About This User's Guide Intended Audience This manual is intended for people who want to configure the Switch using the web configurator or via commands. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation •...
Syntax Conventions • The XGS-4528F may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5
Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Server Telephone XGS-4528F User’s Guide Computer Notebook computer DSLAM Firewall Switch Router...
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. • Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. Safety Warnings XGS-4528F User’s Guide...
Page 7
Safety Warnings This product is recyclable. Dispose of it properly. XGS-4528F User’s Guide...
2.1 Freestanding Installation ... 39 2.2 Mounting the Switch on a Rack ... 40 2.2.1 Rack-mounted Installation Requirements ... 40 2.2.2 Attaching the Mounting Brackets to the Switch ... 40 2.2.3 Mounting the Switch on a Rack ... 41 Chapter 3 Hardware Overview...
Page 12
6.1 Overview ... 67 6.2 Port Status Summary 6.2.1 Status: Port Details Chapter 7 Basic Setting ... 73 7.1 Overview ... 73 7.2 System Information ... 52 ... 58 ... 59 ... 67 ... 68 ... 73 XGS-4528F User’s Guide...
Page 20
40.1 IP Table Overview ... 317 40.2 Viewing the IP Table ... 318 Chapter 41 ARP Table ... 319 41.1 ARP Table Overview ... 319 41.1.1 How ARP Works ... 319 41.2 Viewing the ARP Table ... 319 ... 299 ... 300 XGS-4528F User’s Guide...
Page 21
Chapter 45 Product Specifications ... 335 Part VII: Appendices and Index ... 343 Appendix A IP Addresses and Subnetting ... 345 Appendix B Legal Information ... 353 Appendix C Customer Support... 357 Index... 363 XGS-4528F User’s Guide Table of Contents...
Page 22
Table of Contents XGS-4528F User’s Guide...
Page 25
Figure 121 IP Application > OSPF Status ... 234 Figure 122 IP Application > OSPF Configuration: Activating and General Settings ... 236 Figure 123 IP Application > OSPF Configuration: Area Setup ... 237 Figure 124 IP Application > OSPF Configuration: Summary Table ... 238 XGS-4528F User’s Guide...
Page 26
Figure 162 VRRP Configuration Example: Two Virtual Router Network ... 274 Figure 163 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A ... 274 Figure 164 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B ... 274 Figure 165 VRRP Example 2: VRRP Status on Switch A ...
Page 27
Figure 191 Management > Cluster Management ... 310 Figure 192 Cluster Management: Cluster Member Web Configurator Screen ...311 Figure 193 Example: Uploading Firmware to a Cluster Member Switch ... 312 Figure 194 Management > Clustering Management > Configuration ... 313 Figure 195 MAC Table Flowchart ...
Page 28
List of Figures Figure 211 Subnetting Example: Before Subnetting ... 348 Figure 212 Subnetting Example: After Subnetting ... 349 XGS-4528F User’s Guide...
There are two XGS-4528F models. The XGS-4528F DC model requires DC power supply input of -36 VDC to -72 VDC, 1.5 A Max no tolerance. The XGS-4528F AC model requires 100 VAC to 240 VAC, 0.8 A power.
Figure 1 Bridging Application 1.1.2 High Performance Switching Example The Switch is ideal for connecting two geographically dispersed networks that need high bandwidth. In the following example, a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network. Within the headquarters network, a company can use trunking to group several physical ports into one logical higher-capacity link.
1.1.3 Gigabit Ethernet to the Desktop The Switch is an ideal solution for small networks which demand high bandwidth for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch. Use the optional 10 Gigabit uplink module to provide high speed access to a data server and the Internet.
286. 1.3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking.
2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch.
2.2.3 Mounting the Switch on a Rack 1 Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack.
H A P T E R This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel Connections The figure below shows the front panel of the Switch.
Use a transceiver to connect a fiber-optic cable to the Switch. The Switch does not come with transceivers. You must use transceivers that comply with the Small Form-Factor Pluggable (SFP) Transceiver MultiSource Agreement (MSA).
Figure 9 Transceiver Installation Example 2 Press the transceiver firmly until it clicks into place. 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly. Figure 10 Installed Transceiver 3.1.3.2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver (SFP module).
See the EM-422 User’s Guide for more information on this module. Two stacking Connect these ports to other XGS-4528F switches for stacking using stacking cables. ports Management Connect to a computer using an RJ-45 Ethernet cable for local configuration of the Port Switch.
Make sure that no objects obstruct the airflow of the fans. The Switch’s AC unit requires a power supply of 100~240 VAC, 0.8 A. The Switch’s DC version requires a power supply of -48 VDC to -60 VDC, 2.3 A max, no tolerance.
Page 48
The Switch is connected to other switches in the stack on Stacking Port 1. The Switch is not connected to other switches in the stack on Stacking Port 1. The Switch is connected to other switches in the stack on Stacking Port 2.
4.2 System Login 1 Start your web browser. 2 Type “http://” and the IP address of the Switch (for example, the default is 192.168.1.1) in the Location or Address field. Press [ENTER]. 3 The login screen appears. The default username is admin and associated default password is 1234.
The following figure shows the navigating components of a web configurator screen. Figure 16 Web Configurator Home Screen (Status) A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. XGS-4528F User’s Guide...
B - Click this link to save your configuration into the Switch’s nonvolatile memory. Nonvolatile memory is saved in the configuration file from which the Switch booted from and it stays the same even if the Switch’s power is turned off. See information on saving your settings to a specific configuration file.
Page 54
Chapter 4 The Web Configurator The following table lists the various web configurator screens within the sub-links. XGS-4528F User’s Guide...
This link takes you to a screen where you can configure general identification information and time settings for the Switch. Switch Setup This link takes you to a screen where you can set up global Switch parameters such as VLAN type, MAC address learning, IGMP snooping, GARP and priority queues.
Page 57
Static Route This link takes you to a screen where you can configure static routes. A static route defines how the Switch should forward traffic by configuring the TCP/IP parameters manually. This link takes you to a screen where you can configure the RIP (Routing Information Protocol) direction and versions.
4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory.
7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch.
393216 bytes received. Erasing.. ras> atgo The Switch is now reinitialized with a default configuration file including the default password of “1234”. 4.7 Logging Out of the Web Configurator Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out.
5.1.1 Configuring an IP Interface On a layer-3 switch, an IP interface (also known as an IP routing domain) is not bound to a physical port. The default IP address of the Switch is 192.168.1.1 with a subnet mask of 255.255.255.0.
5.1.2 Configuring DHCP Server Settings You can set the Switch to assign network information (such as the IP address, DNS server, etc.) to DHCP clients on the network. For the example network, configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks.
VLAN link. 2 In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. XGS-4528F User’s Guide Chapter 5 Initial Setup Example EXAMPLE...
The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to be a permanent member of the VLAN only.
4 Click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. XGS-4528F User’s Guide Chapter 5 Initial Setup Example EXAMPLE...
Page 66
Chapter 5 Initial Setup Example XGS-4528F User’s Guide...
The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 6.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 23 Status XGS-4528F User’s Guide Statistics...
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 24 on page 69). Section 11.1.3 on page 108 for more information). XGS-4528F User’s Guide...
This field shows the number of received errors on this port. Tx KB/s This field shows the transmission speed of data sent on this port in kilobytes per second. XGS-4528F User’s Guide Chapter 6 System Status and Port Statistics for more information).
Page 70
This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. XGS-4528F User’s Guide...
Page 71
This field shows the number of packets (including bad packets) received that were 1518 between 1024 and 1518 octets in length. Giant This field shows the number of packets dropped because they were bigger than the maximum frame size. XGS-4528F User’s Guide Chapter 6 System Status and Port Statistics...
Page 72
Chapter 6 System Status and Port Statistics XGS-4528F User’s Guide...
Switch. The real time is then displayed in the Switch logs. The Switch Setup screen allows you to set up and configure global Switch features. The IP Setup screen allows you to configure a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes.
DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. ZyNOS F/W This field displays the version number of the Switch 's current firmware including the Version date created. Ethernet This field refers to the Ethernet MAC (Media Access Control) address of the Switch.
Type a descriptive name for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. Location Type the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. XGS-4528F User’s Guide...
Page 76
Table 10 Basic Setting > General Setup (continued) LABEL DESCRIPTION Contact Person's Type the name of the person in charge of this Switch. You can use up to 32 Name printable ASCII characters; spaces are allowed. Use Time Server Type the time service protocol that your timeserver uses. Not all time servers...
Chapter 8 on page 87 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.
802.1Q VLAN type or Port Based VLAN type in this screen. Bridge Control Select Active to allow the Switch to handle bridging control protocols (STP, for Protocol example). You also need to define how to treat a BPDU in the Port Setup screen.
Use the following fields to configure the priority level-to-physical queue mapping. The Switch has eight physical queues that you can map to the 8 priority levels. On the Switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
MGMT. This means that device(s) connected to the other port(s) do not receive these packets. Select In-Band to have the Switch send the packets to all ports except the management port (labelled MGMT) to which connected device(s) do not receive these packets.
Cancel Click Cancel to clear the Delete check boxes. 7.7 Port Setup Use this screen to configure Switch port settings.Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. XGS-4528F User’s Guide Chapter 7 Basic Setting...
Note: Due to space limitations, the port name may be truncated in Type This field displays 10/100/1000M for a 1000Base-T connection and 10G for a 10 Gigabit Ethernet connection. make them. some web configurator screens. XGS-4528F User’s Guide...
Page 83
Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer...
H A P T E R The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLANs...
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch. Please refer to the following table for common IEEE 802.1Q VLAN terminology.
VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).
VLAN was set up. Status This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR).
VLAN was set up. Status This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR).
Select TX Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Note: Changes in this row are copied to all the ports as soon as you Ingress Check If this check box is selected for a port, the Switch discards incoming frames for VLANs that do not include this port in its member set.
Subnet based VLANs allow you to group traffic into logical VLANs based on the source IP subnet you specify. When a frame is received on a port, the Switch checks if a tag is added already and the IP subnet it came from. The untagged packets from the same IP subnet are then placed in the same subnet based VLAN.
DHCP VLAN. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
When an upstream frame is received on a port (configured for a protocol based VLAN), the Switch checks if a tag is added already and its protocol. The untagged packets of the same protocol are then placed in the same protocol based VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol.
8.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Figure 39 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN XGS-4528F User’s Guide Chapter 8 VLAN...
Advanced Applications > VLAN screens. Priority Select the priority level that the Switch will assign to frames belonging to this VLAN. Click Add to save your changes to the Switch’s run-time memory. The Switch loses...
Port-based VLANs are specific only to the Switch on which they were created. When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it.
Ethernet ports. 8.11.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the following screen. Select either All Connected or Port Isolated from the drop-down list depending on your VLAN and VLAN security requirements.
(its outgoing port). CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port.
MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allows only computers in the MAC address table on a port to access the Switch. See on port security.
Enter the port where the MAC address entered in the previous field will be automatically forwarded. Click Add to save your rule to the Switch’s run-time memory. The Switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This chapter discusses MAC address port filtering. 10.1 Configure a Filtering Rule Configure the Switch to filter traffic based on the traffic’s source, destination MAC addresses and/or VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.
Page 106
MAC field). The Switch can still send frames to the MAC address. Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The Switch can still receive frames originating from the MAC address. Select Discard source and Discard destination to block traffic to/from the MAC address specified in the MAC field.
• IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol • IEEE 802.1s Multiple Spanning Tree Protocol The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 11.1 STP/RSTP Overview (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers.
On each bridge, the bridge communicates with the root through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost). If there is no root port, then this Switch has been accepted as the root bridge of the spanning tree network.
MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
VLAN 1 With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP. VLAN 2 XGS-4528F User’s Guide...
Thus an MSTI does not span across MST regions. The following figure shows an example where there are two MST regions. Regions 1 and 2 have 2 spanning tree instances. XGS-4528F User’s Guide Chapter 11 Spanning Tree Protocol VLAN 2...
11.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. XGS-4528F User’s Guide...
This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch.
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. for more information Figure 53 on page 116). XGS-4528F User’s Guide...
Page 115
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
Switch. This Switch may also be the root bridge. This is the unique identifier for this bridge, consisting of the bridge priority plus the MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch.
Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the XGS-4528F User’s Guide Chapter 11 Spanning Tree Protocol for more information on MRSTP.
Page 118
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds.
Switch. This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. Hello Time...
To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1.5 on page 109 DESCRIPTION This is the number of times the spanning tree has been reconfigured. This is the time since the spanning tree was last reconfigured. for more information on MSTP. XGS-4528F User’s Guide...
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds.
Priority decides which port should be disabled when more than one port forms a loop in the Switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128.
Switch. This Switch may also be the root bridge. This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch.
Page 125
Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. Internal Cost This is the path cost from the root port in this MST instance to the regional root switch.
Page 126
Chapter 11 Spanning Tree Protocol XGS-4528F User’s Guide...
The sum of CIRs cannot be greater than or equal to the uplink bandwidth. 12.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. XGS-4528F User’s Guide Bandwidth Control...
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
13.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Table 34 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. Port This field displays a port number. Settings in this row apply to all ports.
Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 60 Advanced Application > Mirroring XGS-4528F User’s Guide Mirroring...
LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port without interfering with the traffic flow on the original port(s).
Switch. Section 15.6 on page 138 15.2 Dynamic Link Aggregation The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking. The Switch supports the link aggregation IEEE802.3ad standard. This standard describes the Link Aggregation Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups.
Chapter 15 Link Aggregation • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings.
Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See aggregation. Figure 62 Advanced Application > Link Aggregation > Link Aggregation Setting XGS-4528F User’s Guide Section 15.2.1 on page 134 Section 15.1 on page 133 for more information on link...
Select the trunk group to which a port belongs. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Select this checkbox to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535. The switch with the lowest Priority system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Select either 1 second or 30 seconds. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Chapter 15 Link Aggregation Figure 65 Trunking Example - Configuration Screen EXAMPLE Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. XGS-4528F User’s Guide...
Page 140
Chapter 15 Link Aggregation XGS-4528F User’s Guide...
This chapter describes the IEEE 802.1x and MAC authentication methods. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: •...
MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch.
16.2 Port Authentication Configuration To enable port authentication, first activate the port authentication method(s) you want to use (both on the Switch and the port(s)), then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen.
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
If you leave this field blank, then only the MAC address of the client is forwarded to the RADIUS server. Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters.
Page 146
MAC authentication on the Switch before configuring it on each port. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
MAC addresses may access port 2 at any one time. A sixth device must wait until one of the five learned MAC addresses ages out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “16384”. “0” means this feature is disabled.
Page 149
DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 150
Chapter 17 Port Security XGS-4528F User’s Guide...
H A P T E R This chapter introduces and shows you how to configure the packet classifier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided. Priority Select Any to classify traffic from any priority level or select the second option and specify a priority level in the field provided. XGS-4528F User’s Guide...
Page 153
Protocol Refer to Table 47 on page 155 You may select Establish Only for TCP protocol type. This means that the Switch will pick out the packets that are sent to establish TCP connections. Source Enter a source IP address in dotted decimal notation.
ETHERNET TYPE IP ETHII X.75 Internet NBS Internet ECMA Internet Chaosnet X.25 Level 3 XNS Compat Banyan Systems BBN Simnet IBM SNA AppleTalk AARP PROTOCOL NUMBER 0800 0801 0802 0803 0804 0805 0807 0BAD 5208 80D5 80F3 XGS-4528F User’s Guide...
PORT NAME Telnet SMTP HTTP POP3 18.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. Figure 74 Classifier: Example XGS-4528F User’s Guide Chapter 18 Classifier EXAMPLE...
Page 156
Chapter 18 Classifier After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 19 on page 157 for information on configuring a policy rule. XGS-4528F User’s Guide...
DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. XGS-4528F User’s Guide Policy Rule Unused (2 bits)
You must first configure a classifier in the Classifier screen. Refer to for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 75 Advanced Application > Policy Rule Section 18.2 on page XGS-4528F User’s Guide...
Profile DSCP number for out-of-profile traffic. DSCP Action Specify the action(s) the Switch takes on the associated classified traffic flow. Forwarding Select No change to forward the packets. Select Discard the packet to drop the packets. Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before.
Click Add to insert the entry in the summary table below and save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
20.1.1 Strictly Priority Strictly Priority (SP) services queues based on priority only. As traffic comes into the Switch, traffic on the highest priority queue, Q7 is transmitted first. When that queue empties, traffic on the next highest-priority queue, Q6 is transmitted until Q6 empties, and then traffic is transmitted on Q5 and so on.
Q0-Q7 This field is applicable only when you select WFQ or WRR. Select a queue (Q0 to Q7) to have the Switch use Strictly Priority to service the subsequent queue(s) after and including the specified queue for the 1000Base-T, 1000Base-X and 10 Gigabit Ethernet ports. For example, if you select Q5, the Switch services traffic on Q5, Q6 and Q7 using Strictly Priority.
H A P T E R This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by the Service Provider’s (SP) VLAN ID (VID)). Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. XGS-4528F User’s Guide...
TPID (Tag Protocol Identifier) is the customer IEEE 802.1Q tag. • If the VLAN stacking port role is Access Port, then the Switch adds the SP TPID tag to all incoming frames on the service provider's edge devices (1 and 2 in the VLAN stacking example figure).
LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the Switch. SP TPID SP TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information. Choose 0x8100 or 0x9100 from the drop-down list box or select Others and then enter a four-digit hexadecimal number from 0x0000 to 0xFFFF.
Page 171
VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the Switch add the SP TPID tag to all incoming frames received on this port. Select Access Port for ingress ports at the edge of the service provider's network.
This allows you to control the distribution of multicast services (such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port.
Alternatively, you can specify the VLANs that IGMP snooping should be performed on. This is referred to as fixed mode. In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN.
Host Timeout Specify the time (from 1 to 16 711 450) in seconds that elapses before the Switch removes an IGMP group membership entry if it does not receive report messages from the port.
Page 176
(or server). The Switch forwards IGMP join or leave packets to an IGMP query port. Select Auto to have the Switch use the port as an IGMP query port if the port receives IGMP query packets. Select Fixed to have the Switch always use the port as an IGMP query port.
Select fixed to have the Switch only learn multicast group membership information of the VLAN(s) that you specify below. In either auto or fixed mode, the Switch can learn up to 16 VLANs (including up to three VLANs you configured in the MVR screen). For example, if you have configured one multicast VLAN in the MVR screen, you can only specify up to 15 VLANs in this screen.
An IGMP filtering profile specifies a range of multicast groups that clients connected to the Switch are able to join. A profile contains a range of multicast IP addresses which you want clients to be able to join. Profiles are assigned to ports (in the Multicast Setting screen).
If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. Click Add to save the profile to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Figure 85 MVR Network Example 22.6.1 Types of MVR Ports In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
You can create up to three multicast VLANs and up to 256 multicast rules on the Switch. Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. XGS-4528F User’s Guide...
Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN. 802.1p Priority Select a priority level (0-7) with which the Switch replaces the priority in outgoing IGMP control packets (belonging to this multicast VLAN). Mode Specify the MVR mode on the Switch. Choices are Dynamic and Compatible.
Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Select Cancel to clear the checkbox(es) in the table. 22.8.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the Switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S.
Chapter 22 Multicast Figure 89 MVR Configuration Example To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 90 MVR Configuration Example EXAMPLE To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen.
For example, user A may have the right to create new login accounts on the Switch but user B cannot. The Switch can authorize users based on user accounts configured on the Switch itself or it can use an external server to authorize a large number of users.
Encrypts the password sent for authentication. 23.2 Authentication and Accounting Screens To enable authentication, accounting or both on the Switch. First, configure your authentication server settings (RADIUS, TACACS+ or both) and then set up the authentication priority and accounting settings.
RADIUS servers then the timeout value is divided between the two RADIUS servers. For example, if you set the timeout value to 30 seconds, then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server.
Use this section to configure your RADIUS accounting server settings. Server Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the RADIUS accounting server. Index This is a read-only number representing a RADIUS accounting server entry.
TACACS+ servers then the timeout value is divided between the two TACACS+ servers. For example, if you set the timeout value to 30 seconds, then the Switch waits for a response from the first TACACS+ server for 15 seconds and then tries the second TACACS+ server.
Click Cancel to begin configuring this screen afresh. 23.2.3 Authentication and Accounting Setup Use this screen to configure authentication and accounting settings on the Switch. Click on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown.
(first Method 1, then Method 2 and finally Method 3). You must configure the settings in the Method 1 field. If you want the Switch to check other sources for access privilege level specify them in Method 2 and Method 3 fields.
Page 194
Use this section to configure accounting settings on the Switch. Update Period This is the amount of time in minutes before the Switch sends an update to the accounting server. This is only valid if you select the start-stop option for the Exec or Dot1x entries.
23.2.4 Vendor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device (for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to expand the functionality of a RADIUS server.
You can configure tunnel protocol attributes on the RADIUS server (refer to your RADIUS server documentation) to assign a port on the Switch to a VLAN based on IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This will also set the port’s VID.
23.3.1 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 23.3.1.1 Attributes Used for Authenticating Privilege Access User-Name - the format of the User-Name attribute is $enab#$, where # is the privilege level (1-...
The attributes are listed in the following table along with the time of the session they are sent: Table 69 RADIUS Attributes - Exec Events via Console ATTRIBUTE User-Name NAS-IP-Address NAS-Port Class Called-Station-Id START INTERIM-UPDATE START INTERIM-UPDATE START INTERIM-UPDATE STOP STOP STOP XGS-4528F User’s Guide...
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If there is not a binding, the Switch discards the packet.
• The rate at which DHCP packets arrive is too high. 24.1.1.2 DHCP Snooping Database The Switch stores the binding table in volatile memory. If the Switch restarts, it loads static bindings from permanent memory but loses the dynamic bindings, in which case the devices in the network have to send DHCP requests again.
24.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: • Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes) •...
Page 204
24.1.2.3 Syslog The Switch can send syslog messages to the specified syslog server when it forwards or discards ARP packets. The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient. 24.1.2.4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Switch.
Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
This field displays the IP address assigned to the MAC address in the binding. This field displays how long the binding is valid. This field displays how the Switch learned the binding. static: This binding was learned from information provided manually by an administrator.
24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 102 DHCP Snooping XGS-4528F User’s Guide Chapter 24 IP Source Guard...
Switch successfully or unsuccessfully read or updated the DHCP snooping database. This field displays the number of times the Switch has tried to access the DHCP snooping database for any reason. This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database.
Page 209
Unsupported vlans XGS-4528F User’s Guide DESCRIPTION This field displays the number of times the Switch updated the bindings in the DHCP snooping database successfully. This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database.
Chapter 24 IP Source Guard 24.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database. The DHCP snooping database stores the current bindings on a secure, external TFTP server so that they are still available after a restart.
Enter the location of a DHCP snooping database, and click Renew if you want the Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL.
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information requests that the Switch relays to a DHCP server for each VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN.
Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
This field displays the total number of ARP Reply packets received from the VLAN since the Switch last restarted. This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted. This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted.
An ARP packet was forwarded because it matched a static binding. In the ARP Inspection VLAN Configure screen, you can configure the Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See on page 219.
24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection >...
Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection >...
Cancel 24.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN.
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Loop guard is designed to handle loop problems on the edge of your network. This can occur when a port is connected to a Switch that is in a loop state. Loop state occurs as a result of human error. It happens when two ports on a switch are connected with the same cable. When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re-broadcast again and again causing a broadcast storm.
The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B. Since switch B is in loop state, the probe packet P returns to port N on A. The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state.
DESCRIPTION Active Select this option to enable loop guard on the Switch. The Switch generates syslog, internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature. Port This field displays a port number.
Page 224
Select this check box to enable the loop guard feature on this port. The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state. If the Switch that this port is connected is in loop state the Switch will shut down this port.
This chapter shows you how to configure static routes. 26.1 Configuring Static Routing Static routes tell the Switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application > Static Routing in the navigation panel to display the screen as shown.
Page 228
1 and 15. In practice, 2 or 3 is usually a good number. Click Add to insert a new static route to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
• Both - the Switch will broadcast its routing table periodically and incorporate the RIP information that it receives. • Incoming - the Switch will not send any RIP packets but will accept all RIP packets received. • Outgoing - the Switch will send out RIP packets but will not accept any RIP packets received.
Select the RIP version from the drop-down list box. Choices are RIP-1, RIP-2B and RIP- Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
TYPE Internal Router (IR) Area Border Router (ABR) Backbone Router (BR) AS Boundary Router XGS-4528F User’s Guide Small (with up to 15 routers) Hop count Slow DESCRIPTION An Internal or intra-area router is a router in an area. An Area Border Router connects two or more areas.
In the following figure only router A has direct connectivity with all the other routers on the network segment. Routers B and C do not have a direct connection with each other. Therefore they should not be allowed to become DR or BDR. Only router A should become the DR. XGS-4528F User’s Guide...
Use this screen to view current OSPF status. Click IP Application > OSPF in the navigation panel to display the screen as shown next. See on OSPF. XGS-4528F User’s Guide Figure 120 on page 233 , do the following tasks Switch Section 28.1 on page 231...
This field displays whether OSPF is activated (Running) or not (Down). Interface The text box displays the OSPF status of the interface(s) on the Switch. Neighbor The text box displays the status of the neighboring router participating in the OSPF network.
State This field displays the state of the Switch (backup or DR (designated router)). Priority This field displays the priority of the Switch. This number is used in the designated router election. Designated This field displays the router ID of the designated router.
OSPF is disabled by default. Select this option to enable it. Router ID Router ID uniquely identifies the Switch in an OSPF. Enter a unique ID (that uses the format of an IP address in dotted decimal notation) for the Switch.
28.4 Configure OSPF Areas To ensure that the Switch receives only routing information from a trusted layer 3 devices, activate authentication. The OSPF supports three levels of authentication: • None – no authentication is used. • Simple – authenticate link state updates using an 8 printable ASCII character password.
OSPF domain. If you do not set a route cost, no default route is added. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
When you select MD5 in the Authentication field, enter a password 16-character long. Cost The interface cost is used for calculating the routing table. Enter a number between 0 and 65535. The default interface cost is 15. XGS-4528F User’s Guide within the same area. Chapter 28 OSPF...
(BDR). You can assign a number between 0 and 255. A priority of 0 means that the router will not participate in router elections. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
When you select MD5 in the Authentication field, enter a password 16-character long. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
H A P T E R This chapter shows you how to configure the Switch as a multicast router. See also 22.4 on page 177 for information on IGMP snooping. 29.1 IGMP Overview IP multicast is an IETF standard for distributing data to multiple recipients. The following figure shows a multicast session and the relationship between a multicast server, multicast routers and multicast hosts.
(IGMP-v3). Refer to RFC 1112, RFC 2236 and RFC 3376 for information on IGMP versions 1, 2 and 3 respectively. At start up, the Switch queries all directly connected networks to gather group membership. After that, the Switch periodically updates this information.
Figure 130 IGMP Version 3 Example 29.2 Port-based IGMP The Switch sends IGMP Query packets to all ports. The Switch then listens for IGMP Report packets, and it records which port the messages came from. It then delivers multicast traffic to only those ports from which it received a request to join a multicast group.
Select an IGMP version from the drop-down list box. The choices are IGMP-v1, IGMP- v2, IGMP-v3 and None. Generally, if you want to enable IGMP on the Switch, you should choose IGMP-v3 as it is compatible with older versions. Choose an earlier version of IGMP (IGMP-v2 or IGMP-v1) if the multicast hosts on your network can not recognize IGMP version 3 or version 2 Query messages.
(AS). This DVMRP implementation is based on draft-ietf- idmr-dvmrp-v3-10. DVMRP provides multicast forwarding capability to a layer 3 switch that runs both the IPv4 protocol (with IP Multicast support) and the IGMP protocol. The DVMRP metric is a hop count of 32.
30.3 Configuring DVMRP Configure DVMRP on the Switch when you wish it to act as a multicast router (“mrouter”). Click IP Application > DVMRP in the navigation panel to display the screen as shown. Figure 133 IP Application > DVMRP The following table describes the labels in this screen.
LABEL DESCRIPTION Active Select Active to enable DVMRP on the Switch. You should do this if you want the Switch to act as a multicast router. Threshold Threshold is the maximum time to live (TTL) value. TTL is used to limit the scope of multicasting.
Report interval Route expiration time Prune lifetime Prune retransmission time Graft retransmission time DEFAULT VALUE 10 sec 35 sec 140 sec Variable (less than two hours) 3 sec with exponential back off 5 sec with exponential back off XGS-4528F User’s Guide...
H A P T E R Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 31.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
• Red (high loss priority level) packets are dropped. • Yellow (medium loss priority level) packets are dropped if there is congestion on the network. G P P Figure 138) in a DiffServ G P P XGS-4528F User’s Guide...
PIR. Only the packets marked green are first evaluated against the PIR and then if they don’t exceed the PIR level are they evaluated against the CIR. Figure 140 TRTCM - Color-aware Mode Red? High Packet Loss XGS-4528F User’s Guide Exceed CIR? Medium Packet Loss Exceed...
Select Active to enable DiffServ on the port. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
LABEL DESCRIPTION Active Select this to activate TRTCM (Two Rate Three Color Marker) on the Switch. The Switch evaluates and marks the packets based on the TRTCM settings. Note: You must also activate DiffServ on the Switch and the individual ports for the Switch to drop red (high loss priority) colored packets.
Click Cancel to begin configuring this screen afresh. 31.4 DSCP-to-IEEE 802.1p Priority Settings You can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE 802.1p mapping table.
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
DNS server and default gateway information and distribute them to your LAN computers. • If there is already a DHCP server on your network, then you can configure the Switch as a DHCP relay agent. When the Switch receives a request from a computer on your network, it contacts the DHCP server for the necessary IP information, and then relays the assigned information back to the computer.
This section displays configuration settings related to the Switch’s DHCP server mode. Index This is the index number. This field displays the VLAN ID for which the Switch is a DHCP server. Server Status This field displays the starting DHCP client IP address. IP Pool Size This field displays the number of IP addresses that can be assigned to clients.
This field displays the system name of the client. 32.4 DHCP Relay Configure DHCP relay on the Switch if the DHCP clients and the DHCP server are not in the same broadcast domain. During the initial IP address leasing, the Switch helps to relay network information (such as the IP address and subnet mask) between a DHCP client and a DHCP server.
Information This read-only field displays the system name you configure in the General Setup screen. Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server. DESCRIPTION (1 byte) This value is always 0 for stand-alone switches.
Click Cancel to begin configuring this screen afresh. 32.4.3 Global DHCP Relay Configuration Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains.
You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See information on how to do this. Figure 149 IP Application > DHCP > VLAN Section 7.6 on page 79 XGS-4528F User’s Guide...
Specify the first of the contiguous addresses in the IP address pool. Pool Starting Address Size of Specify the size, or count of the IP address pool. The Switch can issue from 1 to 253 Client IP IP addresses to DHCP clients. Pool IP Subnet Enter the subnet mask for the client IP pool.
IP address of 172.23.10.100. Figure 150 DHCP Relay for Two VLANs VLAN 1 For the example network, configure the VLAN Setting screen as shown. Figure 151 DHCP Relay for Two VLANs Configuration Example VLAN 2 DHCP:192.168.1.100 DHCP:172.23.10.100 EXAMPLE XGS-4528F User’s Guide...
VR1 to ensure the link between the host X and the uplink gateway G. Host X is configured to use VR1 (192.168.1.20) as the default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router.
Chapter 33 VRRP If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B. 33.2 VRRP Status Click IP Application > VRRP in the navigation panel to display the VRRP Status screen as shown next.
This field displays the IP address and number of subnet mask bit of an IP domain. Authentication Select None to disable authentication. This is the default setting. Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface. XGS-4528F User’s Guide Chapter 33 VRRP...
ASCII character long) in this field. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This field is ignored when you enter 0.0.0.0. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Click Cancel to clear the Delete check boxes. 33.4 VRRP Configuration Examples The following sections show two VRRP configuration examples on the Switch. 33.4.1 One Subnet Network Example The figure below shows a simple VRRP network with only one virtual router VR1 (VRID =1) and two switches.
VRRP. You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2. On the other hand, switch B is the master for VR2 and a backup for VR1.
Figure 162 VRRP Configuration Example: Two Virtual Router Network You need to configure the VRRP Configuration screen for virtual router VR2 on each switch, while keeping the VRRP configuration in example 1 for virtual router VR1 (refer to Section 33.4.2 on page figures below.
Figure 165 VRRP Example 2: VRRP Status on Switch A Figure 166 VRRP Example 2: VRRP Status on Switch B XGS-4528F User’s Guide Chapter 33 VRRP EXAMPLE EXAMPLE...
Click Click Here to go to the Restore Configuration screen. Configuration Backup Click Click Here to go to the Backup Configuration screen. Configuration Load Factory Click Click Here to reset the configuration to the factory default settings. Default XGS-4528F User’s Guide Maintenance...
3 In the web configurator, click the Save button to make the changes take effect. If you want to access the Switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1).
Management > Maintenance > Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the Switch in the File Path text box or click Browse to locate it. Select the Rebooting checkbox if you want to reboot the Switch and apply the new firmware immediately.
Back up your current Switch configuration to a computer using the Backup Configuration screen. Figure 172 Management > Maintenance > Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen. 1 Click Backup.
The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing.
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. transfers the firmware on your computer (firmware.bin) to the put config.cfg config...
H A P T E R This chapter describes how to control access to the Switch. 35.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed Switch (the Switch). An agent translates the local management information from the managed Switch into a form compatible with SNMP.
RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP 35.3.3 SNMP Traps The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the SNMP traps by category. An OID (Object ID) that begins with “1.3.6.1.4.1.890.1.5.8.” is defined in private MIBs.
Ethernet link is up. 1.3.6.1.4.1.890.1.5.8.39.31.2.2 This trap is sent when the Ethernet link is up. 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. 1.3.6.1.4.1.890.1.5.8.39.31.2.1 This trap is sent when the Ethernet link is down. XGS-4528F User’s Guide...
OPTION OBJECT LABEL ping pingProbeFailed pingTestFailed pingTestCompleted traceroute traceRouteTestFailed traceRouteTestCompleted XGS-4528F User’s Guide OBJECT ID DESCRIPTION 1.3.6.1.4.1.890.1.5.8.39.31.2.1 This trap is sent when an Ethernet interface fails to auto- negotiate with the peer Ethernet interface. 1.3.6.1.4.1.890.1.5.8.39.31.2.2 This trap is sent when an...
1.3.6.1.4.1.890.1.5.8.39.31.2.2 This trap is sent when less than 95% of the MAC table is used. 1.3.6.1.4.1.890.1.5.1.1.16.0.1 This trap is sent when a variable goes over the RMON "rising" threshold. 1.3.6.1.4.1.890.1.5.1.1.16.0.2 This trap is sent when the variable falls below the RMON "falling" threshold. XGS-4528F User’s Guide...
Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch. The SNMP version on the Switch must match the version on the SNMP manager. Choose SNMP version 2c (v2c), SNMP version 3 (v3) or both (v3v2c).
AES applies a 128-bit key to 128-bit blocks of data. Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers. You must first configure a trap destination IP address in the SNMP Setting screen. Use the rest of the screen to select which traps the Switch sends to that SNMP manager. Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager.
Set a user name (up to 32 ASCII characters long). Enter your new system password. Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. XGS-4528F User’s Guide Chapter 35 Access Control...
(you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the Switch is used so that you may securely access the Switch using the web configurator. The SSL protocol specifies that the SSL server (the Switch) must always...
HTTP connection attempts. 35.8 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https://Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access.
Chapter 35 Access Control 35.8.2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch.
Figure 184 Example: Lock Denoting a Secure Connection 35.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later).
From the Access Control screen, display the Remote Management screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen.
Page 301
Table 124 Management > Access Control > Remote Management (continued) LABEL DESCRIPTION Telnet/FTP/ Select services that may be used for managing the Switch from the specified trusted HTTP/ICMP/ computers. SNMP/SSH/ HTTPS Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses...
Page 302
Chapter 35 Access Control XGS-4528F User’s Guide...
Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test.
Debug: The message is intended for debug-level purposes. 37.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. XGS-4528F User’s Guide Syslog...
Refer to the documentation of your syslog program for more details. Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
The lower the number, the more critical the logs are. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Cluster Member Models Cluster Manager Cluster Members In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. XGS-4528F User’s Guide Cluster Management Cluster member models must be compatible with ZyXEL cluster management implementation.
Chapter 38 Cluster Management Figure 190 Clustering Application Example 38.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. A cluster can only have one manager. Figure 191 Management > Cluster Management XGS-4528F User’s Guide...
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
Chapter 38 Cluster Management 38.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example. Figure 193 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1...
Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 314
Then enter their common web configurator password. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Switch’s ports. When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch, the MAC address of the device is shown on the Switch’s MAC Table. It also shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).
This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). XGS-4528F User’s Guide...
When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch, the IP address of the device is shown on the Switch’s IP Table. The IP Table also shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch).
This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the Switch. Type This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). XGS-4528F User’s Guide...
LAN. The Switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the Switch puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address). The...
Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a Switch port with the corresponding MAC address below. MAC Address This is the MAC address of the device with the corresponding IP address above.
H A P T E R This chapter introduces the routing table. 42.1 Overview The routing table contains the route information to the network(s) that the Switch can reach. The Switch automatically updates the routing table with the RIP information received from other Ethernet devices.
Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 201 Management > Configure Clone XGS-4528F User’s Guide Configure Clone...
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
IP address, your computer’s IP address must match it. Refer to the chapter on access control for details. Your computer’s and the Switch’s IP addresses must be on the same subnet. See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. XGS-4528F User’s Guide...
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. XGS-4528F User’s Guide Chapter 44 Troubleshooting...
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 205 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. XGS-4528F User’s Guide...
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. XGS-4528F User’s Guide Chapter 44 Troubleshooting...
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 208 Security Settings - Java XGS-4528F User’s Guide...
If you have changed the password and have now forgotten it, you will need to upload the default configuration file. This restores all of the factory defaults including the password. XGS-4528F User’s Guide Chapter 44 Troubleshooting...
H A P T E R Product Specifications The following tables summarize the Switch’s hardware and firmware features. Table 141 Hardware Specifications SPECIFICATION Dimensions Weight Power Specification Interfaces Ethernet Ports LEDs Operating Environment Storage Environment XGS-4528F User’s Guide DESCRIPTION Standard 19” rack mountable 438 mm (W) x 310 mm (D) x 44.45 mm (H)
Authentication via RADIUS and TACACS+ also available. An IP interface (also known as an IP routing domain) is not bound to a physical port. Configure an IP routing domain to allow the Switch to route traffic between different networks. A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks.
Page 337
This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management. With IP multicast, the Switch delivers IP packets to a group of hosts on the network - not everybody. In addition, the Switch can send packets to Ethernet devices that are not VLAN-aware by untagging (removing the VLAN tags) IP multicast packets.
Page 338
Switch. Note: Only upload firmware for your specific model! Make a copy of the Switch’s configuration and put it back on the Switch later if you decide you want to revert back to an earlier configuration. Cluster management (also known as iStacking) allows you to manage switches through one switch, called the cluster manager.
Chapter 45 Product Specifications The following list, which is not exhaustive, illustrates the standards supported in the Switch. Table 144 Standards Supported STANDARD RFC 826 RFC 867 RFC 868 RFC 894 RFC 1058 RFC 1112 RFC 1155 RFC 1157 RFC 1213...
Page 341
Table 144 Standards Supported (continued) STANDARD IEEE 802.3ah IEEE 802.3x IEEE 802.3z XGS-4528F User’s Guide Chapter 45 Product Specifications DESCRIPTION Ethernet OAM (Operations, Administration and Maintenance) Flow Control 1000BASE-X For optical fiber link 1000BASE-SX/LX.
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. XGS-4528F User’s Guide...
For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. OCTET: OCTET: OCTET: (192) (168) 11000000 10101000 00000001 11111111 11111111 11111111 11000000 10101000 00000001 4TH OCTET 00000010 00000000 00000010 XGS-4528F User’s Guide...
255.255.255.128. The following table shows some possible subnet masks using both notations. Table 148 Alternative Subnet Mask Notation ALTERNATIVE SUBNET MASK NOTATION 255.255.255.0 255.255.255.128 XGS-4528F User’s Guide Appendix A IP Addresses and Subnetting 4TH OCTET OCTET OCTET 00000000 00000000 00000000...
Page 348
192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. ALTERNATIVE LAST OCTET NOTATION (BINARY) 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100 LAST OCTET (DECIMAL) XGS-4528F User’s Guide...
IP Address (Decimal) IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 XGS-4528F User’s Guide Appendix A IP Addresses and Subnetting - 2 or 62 hosts for each subnet (a host ID of all NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111.
NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 LAST FIRST ADDRESS ADDRESS LAST OCTET BIT VALUE 01000000 11000000 LAST OCTET BIT VALUE 10000000 11000000 LAST OCTET BIT VALUE 11000000 11000000 BROADCAST ADDRESS XGS-4528F User’s Guide...
The following table is a summary for subnet planning on a network with a 16-bit network number. Table 155 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS XGS-4528F User’s Guide Appendix A IP Addresses and Subnetting LAST FIRST ADDRESS ADDRESS SUBNET MASK NO.
You must also enable Network Address Translation (NAT) on the Switch. Once you have decided on the network number, pick an IP address for your Switch that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 354
Appendix B Legal Information FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 355
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. XGS-4528F User’s Guide Appendix B Legal Information...
Page 356
Appendix B Legal Information XGS-4528F User’s Guide...
AS Boundary Router authentication and OSPF and RADIUS setup authorization privilege levels XGS-4528F User’s Guide automatic VLAN registration Autonomous System and OSPF Autonomous System (AS) back up, configuration file Backbone Router (BR) backbone, routing Backup Designated Router(BDR), and OSPF...
Page 364
DVMRP (Distance Vector Multicast Routing Protocol) dynamic link aggregation egress port Ethernet broadcast address Ethernet port test Ethernet ports default settings external authentication server XGS-4528F User’s Guide...
Page 365
GMT (Greenwich Mean Time) GVRP 88, 93 and port assignment GVRP (GARP VLAN Registration Protocol) hardware installation mounting hardware monitor hardware overview XGS-4528F User’s Guide hello time hops HTTPS certificates implementation public keys, private keys HTTPS example humidity IANA IEEE 802.1p, priority...
Page 366
GBIC ports connection speed connector type transceiver installation transceiver removal mirroring ports monitor port mounting brackets MSA (MultiSource Agreement) MST Instance, See MSTI MST region MSTI MST ID 74, 319 78, 95, 97, 103, 148 131, 132 XGS-4528F User’s Guide...
Page 367
MVR (Multicast VLAN Registration) network management system (NMS) NTP (RFC-1305) OSPF advantages area 231, 237 XGS-4528F User’s Guide Area 0 area ID authentication autonomous system backbone configuration steps general settings how it works interface 232, 234, 238...
Page 368
Round Robin Scheduling router ID routing domain routing protocols routing table RSTP rubber feet safety warnings save configuration screen summary Secure Shell See SSH security service access control service port 59, 282 79, 268 236, 339 58, 280 XGS-4528F User’s Guide...
Page 369
115, 118 configuration 114, 117, 120 designated bridge forwarding delay 115, 118 Hello BPDU XGS-4528F User’s Guide Hello Time 115, 116, 118, 119 how it works Max Age 115, 116, 118, 119 path cost 108, 115, 118 port priority...
Page 370
Hello message how it works interface setup master router network example parameters preempt mode priority 270, 271 status uplink gateway uplink status Virtual Router Virtual Router ID VRID warranty 167, 169 267, 272 270, 271 XGS-4528F User’s Guide...
Page 371
38, 51 getting help home login logout navigation panel screen summary weight, queuing Weighted Round Robin Scheduling (WRR) WFQ (Weighted Fair Queuing) WRR (Weighted Round Robin Scheduling ZyNOS (ZyXEL Network Operating System) XGS-4528F User’s Guide Index...