ZyXEL Communications GS1920 manuals
Computer Equipment > Switch
When we buy new device such as ZyXEL Communications GS1920 we often through away most of the documentation but the warranty.
Very often issues with ZyXEL Communications GS1920 begin only after the warranty period ends and you may want to find how to repair it or just do some service work.
Even oftener it is hard to remember what does each function in Switch ZyXEL Communications GS1920 is responsible for and what options to choose for expected result.
Fortunately you can find all manuals for Switch on our side using links below.
ZyXEL Communications GS1920 Manual
368 pages 7.84 Mb
1 GS1920 SeriesUser’s Guide 3 Contents Overview5 Table of ContentsPart I: User’s Guide Chapter 6 The Web ConfiguratorBasic Setting 8 Rapid Spanning Tree Protocol StatusConfigure Multiple Rapid Spanning Tree Protocol Multiple Rapid Spanning Tree Protocol Status 13.10 Multiple Spanning Tree Protocol Status 13.11.4 Common and Internal Spanning Tree (CIST) 9 MirroringLink Aggregation Port Authentication Port Security Classifier 10 21.1.1 What You Can Do21.2.1 Viewing and Editing Policy Configuration 22.1.1 What You Can Do 22.1.2 What You Need to Know 23.1.1 What You Can Do 23.1.2 What You Need to Know 23.3.1 IGMP Snooping 23.4 IGMP Snooping VLAN 23.4.1 IGMP Filtering Profile 23.5.1 MVR Group Configuration 23.5.2 MVR Configuration Example 24.1.1 What You Can Do 24.1.2 What You Need to Know 24.6.1 Vendor Specific Attribute 24.6.2 Supported RADIUS Attributes 24.6.3 Attributes Used for Authentication 11 Loop GuardPPPoE 12 28.3.1 PPPoE IA Per-Port28.3.2 PPPoE IA Per-Port Per-VLAN 28.3.3 PPPoE IA for VLAN 31.2 LLDP-MEDOverview 31.4.1 LLDP Local Port Status Detail 31.5.1 LLDP Remote Port Status Detail 31.6.1 LLDP Configuration Basic TLV Setting 31.6.2 LLDP Configuraion Basic Org-specificTLV Setting 32.1.1 What You Can Do 13 34.4.4 DHCPv4 Global Relay Port Configure34.4.5 Global DHCP Relay Configuration Example 14 36.7.1 FTP Command Line36.7.2 Filename Conventions 36.7.3 FTP Command Line Procedure 15 MAC TableARP Table Path MTU Table Appendix 16 Index19 Getting to Know Your Switch1.1 Introduction20 Chapter 1 Getting to Know Your SwitchThe following table describes the PoE features of the Switch by model Table 2 Models and PoE Features POE FEATURES IEEE 802.3af PoE IEEE 802.3 at High Power over Ethernet (PoE) Power management mode - Classification Power management mode - Consumption Figure 1 Backbone Application Sales 21 Figure 2 Bridging ApplicationFigure 3 High Performance Switched Workgroup Application For more information on VLANs, refer to Chapter 9 on page 22 1.2 Ways to Manage the Switch1.3Good Habits for Managing the Switch 24 Hardware Installation and Connection2.1 Installation Scenarios 2.2Desktop Installation Procedure 2.3Mounting the Switch on a Rack 27 Hardware Panels3.1 Front Panel28 Chapter 3 Hardware Panels•Speed: Auto •Duplex: Auto •Flow control: Off •Link Aggregation: Disabled •Type: SFP connection interface •Connection speed: 1 Gigabit per second (Gbps) Use the following steps to install a mini-GBICtransceiver (SFP module) 29 2Press the transceiver firmly until it clicks into place4Close the transceiver’s latch (latch styles vary) Figure Figure 12 Connecting the Fiber Optic Cables Use the following steps to remove a mini-GBICtransceiver (SFP module) 1Remove the fiber optic cables from the transceiver 2Open the transceiver’s latch (latch styles vary) 3Pull the transceiver out of the slot Figure 13 Removing the Fiber Optic Cables Figure 14 Opening the Transceiver’s Latch Example 30 3.2 Rear Panel31 3.3 LEDs3.4 Reset to Factory Defaults 35 The Web Configurator4.1 Overview 4.2System Login 36 4.3The Status Screen37 C - Click this link to go to the status page of the SwitchD - Click this link to logout of the web configurator In the navigation panel, click a main link to reveal a list of submenu links Table 4 Navigation Panel Sub-linksOverview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT PoE model(s) The following table describes the links in the navigation panel Table 5 Navigation Panel Links LINK Basic Settings System Info This link takes you to a screen that displays general system information General Setup about the Switch Switch Setup VLAN type, GARP and priority queues 38 Table 5 Navigation Panel Links (continued)IP Setup routing domains Port Setup PoE Setup For PoE model(s) reserve and allocate power to certain PDs Interface Setup type and ID IPv6 Advanced Application VLAN This link takes you to screens where you can configure port-basedor 802.1Q VLAN protocol based VLAN or a subnet based VLAN in these screens Static MAC Forwarding These static MAC addresses do not age out Static Multicast port(s). These static multicast MAC addresses do not age out Filtering This link takes you to a screen to set up filtering rules Spanning Tree Protocol network loops Bandwidth Control Broadcast Storm This link takes you to a screen to set up broadcast filters Mirroring Link Aggregation logical, higher-bandwidthlink Authentication clients communicating via the Switch Port Security maximum number of MAC addresses to learn on a port Classifier on the specified criteria Policy Rule treatment on the grouped packets Queuing Method weights for each port Multicast snooping and create multicast VLANs AAA Control System Plus) IP Source Guard ARP packets in your network Loop Guard that occur on the edge of your network 39 Chapter 4 The Web ConfiguratorLayer 2 Protocol Tunneling settings on the Switch PPPoE port, VLAN, and PPPoE Errdisable protection, errdisable detect, and errdisable recovery Green Ethernet auto power down, abd short reach for each port LLDP This link takes you to a screen where you can configure LLDP settings IP Application Static Routing DiffServ set DSCP-to-IEEE802.1pmappings DHCP This link takes you to screens where you can configure the DHCP settings ARP Setup port Management Maintenance maintenance as well as reboot the system Access Control configure SNMP and remote management Diagnostic Syslog Cluster status MAC Table devices attached to what ports and VLAN IDs ARP Table resolution table Path MTU Table destination address, MTU, and expire settings Configure Clone Neighbor Table MAC, status, type Management Access Control Logins 40 4.4 Saving Your Configuration4.5 Switch Lockout 41 4.6Resetting the Switch4.7 Logging Out of the Web Configurator 4.8 Help 42 Initial Setup Example46 Tutorials6.1 Overview 6.2How to Use DHCP Snooping on the Switch 49 6.3 How to Use DHCP Relay on the Switch50 PVID=102802.1Q 3Click Advanced Application > VLAN > Static VLAN 51 ACTIVEVLAN Group ID TX Tagging VLAN Status 52 Enter 102 in theand then the link to open the 2Select the Active check box Enter the DHCP server’s IP address (192.168.2.3 in this example) in the Remote DHCP Server 4Select default1 or default2 in the Option 82 Profile field field 5Click Apply to save your changes back to the run-timememory 54 System Status and Port Status7.1 Overview 7.2 Port Status Summary55 Chapter 7 System Status and Port StatusThe following table describes the labels in this screen Table 7 Status Status LABEL (refer to Figure 43 on page 56) Name Port Setup Link 10M 100M 1000M (Copper or Fiber) for the combo ports State Section 13.1 on page 108 for more information) STOP For PoE model(s) only the Switch on this port LACP the port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx KB/s This field shows the number of kilobytes per second transmitted on this port Rx KB/s This field shows the number of kilobytes per second received on this port Up Time up Clear Counter Clear Counter information for that port, or select Any to clear statistics for all ports 56 Figure 43 Status > Port DetailsTable 8 Status: Port Details Port Info Port NO This field displays the port number you are viewing This field displays the name of the port (Copper or Fiber) This field shows if LACP is enabled on this port or not This field shows the number of transmitted frames on this port This field shows the number of received frames on this port 57 Table 8 Status: Port Details (continued)This field shows the total amount of time the connection has been up Tx Packet The following fields display detailed information about packets transmitted Packets This field shows the number of good multicast packets transmitted Broadcast This field shows the number of good broadcast packets transmitted Pause This field shows the number of 802.3x Pause packets transmitted Rx Packet The following fields display detailed information about packets received This field shows the number of good multicast packets received This field shows the number of good broadcast packets received This field shows the number of 802.3x Pause packets received TX Collision The following fields display information on collisions while transmitting Single exactly one collision Multiple more than one collision Excessive reset Late have already been transmitted Error Packet RX CRC Length This field shows the length of the packet received that were in error Runt including the ones with CRC errors Distribution 58 1024 and 1518 octets in lengthGiant 1519 octets and the maximum frame size The maximum frame size varies depending on your switch model 59 Basic Setting8.1 Overview 8.2 System Information60 Figure 44 Basic Setting > System Info (for PoE model(s) only)Table 9 Basic Setting > System Info System Name Product Model firmware upgrade or looking for other support information in the website ZyNOS F/W Version created Ethernet Address CPU Utilization Current (%) percentage of CPU utilization Memory Memory Utilization shows much DRAM memory is available and in use Utilization This field displays the name of memory pool Total This field displays the total number of bytes in this memory pool Used This field displays the number of bytes being used in this memory pool Hardware Monitor Temperature Unit Fahrenheit) in this field BOARD PHY printed circuit board 61 8.3 General Setup62 Figure 45 Basic Setting > General SetupTable 10 Basic Setting > General Setup printable characters; spaces are allowed Location characters; spaces are allowed Contact Person's ASCII characters; spaces are allowed Use Time Server when Bootup differences between them are the time format that you use a Daytime timeserver within your geographical time zone since 1970/1/1 at 0:0:0 NTP (RFC-1305) is similar to Time (RFC-868) is similar to time and date will be reset to 1970-1-10:0:0 Time Server IP locked for 60 seconds. Please wait Current Time This field displays the time you open this menu (or refresh the menu) New Time (hh:min:ss) Current Time field after you click Apply Current Date This field displays the date you open this menu New Date (yyyy mm-dd) Current Date field after you click Apply 63 8.4 Introduction to VLANs64 8.5 Switch Setup Screen65 8.6 IP Setup66 Note: You must configure a VLAN firstFigure 47 Basic Setting > IP Setup Table 12 Basic Setting > IP Setup Domain Name Server use a domain name instead of an IP address Default Management IP Address DHCP Client subnet mask, a default gateway IP address and a domain name server IP address automatically Static IP Address select this option IP Address Enter the IP address of your Switch in dotted decimal notation for example 67 8.7 Port Setup68 Figure 48 Basic Setting > Port SetupTable 13 Basic Setting > Port Setup This is the port index number Settings in this row apply to all ports to set the common settings and then make adjustments on a port-by-portbasis Note: Changes in this row are copied to all the ports as soon as you make them must be enabled for data transmission to occur characters screens Type This field displays the capacity that the port can support Speed/Duplex 1000M/Full Duplex (Gigabit connections only) the same in order to connect 69 8.8 PoE Status70 PoE SetupFigure 50 Basic Setting > PoE Status Table 14 Basic Setting > PoE Status PoE Status PoE Mode Classification or Consumption mode Total Power devices on the PoE ports Consuming Power (W) PoE-enableddevices Allocated Power (W) negotiating with the connected PoE device(s) (W) Remaining This field displays the amount of power the Switch can still provide for PoE PoE device, even if the PoE device needs less than 16W 8.8.1 on page • Disable - The PD connected to this port cannot get power supply • Enable - The PD connected to this port can receive power 71 Table 14 Basic Setting > PoE Status (continued)Class This shows the power classification of the PD current (mA) that the PD requires to function. The ranges are as follows • Class 0 - Default, 0.44 to • Class 1 - Optional, 0.44 to • Class 2 - Optional, 3.84 to • Class 3 - Optional, 6.49 to only. Optional, 12.95 to 25.50 in a Switch that supports IEEE 802.3at PD Priority priority first • Critical has the highest priority served Power (mW) Max Power (mW) Max Current (mA) Basic Setting > PoE Status 72 8.9 Interface Setup73 8.10 IPv674 Figure 53 Basic Setting > IPv6Table 17 Basic Setting > IPv6 more interface details This is the name of the IPv6 interface you created This field displays whether the IPv6 interface is activated or not 75 Figure 54 Basic Setting > IPv6 > IPv6 Interface StatusTable 18 Basic Setting > IPv6 > IPv6 Interface Status IPv6 Active MTU Size interface ICMPv6 Rate Limit Bucket Size suppressed Limit Error up to the bucket size can be transmitted. 0 means no limit Interval Stateless address via stateless autoconfiguration Autoconfig Link Local used as a sender or receiver address 76 Table 18 Basic Setting > IPv6 > IPv6 Interface Status (continued)Global Unicast Address(es) Joined Group ND DAD enabled on the interface Number of DAD Attempts NS-Interval (millisecond) sent for this interface ND Reachable DHCPv6 Client DHCPv6 server Identity Association associated with exactly one interface IA Type IA_NA IA_TA association for temporary addresses IAID Each IA consists of a unique IAID and associated IP information Renew message extend the lifetimes on any addresses in the IA_NA before the lifetimes expire respond, the Switch sends a Rebind message to any available server This field displays the state of the TA. It shows sends out a Rebind message to another DHCPv6 server SID This field displays the DHCPv6 server’s unique ID Preferred Lifetime Valid This field displays how long (in seconds) that the global address is valid DNS This field displays the DNS server address assigned by the DHCPv6 server Domain List domain names Restart address and DNS information for this interface 77 IPv6 ConfigurationFigure 55 Basic Setting > IPv6 > IPv6 Configuration Table 19 Basic Setting > IPv6 > IPv6 Configuration IPv6 Global Setup Switch IPv6 Interface Addressing IPv6 Link Local Global IPv6 Neighbor Discovery Neighbor Switch’s IPv6 neighbor table IPv6 Global Setup 78 Figure 56 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global SetupTable 20 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Setup IPv6 Hop Limit discarded by an IPv6 router, which is similar to the TTL field in IPv4 messages of up to the bucket size can be transmitted. 0 means no limit save your changes to the nonvolatile memory when you are done configuring Clear Click Clear to reset the fields to the factory defaults IPv6 Interface Setup Figure 57 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup 79 Table 21 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface SetupSelect the IPv6 interface you want to configure Select this option to enable the interface stateless autoconfiguration Link-Local Address Setup Link-Local Manually configure a static IPv6 link-localaddress for the interface Default Gateway 80 This is the static IPv6 link-localaddress for the interfaceLocal Address IPv6 Default This is the default gateway IPv6 address for the interface IPv6 Global Address Setup Figure 59 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup Table 23 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup Manually configure a static IPv6 global address for the interface Prefix Length left) in the address compose the network address EUI-64 format 81 Address/Prefixremove the selected entry(ies) from the summary table IPv6 Neighbor Discovery Setup autoconfiguration this interface. Enter 0 to turn off DAD NS Interval are re-sentfor this interface Reachable this interface 82 IPv6 Neighbor SetupFigure 61 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup Table 25 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup Basic Setup > Interface Setup 83 Click this to create a new entry or to update an existing onechanges to the nonvolatile memory when you are done configuring the interface the interface Figure 62 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup 84 Table 26 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setupfor this interface have it work well Options to have the Switch obtain a list of domain names from the DHCP server Information Refresh other configuration information with a DHCPv6 server again Minimum IA-NA server Rapid-Commit two-messageexchange Domain-List configuration information with a DHCPv6 server again 85 VLAN101 Static MAC Forward Setup10.1 Overview 10.2 Configuring Static MAC Forwarding102 Chapter 10 Static MAC Forward SetupTable 35 Advanced Application > Static MAC Forwarding deleting it by clearing this check box rule MAC Address Note: Static MAC addresses do not age out Enter the VLAN identification number forwarded Click Cancel to reset the fields to their last saved values Click Clear to begin configuring this screen afresh Click an index number to modify a static MAC address rule for a port (No). You may temporarily deactivate a rule without deleting it address-forwardingrule to which the MAC address belongs 103 Static Multicast Forward Setup106 Filtering12.1 Filtering Overview 12.2 Configure a Filtering Rule107 Chapter 12 FilteringTable 37 Advanced Application > Filtering without deleting it by deselecting this check box identification only Action field). The Switch can still send frames to the MAC address specified in the MAC field Click Clear to clear the fields to the factory defaults which the MAC address belongs This field displays the VLAN group identification number button Click Cancel to clear the selected checkbox(es) in the Delete column 108 Spanning Tree Protocol127 Bandwidth Control14.1 Overview 14.2 Bandwidth Control Setup128 Chapter 14 Bandwidth ControlTable 48 Advanced Application > Bandwidth Control Select this check box to enable bandwidth control on the Switch Select this check box to activate ingress rate limits on this port Ingress Rate flow on a port Note: Ingress rate bandwidth control applies to layer 2 traffic only Select this check box to activate egress rate limits on this port Egress Rate 129 Broadcast Storm Control15.1 Broadcast Storm Control Overview 15.2 Broadcast Storm Control Setup130 Chapter 15 Broadcast Storm ControlFigure 97 Advanced Application > Broadcast Storm Control Table 49 Advanced Application > Broadcast Storm Control disable this feature Broadcast (pkt Multicast (pkt/s) DLF (pkt/s) receives per second to save your changes to the non-volatilememory when you are done configuring 131 Mirroring16.1 Mirroring Overview 16.2 Port Mirroring Setup132 Chapter 16 MirroringTable 50 Advanced Application > Mirroring feature Monitor set the common settings and then make adjustments on a port-by-portbasis Mirrored Select this option to mirror the traffic on a port Direction Egress (outgoing), Ingress (incoming) and Both your changes to the non-volatilememory when you are done configuring 133 Link Aggregation140 Port Authentication18.1 Port Authentication Overview 141 18.2 Port Authentication Configuration18.3 Activate IEEE 802.1x Security142 Figure 106 Advanced Application > Port AuthenticationTable 56 Advanced Application > Port Authentication Select this check box to permit 802.1x authentication on the Switch port Select this to permit 802.1x authentication on this port. You must first allow authentication on the Switch before configuring it on each port Max-Req unresponsive ports to the Guest VLAN Reauth stay connected to the port Reauth-period secs username and password to stay connected to the port Quiet-period Tx-periodsecs identity request to the client Supp-Timeout request before sending another request 143 Table 56 Advanced Application > Port Authentication > 802.1x (continued)Figure 107 Guest VLAN Example Port Authentication Guest Vlan 144 Figure 108 Advanced Application > Port Authentication > 802.1x > Guest VLANTable 57 Advanced Application > Port Authentication > 802.1x > Guest VLAN This field displays a port number Changes in this row are copied to all the ports as soon as you make them Select this checkbox to enable the guest VLAN feature on this port services Guest Vlan guest VLAN Make sure this is a VLAN recognized in your network 145 Host-mode(using a hub) Select Multi-Secure to authenticate each user that connects to this port Multi-Secure Num Switch will authenticate on this port 146 Port Security19.1 Port Security Overview 19.2 Port Security Setup147 Chapter 19 Port SecurityFigure 109 Advanced Application > Port Security Table 58 Advanced Application > Port Security Port List MAC freeze display in the Static MAC Forwarding screen MAC freeze the Address Learning check boxes only for the ports specified in the Port list Select this option to enable port security on the Switch matching MAC address(es) are dropped this port on a port, the port itself must be active with address learning enabled 148 Table 58 Advanced Application > Port Security (continued)Limited Number feature is disabled 149 Classifier20.1 Overview 20.2Configuring the Classifier150 Chapter 20 ClassifierFigure 110 Advanced Application > Classifier Table 59 Advanced Application > Classifier Select this option to enable this rule Enter a descriptive name for this rule for identifying purposes Layer Specify the fields below to configure a layer 2 classifier Other value. Refer to Table 61 on page 152 for information Source Select Any to apply the rule to all MAC addresses (six hexadecimal character pairs) ports (Any) format (six hexadecimal character pairs) Specify the fields below to configure a layer 3 classifier 151 Chapter 20 ClassifierTable 59 Advanced Application > Classifier (continued) to Table 62 on page 152 for more information the packets that are sent to establish TCP connections IPv6 Next Header packets that initiate or acknowledge (establish) TCP connections Enter a source IP address in dotted decimal notation Address Specify the address prefix by entering the number of ones in the subnet mask Prefix counting up the number of ones in this case results in Socket IP Protocol Number numbers Table 63 on page Enter a destination IP address in dotted decimal notation are done configuring Click Cancel to reset the fields back to your previous configuration Click Clear to set the above fields back to the factory defaults Classifier Index 152 Figure 111 Advanced Application > Classifier: Summary TableTable 60 Classifier: Summary Table Table 61 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER http://www.iana.org/assignments/protocol-numbers Table 62 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE 153 20.3 Classifier Example154 Policy Rule21.1 Policy Rules Overview 21.2 Configuring Policy Rules155 Chapter 21 Policy RuleFigure 113 Advanced Application > Policy Rule Table 64 Advanced Application > Policy Rule Select this option to enable the policy Enter a descriptive name for identification purposes Classifier(s) press [SHIFT] and select the choices at the same time Parameters Action General Specify a VLAN ID number Egress Port Type the number of an outgoing port Specify a priority level Rate Limit 156 Table 64 Advanced Application > Policy Rule (continued)Select No change to forward the packets Select Discard the packet to drop the packets Select No change to keep the priority setting of the frames value you set in the Priority field Send the packet to the egress port configure in the VLAN ID field Select Enable to activate bandwidth limitation on the traffic flow(s) memory when you are done configuring This field displays Yes when policy is activated and No when is it deactivated This field displays the name you have assigned to this policy This field displays the name(s) of the classifier to which this policy applies 157 21.3 Policy Example158 Queuing Method22.1 Queuing Method Overview 159 22.2 Configuring Queuing160 Table 65 Advanced Application > Queuing MethodThis label shows the port you are configuring Robin) lowest weights get more guaranteed bandwidth than queues with smaller weights more service than queues with smaller weights Weight different traffic queues according to their weights Hybrid This field is applicable only when you select WFQ or WRR SPQ Lowest Queue traffic on Q5, Q6 and Q7 using SPQ Select None to always use WFQ or WRR for the port 161 Multicast23.1 Multicast Overview162 Chapter 23 MulticastFigure 117 MVR Network Example Multicast VLAN S You can set your Switch to operate in either dynamic or compatible mode 163 23.2 Multicast Setup164 23.3 IPv4 Multicast Status165 Figure 121 Advanced Application > Multicast > IPv4 Multicast > IGMP SnoopingTable 68 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping IGMP Snooping Use these settings to configure IGMP snooping that are members of that group Querier with the multicast hosts attached Host Timeout 802.1p Priority control packets. Otherwise, select No-Change to not replace the priority IGMP Filtering can join ports that you want to allow to join multicast groups Unknown Multicast Frame Reserved The layer-2multicast MAC addresses used by Cisco layer-2protocols 01:00:0C:CC:CC:CC and 01:00:0C:CC:CC:CD, are also included in this group 166 Immed. LeaveIGMP version 2 leave message is received on this port Select this option if there is only one host connected to this port Normal Leave an IGMP Group-SpecificQuery (GSQ) message to determine whether other hosts hosts to update the forwarding table from a host Fast Leave This helps speed up the leave process Group Limited Max Group Num dropped on this port Throttling number of the IGMP groups a port can join is reached Deny multicast forwarding table entry is aged out IGMP report(s) received on this port Profile Default to prohibit the port from joining any multicast group You can create IGMP filtering profiles in the Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile screen screen 167 23.4 IGMP Snooping VLAN168 autoVLANs automatically VLAN(s) that you specify below You must also enable IGMP snooping in the Multicast > IPv4 Multicast > IGMP Snooping screen first snooping Enter the descriptive name of the VLAN for identification purposes Enter the ID of a static VLAN; the valid range is between 1 and You cannot configure the same VLAN ID as in the MVR screen This saves your changes to the Switch’s run-timememory. The Switch loses these number to view more details or change the settings IGMP Snooping in the navigation panel. Click the link and then the link to display the screen as shown 169 Profile NameEnter a descriptive name for the profile for identification purposes name and specify a different IP multicast address range to belong to the IGMP filter profile End Address to the IGMP filter profile End Address fields fields This field displays the descriptive name of the profile This field displays the start of the multicast address range This field displays the end of the multicast address range to remove in the Delete Profile column, then click the Delete button Rule column, then click the Delete button Click Cancel to clear the Delete Profile/Delete Rule check boxes to clear the check boxes 170 23.5 General MVR Configuration171 Chapter 23 MulticastTable 71 Advanced Application > Multicast > Multicast Setting > MVR (continued) Specify the MVR mode on the Switch. Choices are Dynamic and Compatible multicast VLAN Select Compatible to set the Switch not to send IGMP reports or MLD messages This field displays the port number on the Switch Source Port multicast traffic. All source ports must belong to a single multicast VLAN Receiver Port None or received on this port This field displays whether the multicast group is enabled or not This field displays the descriptive name for this setting This field displays the MVR mode This field displays the source port number(s) This field displays the receiver port number(s) This field displays the priority level column, then click the Delete button Group Configuration 172 list boxRefer to Section on page 161 for more information on IP multicast addresses address for a multicast group MVLAN This field displays the starting IP address of the multicast group This field displays the ending IP address of the multicast group Delete button to remove the selected entry(ies) from the table Select Cancel to clear the checkbox(es) in the table News Movie Multicast VID 173 EXAMPLE174 EXAMPLEEXAMPLE 175 AAA24.1 AAA Overview 176 24.2 AAA Screens24.3 RADIUS Server Setup177 Figure 132 Advanced Application > AAA > RADIUS Server SetupTable 74 Advanced Application > AAA > RADIUS Server Setup Use this section to configure your RADIUS authentication settings This field is only valid if you configure multiple RADIUS servers RADIUS server, if the RADIUS server does not respond then the Switch tries to authenticate with the second RADIUS server requests to Timeout response from the RADIUS server first RADIUS server for 15 seconds and then tries the second RADIUS server This is a read-onlynumber representing a RADIUS server entry Enter the IP address of an external RADIUS server in dotted decimal notation UDP Port value unless your network administrator instructs you to do so Shared Secret must be the same on the external RADIUS server and the Switch 178 24.4 TACACS+ Server Setup179 Figure 133 Advanced Application > AAA > TACACS+ Server SetupTable 75 Advanced Application > AAA > TACACS+ Server Setup Use this section to configure your TACACS+ authentication settings This field is only valid if you configure multiple TACACS+ servers TACACS+ server, if the TACACS+ server does not respond then the Switch tries to authenticate with the second TACACS+ server Select round-robin to alternate between the TACACS+ servers that it sends authentication requests to response from the TACACS+ server first TACACS+ server for 15 seconds and then tries the second TACACS+ server This is a read-onlynumber representing a TACACS+ server entry Enter the IP address of an external TACACS+ server in dotted decimal notation TCP Port key must be the same on the external TACACS+ server and the Switch 180 24.5 AAA Setup181 Figure 134 Advanced Application > AAA > AAA SetupTable 76 Advanced Application > AAA > AAA Setup Login authenticate administrator accounts (users for Switch management) up the corresponding database correctly first Method 2 and Method 3 fields and Control > Logins screen RADIUS server TACACS+ server Authorization Use this section to configure authorization settings on the Switch Set whether the Switch provides the following services to a user • Exec privilege level assigned via the external server Dot1x assigned via the external server Select this to activate authorization for a specified event types 182 24.6 Technical Reference183 •Assign account privilege levels for the authenticated userThe VSAs are composed of the following: Vendor-ID Vendor-Type •Vendor-data:A value you want to assign to the setting The following table describes the VSAs supported on the Switch Table 77 Supported VSAs FUNCTION ATTRIBUTE Vendor-Id Vendor-Type Vendor-data Vendor-ID Vendor-Data = "shell:priv-lvl=N and the Switch, the user is assigned a privilege level from the database (RADIUS or local) the Switch uses first for user authentication 184 FUNCTIONATTRIBUTEVLAN(13) 802(6) $enab 185 Ethernet(15)187 IP Source Guard25.1 Overview 188 25.2 IP Source Guard189 25.3 IP Source Guard Static Binding190 25.4 DHCP Snooping191 Figure 137 Advanced Application > IP Source Guard > DHCP SnoopingTable 81 Advanced Application > IP Source Guard > DHCP Snooping Database Status Agent URL This field displays the location of the DHCP snooping database Write delay timer update in the DHCP snooping database before it gives up Abort timer This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change the DHCP snooping database 192 Table 81 Advanced Application > IP Source Guard > DHCP Snooping (continued)Agent running database none: The Switch is not accessing the DHCP snooping database write: The Switch is updating the DHCP snooping database Delay timer expiry current update before it gives up. It displays Not Running if the Switch is not updating the DHCP snooping database right now Abort timer expiry This field displays when (in seconds) the Switch is going to update the DHCP changed since the last update snooping database Last succeeded time successfully Last failed time unsuccessfully Last failed reason This field displays the reason the Switch updated the DHCP snooping database successfully or unsuccessfully read or updated the DHCP snooping database Total attempts snooping database for any reason Startup failures This field displays the number of times the Switch could not create or read the for the DHCP snooping database Successful transfers the bindings in the DHCP snooping database successfully Failed transfers This field displays the number of times the Switch was unable to read bindings from or update the bindings in the DHCP snooping database Successful reads snooping database successfully Failed reads from the DHCP snooping database Successful writes This field displays the number of times the Switch updated the bindings in the DHCP snooping database successfully Failed writes This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database Database detail First successful access for any reason Last ignored bindings This section displays the number of times and the reasons the Switch ignored counters clear these counters by restarting the Switch Binding collisions already had a binding with the same MAC address and VLAN ID Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore 193 25.5 DHCP Snooping Configure194 Figure 138 Advanced Application > IP Source Guard > DHCP Snooping > ConfigureTable 82 Advanced Application > IP Source Guard > DHCP Snooping > Configure snooping on specific VLAN and specify trusted ports Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed DHCP Vlan on a specific VLAN Note: You have to enable DHCP snooping on the DHCP VLAN too You can enable Option82 in the DHCP Snooping VLAN Configure screen You can enable screen requests from different VLAN Database next update is scheduled to occur before the current update has finished until it completes the current one Enter the location of the DHCP snooping database. The location should be expressed like this: tftp://{domain name or IP address}/directory, if expressed like this: applicable/file name; for example, tftp://192.168.10.1/database.txt ; for example Timeout interval in the DHCP snooping database before it gives up 195 Write delay intervalupdate is scheduled, additional changes in current bindings are automatically included in the next update Renew DHCP Snooping URL snooping database than the one specified in Agent URL counter in the DHCP Snooping screen (Section 25.4 on page 190) Click this to reset the values in this screen to their last-savedvalues Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port 196 applied to all of the portsServer Trusted state Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted) arrive is too high Untrusted ports are connected to subscribers, and the Switch discards DHCP packets from untrusted ports in the following situations: • The packet is a DHCP server packet (for example, OFFER, ACK, or NACK) of the current bindings source port do not match any of the current bindings • The rate at which DHCP packets arrive is too high Rate (pps) Enter 0 to disable this limit, which is recommended for trusted ports Chapter 34 on page Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN 197 Show VLANUse this section to specify the VLANs you want to manage in the section below Start VID Enter the lowest VLAN ID you want to manage in the section below End VID Enter the highest VLAN ID you want to manage in the section below Click this to display the specified range of VLANs in the section below configure the * VLAN, the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN. You still have to enable DHCP snooping on the Switch and specify trusted ports Option 82 Profile VLAN ID and/or system name) specified in the profile to DHCP requests that it the DHCP Snooping Configure screen (see Section 25.5 on page 193) the screen (see Section 25.5 on page configuring Advanced Application > IP Source Guard > DHCP Snooping > Configure VLAN > Port 198 25.6 ARP Inspection Status199 25.7 ARP Inspection VLAN Status200 25.8 ARP Inspection Log Status201 Figure 144 Advanced Application > IP Source Guard > ARP Inspection > Log StatusTable 88 Advanced Application > IP Source Guard > ARP Inspection > Log Status Clearing log status table that have not been sent to the syslog server yet Total number of logs number of dropped log messages This field displays a sequential number for each log message This field displays the source port of the ARP packet This field displays the source VLAN ID of the ARP packet Sender MAC This field displays the source MAC address of the ARP packet Sender IP This field displays the source IP address of the ARP packet Num Pkts in the ARP Inspection Configure screen. See Section 25.9 on page screen. See Section 25.9 on page This field displays the reason the log message was generated the same MAC address and VLAN ID MAC address and VLAN ID VLAN ID of the ARP packet. See Section 25.9.2 on page This field displays when the log message was generated 202 25.9 ARP Inspection Configure203 Syslog rategenerated by ARP packets to the syslog server examples: sends 4 syslog messages every second sends 5 syslog messages every 2 seconds Log interval the syslog server. Enter 0 if you want the Switch to send syslog messages rate and Log interval Advanced Application > IP Source Guard > ARP Inspection > Configure > Port 204 Trusted StateThe Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations: bindings rate at which ARP packets can arrive on untrusted ports Limit These settings have no effect on trusted ports Specify the maximum rate (1-2048packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit Burst interval The burst interval is the length of time over which the rate of ARP packets is (seconds) second interval. If the burst interval is 5 seconds, then the Switch accepts a maximum of 75 ARP packets in every five-secondinterval Enter the length (1-15seconds) of the burst interval 205 Advanced Application > IP Source Guard > ARP Inspection > Configure > VLANthe VLAN 206 25.10 Technical Reference208 1Enable DHCP snooping on the Switch2Enable DHCP snooping on each VLAN, and configure DHCP relay option 4Configure static bindings Figure 149 Example: Man-in-the-middleAttack •It pretends to be computer A and responds to computer B •It pretends to be computer B and sends a message to computer A Chapter 12 on page •They are stored only in volatile memory •They do not use the same space in memory that regular MAC address filters use They appear only in the ARP Inspection MAC Address Filter 210 Loop Guard214 Layer 2 Protocol Tunneling27.1 Layer 2 Protocol Tunneling Overview 215 27.2Configuring Layer 2 Protocol Tunneling216 Figure 157 Advanced Application > Layer 2 Protocol TunnelingTable 93 Advanced Application > Layer 2 Protocol Tunneling Select this to enable layer 2 protocol tunneling on the Switch packets by replacing the destination MAC address in the packets you use a unicast MAC address, make sure the MAC address does not exist in the address table of a switch on the service provider’s network MAC address for encapsulation CDP other Cisco devices can be discovered through the service provider’s network STP up based on bridge information from all (local and remote) networks 217 Chapter 27 Layer 2 Protocol TunnelingTable 93 Advanced Application > Layer 2 Protocol Tunneling (continued) VTP Point to Point determine the link’s physical status and detect a unidirectional link PAGP and build a logical port aggregation and manages trunk groups UDLD monitor the physical status of a link Access service provider's network access port(s) only 218 PPPoE28.1 PPPoE Intermediate Agent Overview219 Chapter 28 PPPoETable 94 PPPoE Intermediate Agent Vendor-specificTag Format Table 95 PPPoE IA Circuit ID Sub-optionFormat: User-definedString Table 96 PPPoE IA Remote ID Sub-optionFormat 220 PPPoE > Intermediate AgentTable 98 PPPoE IA Circuit ID Sub-optionFormat: Defined in WT-101 Trusted ports are connected to PPPoE servers If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Untrusted ports are connected to subscribers 221 28.2 The PPPoE Screen28.3 PPPoE Intermediate Agent222 Table 99 Advanced Application > PPPoE > Intermediate Agent (continued)circuit-id over this Per-Port Per-VLANscreen (specified in the option field) to PADI or PADR packets from PPPoE clients node-identifier field field identifier string 53 ASCII characters. Spaces are allowed option into the PADI and PADR packets for the slot value forward slash (/) or space 223 Figure 161 Advanced Application > PPPoE > Intermediate Agent > PortTable 100 Advanced Application > PPPoE > Intermediate Agent > Port Server Trusted Untrusted Trusted ports are uplink ports connected to PPPoE servers If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session Switch forwards it to other trusted port(s) Untrusted ports are downlink ports connected to subscribers port(s) received on an untrusted port Circuit-id PPPoE > Intermediate Agent > Port > VLAN screen) has the highest priority screen) has the highest priority Remote-id Remote-id Switch automatically uses the PPPoE client’s MAC address > PPPoE > Intermediate Agent > Port > VLAN screen) has the highest priority 224 Table 100 Advanced Application > PPPoE > Intermediate Agent > Port (continued)Intermediate Agent > Port Table 101 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN Show Port VLAN(s) on the port Enter the lowest VLAN ID you want to configure in the section below Enter the highest VLAN ID you want to configure in the section below Click Apply to display the specified range of VLANs in the section below This field displays the port number specified above the * VLAN, the settings are applied to all VLANs adjustments on a VLAN-by-VLANbasis Changes in this row are copied to all the VLANs as soon as you make them sub-optionfor this VLAN on the specified port. Spaces are allowed The Circuit ID you configure here has the highest priority 225 automatically uses the PPPoE client’s MAC addressThe Remote ID you configure here has the highest priority Figure 163 Advanced Application > PPPoE > Intermediate Agent > VLAN Table 102 Advanced Application > PPPoE > Intermediate Agent > VLAN Select this option to turn on the PPPoE Intermediate Agent on a VLAN 226 Table 102 Advanced Application > PPPoE > Intermediate Agent > VLAN (continued) 227 Error Disable233 Green Ethernet30.1 Green Ethernet Overview 30.2 Configuring Green Ethernet234 Chapter 30 Green EthernetFigure 169 Advanced Application > Green Ethernet Table 107 Advanced Application > Green Ethernet EEE Select this to activate Energy Efficient Ethernet globally Auto Power Select this to activate Auto Power Down globally Down Short Reach Select this to activate Short Reach globally Select this to activate Energy Efficient Ethernet on this port Select this to activate Auto Power Down on this port Select this to activate Short Reach on this port 235 Link Layer Discovery Protocol (LLDP)31.1 LLDP Overview 236 31.2 LLDP-MEDOverview237 31.3 LLDP Screens238 31.4 LLDP Local Status239 Table 109 Advanced Application > LLDP > LLDP Local StatusBasic TLV chassis ID is identified by the chassis ID subtype by the chassis ID subtype This shows the Host Name of the Switch TLV This shows the System Description which is the firmware version of the Switch This shows the System Capabilities enabled and supported on the local Switch Capabilities System Capabilities Supported - Bridge • System Capabilities Enabled - Bridge Address TLV that may be used to reach higher layer entities to assist discovery by network management. The TLV may also include the system interface number and an object identifier (OID) that are associated with this management address This field displays the Management Address settings on the specified port(s) • Management Address Subtype - ipv4 / all-802 Interface Number Subtype - unknown • Interface Number - 0 (not supported) • Object Number - 0 (not supported) LLDP Port This displays the local port information Local Port Status Detail screen This indicates how the port ID field is identified Subtype which this LLDPDU was transmitted This shows the port description that the Switch will advertise from this port Description LLDP > LLDP Local Status (Click Here) 242 These are the Basic TLV flagsPort ID TLV The port ID TLV identifies the specific port that transmitted the LLDP frame • Port ID Subtype: This shows how the port is identified • Port ID: This is the ID of the port This displays the local port description Dot1 TLV Port VLAN ID This displays the VLAN ID sent by the IEEE 802.1 Port VLAN ID TLV Port-Protocol VLAN ID TLV VLAN is enabled and supported Dot3 TLV MAC PHY Status TLV negotiation during link initiation or manual override • AN Enabled - The current auto-negotiationstatus of the port • AN Advertised Capability - The auto-negotiationcapabilities of the port • Oper MAU Type - The current Medium Attachment Unit (MAU) type of the port identification of the aggregation • Aggregation Capability — The current aggregation capability of the port • Aggregation Status — The current aggregation status of the port • Aggregation Port ID — The aggregation ID of the current port Max Frame This displays the maximum supported frame size in octets Size TLV MED TLV capabilities to support media endpoint devices. MED enables advertisement and databases, and information for troubleshooting This field displays which LLDP-MEDTLV are capable to transmit on the Switch Device Type This is the LLDP-MEDdevice class. The Zyxel Switch device type is: Network Connectivity 243 31.5 LLDP Remote Status244 LLDP Remote Status245 The following table describes the labels in Basic TLV part of the screenChassis ID TLV identified by the chassis ID subtype the port ID subtype Time To Live This displays the remote port description This displays the system description of the remote device device System Capabilities Supported System Capabilities Enabled This displays the following management address parameters of the remote device Management Address Subtype Management Address Interface Number Subtype Interface Number Object Identifier 246 This displays the VLAN ID of this port on the remote devicesent the LLDP PDU • Port-ProtocolVLAN ID • Port-ProtocolVLAN ID Supported • Port-ProtocolVLAN ID Enabled Vlan Name TLV This shows the VLAN ID and name for remote device port VLAN Name 247 Identity TLVaccessible through its port Power Via MDI power support capabilities of the sending port on the remote device Port Class MDI Supported MDI Enabled Pair Controlable PSE Power Pairs Power Class 249 The following table describes the labels in the MED TLV part of the screenThis displays the MED capabilities the remote port supports • Extend Power via MDI PSE • Extend Power via MDI PD Inventory Management LLDP-MEDendpoint device classes: Endpoint Class This shows the location information of a caller by its: Coordinate-baseLCI - latitude and longitude coordinates of the Location 250 31.6 LLDP Configuration251 Figure 180 Advanced Application > LLDP > LLDP ConfigurationTable 115 Advanced Application > LLDP > LLDP Configuration Select to enable LLDP on the Switch. It is disabled by default Transmit Interval Enter how many seconds the Switch waits before sending LLDP packets Transmit Hold Transmit Delay value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port This displays the port number with this LLDP configuration. * means all ports Admin Status Select whether LLDP transmission and/or reception is allowed on this port • Disable - not allowed • Tx-Only- transmit only • Rx-Only- receive only • Tx-Rx- transmit and receive Notification Select whether LLDP notification is enabled on this port 252 Advanced ApplicationLLDP > LLDP Configuration (Click Here) > Basic TLV Setting Figure 181 Advanced Application > LLDP > LLDP Configuration> Basic TLV Setting Table 116 Advanced Application > LLDP > LLDP Configuration > Basic TLV Setting all ports simultaenously Select to enable the sending of Management Address TLVs on the port(s) Select to enable the sending of Port Description TLVs on the port(s) Select to enable the sending of System Capabilities TLVs on the port(s) Select to enable the sending of System Description TLVs on the port(s) Select to enable the sending of System Name TLVs on the port(s) 253 LLDP > LLDP Configuration (Click Here)Org-specific TLV Setting Select to enable the sending of IEEE 802.1 Port VLAN ID TLVs on the port(s) Note: For PoE models only. The Power Via MDI TLV allows network management to remote device MAC/PHY Select to enable the sending of IEEE 802.3 Max Frame Size TLVs on the port(s) 254 31.7 LLDP-MEDConfiguration255 31.8 LLDP-MEDNetwork Policy256 31.9 LLDP-MEDLocation257 Table 120 Advanced Application > LLDP > LLDP-MEDLocationThe LLPD-MEDuses geographical coordinates and Civic Address to set the location Coordinates other related information Latitude represents the South north south Longitude vlaue represents the West west east Altitude or in floors meters floor Datum Select the appropriate geodetic datum used by GPS WGS84 NAD83-NAVD88 NAD83-MLLW Civic Address all other fields are up to 32 octets Country County City Division Street Leading-Street-Direction Street-Suffix Trailing-Street-Suffix House-Number House-Number-Suffix Landmark Additional-Location Zip-Code Building Floor Room-Number Place-Type Postal-Community-Name Post-Office-Box Additional-Code 258 ELIN Numberis from 10 octets to 25 octets Click Add after finish entering the location information Click Cancel to begin entering the location information afresh or edit the lcoation This lists the port number of the location configuration coordinates that includes longitude, latitude and altitude form 10 octets to 25 octets Click Cancel to clear the selected check boxes in the delete column 259 Static Route32.1 Static Route Overview 32.2 Static Routing 32.3 Configuring Static Routing260 Chapter 32 Static RouteFigure 187 IP Application > Static Routing > IPv4 Static Route Table 121 IP Application > Static Routing > IPv4 Static Route This field allows you to activate/deactivate this static route Destination IP This parameter specifies the IP network address of the final destination IP Subnet Mask subnet mask field to force the network number to be identical to the host ID Gateway IP segment as your Switch Metric but it must be between 1 and 15. In practice, 2 or 3 is usually a good number Click Cancel to reset the above fields to your previous configuration entry This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination 261 Chapter 32 Static RouteTable 121 IP Application > Static Routing > IPv4 Static Route (continued) your Switch that will forward the packet to the destination This field displays the cost of transmission for routing purposes 262 Differentiated Services266 DHCP280 ARP Setup284 Maintenance36.1 Overview 36.2 The Maintenance Screen285 Chapter 36 MaintenanceTable 137 Management > Maintenance (continued) Click Click Here to go to the Restore Configuration screen Click Click Here to go to the Backup Configuration screen Click Here Config Save configuration on the Switch Follow the steps below to reset the Switch back to the factory defaults Load Factory Default 2Click OK to reset all Switch configurations to the factory defaults Figure 207 Load Factory Default: Start In the web configurator, click the 286 36.3Firmware Upgrade287 36.4 Restore a Configuration File288 36.5 Backup a Configuration File36.6Tech-Support289 to see the following screenFigure 212 Management > Maintenance > Tech-Support Table 139 Management > Maintenance > Tech-Support CPU Type a number ranging from 50 to 100 in the CPU threshold box, and type another number ranging from 5 to 60 in the seconds box then click Apply when CPU utilization reaches over 80% and lasts for 5 seconds less data technical support will have to analyze and vice versa Mbuf box. The Mbuf log report is stored in flash (permanent) memory over 50% All log reports separately below Crash the last crash and is stored in flash memory 290 36.7 Technical Reference291 1Launch the FTP client on your computer2Enter open, followed by a space and the IP address of your Switch 3Press [ENTER] when prompted for a username 4Enter your password as requested (the default is “1234”) 5Enter bin to set transfer mode to binary Use put put firmware.bin ras-0 put config.cfg config get config config.cfg Table 140 on page 7Enter quit to exit the ftp prompt General Commands for GUI-basedFTP Clients COMMAND Host Address Enter the address of the host server Login Type Anonymous anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type firmware files should be transferred in binary mode Initial Remote Specify the default remote directory (path) Directory Initial Local Directory Specify the default local directory (path) 292 Service Access ControlRemote Management 293 Access Control37.1 Access Control Overview 37.2 The Access Control Main Screen 294 37.3 Configuring SNMP295 Chapter 37 Access ControlTable 142 Management > Access Control > SNMP (continued) Set Community management station Trap Community Trap Community SNMP manager Trap Destination Use this section to configure where to send SNMP traps from the Switch Specify the version of the SNMP trap messages Enter the IP addresses of up to four managers to send your SNMP traps to Enter the port number upon which the manager listens for SNMP traps Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap This username must match an existing account on the Switch (configured in Management > Access Control > Logins screen) screen) SNMP Trap Group Figure 215 Management > Access Control > SNMP > Trap Group 296 Table 143 Management > Access Control > SNMP > Trap GroupSetting screen Traps on page 304 for individual trap descriptions categories) SNMP > Trap Group Figure 216 Management > Access Control > SNMP > Trap Group > Port 297 Table 144 Management > Access Control > SNMP > Trap Group > PortSelect the trap type you want to configure here Select this check box to enable the trap type of SNMP traps on this port Clear this check box to disable the sending of SNMP traps on this port User Figure 217 Management > Access Control > SNMP > User Table 145 Management > Access Control > SNMP > User User Information create accounts on the SNMP v3 manager Specify the username of a login account on the Switch 298 Table 145 Management > Access Control > SNMP > User (continued)Security Level Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: security level user. This is the highest security level than the security level settings on the Switch Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash generally considered stronger than MD5, but is slower Password Enter the password of up to 32 ASCII characters for SNMP user authentication Privacy one of the following: encryption. It applies a 56-bitkey to each 64-bitblock of data uses a secret key. AES applies a 128-bitkey to 128-bitblocks of data Enter the password of up to 32 ASCII characters for encrypting SNMP packets SNMP group this user is the management of administrator accounts information from the Switch number to view more details and edit an existing account This field displays the username of a login account on the Switch SNMP communication with this user user This field displays the SNMP group to which this user belongs 299 37.4 Setting Up Login Accounts300 37.5 Service Port Access Control301 37.6 Remote Management303 37.7 Technical Reference311 Diagnostic38.1 Overview 38.2 Diagnostic312 Table 151 Management > DiagnosticSystem Log Click Display to display a log of events in the multi-linetext box Click Clear to empty the text box and reset the syslog entry IP Ping IPv4 band or out-of-band)the Switch is to send ping frames port (labelled MGMT) If you select out-of-band,the Switch sends the frames to the management port (labelled MGMT) send ping frames Click Ping to have the Switch ping the IP address (in the field to the left) Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test Cable Diagnostics Diagnose diagnose a port This is the number of the physical Ethernet port on the Switch Channel use and test two pairs, while a 1000BASE-Tport requires all four pairs This displays the descriptive name of the wire-pairin the cable Pair status Ok: The physical connection between the wire-pairis okay Short: There is an short circuit detected between the wire-pair Unsupported: The port is a fiber port or it is not active Cable length Pair status is Ok and the Switch chipset supports this feature This shows Unsupported if the Switch chipset does not support to show the cable length Distance to fault shorted This shows N/A if the Pair status is Ok Locator LED Blink Switch between several devices in a rack The default time interval is 30 minutes Click Stop to have the Switch terminate the blinking locater LED 313 Syslog39.1 Syslog Overview 39.2 Syslog Setup 314 39.3 Syslog Server Setup315 Figure 232 Management > Syslog > Syslog Server SetupTable 154 Management > Syslog > Syslog Server Setup (you can edit the entry later) Server Address Enter the IP address of the syslog server Log Level server. The lower the number, the more critical the logs are Click Clear to return the fields to the factory defaults device is not to send logs to the syslog server This field displays the IP address of the syslog server Select an entry’s Delete check box and click Delete to remove the entry 316 Cluster Management40.1 Cluster Management Overview 317 40.2 Cluster Management Status318 40.3 Clustering Management Configuration319 Table 157 Management > Cluster Management > ConfigurationClustering Manager ( ) appears in the member summary list below Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed) Clustering The following fields relate to the switches that are potential cluster members Candidate List management VLAN group will not be visible in the Clustering Candidate list be managed from the Cluster Manager. Its Status is displayed as Error in the summary list below to select them. Then enter their common web configurator password Click Refresh to perform auto-discoveryagain to list potential cluster members This is the index number of a cluster member switch This is the cluster member switch’s model name Remove switch from the cluster 320 40.4 Technical Reference321 The following table explains some of the FTP parametersTable 158 FTP Upload to Cluster Member Example FTP PARAMETER User Enter “admin” Password The web configurator password default is and configuration file 410AAHW0.bin This is the name of the firmware file you want to upload to the cluster member switch fw-00-a0-c5-01-23-46 manager switch config-00-a0-c5-01-23-46 cluster manager switch 322 MAC Table41.1 MAC Table Overview 323 41.2 Viewing the MAC Table324 Table 159 Management > MAC Tablecriteria you specified Select All to display any entry in the MAC table of the Switch Select Static to display the MAC entries manually configured on the Switch the specified VLAN which are forwarded on the specified port Sort by Select MAC to display and arrange the data according to MAC address Select VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Select Dynamic to MAC forwarding and click the Transfer button to change all They also display in the Static MAC Forwarding screen Filtering Discard source This is the incoming frame index number This is the MAC address of the device from which this incoming frame came This is the VLAN group to which this frame belongs This is the port where the above MAC address is forwarded This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen) 325 ARP Table42.1 Overview 42.2 Viewing the ARP Table326 Figure 240 Management > ARP TableTable 160 Management > ARP Table Specify how you want the Switch to remove ARP entries when you click Flush Select All to remove all of the dynamic entries from the ARP table specified IP address Flush Click Flush to remove the ARP entries according to the condition you specified Click Cancel to return the fields to the factory defaults This is the ARP table entry number address below This is the MAC address of the device with the corresponding IP address above This field displays the VLAN to which the device belongs Switch’s management IP address Age(s) ages out and needs to be relearned. This shows 0 for a static entry 327 Path MTU Table43.1 Path MTU Overview 43.2 Viewing the Path MTU Table 328 Configure Clone44.1 Overview 44.2 Configure Clone329 Figure 242 Management > Configure CloneTable 162 Management > Configure Clone Source Source separated by a comma or a range of ports by using a dash Example: 2, 4, 6 indicates that ports 2, 4 and 6 are the destination ports 2-6 indicates that ports 2 through 6 are the destination ports Basic Setting the destination port(s) Advanced Application copied to the destination ports 330 Neighbor Table45.1 IPv6 Neighbor Table Overview 45.2 Viewing the IPv6 Neighbor Table331 Table 163 Management > Neighbor Table (continued)configure or the MAC address of the neighboring device are: received a response to the initial request.) unrequested response from the neighbor’s interface to give upper-layerprotocols a chance to determine reachability • invalid (IV): The neighbor address is with an invalid IPv6 address reason complete response options in this field are: • other (O): none of the following type • local (L): A Switch interface is using the address • static (S): The interface address is statically configured 336 Troubleshooting46.1Power, Hardware Connections, and LEDs 337 46.2Switch Access and Login338 Advanced SuggestionsI can see the Login screen, but I cannot log in to the Switch 2You may have exceeded the maximum number of concurrent sessions 3Disconnect and re-connectthe cord to the Switch Pop-upWindows, JavaScripts and Java Permissions •Web browser pop-upwindows from your device •JavaScripts (enabled by default) There is unauthorized access to my Switch Display System Log 339 46.3 Switch Configuration346 User-DefinedPort(s Port(s) •If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number •If the Protocol is USER, this is the IP protocol number Description Table 164 Commonly Used Services NAME PROTOCOL PORT(S) 347 Table 164 Commonly Used Services (continued)348 Appendix B Common Services350 MULTICAST ADDRESS351 Table 167 Reserved Multicast Address (continued)EUI-64 353 Neighbor solicitation: A request from a host to determine a neighbor’sNeighbor advertisement: A response from a node to announce its 354 C:\>ipv6 installInstalling Succeeded C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address . . . . . . . : Subnet Mask . . . . . . . : fe80::2d0:59ff:feb8:103c%4 Default Gateway ipconfig 1Install Dibbler and select the DHCPv6 client option on your computer After the installation is complete, select Start All Programs Dibbler-DHCPv6 Client Install as service 3Select Start > Control Panel > Administrative Tools > Services 355 4Double click Dibbler - a DHCPv6 client1Select Control Panel > Network and Sharing Center > Local Area Connection 2Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it 356 4Click Close to exit the Local Area Connection Status screen5Select Start > All Programs > Accessories > Command Prompt 357 CopyrightDisclaimer Trademarks Certifications (Class A) Federal Communications Commission (FCC) Interference Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices Viewing Certifications 358 Appendix D Legal InformationZyXEL Limited Warranty Note Registration Safety Warnings CE Marking 359 Environmental Product Declaration361 cluster member firmware upgrade 320 network examplesetup 318 specification 316 status 317 switch models 316 VID Common and Internal Spanning Tree, See CIST 126 configuration change running config 286 configuration file backup 288 restore 287 saving CPU management port 97 CPU protection configuration 229 overview DHCP configuration options 266 relay example 277 setup DHCP relay option 82 DHCP snooping database 207 diagnostics Ethernet port test 312 ping system log Differentiated Service (DiffServ) DiffServ 262 activate 263 DS field 262 DSCP network example 263 PHB disclaimer DS (Differentiated Services) DSCP DSCP (DiffServ Code Point) 262 dynamic link aggregation egress rate, and bandwidth control 128 Energy Efficient Ethernet error disable detect 227 Ethernet broadcast address 280, 325 Ethernet port test external authentication server fan speed FCC interference statement 357 file transfer using FTP command example 290 filename convention, configuration 362 GVRP 86, 91366 STP 114STP 108 Hello Time 113, 114, 116 Max Age 113, 114, 116
Also you can find more ZyXEL Communications manuals or manuals for other Computer Equipment.