffer log and crash reports for issue analysi...

Page 288: ...reated when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the no...

Page 289: ...rt the Switch s CA signed certificates Figure 211 Management Maintenance Certificates The following table describes the labels in this screen Table 148 Management Maintenance Certificates LABEL DESCRIPTION File Path Click Choose File or Browse to find the certificate file you want to upload Password Type the certificate file s password that was created when the PKCS 12 file was exported The passwo...

Page 290: ...t the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable Valid To This field displays the date that the certificate expires Select an entry s check box to select a specific entry Delete Click this button to delete the certificate or ...

Page 291: ...the computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both files for...

Page 292: ...e of the commands that you may see in GUI based FTP clients 35 11 5 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host ...

Page 293: ... 36 3 3 on page 297 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use the Logins screens Section 36 4 on page 299 to assign which users can access the Switch via web configurator at any one time Use the Service Access Control screen Section 36 5 on page 300 to decide what services you may use to access the Switch Use the Remote Management scr...

Page 294: ... can access the Switch via web configurator at any one time Service Access Control Click this link to decide what services you may use to access the Switch Remote Management Click this link to specify a group of one or more trusted computers from which an administrator may use a service to manage the Switch Table 152 Management Access Control SNMP LABEL DESCRIPTION General Setting Use this section...

Page 295: ...nt with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up to four managers to send your SNMP traps to Port Enter the port number upon which the manager listens...

Page 296: ...ends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See SNMP Traps on page 304 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individ...

Page 297: ...same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the trap type of SNMP traps on this port Clear this check box to disable the sending of SNMP traps on this port Apply Click Apply to save your changes to the Switch s run ti...

Page 298: ...y in which SNMP group this user is admin Members of this group can perform all types of system configuration including the management of administrator accounts readwrite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except the user account and AAA configuration readonly Members of this group have read rights only meaning the user ...

Page 299: ...t varies depending on the user s privilege level Click Management Access Control Logins to view the screen as shown Figure 218 Management Access Control Logins The following table describes the labels in this screen Table 156 Management Access Control Logins LABEL DESCRIPTION Administrator This is the default administrator account with the admin user name You cannot change the default administrato...

Page 300: ... accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins administrator and enable passwords and configuration information display 14 Configure login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins and administrator and enable passwords and display configuration information Users can run comm...

Page 301: ...e Service Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes from 1 to 255 a management session can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Note The timeout...

Page 302: ... you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Se...

Page 303: ...e managed devices contain object variables managed objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple requ...

Page 304: ...s traps to an SNMP manager when an event occurs The following tables outline the SNMP traps by category Table 160 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on warmstart warmStart 1 3 6 1 6 3 1 1 5 2 This trap is sent when the Switch restarts poe For PoE models only pethPsePortOnOffNotificatio n 1 ...

Page 305: ...JECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1 3 6 1 2 1 80 0 1 This trap is sent when a single ping probe fails pingTestFailed 1 3 6 1 2 1 80 0 2 This trap is sent when a ping test consisting of a series of ping probes fails pingTestCompleted 1 3 6 1 2 1 80 0 3 This trap is sent when a ping test is completed traceroute traceRouteTestFailed 1 3 6 1 2 1 81 0 2 This trap is sent when a trac...

Page 306: ... is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network Figure 222 SSH Communication Example 36 7 2 1 How SSH works The following table summarizes how a secure connection is established between two remote hosts Figure 223 How SSH Works ...

Page 307: ...m on a client computer Windows or Linux operating system that is used to connect to the Switch over SSH 36 7 3 Introduction to HTTPS HTTPS HyperText Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unautho...

Page 308: ...ages Internet Explorer 6 When you attempt to access the Switch HTTPS server a Windows dialog box pops up asking if you trust the server certificate You see the following Security Alert screen in Internet Explorer Select Yes to proceed to the web configurator login screen if you select No then web configurator access is blocked Figure 225 Security Alert Dialog Box Internet Explorer 6 Internet Explo...

Page 309: ...r you log in you will see the red address bar with the message Certificate Error Click on Certificate Error next to the address bar and click View certificates Figure 227 Certificate Error Internet Explorer 11 Click Install Certificate and follow the on screen instructions to install the certificate in your browser EXAMPLE ...

Page 310: ...itch HTTPS server a This Connection is Unstructed or Your connection is not secure screen may display If that is the case click I Understand the Risks or Advanced and then the Add Exception button Figure 229 Security Alert Mozilla Firefox 53 0 Confirm the HTTPS server URL matches Click Confirm Security Exception to proceed to the web configurator login screen EXAMPLE ...

Page 311: ...ozilla Firefox 53 0 36 7 4 Google Chrome Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not private screen may display If that is the case click Advanced and then Proceed to x x x x unsafe to proceed to the web configurator login screen EXAMPLE ...

Page 312: ...6 7 4 1 The Main Screen After you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection Figure 232 Example Lock Denoting a Secure Connection EXAMPLE ...

Page 313: ...ic screen You can use this screen to help you identify problems 37 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to ping IP addresses run a traceroute perform port tests or show the Switch s location between devices Figure 233 Management Diagnostic ...

Page 314: ...on This determines the path a packet takes to the specified device TTL Enter the Time To Live TTL value for the ICMP Echo Request packets This is to set the maximum number of the hops routers a packet can travel through Each router along the path will decrement the TTL value by one and forward the packets When the TTL value becomes zero and the destination is not found the router drops the packets...

Page 315: ... Switch chipset supports this feature This shows N A if the Pair status is Open or Short Check the Distance to fault This shows Unsupported if the Switch chipset does not support to show the cable length Distance to fault This displays the distance between the port and the location where the cable is open or shorted This shows N A if the Pair status is Ok This shows Unsupported if the Switch chips...

Page 316: ...ches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 234 Management System Log The summary table shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is currently di...

Page 317: ...levels 39 1 1 What You Can Do Use the Syslog Setup screen Section 39 2 on page 317 to configure the device s system logging settings and configure a list of external syslog servers 39 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click Management Syslog in t...

Page 318: ...changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Active Select this check box to have the device send logs to this syslog server Clear t...

Page 319: ...number to edit the entry Active This field displays Yes if the device is to send logs to the syslog server No displays if the device is not to send logs to the syslog server IP Address This field displays the IP address of the syslog server UDP Port This field displays the port of the syslog server Log Level This field displays the severity level of the logs that the device is to send to this sysl...

Page 320: ...e other switches on the upper floors of the building are cluster members Figure 236 Clustering Application Example 40 1 1 What You Can Do Use the Cluster Management screen Section 40 2 on page 321 to view the role of the Switch within the cluster and to access a cluster member switch s web configurator Table 168 Zyxel Clustering Management Specifications Maximum number of cluster members 24 Cluste...

Page 321: ... LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster Manager Member you see this if you access this screen in the cluster member switch directly and not via the cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switc...

Page 322: ...Configuration Model This field displays the model name Status This field displays Online the cluster member switch is accessible Error for example the cluster member switch password was changed or the switch was set as the manager and so left the member list etc Offline the switch is disconnected Offline shows approximately 1 5 minutes after the link between cluster member and manager goes down Ta...

Page 323: ...very is shown here The switches must be directly connected Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate list Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list Password Each cluster member s password is its web configurator password Select a member in the Clustering Candidat...

Page 324: ...hen select an Index hyperlink from the list of members to go to that cluster member switch s web configurator home page This cluster member web configurator home page and the home page that you d see if you accessed it directly are different Figure 239 Cluster Management Cluster Member Web Configurator Screen 40 4 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware...

Page 325: ...K ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 460ABQF0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 171 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The web configurat...

Page 326: ...dress is dynamic or static 41 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already lea...

Page 327: ...e 327 Figure 241 MAC Table Flowchart 41 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static Click Management MAC Table in the navigation panel to display the following screen Figure 242 Management MAC Table ...

Page 328: ...e the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forwarding screen Select Dynamic to MAC filtering and click the Transfer button to change all dynamically learned MAC address entries in the summary t...

Page 329: ...e IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not already learned the port for this IP address then the packet is flooded to all ports Too much port flooding leads to network conge...

Page 330: ...ccording to IP address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This field displays the index number IP Address This is the IP address of the device from which the incoming packets came VID This is the VLAN group to which the packet belongs Port This is the port from which the...

Page 331: ...e address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The...

Page 332: ...el Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the device belongs Port This field displays the port...

Page 333: ...o open a screen where you can view the IPv6 routing table information Figure 246 Management Routing Table 44 3 IPv4 Routing Table Use this screen to view IPv4 routing table information Click Management Routing Table IPv4 Routing Table in the navigation panel to display the screen as shown Figure 247 Management Routing Table IPv4 Routing Table The following table describes the labels in this screen...

Page 334: ...e has been running since the Switch learned the route and added an entry in the routing table Table 175 Management Routing Table IPv4 Routing Table continued LABEL DESCRIPTION Table 176 Management Routing Table IPv6 Routing Table LABEL DESCRIPTION Index This field displays the index number Route Destination Prefix Length This field displays the IPv6 subnet prefix and prefix length of the final des...

Page 335: ...creen to view IPv6 path MTU information on the Switch Click Management Path MTU Table in the navigation panel to display the screen as shown Figure 249 Management Path MTU Table The following table describes the labels in this screen Table 177 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ages out and n...

Page 336: ...This chapter shows you how you can copy the settings of one port onto other ports 46 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen ...

Page 337: ...abel These are the ports which are going to have the same attributes as the source port You can enter individual ports separated by a comma or a range of ports by using a hyphen For example 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Select this check box to select all port settings Basic Setting Select which port se...

Page 338: ...orts Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 178 Management Configure Clone continued LABEL DESCRIPTION ...

Page 339: ...ind an entry in the neighbor table or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages 47 2 Viewing the IPv6 Neighbor Table Use this screen to view IPv6 neighbor information on the Switch Click Management IPv6 Neighbor Table in the navigation panel to display the screen as shown Figure ...

Page 340: ...to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 address unknown The status of the neighboring interface can not be determined for some reason incomplete I Address resolution is in progress and the link layer address of the neighbor has not yet been determined The interface of the...

Page 341: ...Status LABEL DESCRIPTION Port This identifies the Ethernet port Click a port number to display the Port Details screen refer to Figure 253 on page 343 Name This is the name you assigned to this port in the Basic Setting Port Setup screen Link This field displays the speed either 100M for 100Mbps 1G for 1 Gbps 2 5G for 2 5 Gbps 5G for 5 Gbps or 10G for 10 Gbps and the duplex F for full duplex or H ...

Page 342: ...port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx kB s This field shows the number of kilobytes per second transmitted on this port Rx kB s This field shows the number of kilobytes per second received on this port Up Time This field shows...

Page 343: ...nd the duplex F for full duplex or H for half duplex This field displays Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port See page 138 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP When LACP Link Aggregation Control Protocol STP and dot1x...

Page 344: ...information on collisions while transmitting Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive colli...

Page 345: ... example transmitting and receiving power and module temperature Click a number in the Port column in the DDMI screen to view current transceivers status 512 1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets ...

Page 346: ...ield is available only when an SFP transceiver is inserted into the SFP slot Internal displays if the measurement values are calibrated by the transceiver External displays if the measurement values are raw data which the Switch calibrates DDMI Information Type This displays the DDMI parameter Temperature C This displays the temperature inside the SFP transceiver in degrees Celsius Voltage V This ...

Page 347: ...ng signal is reported to the Switch if the monitored DDMI parameter reaches this value Low Alarm Threshold This displays the low value alarm threshold for each monitored DDMI parameter An alarm signal is reported to the Switch if the monitored DDMI parameter reaches this value Table 183 Management Port Status DDMI DDMI Details continued LABEL DESCRIPTION Table 184 Port Status Utilization LABEL DES...

Page 348: ...2 Make sure the power adapter or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the Switch 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 3 3 on page 35 2 Chec...

Page 349: ...username is admin and the default password is 1234 2 If this does not work you have to reset the device to its factory defaults See Section 4 8 on page 62 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is http DHCP assigned IP or 192 168 1 1 If you changed the IP address use the new IP address If you changed t...

Page 350: ... address must match it Refer to the chapter on access control for details 3 Disconnect and re connect the cord to the Switch 4 If this does not work you have to reset the device to its factory defaults See Section 4 8 on page 62 Pop up Windows JavaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by d...

Page 351: ...hooting XS1930 Series User s Guide 351 Save at the top right corner of the web configurator to save the configuration permanently See also Section 35 8 on page 286 for more information about how to save your configuration ...

Page 352: ...ion Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation http www zyxel com Asia China Zyxel Communications Shanghai Corp Zyxel Comm...

Page 353: ...ilippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Belgium Zyxel Communications B V https www zyx...

Page 354: ...nmark Zyxel Communications A S https www zyxel com dk da Estonia Zyxel Estonia https www zyxel com ee et Finland Zyxel Communications https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Latvia Zyxel Latvia https www zyx...

Page 355: ...land Zyxel Communications Poland https www zyxel com pl pl Romania Zyxel Romania https www zyxel com ro ro Russia Zyxel Russia https www zyxel com ru ru Slovakia Zyxel Communications Czech s r o organizacna zlozka https www zyxel com sk sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de ...

Page 356: ...merica Argentina Zyxel Communications Corporation https www zyxel com co es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Colombia Zyxel Communications Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Corporatio...

Page 357: ...unications Corporation https www zyxel com me en North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en Oceania Australia Zyxel Communications Corporation https www zyxel com au en Africa South Africa Nology Pty Ltd https www zyxel com za en ...

Page 358: ...ions in which this service is used Table 185 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOT...

Page 359: ...hat sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get email from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to...

Page 360: ...S UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP...

Page 361: ... 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means th...

Page 362: ...wing table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 187 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link FF...

Page 363: ...y and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to generate its own and unique IP address automatically when IPv6 is initiated on its interface It combines the prefix and the interface ID generated from...

Page 364: ...lable server S2 For an IA_TA the client may send a Renew or Rebind message at the client s discretion DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients When a client cannot use its link local address and a well known multicast address to locate a DHCP server on its network it then needs a DHCP relay agent t...

Page 365: ...s its IPv6 caches constantly using the information from response messages In IPv6 the Switch configures a link local address automatically and then sends a neighbor solicitation message to check if the address is unique If there is an address to be resolved or verified the Switch also sends out a neighbor solicitation message When the Switch receives a neighbor advertisement in response it stores ...

Page 366: ...HCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 After ...

Page 367: ...r Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 368: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Page 369: ...itions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested and found to comply with the limits for a Class A digital...

Page 370: ...led information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your device Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The POE Power over Ethernet devices tha...

Page 371: ...na y medioambiental Le symbole ci dessous signifie que selon les réglementations locales votre produit et ou sa batterie doivent être éliminés séparément des ordures ménagères Lorsque ce produit atteint sa fin de vie amenez le à un centre de recyclage Au moment de la mise au rebut la collecte séparée de votre produit et ou de sa batterie aidera à économiser les ressources naturelles et protéger l ...

Page 372: ... new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of Zyxel This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in...

Page 373: ...it works 275 learning mode 275 overview 275 setup 277 ARP Address Resolution Protocol 331 ARP Reply 275 ARP Request 276 authentication setup 206 authentication authorization and accounting 203 Authentication Authorization and Accounting see AAA 204 authorization setup 206 auto crossover 32 automatic VLAN registration 115 B bandwidth control 154 egress rate 155 ingress rate 155 setup 154 basic sett...

Page 374: ...t 352 D daylight saving time 83 default Ethernet settings 32 DHCP configuration options 262 Dynamic Host Configuration Protocol 262 modes 262 Relay Agent Information format 264 setup 263 DHCPv4 global relay 266 global relay example 268 Option 82 264 option 82 profiles 265 Relay Agent Information 264 DHCPv4 relay 264 DHCPv6 relay 273 interface ID 273 remote ID 273 diagnostics 313 Ethernet port test...

Page 375: ...33 GVRP 115 122 and port assignment 122 GVRP GARP VLAN Registration Protocol 115 H hardware installation 27 hardware monitor 80 hardware overview 31 hello time 146 HTTPS 307 certificates 307 implementation 307 public keys private keys 307 HTTPS example 308 I IEEE 802 1x activate 169 port authentication 167 reauthentication 170 IEEE 802 3af 22 IEEE 802 3at 22 IEEE 802 3az 233 IEEE 802 3bt 22 IGMP f...

Page 376: ... point 215 STP 214 tunnel port 215 UDLD 215 VTP 214 LACP 160 217 system priority 165 timeout 165 Layer 2 protocol tunneling see L2PT LEDs 35 link aggregation 160 dynamic 160 ID information 161 setup 162 traffic distribution algorithm 162 traffic distribution type 163 trunk group 160 Link Aggregation Control Protocol LACP 160 Link Layer Discovery Protocol 235 LLDP 235 Basic TLV 250 global settings ...

Page 377: ...ormation Base 303 mirroring ports 158 monitor port 158 mounting brackets 29 MST Instance See MSTI 152 MST region 152 MSTI 146 152 MSTI Multiple Spanning Tree Instance 146 MSTP 137 139 bridge ID 149 configuration digest 150 forwarding delay 146 Hello Time 149 hello time 146 Max Age 146 149 maximum hops 146 revision level 146 status 148 MTU 335 MTU Multi Tenant Unit 83 multicast IGMP throttling 199 ...

Page 378: ...oring 158 speed duplex 90 standby 160 power voltage 81 power connector 35 power status 81 PPPoE IA 218 agent sub options 220 configuration 220 drop PPPoE packets 222 port state 220 sub option format 219 tag format 218 trusted ports 220 untrusted ports 220 VLAN 224 PPPoE Intermediate Agent 218 priority level 85 priority queue assignment 85 product registration 372 PVID 115 Q QoS and classifier 179 ...

Page 379: ...MP traps 304 supported 304 305 Spanning Tree Protocol See STP 137 SPQ Strict Priority Queuing 192 SSH encryption methods 307 how it works 306 implementation 307 SSH Secure Shell 306 SSL Secure Socket Layer 307 standby ports 160 static MAC address 129 static MAC forwarding 129 static multicast address 131 static multicast forwarding 131 static route enable 259 metric 260 overview 258 static routes ...

Page 380: ... untrusted ports PPPoE IA 220 user name 40 default 40 user profiles 204 V Vendor Specific Attribute See VSA 208 ventilation holes 28 VID 88 118 number of possible VIDs 115 priority frame 115 VID VLAN Identifier 114 Virtual Local Area Network 83 VLAN 83 acceptable frame type 122 automatic registration 115 ID 114 ingress filtering 122 introduction 83 114 number of VLANs 118 port number 118 port sett...

Page 381: ...ator getting help 63 home 57 login 39 logout 63 navigation panel 58 weight queuing 193 Weighted Round Robin Scheduling WRR 193 WRR Weighted Round Robin Scheduling 192 Z ZDP 44 ZON Utility 44 ZyNOS ZyXEL Network Operating System 291 ZyXEL Discovery Protocol 44 ...