ZyXEL Communications GS2200-8/24 manuals
Computer Equipment > Switch
When we buy new device such as ZyXEL Communications GS2200-8/24 we often through away most of the documentation but the warranty.
Very often issues with ZyXEL Communications GS2200-8/24 begin only after the warranty period ends and you may want to find how to repair it or just do some service work.
Even oftener it is hard to remember what does each function in Switch ZyXEL Communications GS2200-8/24 is responsible for and what options to choose for expected result.
Fortunately you can find all manuals for Switch on our side using links below.
ZyXEL Communications GS2200-8/24 Manual
332 pages 7.54 Mb
1 IP Addresshttp://192.168.1.1 User Name admin Password Copyright © ZyXEL Communications Corporation 3 About This User's Guide6 Document Conventions8 Safety Warnings9 Contents Overview11 Table of Contents23 Getting to Know Your Switch27 Hardware Installation and Connection31 Hardware Panels3.1 Overview 3.2 Front Panels32 Chapter 3 Hardware PanelsFigure 11 Front Panel (GS2200-24) Ports Figure 12 Front Panel (GS2200-24P) PoE Ethernet Ports Dual Personality Interfaces The following table describes the port labels on the front panel Table 2 Front Panel Connections LABEL DESCRIPTION 8 or 24 100 1000 RJ-45 (GS2200-8or GS2200-24 only) 1000 BASE-T PoE Ports (GS2200-8HPor 33 Chapter 3 Hardware PanelsTable 2 Front Panel Connections (continued) 2 or 4 Dual Personality Interfaces Note: The ports change to fiber mode directly when inserting the fiber module • Two or four 100/1000 Mbps RJ-45Ports: Connect these ports to high-bandwidthbackbone network Ethernet switches using 1000Base-Tcompatible Category 5/5e/6 copper cables • Two or four Mini-GBICSlots: Use mini-GBICtransceivers in these slots for connections to backbone Ethernet switches The console port is for local configuration of the Switch •VT100 •Terminal emulation •9600 bps •No parity, 8 data bits, 1 stop bit •No flow control 34 •Speed: Auto•Duplex: Auto •Flow control: Off •Link Aggregation: Disabled •Type: SFP connection interface •Connection speed: GS2200-8/8HP:100 Megabit per second (Mbps) or 1 Gigabit per second (Gbps) GS2200-24/24P:1 Gigabit per second (Gbps) Use the following steps to install a mini-GBICtransceiver (SFP module) 2Press the transceiver firmly until it clicks into place 4Close the transceiver’s latch (latch styles vary) 35 FigureFigure 14 Connecting the Fiber Optic Cables Use the following steps to remove a mini-GBICtransceiver (SFP module) 1Remove the fiber optic cables from the transceiver 2Open the transceiver’s latch (latch styles vary) 3Pull the transceiver out of the slot Figure 15 Removing the Fiber Optic Cables Figure 16 Opening the Transceiver’s Latch Example Figure 17 Transceiver Removal Example Note: Make sure you are using the correct power source as shown on the panel 36 3.3 LEDs39 The Web Configurator4.1 Overview 4.2System Login 40 4.3 The Status Screen41 In the navigation panel, click a main link to reveal a list of submenu linksTable 4 Navigation Panel Sub-linksOverview BASIC SETTING ADVANCED IP APPLICATION MANAGEMENT APPLICATION GS2200-8/24 GS2200-8HP/24P The following table describes the links in the navigation panel Table 5 Navigation Panel Links LINK Basic Settings System Info This link takes you to a screen that displays general system information General Setup about the Switch Switch Setup VLAN type, GARP and priority queues IP Setup routing domains Port Setup ports Advanced Application 42 Table 5 Navigation Panel Links (continued)VLAN This link takes you to screens where you can configure port-basedor 802.1Q VLAN protocol based VLAN or a subnet based VLAN in these screens Static MAC Forwarding These static MAC addresses do not age out Static Multicast for port(s). These static multicast MAC addresses do not age out Filtering This link takes you to a screen to set up filtering rules Spanning Tree Protocol network loops Bandwidth Control Broadcast Storm This link takes you to a screen to set up broadcast filters Control Mirroring interference Link Aggregation one logical, higher-bandwidthlink Authentication for clients communicating via the Switch Port Security maximum number of MAC addresses to learn on a port Classifier based on the specified criteria Policy Rule treatment on the grouped packets Queuing Method weights for each port Multicast snooping and create multicast VLANs AAA Control System Plus) IP Source Guard ARP packets in your network Loop Guard that occur on the edge of your network Layer 2 Protocol Tunneling settings on the Switch PPPoE and authenticate a PPPoE client Errdisable recovery IP Application Static Routing manually 43 Chapter 4 The Web ConfiguratorDiffServ and set DSCP-to-IEEE802.1pmappings DHCP This link takes you to screens where you can configure the DHCP settings ARP Learning basis Management Maintenance maintenance as well as reboot the system Access Control configure SNMP and remote management Diagnostic Syslog Cluster its status MAC Table devices attached to what ports and VLAN IDs ARP Table resolution table Configure Clone 44 4.4 Saving Your Configuration4.5 Switch Lockout 45 4.6Resetting the Switch46 4.7 Logging Out of the Web Configurator4.8 Help 47 Initial Setup Example51 Tutorials60 System Status and Port Statistics7.1 Overview 61 7.2 Port Status Summary62 Table 7 Status(continued) Link the combo ports State Section 13.1 on page 109 for more information) STOP (PD) is allowed to receive power from the Switch on this port LACP the port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx KB/s This field shows the number of kilobytes per second transmitted on this port Rx KB/s This field shows the number of kilobytes per second received on this port Up Time up Clear Counter Clear Counter information for that port, or select Any to clear statistics for all ports 63 Figure 40 Status > Port DetailsTable 8 Status: Port Details Port Info Port NO This field displays the port number you are viewing This field displays the name of the port 64 Section 13.1 on pageIf STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays STOP Status: Port Details (continued) Status Tx Packet The following fields display detailed information about packets transmitted Unicast This field shows the number of good unicast packets transmitted This field shows the number of good multicast packets transmitted Broadcast This field shows the number of good broadcast packets transmitted Pause This field shows the number of 802.3x Pause packets transmitted Rx Packet The following fields display detailed information about packets received This field shows the number of good unicast packets received This field shows the number of good multicast packets received This field shows the number of good broadcast packets received This field shows the number of 802.3x Pause packets received TX Collision The following fields display information on collisions while transmitting Single exactly one collision Multiple more than one collision Excessive reset Late have already been transmitted Error Packet RX CRC Length Runt including the ones with CRC errors Distribution 65 Chapter 7 System Status and Port StatisticsTable 8 Status: Port Details (continued) 128 and 255 octets in length 256 and 511 octets in length 512 and 1023 octets in length 1024 and 1518 octets in length Giant 1519 octets and the maximum frame size 66 Basic Setting8.1 Overview 67 8.2 System Information68 Table 9 Basic Setting > System Info (continued)Fan Speed (RPM) the threshold shown Note: The fan speed information is available only on the GS2200-8HPand GS2200-24Pthat have fans This field displays this fan's current speed in Revolutions Per Minute (RPM) "<41" is displayed for speeds too small to measure (under 2000 RPM) This field displays the minimum speed at which a normal fan should work this fan is functioning below the minimum speed Voltage(V) the voltage falls out of the tolerance range This is the current voltage reading This field displays the maximum voltage measured at this point This field displays the minimum voltage measured at this point Normal otherwise Error is displayed 69 8.3 General Setup70 8.4 Introduction to VLANs71 8.5 Switch Setup Screen72 8.6 IP Setup73 Note: You must configure a VLAN firstFigure 44 Basic Setting > IP Setup Table 12 Basic Setting > IP Setup Domain Name use a domain name instead of an IP address Default Management IP Address 74 Table 12 Basic Setting > IP Setup (continued)DHCP Client subnet mask, a default gateway IP address and a domain name server IP address automatically Static IP Address select this option IP Address Enter the IP address of your Switch in dotted decimal notation for example IP Subnet Mask Enter the IP subnet mask of your Switch in dotted decimal notation for example Default Gateway example VID a member of Management VLAN Management IP Addresses the VID field below Enter the IP subnet mask in dotted decimal notation Type the VLAN group identification number non-volatilememory when you are done configuring Click Cancel to reset the fields to your previous configuration Index This field displays the IP address This field displays the subnet mask This field displays the ID number of the VLAN group This field displays the IP address of the default gateway then click the Delete button Click Cancel to clear the selected check boxes in the Delete column 75 8.7 Port Setup76 8.8 PoE Status77 Figure 46 Powered Device Examples78 PoEFigure 47 Basic Setting > PoE Status Table 14 Basic Setting > PoE Status PoE Status PoE Mode Classification or Consumption mode mode Total Power devices on the PoE ports Consuming Power (W) PoE-enableddevices Allocated Power (W) negotiating with the connected PoE device(s). It shows NA when the Switch is in Consumption mode Consuming Power (W) can be less than or equal but not more than the Allocated Power (W) Remaining This field displays the amount of power the Switch can still provide for PoE to a PoE device, even if the PoE device needs less than 20 W 8.8.1 on page • Disable - The PD connected to this port cannot get power supply • Enable - The PD connected to this port can receive power 79 ClassThis shows the IEEE 802.3af power classification of the PD current (mA) that the PD requires to function. The ranges are as follows Class 0 - Default 0.44 to • Class 2 - Optional , 3.84 to 6.49 to only. Optional, 12.95 to 25.50 in a Switch that supports IEEE 802.3at priority first • Critical has the highest priority served Power (mW) port Max Power (mW) Max Current (mA) 80 Basic Setting > PoE StatusTable 15 Basic Setting > PoE > PoE Setup Select the power management mode you want the Switch to use out, PDs with lower priority do not get power to function power than those with lower priority levels 81 Chapter 8 Basic SettingBasic Setting > PoE > PoE Setup (continued) 83 VLAN101 Static MAC Forward Setup10.1 Overview 10.2 Configuring Static MAC Forwarding102 Chapter 10 Static MAC Forward SetupTable 24 Advanced Application > Static MAC Forwarding deleting it by clearing this check box rule MAC Address pairs Note: Static MAC addresses do not age out Enter the VLAN identification number forwarded changes to the non-volatilememory when you are done configuring Click Cancel to reset the fields to their last saved values Click Clear to begin configuring this screen afresh Click an index number to modify a static MAC address rule for a port (No). You may temporarily deactivate a rule without deleting it address-forwardingrule number to which the MAC address belongs 103 Static Multicast Forward Setup107 Filtering12.1 Overview 12.2 Configure a Filtering Rule108 Chapter 12 FilteringTable 26 Advanced Application > Filtering without deleting it by deselecting this check box identification only Action MAC field). The Switch can still send frames to the MAC address specified in the MAC field MAC Click Clear to clear the fields to the factory defaults which the MAC address belongs This field displays the VLAN group identification number This field displays the filter type for the MAC address button Click Cancel to clear the selected checkbox(es) in the Delete column 109 Spanning Tree Protocol13.1 Overview110 Note: In this user’s guide, “STP” refers to both STP and RSTPThe root bridge is the base of the spanning tree Table 27 STP Path Costs LINK SPEED RECOMMENDED VALUE RECOMMENDED RANGE ALLOWED RANGE 111 Table 28 STP Port StatesPORT STATE Disabled STP is disabled (default) Blocking Only configuration and management BPDUs are received and processed Listening All BPDUs are received and processed Note: The listening state does not exist in RSTP Learning process but not forwarded MRSTP MRSTP2 Note: Each port can belong to one STP tree only Figure 68 MRSTP Network Example 112 13.2Spanning Tree Protocol Status Screen113 13.3 Spanning Tree Configuration114 13.4 Configure Rapid Spanning Tree Protocol115 13.5 Rapid Spanning Tree Protocol Status116 Note: This screen is only available after you activate RSTP on the SwitchFigure 72 Advanced Application > Spanning Tree Protocol > Status: RSTP Table 31 Advanced Application > Spanning Tree Protocol > Status: RSTP edit RSTP settings on the Switch Bridge switch. This Switch may also be the root bridge Bridge ID Hello Time (second) message. The root bridge determines Hello Time, Max Age and Forwarding Delay Max Age (second) This is the maximum time (in seconds) the Switch can wait without receiving a configuration message before attempting to reconfigure (second) listening to learning to forwarding) Cost to Bridge This is the path cost from the root port on this Switch to the root switch Port ID communicate with the root of the Spanning Tree Topology Changed This is the number of times the spanning tree has been reconfigured Times Time Since Last This is the time since the spanning tree was last reconfigured Change 117 13.6 Configure Multiple Rapid Spanning Tree Protocol118 13.7 Multiple Rapid Spanning Tree Protocol Status120 13.8 Configure Multiple Spanning Tree Protocol121 Table 34 Advanced Application > Spanning Tree Protocol > MSTPClick Status to display the MSTP Status screen (see Figure 77 on page 124) Click Port to display the MSTP Port Configuration screen (see Figure 76 on page 123) Spanning Tree Protocol > Configuration screen to enable MSTP on the Switch screen to enable MSTP on the Switch MaxAge rule: Maximum hops discarded and the port information is aged Enter a descriptive name (up to 32 characters) of an MST region Revision Number Enter a number to identify a region’s configuration. Devices must have the same revision number to belong to the same region Instance Use this section to configure MSTI (Multiple Spanning Tree Instance) settings Switch supports instance numbers tree instance 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056 49152, 53248, 57344 and 61440) 122 Table 34 Advanced Application > Spanning Tree Protocol > MSTP (continued)VLAN Range add or remove from the VLAN range edit area in the End field Next click: • Add - to add this range of VLAN(s) to be mapped to the MST instance • Clear - to remove all VLAN(s) from being mapped to this MST instance Enabled VLAN(s) This field displays which VLAN(s) are mapped to this MST instance Select this check box to add this port to the MST instance This field displays the ID of an MST instance Active Port This field display the ports configured to participate in the MST instance Delete button 123 13.9 Multiple Spanning Tree Protocol Status124 Note: This screen is only available after you activate MSTP on the SwitchFigure 77 Advanced Application > Spanning Tree Protocol > Status: MSTP Table 36 Advanced Application > Spanning Tree Protocol > Status: MSTP MSTP settings on the Switch CST This section describes the Common Spanning Tree settings This Switch may also be the root bridge This ID is the same for Root and Our Bridge if the Switch is the root switch message 125 13.10 Technical Reference129 Bandwidth Control132 Broadcast Storm Control134 Mirroring137 Link Aggregation17.1 Overview 138 17.2 Link Aggregation Status139 Table 42 Advanced Application > Link Aggregation StatusGroup ID multiple ports Enabled Ports group belonging to this group Synchronized Aggregator ID this field enabled for this group Criteria trunk dst-mac address source and destination MAC addresses src-ip source and destination IP addresses This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group • LACP - if the ports are configured to join a trunk group via LACP 140 17.3 Link Aggregation Setting141 Chapter 17 Link AggregationAdvanced Application > Link Aggregation > Link Aggregation Setting (continued) based on its IP address to make sure port trunking can work properly Select src-mac to distribute traffic based on the packet’s source MAC address destination MAC addresses Select src-ip to distribute traffic based on the packet’s source IP address dst-ip destination IP addresses Group Select the trunk group to which a port belongs settings for a port, you cannot include the port in an active trunk group 142 17.4 Link Aggregation Control Protocol143 17.5 Technical Reference145 Port Authentication151 Port Security154 Classifier20.1 Overview 20.2Configuring the Classifier155 Chapter 20 ClassifierFigure 96 Advanced Application > Classifier Table 48 Advanced Application > Classifier Select this option to enable this rule Enter a descriptive name for this rule for identifying purposes Layer Specify the fields below to configure a layer 2 classifier value. Refer to Table 50 on page 157 for information Source Select Any to apply the rule to all MAC addresses format (six hexadecimal character pairs) ports (Any) 156 Advanced Application > Classifier (continued)Destination Specify the fields below to configure a layer 3 classifier IP Protocol to Table 51 on page 157 for more information the packets that are sent to establish TCP connections Enter a source IP address in dotted decimal notation Address Specify the address prefix by entering the number of ones in the subnet mask Prefix counting up the number of ones in this case results in Socket IP Protocol Number socket numbers Table 52 on page Enter a destination IP address in dotted decimal notation you are done configuring Click Cancel to reset the fields back to your previous configuration Click Clear to set the above fields back to the factory defaults Classifier Index 157 Figure 97 Advanced Application > Classifier: Summary TableTable 49 Classifier: Summary Table Table 50 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER http://www.iana.org/assignments/protocol-numbers Table 51 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE 158 20.3 Classifier Example160 Policy Rule21.1 Policy Rules Overview 21.2 Configuring Policy Rules161 Chapter 21 Policy RuleAdvanced Applications Policy Rule Figure 99 Advanced Application > Policy Rule Table 53 Advanced Application > Policy Rule Select this option to enable the policy Enter a descriptive name for identification purposes Classifier(s) press [SHIFT] and select the choices at the same time Parameters Action General Specify a VLAN ID number Egress Port Type the number of an outgoing port Specify a priority level 162 Table 53 Advanced Application > Policy Rule (continued)Rate Limit Bandwidth Select No change to forward the packets Select Discard the packet to drop the packets Select No change to keep the priority setting of the frames the value you set in the Priority field Send the packet to the egress port you configure in the VLAN ID field Select Enable to activate bandwidth limitation on the traffic flow(s) memory when you are done configuring This field displays Yes when policy is activated and No when is it deactivated This field displays the name you have assigned to this policy This field displays the name(s) of the classifier to which this policy applies 163 Advanced Application > Policy Rule (continued)Figure 100 Advanced Application > Policy Rule: Summary Table 164 21.3 Policy Example165 Queuing Method22.1 Overview 166 22.2 Configuring Queuing167 Table 54 Advanced Application > Queuing MethodThis label shows the port you are configuring Robin) lowest weights get more guaranteed bandwidth than queues with smaller weights more service than queues with smaller weights Weight different traffic queues according to their weights Hybrid This field is applicable only when you select WFQ or WRR SPQ Lowest Queue traffic on Q5, Q6 and Q7 using SPQ Select None to always use WFQ or WRR for the port 168 Multicast23.1 Overview 170 23.2 Multicast Status171 23.3 Multicast Setting172 Table 56 Advanced Application > Multicast > Multicast SettingIGMP Snooping Use these settings to configure IGMP Snooping that are members of that group Querier with the multicast hosts attached Host Timeout 802.1p Priority control packets. Otherwise, select No-Change to not replace the priority IGMP Filtering can join ports that you want to allow to join multicast groups Unknown Multicast Frame Reserved The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01:00:0C:CC:CC:CC and 01:00:0C:CC:CC:CD, are also included in this group Immed. Leave IGMP version 2 leave message is received on this port Select this option if there is only one host connected to this port Normal Leave from a host Fast Leave Group Limited 173 Table 56 Advanced Application > Multicast > Multicast Setting (continued)Max Group Num is dropped on this port Throttling number of the IGMP groups a port can join is reached Deny multicast forwarding table entry is aged out IGMP report(s) received on this port Profile Default to prohibit the port from joining any multicast group IGMP Filtering Profile screen screen IGMP Querier server). The Switch forwards IGMP join or leave packets to an IGMP query port IGMP query packets when you connect an IGMP multicast server to the port forward IGMP join or leave packets to this port 174 23.4 IGMP Snooping VLAN175 23.5 IGMP Filtering Profile176 23.6 The MVR Screen177 Figure 109 Advanced Application > Multicast > Multicast Setting > MVRTable 59 Advanced Application > Multicast > Multicast Setting > MVR among different subscriber VLANs on the network purposes Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN control packets (belonging to this multicast VLAN) Specify the MVR mode on the Switch. Choices are Dynamic and Compatible Select Compatible to set the Switch not to send IGMP reports This field displays the port number on the Switch 178 Table 59 Advanced Application > Multicast > Multicast Setting > MVR (continued)Source Port traffic. All source ports must belong to a single multicast VLAN Receiver Port None or received on this port This field displays whether the multicast group is enabled or not This field displays the descriptive name for this setting This field displays the MVR mode This field displays the source port number(s) This field displays the receiver port number(s) This field displays the priority level column, then click the Delete button Group Configuration 179 boxaddress for a multicast group MVLAN This field displays the starting IP address of the multicast group This field displays the ending IP address of the multicast group Select Cancel to clear the checkbox(es) in the table News Movie Figure 111 MVR Configuration Example 182 AAA24.1 Overview 183 24.2 AAA Screens24.3 RADIUS Server Setup184 Figure 117 Advanced Application > AAA > RADIUS Server SetupTable 62 Advanced Application > AAA > RADIUS Server Setup Use this section to configure your RADIUS authentication settings This field is only valid if you configure multiple RADIUS servers RADIUS server, if the RADIUS server does not respond then the Switch tries to authenticate with the second RADIUS server requests to Timeout response from the RADIUS server first RADIUS server for 15 seconds and then tries the second RADIUS server This is a read-onlynumber representing a RADIUS server entry Enter the IP address of an external RADIUS server in dotted decimal notation UDP Port value unless your network administrator instructs you to do so 185 Table 62 Advanced Application > AAA > RADIUS Server Setup (continued)Shared Secret must be the same on the external RADIUS server and the Switch This entry is deleted when you click Apply Accounting Use this section to configure your RADIUS accounting server settings response from the RADIUS accounting server This is a read-onlynumber representing a RADIUS accounting server entry change this value unless your network administrator instructs you to do so Switch Switch. This entry is deleted when you click Apply 186 24.4 TACACS+ Server Setup187 Table 63 Advanced Application > AAA > TACACS+ Server Setup (continued)TCP Port key must be the same on the external TACACS+ server and the Switch Accounting Server Use this section to configure your TACACS+ accounting settings This is a read-onlynumber representing a TACACS+ accounting server entry Enter the IP address of an external TACACS+ accounting server in dotted decimal notation unless your network administrator instructs you to do so the Switch. This entry is deleted when you click Apply 188 24.5 AAA Setup189 Table 64 Advanced Application > AAA > AAA Setup (continued)Login authenticate administrator accounts (users for Switch management) up the corresponding database correctly first Method 2 and Method 3 fields and Control > Logins screen RADIUS server TACACS+ server Authorization Use this section to configure authorization settings on the Switch Set whether the Switch provides the following services to a user Exec have different access privilege level assigned via the external server Dot1x assigned via the external server Select this to activate authorization for a specified event types events RADIUS is the only method for IEEE 802.1x authorization Use this section to configure accounting settings on the Switch Update Period accounting is disabled out via the console port, telnet or SSH session privilege level and higher are executed on the Switch Select this to activate accounting for a specified event types servers at the same time accounting server then it tries the second accounting server 190 24.6 Technical Reference193 IP Source Guard25.1 Overview 194 25.2 IP Source Guard195 25.3 IP Source Guard Static Binding196 25.4 DHCP Snooping197 Figure 122 DHCP SnoopingTable 69 DHCP Snooping Database Status Agent URL This field displays the location of the DHCP snooping database Write delay timer update in the DHCP snooping database before it gives up Abort timer This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change the DHCP snooping database 198 Table 69 DHCP Snooping (continued)Agent running database none: The Switch is not accessing the DHCP snooping database write: The Switch is updating the DHCP snooping database Delay timer expiry current update before it gives up. It displays Not Running if the Switch is not updating the DHCP snooping database right now Abort timer expiry This field displays when (in seconds) the Switch is going to update the DHCP changed since the last update snooping database Last succeeded time successfully Last failed time unsuccessfully Last failed reason This field displays the reason the Switch updated the DHCP snooping database successfully or unsuccessfully read or updated the DHCP snooping database Total attempts snooping database for any reason Startup failures This field displays the number of times the Switch could not create or read the for the DHCP snooping database Successful transfers the bindings in the DHCP snooping database successfully Failed transfers This field displays the number of times the Switch was unable to read bindings from or update the bindings in the DHCP snooping database Successful reads snooping database successfully Failed reads from the DHCP snooping database Successful writes This field displays the number of times the Switch updated the bindings in the DHCP snooping database successfully Failed writes This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database Database detail First successful access for any reason Last ignored bindings This section displays the number of times and the reasons the Switch ignored counters Reference Guide Binding collisions already had a binding with the same MAC address and VLAN ID Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore 199 25.5 DHCP Snooping Configure200 Advanced Application > IP Source Guard > DHCP Snooping > ConfigureFigure 123 DHCP Snooping Configure Table 70 DHCP Snooping Configure snooping on specific VLAN and specify trusted ports Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed DHCP Vlan on a specific VLAN Note: You have to enable DHCP snooping on the DHCP VLAN too You can enable Option82 in the DHCP Snooping VLAN Configure screen You can enable in the screen requests from different VLAN Database next update is scheduled to occur before the current update has finished until it completes the current one Enter the location of the DHCP snooping database. The location should be expressed like this: tftp://{domain name or IP address}/directory, if expressed like this: applicable/file name; for example, tftp://192.168.10.1/database.txt ; for example 201 Table 70 DHCP Snooping Configure (continued)Timeout interval in the DHCP snooping database before it gives up Write delay interval update is scheduled, additional changes in current bindings are automatically included in the next update Renew DHCP Snooping URL snooping database than the one specified in Agent URL counter in the DHCP Snooping screen (Section 25.4 on page 196) are done configuring Click this to reset the values in this screen to their last-savedvalues 202 Advanced Application > IP Source Guard > DHCP Snooping > Configure > PortFigure 124 DHCP Snooping Port Configure Table 71 DHCP Snooping Port Configure applied to all of the ports Server Trusted state Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted) arrive is too high Untrusted ports are connected to subscribers, and the Switch discards DHCP packets from untrusted ports in the following situations: • The packet is a DHCP server packet (for example, OFFER, ACK, or NACK) of the current bindings source port do not match any of the current bindings • The rate at which DHCP packets arrive is too high Rate (pps) Enter 0 to disable this limit, which is recommended for trusted ports 203 Chapter 25 IP Source GuardTable 71 DHCP Snooping Port Configure (continued) Chapter 32 on page Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN Figure 125 DHCP Snooping VLAN Configure Table 72 DHCP Snooping VLAN Configure Show VLAN Use this section to specify the VLANs you want to manage in the section below Start VID Enter the lowest VLAN ID you want to manage in the section below End VID Enter the highest VLAN ID you want to manage in the section below Click this to display the specified range of VLANs in the section below configure the * VLAN, the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN. You still have to enable DHCP snooping on the Switch and specify trusted ports Option82 Information the DHCP Snooping Configure screen. See Section 25.5 on page the screen. See Section 25.5 on page 204 25.6 ARP Inspection Status205 25.7 ARP Inspection VLAN Status206 25.8 ARP Inspection Log Status207 25.9 ARP Inspection Configure208 Table 76 ARP Inspection Configureinspection on specific VLAN and specify trusted ports Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters be permanent Log Profile Log buffer size appropriate for the specified Syslog rate and Log interval dropped due to unavailable buffer. Click Clearing log status table in the ARP 25.8 on page Syslog rate generated by ARP packets to the syslog server examples: sends 4 syslog messages every second sends 5 syslog messages every 2 seconds Log interval the syslog server. Enter 0 if you want the Switch to send syslog messages rate and Log interval 209 open this screen, clickFigure 130 ARP Inspection Port Configure Table 77 ARP Inspection Port Configure to all of the ports Trusted State The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations: • The sender’s information in the ARP packet does not match any of the current bindings at which ARP packets can arrive on untrusted ports Limit These settings have no effect on trusted ports disable this limit Burst interval (seconds) every five-secondinterval Enter the length (1-15seconds) of the burst interval 210 Table 77 ARP Inspection Port Configure (continued)Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN Figure 131 ARP Inspection VLAN Configure Table 78 ARP Inspection VLAN Configure the VLAN 211 25.10 Technical Reference213 Follow these steps to configure DHCP snooping on the Switch1Enable DHCP snooping on the Switch 2Enable DHCP snooping on each VLAN, and configure DHCP relay option 4Configure static bindings Figure 133 Example: Man-in-the-middleAttack •It pretends to be computer A and responds to computer B •It pretends to be computer B and sends a message to computer A Chapter 12 on page •They are stored only in volatile memory •They do not use the same space in memory that regular MAC address filters use They appear only in the ARP Inspection MAC Address Filter 215 Loop Guard219 Layer 2 Protocol Tunneling223 PPPoE28.1 PPPoE Intermediate Agent Overview224 Chapter 28 PPPoETable 82 PPPoE IA Circuit ID Sub-optionFormat: User-definedString Table 83 PPPoE IA Remote ID Sub-optionFormat PPPoE > Intermediate Agent 225 28.2The PPPoE Screen226 28.3 PPPoE Intermediate Agent227 Table 86 Advanced Application > PPPoE > Intermediate Agent (continued)option into the PADI and PADR packets for the slot value forward slash (/) or space Figure 144 Advanced Application > PPPoE > Intermediate Agent > Port 228 Table 87 Advanced Application > PPPoE > Intermediate Agent > PortServer Trusted Untrusted Trusted ports are uplink ports connected to PPPoE servers Switch forwards it to other trusted port(s) Untrusted ports are downlink ports connected to subscribers to the trusted port(s) received on an untrusted port Circuit-id PPPoE > Intermediate Agent > Port > VLAN screen) has the highest priority screen) has the highest priority Remote-id Remote-id Switch automatically uses the PPPoE client’s MAC address 229 Intermediate Agent > PortTable 88 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN Show Port VLAN(s) on the port Enter the lowest VLAN ID you want to configure in the section below Enter the highest VLAN ID you want to configure in the section below Click Apply to display the specified range of VLANs in the section below This field displays the port number specified above the * VLAN, the settings are applied to all VLANs adjustments on a VLAN-by-VLANbasis Note: Changes in this row are copied to all the VLANs as soon as you make them sub-optionfor this VLAN on the specified port. Spaces are allowed The Circuit ID you configure here has the highest priority automatically uses the PPPoE client’s MAC address The Remote ID you configure here has the highest priority 230 Figure 146 Advanced Application > PPPoE > Intermediate Agent > VLANTable 89 Advanced Application > PPPoE > Intermediate Agent > VLAN Select this option to turn on the PPPoE Intermediate Agent on a VLAN 231 Error Disable237 Static Route240 Differentiated Services244 DHCP250 ARP Learning255 Maintenance34.1 Overview 34.2 The Maintenance Screen256 Chapter 34 MaintenanceTable 102 Management > Maintenance (continued) Restore Click Click Here to go to the Restore Configuration screen Backup Click Click Here to go to the Backup Configuration screen Load Factory Click Click Here to reset the configuration to the factory default settings Default Save Reboot Click Config 1 to reboot the system and load Configuration 1 on the Switch System Click Config 2 to reboot the system and load Configuration 2 on the Switch Save configuration on the Switch Follow the steps below to reset the Switch back to the factory defaults Load Factory Default 2Click OK to reset all Switch configurations to the factory defaults Figure 166 Load Factory Default: Start In the web configurator, click the Apply Add 257 34.3Firmware Upgrade258 34.4 Restore a Configuration File34.5 Backup a Configuration File 259 34.6 Technical Reference260 3Press [ENTER] when prompted for a username[ENTER] 4Enter your password as requested (the default is “1234”) 5Enter bin to set transfer mode to binary Use put put firmware.bin ras put config.cfg config get config config.cfg Table 103 on page 7Enter quit to exit the ftp prompt General Commands for GUI-basedFTP Clients COMMAND Host Address Enter the address of the host server Login Type Anonymous anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type firmware files should be transferred in binary mode Initial Remote Specify the default remote directory (path) Directory Initial Local Directory Specify the default local directory (path) FTP will not work when: •FTP service is disabled in the Service Access Control screen The IP address(es) in the Remote Management 261 Access Control35.1 Overview 35.2 The Access Control Main Screen 262 35.3 Configuring SNMP263 Chapter 35 Access ControlTable 105 Management > Access Control > SNMP (continued) Get Community Enter the Get Community string, which is the password for the incoming Get- and GetNext- requests from the management station lower Set Community from the management station Trap Community Trap Community SNMP manager Trap Destination Use this section to configure where to send SNMP traps from the Switch Specify the version of the SNMP trap messages Enter the IP addresses of up to four managers to send your SNMP traps to Enter the port number upon which the manager listens for SNMP traps Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap Management > Access Control > SNMP > User screen) screen) 264 to view the screen as shownManagement > Access Control > SNMP > Trap Group (GS2200-24P) Table 106 Management > Access Control > SNMP > Trap Group Setting screen Options Traps on page 271 for individual trap descriptions poe fanspeed 24P 265 UserFigure 174 Management > Access Control > SNMP > User Table 107 Management > Access Control > SNMP > User User create accounts on the SNMP v3 manager Specify the username of a login account on the Switch Security Level Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: noauth security level priv user. This is the highest security level than the security level settings on the Switch Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash generally considered stronger than MD5, but is slower Password Enter the password of up to 32 ASCII characters for SNMP user authentication 266 35.4 Setting Up Login Accounts267 Click Management > Access Control > Logins to view the screen as shown nextFigure 175 Management > Access Control > Logins Table 108 Management > Access Control > Logins LABELDESCRIPTION Administrator Old Password Type the existing system password (1234 is the default password when shipped) New Password Enter your new system password Retype to Retype your new system password for confirmation confirm Edit Logins User Name Set a user name (up to 32 ASCII characters long) 268 35.5 Service Port Access Control35.6 Remote Management 270 35.7 Technical Reference285 Diagnostic36.1 Overview 36.2 Diagnostic 287 Syslog290 Cluster Management38.1 Overview 291 38.2 Cluster Management Status292 38.3 Clustering Management Configuration293 Table 123 Management > Cluster Management > ConfigurationClustering Manager ( ) appears in the member summary list below Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed) Clustering The following fields relate to the switches that are potential cluster members Candidate List management VLAN group will not be visible in the Clustering Candidate list be managed from the Cluster Manager. Its Status is displayed as Error in the summary list below to select them. Then enter their common web configurator password Refresh Click Refresh to perform auto-discoveryagain to list potential cluster members This is the index number of a cluster member switch This is the cluster member switch’s model name Remove switch from the cluster 294 38.4 Technical Reference296 MAC Table39.1 Overview 297 39.2 Viewing the MAC Table298 Table 125 Management > MAC Tablecriteria you specified Select All to display any entry in the MAC table of the Switch Select Static to display the MAC entries manually configured on the Switch the specified VLAN which are forwarded on the specified port Sort by Select MAC to display and arrange the data according to MAC address Select VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Select Dynamic to MAC forwarding and click the Transfer button to change all They also display in the Static MAC Forwarding screen Filtering Discard source This is the incoming frame index number This is the MAC address of the device from which this incoming frame came This is the VLAN group to which this frame belongs This is the port where the above MAC address is forwarded This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen) 299 ARP Table40.1 Overview 40.2 Viewing the ARP Table300 Chapter 40 ARP TableTable 126 Management > ARP Table Specify how you want the Switch to remove ARP entries when you click Flush Select All to remove all of the dynamic entries from the ARP table specified IP address Flush Click Flush to remove the ARP entries according to the condition you specified Click Cancel to return the fields to the factory defaults This is the ARP table entry number MAC address below This is the MAC address of the device with the corresponding IP address above This field displays the VLAN to which the device belongs is the Switch’s management IP address entered in the Static MAC Forwarding screen) 301 Configure Clone41.1 Overview 41.2 Configure Clone302 Chapter 41 Configure CloneTable 127 Management > Configure Clone Source Source separated by a comma or a range of ports by using a dash Example: • 2, 4, 6 indicates that ports 2, 4 and 6 are the destination ports • 2-6 indicates that ports 2 through 6 are the destination ports Basic Setting the destination port(s) Advanced Application copied to the destination ports 303 Troubleshooting42.1Power, Hardware Connections, and LEDs 304 42.2Switch Access and Login305 Advanced SuggestionsI can see the Login screen, but I cannot log in to the Switch 3Disconnect and re-connectthe cord to the Switch Pop-upWindows, JavaScripts and Java Permissions •Web browser pop-upwindows from your device •JavaScripts (enabled by default) There is unauthorized access to my Switch via telnet, HTTP and SSH 306 42.3 Switch Configuration307 Product Specifications308 Table 129 Firmware SpecificationsFEATURE 309 Chapter 43 Product SpecificationsNumber of Login Accounts 4 management accounts configured on the Switch Configurable on the Switch Authentication via RADIUS and TACACS+ also available Maximum Frame Size 9 K (9216 bytes) A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s); the traffic must first go through a router MAC Address Filter Filter traffic based on the source and/or destination MAC address and VLAN group (ID) DHCP (Dynamic Host Configuration Protocol) your network Relay forwarded to ports that are members of that group; thus allowing you to significantly reduce multicast traffic passing through your Switch Differentiated Services (DiffServ) application types and traffic flow Classifier and Policy You can create a policy to define actions to be performed on a traffic flow number or protocol type, etc Queuing congestion. The following scheduling services are supported: Strict Priority Queuing (SPQ) Weighted Round Robin (WRR), and Weighted Fair Queuing (WFQ). This allows the Switch to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-goingtraffic flows on a port Broadcast Storm Control Broadcast storm control limits the number of broadcast, multicast and Port Mirroring you copy the traffic to) without interference Static Route reachable via the default gateway STP (Spanning Tree Protocol) / RSTP (Rapid STP)/MSTP (Multiple Spanning Tree Protocol) any two stations on the network Use IP source guard to filter unauthorized DHCP and ARP packets in your Link aggregation (trunking) is the grouping of physical ports into one logical use multiple lower-speedlinks than to under-utilizea high-speed,but more costly, single-portlink 310 Port Authentication andFor security, the Switch allows authentication using IEEE 802.1x with an external RADIUS server and port security that allows only packets with pass through a port on the Switch Authenticatio and TACACS+ AAA servers Use the web configurator or commands to easily configure the rich range of features on the Switch Port Cloning another port or ports The Switch can generate syslog messages and send it to a syslog server Firmware Upgrade web configurator, CLI or an FTP/TFTP tool to put it on the Switch Note: Only upload firmware for your specific model Configuration Backup & Restoration you decide you want to revert back to an earlier configuration one another PPPoE IA With the PPPoE Intermediate Agent enabled, the Switch can give a PPPoE identify and authenticate a PPPoE client CPU Protection IGMP) to be delivered to the CPU on a port Error Disable gone a gratuitous ARP request and/or an APR request Table 130 Feature Specifications L2 Bridging 16K MAC addresses (4-wayassociative hashed) Static MAC address filtering by source/destination Broadcast storm control in 1 second interval, 1 pps stepping Static MAC address forwarding (port lock) Switching Switching fabric: 20 Gbps or 56 Gbps, non-blocking Max. Frame size: 9 K bytes Forwarding frame: IEEE 802.3, IEEE 802.1q, Ethernet II, PPPoE Prevent the forwarding of corrupted packets 148809 pps at 100 Mbps / 1488095 pps at 1 Gbps with 64 bytes packets 311 Table 130 Feature Specifications (continued)312 Table 131 Standards SupportedSTANDARD 313 Table 131 Standards Supported (continued)316 Appendix A Changing a Fuse317 User-DefinedPort(s Port(s) •If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number •If the Protocol is USER, this is the IP protocol number Description Table 132 Commonly Used Services PROTOCOL PORT(S) 318 Appendix B Common ServicesTable 132 Commonly Used Services (continued) 321 DisclaimerTrademarks Federal Communications Commission (FCC) Interference Statement FCC Warning CE Mark Warning: Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices Viewing Certifications 322 Appendix C Legal InformationZyXEL Limited Warranty Note Registration 323 92250, 299, 301 140 250 194 325 14771 GVRP 84, 90 326 19392, 94, 101 137 328 setup 152, 21744 329 STP 115330 Index70 86 85
Also you can find more ZyXEL Communications manuals or manuals for other Computer Equipment.