ZyXEL Communications IES-5005, IES-6000 manual 802.1x Application, IES-5000/5005/6000 Support Notes

Page 69
TGE1> switch port pvid up1 200

IES-5000/5005/6000 Support Notes

For this example, assign VLAN 200(PVID) to ENET1 and ENET2. Also, assign VLAN 10 and VLAN 20 to Port1 and port2 respectively.

CI command:

TGE1> switch port pvid up1 200

TGE1> switch port pvid up2 200

TGE1> port pvc set 7-1-0/33 DEFVAL llc 10 0

TGE1> port pvc set 7-2-0/33 DEFVAL llc 20 0

1.3 Port Isolation

On the IES-5000, you can isolate ports without configuring VLAN groups in the CLI.

CI command:

TGE1> switch isolation enable

2. Prestige 660R-61(P791) Settings

Please refer to the steps in the previous application.

802.1x Application

IEEE 802.1x port-based authentication can be used to prevent unauthorized ports (clients) from gaining access to the network. It is an extended authentication protocol that allows support of RADIUS (Remote Authentication Dial in User Service, RFC2138, 2139) for centralized user profile management on a network RADIUS server.

The following figure shows a network example where the IES-5000 acts as an authenticator to provide 802.1x authentication. In this example, the supplicants (PC1 and PC2) want to gain access to the application server.

68

All contents copyright (c) 2008 ZyXEL Communications Corporation.

Image 69
Contents Integrated Ethernet Switch IES-5000/5005/6000Support Notes INDEX IES-5000/5005/6000 Support NotesTriple play Application with VLC Line Card Application NotesTriple Play Triple Play scenario topology P-870H-51 Hardware connectionsIES-5000M Main Chassis MSC1000GIES-5000 Firmware versionsHow to set the P-870H-51 to factory-default? Configure the P-870H-511. System login Configure the IES-50002. Configure the VLC1348G-51 a. Click Port VDSL Sub-step 1 Open VLAN setup page Sub-step 2 Join VLAN 100 to VDSL port Sub-step 3 Join VLAN 500 to VDSL port IES-5000/5005/6000 Support Notes 3. Configure the MSC1000G a. Click VLAN VLAN d. Check the final VLAN setup status of the MSC1000G 4. Use ACL rule to replace the VID / Priority for the PPPoE packets a. Loginb. ACL-rule profile CLI syntax 1 Create ACL profiles 5. Use MVR to configure the IPTV setting on MSC1000G a. Login 6. Configure the IGMP-Proxy and Static Query VLAN a. Login d. Check the Query VLAN status 2. If setting is successful, result is as below 7. Save configuration for the IPDSLAMConfigure the ES-2024A 2. Configure VLANs 2. VLAN 500 for VoIP 3. VLAN 700 for IPTV 4. Check final status of the VLAN settings 1. Click Advance Application VLAN, then choose the VLAN Port Setting c. Set the default PVID for the relative ports in this scenarioDon’t forget to click Apply to save the settings 2.Set port 1 / 5 / 7’s PVID as 100 / 500 / 700 as below2. Click Apply at bottom to save the settings 1. Click Basic Setting Port Setup to call the page belowe. Save all the settings for the ES-2024A Setting up Multiple PVCs Triple play Application with ALC/SLC Line CardIES-5000 SLC-1248G or ALC-1248G 1. IES-5000 Settings 2. Prestige 660R-61P791 Settings 3.1 VALN 3. ES-2024 settingsIES-5000/5005/6000 Support Notes Set the PVIDs on port 1 and 2 to 10 and 20 respectively 3.2 PVID setupIES-5000/5005/6000 Support Notes IES‐5000 Slot VLC1348G‐51 IES-5000/5005/6000 Support Notes VDSL2 to ADSL2+ FallbackP‐660H‐61 ADSL2+ CPE1. Telnet into the P-660H-61 Configure the P-660H-61a. Enter 1 in the Main Menu to open Menu 1 - General Setup 2. General Setupb. Type a name in the System Name field c. Select No in the Route IP field d. Select Yes in the Bridge field3. Remote Node Setup a. Enter 11 in the Main Menu to open Menu 11 - Remote Node Setupb. Enter 1 to configure the remote node of MyISP ISP, SUA c. Menu 11.1 - Remote Node Profile appears e. Select RFC 1483 in the Encapsulation fieldf. Select LLC-based in the Multiplexing field l. Press ENTER to confirm your changes j. Menu 11.6 - Remote Node ATM Layer Options appears1. Login Configure the VLC1348G-51IES-5000/5005/6000 Support Notes c. Select Enable 2. VDSL Port Setupa. Click Port VDSL e. Click Apply3. PVC Setup a. Click Config Save on the navigation panel 4. Config save5. Check status a. Click Statistics Port Statistics c. Click Diagnostic Loopbackd. Select port e. Type 8 in VPI and 35 in VCI f. Click the Test button to perform an OAM F5 loopback test on portIES-5000/5005/6000 Support Notes IES-5000/5005/6000 Support Notes Impulse Noise Protection INP IES-5000/5005/6000 Support Notes Upstream Power Back-Off UPBO What is UPBO?PSD f PSD f Non-FEXT dominated environment Do not apply UPBO Modes of UPBOFEXT-dominated environment 1. Protection of the long loop4. Spectral mask compatibility with other services Methods of UPBO3. Improved performance of short loops What is CFM? IES-5000/5005/6000 Support Notes 802.1ag CFMMA--Maintenance Association MD--Maintenance DomainMEP--Maintenance End point CFM TermsMIP--Maintenance Intermediate Point 1. CFM MD Screen WEB GUI Introduction2. CFM MA Screen 3. CFM MEP Screen 4. Loopback Diagnosis Enable CFM CLI Command IntroductionDisable CFM MSC1000Gswtichcfm disable Create a MD Create a MEP MSC1000G switch cfmmep setIES-5000/5005/6000 Support Notes Configuring and applying the profiles to subscriber ports Setting up different DSL port speeds to different subscribersInternet IES-5000 ALC-1248G2. Prestige 660R-61 2.1 Menu 1 General Setup 2.2 Menu 4 Internet Access Setup2.3 Menu11.1 Remote Node Profile 2.4 Menu11.6 Remote Node ATM Layer Options Setting up a VLAN IES-5000/5005/6000 Support Notes Configuring 802.1Q VLAN1.1 VLAN settings 1.2 PVID settingsTGE1 switch port pvid up1 TGE1 switch port pvid up2 802.1x ApplicationAuthenticator Authorized Authentication Server RADIUSSetting up 1. Authenticator Setup IES-50002. RADIUS Setup Vantage 2.1 RADIUS server setup2.2 Create a User Account 3. Supplicant Setup Windows XP IES-5000/5005/6000 Support Notes 4. Prestige 660R-61 Settings Syslog Server ApplicationPlease refer to the procedures described in the previous application Setting up a Syslog server 1. Installing and Running Kiwi’s Syslog ServerNetwork 2. IES-5000 settings 1. IES-5000 settings Setting up a Ring EnvironmentIES-5000/5005/6000 Support Notes Ring Topology Application 1.1 Activating Spanning Tree protocol on Ethernet Ports2.2 Activating Spanning Tree protocol on Ethernet ports 2. Setup IES-2000 2.1 Activating Spanning Tree protocolports 1 and 2. The following shows the CLI commands CI command TGE1 sys sw rstp enable TGE1 sys sw rstp port enableSelect Rapid Spanning Tree Protocol to enable it on the port Click Uplink2 to configure this portIES-5000/5005/6000 Support Notes 3. ES-4024 Settings 3.1 Activating Spanning Tree protocol 4. Status Results IGMP IGMP Snooping/IGMP Filtering ApplicationEthernet Port RouterSetting up IGMP snooping/IGMP filtering 1. IES-5000 settings 1.1 Activating IGMP Snooping1.2 Setting up IGMP Filtering Limiting Internet access to users on specific DSL ports Setting up MAC Filter/Port Security1. IES-5000 settings 1.1 Configuring MAC filter DHCP Relay Option 82 Application 1.2 Configuring Port SecuritySetting up DHCP Relay Option Network DHCP ServerADSL/SHDSL CPE DHCP Client 3. IP Commander settings 2. CPE settingsIES-5000/5005/6000 Support Notes Enter a name and description for the new rule IES-5000/5005/6000 Support Notes Select DHCP Option in the Keywords field IES-5000/5005/6000 Support Notes In the next wizard screen, click Next to continue IES-5000/5005/6000 Support Notes Click Finish to complete the wizard setup After the configuration, your computer should obtain an IP address of 192.168.1.201 from the DHCP server once the computer is connected to the network Packet Filtering1. IES-5000 settings ALC-1248G/SLC 1248G Setting up Packet FilteringNetwork Client Client7- 4 accept-all 7- 5 accept-all 7- 6 accept-all 7- 7 accept-all 7-46 accept-all 7-47 accept-all 7-48 accept-all TGE1 7-42 accept-all 7-43 accept-all 7-44 accept-all 7-45 accept-all