Manuals / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications VES-1616 manual Classifier & Policy rule setup on your Switch

Models: VES-1616

1 118

Download 118 pages 5.25 Kb

Page 103

Classifier & Policy rule setup on your Switch

ZyXEL

VES-1616/24FA-5x Series Support Notes

After the configuration, the port is authenticated and the computer connected to this port is allowed to access the network. Otherwise, the computer cannot access the network.

Classifier & Policy rule setup on your Switch

This section shows you how to allow traffic from certain IP addresses and deny others. This can be done easily using classifier and policy rules.

First, you need to create a classifier rule to group traffic into data flows based on information such as the source address, destination address, port number and packet format. In this example, we group traffic based on the packet format and set the VES-1616F-3X to apply its policy rules. The following lists the three classifier rules that we will define in this example:

1.Packet with a source IP address of 192.168.1.20

2.Packets on port 2

3.ARP traffic for testing

Once packet classification settings are done, we create policy rules to specify the actions on the matched packets so they get the deserved treatment in the network. Here, we also define three policy rules.

1.Forward traffic from 192.168.1.20 only (on the first classifier)

2.Discard all the traffic from port 2 (on the second classifier)

3.Forward ARP packets (on the third classifier)

All contents copyright 2008 ZyXEL Communications Corporation.

102

Image 103

ZyXEL Communications VES-1616 manual Classifier & Policy rule setup on your Switch

Contents

Support Notes VES-1616/24FA-5x Series VDSL SwitchVES-1616/24FA-5x Series Support Notes Setting up a DHCP Relay Option 82 EnvironmentDHCP Relay Option 82 Application ZyXELOperation Mode Firmware Upgrade Switch Management and MaintenanceRestore a Configuration File 3. In the File Path field, click Browse to locate the firmware file Backing Up a Configuration File Load Factory Defaults DHCP Relay Option 82 Application General NetworkingNetwork Port DHCP Server DHCP Client 1. Switch settings2. IP Commander setup ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes VES-1616/24FA-5x Series Support Notes All contents copyright 2008 ZyXEL Communications CorporationEnter a name and description for the new rule ZyXELZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes VES-1616/24FA-5x Series Support Notes All contents copyright 2008 ZyXEL Communications CorporationNext select DHCP Option in the Keywords field ZyXELAn Add DHCP Option Rule screen displays VES-1616/24FA-5x Series Support Notes After setting the fields, you should see the following screenAll contents copyright 2008 ZyXEL Communications Corporation ZyXELVES-1616/24FA-5x Series Support Notes All contents copyright 2008 ZyXEL Communications CorporationClick Next in the screen that displays ZyXELZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes VES-1616/24FA-5x Series Support Notes All contents copyright 2008 ZyXEL Communications CorporationHere, enter “192.168.1.1” as gateway IP address for DHCP clients ZyXELVES-1616/24FA-5x Series Support Notes You can choose to enable DDNS service on the DHCP serverAll contents copyright 2008 ZyXEL Communications Corporation ZyXELVES-1616/24FA-5x Series Support Notes All contents copyright 2008 ZyXEL Communications CorporationClick Finish to complete the rule creation ZyXELSeparating a physical network into multiple virtual networks What is Virtual LAN?Case z Egress port for port 1 port z Egress port for port 2 port z Switch-2 VLAN 1 member port port 1 and port z Switch-1 VLAN 1 member port port 1 and port Port 5 ~ Configuring the Switch Using the Web ConfiguratorPC Z Port 1 ~7. First, set the switch to use port based VLAN. Click Basic Setting Switch Setup in the navigation panel and select “Port Based” in the VLAN Type field. Click Apply to save your changes 10. For example PC A 192.168.1.4/24 PC B 192.168.1.5/24 Configuring the Switch Using the CLI Tag-based VLAN Overview z TPID TPID has a defined value of 8100 in hex. When a frame has the EtherType equal to 8100, this frame carries the IEEE 802.1Q / 802.1P tag 2. Forwarding Process 1. Ingress ProcessVLAN entries in Filtering Database have the following information 3. Egress Process VEES-1616/24FA-5x Series Support Notes 1. VLAN Configuration on switch A 2. VLAN Configuration on switch BAlll contents copyright 2008 ZyXEL Co mmunications Corporation ZyXELAnswer Port 1, 2, 3 Port 4, 5, 6 Port 7, 8, 9 Port 10, 11, 12 VES-1616/24FA-5x Series Support Notes The configuration screen for switch 2 is shown as followsAll contents copyright 2008 ZyXEL Communications Corporation ZyXELThe switch 2 IP address ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes Company YY HQ VLAN Stacking OverviewCompany XX branch Company YY branch Company XX HQSwitch D Switch ASwitch B Switch CSwitch H ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes 8. Create a VLAN with a VID of 30. Select Fixed and un-select Tx Tagging for port 1. For port 25, select both Fixed and Tx Tagging 11. To configure VLAN Stacking, click Advanced Application VLAN Stacking in the navigation panel to display the configuration screen Configuring Switch C Using the Web Configurator ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes in the navigation panel to display the configuration screen ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes Follow the steps in the previous section to configure VLAN 30 of which ports 1 and 12 are members. Since port 1 is an Access Port, un-select the Tx Tagging field. After the configuration, the VLAN Status screen should look similar to the figure as shown Configuring Switch G Using the Web Configurator ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes ZyXEL All contents copyright 2008 ZyXEL Communications CorporationZyXEL All contents copyright 2008 ZyXEL Communications CorporationNetwork Scenario Data bits Parity None Stop bits Flow control None switch B for this network scenario Configuring Switch D Using the CLI ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes Multicast IP Multicasting Configuring IGMP snooping in your switchIGMP Router Enable IGMP Snooping Video233.4.4.4 Not a member Group member Media Stream Server GS-4024 VES-1616FConfiguration of IGMP and IGMP snooping by CLI Overview of MVR ZyXEL GS-4024 VES-1616FAll contents copyright 2008 ZyXEL Communications Corporation GS-4024 VES-1616Fz Immediate Leave Operation z Compatible modez Join Operation z Leave OperationGS-4024 Configuration via WebMedia Server Port3. We need to create separate VLANs for different clients. In VES-1616FA-54, in the Advanced Application MVR configure the MVR VLAN=100. Define port 1, port 2 and port 3 as the receiver ports for forwarding the multicast stream to the clients in different VLANs set port 17 as a source port to receive traffic from the media server. Also, select mode as dynamic mode. The switch sends IGMP report message to multicast router through its source port 4. In VES-1616FA-54, after the MVR configuration, click the Advanced Application, VLAN Status and check whether there is the new VLAN 100 added in the VLAN list. We also create three separate VLANs, 30, 40, 50 and assign their PVID as 30, 40 and 50 respectively VES-1616/24FA-5x Series Support Notes All contents copyright 2008 ZyXEL Communications CorporationOpen Advanced Application VLAN Static VLAN to add a new VLAN. Tick ZyXELthe Active box, type VLAN Name “50” and VLAN ID “50” in the columns. Change Port 3 and Port 17 to fixed and keep port 17 tx tagging Setting, and activate the IGMP Snooping Configuration via CLIVES-1616FA-54config# vlan VES-1616FA-54config-vlan# fixed Triple play Application 2. In the MVR configuration page, check the VDSL port 1 to receive port and port 17 to Source port and make sure the check Tx Tagging for port 1 and port 4. Open Advanced Application Multicast to enable the IGMP snooping feature at the Multicast configuration page. To avoid the unknown multicast frames flooding to all VDSL ports, check the Drop to make sure the unknown multicast frames will be dropped. Click Apply button to save the settings ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes Configure P-870H-51 Open Advanced Setup WAN to Create new WAN Interface. First click the add button to add a new interface. Then check the VLAN Mux option to enable the IEEE 802.1Q VLAN on this Interface and fill in the VLAN ID. Click the Enable Quality of Service option to enable QoS feature on P-870H-51 then click the next button to move to the next step 2. Create a Queue for the WAN Interface via WEB GUI 3. Configuration the QoS classification to classify traffic flow In the Add Network Traffic Class Rule page, we can give each rule a name for easy identification, for example PPPoE-1, PPPoE-2, IP, ARP and VoIP. Assign the order for each rule and check the Enable option to make sure this rule is enabled. We need to define that this kind of traffic will be sent through a specific WAN interface, in other words, that it would be added the VLAN ID when sent through this WAN Interface, and that is why we enable the VLAN Mux. For example, the PPPoE-1 and PPPoE-2 need to be added the VLAN ID 203, we select the WAN interface which will add the VLAN ID 203 for these two rules. Scroll down the page to configure the other parameters code for IP is 0800, ARP is After logging in the CLI of P-870H-51, we can see the picture below showing the list of the commands and other information. Type sh command to enter the CLI mode ebtables -I FORWARD 1 -i eth1.4 -j mark --set-mark The second command is：All contents copyright 2008 ZyXEL Communications Corporation ebtables -I INPUT 1 -i eth1.4 -j mark --set-markmode Ringing a network by building redundant links and connections between Switch What is Spanning Tree Protocol?1. Broadcast storm 2. Filtering Database Instability 2. Select a root port for the non-root bridge 1. Select a root bridge3. Select a designated port on each segment 1. Switch A bridge ID = 800000A0C5111111, Switch B bridge ID = 800000A0C5222222, Switch C bridge ID = 000100A0C5333333. Switch C has the lowest bridge ID, so Switch C is the root bridge. All ports of the root bridge are designated ports, so Port 1 is designated port Switching security MAC Limit ZyXEL All contents copyright 2008 ZyXEL Communications CorporationVES-1616/24FA-5x Series Support Notes Setting up 802.1x Radius Authentication RADIUS Server Setup 802.1x/MD5-challenge setup Click on the message window and a login screen displays as shown. Enter your account user name and password in the fields provided Classifier & Policy rule setup on your Switch VES-1616/24FA-5x Series Support Notes Classifier Configuration Classifier Classifier ClassifierAll contents copyright 2008 ZyXEL Communications Corporation ZyXELZyXEL Policy Rule ConfigurationAll contents copyright 2008 ZyXEL Communications Corporation 2. Policy rule on classifierZyXEL Centralized Management Introduction to SNMPc and NetAtlasAll contents copyright 2008 ZyXEL Communications Corporation 3. Policy rule on classifierFigure 2 Main elements of SNMPc Figure 1 System ArchitectureSelection Tool Event Log Tool Main Button BarView Window Area Edit Button BarFigure 4 Adding a new Device Adding a new device in SNMPcFigure 5 Map Object Properties Figure 6 Read Access modeFigure 8 Read Community Figure 7 Read/Write Access ModeAll contents copyright 2008 ZyXEL Communications Corporation 5. Change the value for Read Community to publicFigure 9 Read/write Community Figure 11 Device Selection Figure 10 Device SelectionZyXEL All contents copyright 2008 ZyXEL Communications CorporationFigure 12 Rootmap Figure 13 Device mappingPage How to access the Command Line Interface CLI? Using the Web Configurator Is the mini GBIC transceiver hot-swappable?