Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 4
ES-2024 Series User’s Guide Certifications 1 Go to www.zyxel.com 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. Certifications...
ES-2024 Series User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
ES-2024 Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
+36-1-3259100 +7-3272-590-698 www.zyxel.kz +7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Costa Rica Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica ZyXEL Communications Czech s.r.o.
Page 8
+380-44-494-49-32 +44-1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44-1344 303034 ftp.zyxel.co.uk ES-2024 Series User’s Guide REGULAR MAIL ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland ZyXEL Russia Ostrovityanova 37a Str.
Page 9
ES-2024 Series User’s Guide Customer Support...
2.2 Mounting the Switch on a Rack ...39 2.2.1 Rack-mounted Installation Requirements ...39 2.2.1.1 Precautions ...39 2.2.2 Attaching the Mounting Brackets to the Switch ...39 2.2.3 Mounting the Switch on a Rack ...39 Table of Contents ES-2024 Series User’ Guide...
Page 11
Initial Setup Example ... 56 5.1 Overview ...56 5.1.1 Creating a VLAN ...56 5.1.2 Setting Port VID ...57 5.1.3 Configuring Switch Management IP Address ...58 Chapter 6 System Status and Port Statistics ... 60 6.1 Port Status Summary ...60 6.1.1 Status: Port Details ...61 Chapter 7 Basic Setting ...
Page 12
7.3 General Setup ...69 7.4 Introduction to VLANs ...70 7.5 Switch Setup Screen ...71 7.6 IP Setup ...72 7.6.1 Management IP Addresses ...72 7.7 Port Setup ...74 Chapter 8 VLAN ... 78 8.1 Introduction to IEEE 802.1Q Tagged VLAN ...78 8.1.1 Forwarding Tagged and Untagged Frames ...78...
Page 13
ES-2024 Series User’ Guide Chapter 12 Bandwidth Control ... 100 12.1 Bandwidth Control Setup ...100 Chapter 13 Broadcast Storm Control... 102 13.1 Broadcast Storm Control Overview ...102 13.2 Broadcast Storm Control Setup ...102 Chapter 14 Mirroring ... 104 14.1 Mirroring Overview ...104 14.2 Port Mirroring Setup ...104 Chapter 15 Link Aggregation...
Page 15
Chapter 26 Cluster Management ... 170 26.1 Cluster Management Overview ...170 26.2 Cluster Management Status ...171 26.2.1 Cluster Member Switch Management ...172 26.2.1.1 Uploading Firmware to a Cluster Member Switch ...172 26.3 Configuring Cluster Management ...173 ...164 Table of Contents...
Page 16
30.8.1 List of Available Commands ...187 30.8.2 Detailed Command Information ...188 30.9 Using Command History ...189 30.10 Saving Your Configuration ...189 30.10.1 Switch Configuration File ...189 30.10.2 Logging Out ...190 30.11 Command Summary ...190 30.11.1 User Mode ...190 30.11.2 Enable Mode ...191 30.11.3 General Configuration Mode ...196...
Page 17
ES-2024 Series User’ Guide Chapter 31 Command Examples ... 212 31.1 Overview ...212 31.2 show Commands ...212 31.2.1 show interface ...212 31.2.2 show ip ...213 31.2.3 show logging ...214 31.2.4 show mac address-table all ...214 31.2.5 show pwr ...214 31.2.6 show system-information ...215 31.3 ping ...216 31.4 traceroute ...216 31.5 Enabling RSTP ...217...
Page 18
34.5 Disable VLAN ...246 34.6 Show VLAN Setting ...246 Chapter 35 Troubleshooting ... 248 35.1 Problems Starting Up the Switch ...248 35.2 Problems Accessing the Switch ...248 35.2.1 Pop-up Windows, JavaScripts and Java Permissions ...249 35.2.1.1 Internet Explorer Pop-up Blockers ...249 35.2.1.2 JavaScripts ...252...
Page 19
ES-2024 Series User’ Guide 35.3 Problems with the Password ...256 Product Specifications ... 258 Index... 270 Table of Contents...
Table 25 Bandwidth Control ... 100 Table 26 Broadcast Storm Control ... 102 Table 27 Mirroring ... 105 Table 28 Link Aggregation ID: Local Switch ... 109 Table 29 Link Aggregation ID: Peer Switch ... 109 Table 30 Link Aggregation Control Protocol Status ... 109 Table 31 Link Aggregation Control Protocol: Configuration ...
Page 25
Table 73 interface port-channel Commands ... 205 Table 74 mvr Commands ... 208 Table 75 Command Summary: config-vlan Commands ... 209 Table 76 Troubleshooting the Start-Up of Your Switch ... 248 Table 77 Troubleshooting Accessing the Switch ... 248 Table 78 Troubleshooting the Password ... 256 Table 79 General Product Specifications ...
Page 26
ES-2024 Series User’s Guide Table 82 Classes of IP Addresses ... 263 Table 83 Allowed IP Address Range By Class ... 263 Table 84 “Natural” Masks ... 264 Table 85 Alternative Subnet Mask Notation ... 264 Table 86 Two Subnets Example ... 265 Table 87 Subnet 1 ...
Page 27
ES-2024 Series User’s Guide List of Tables...
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The ES-2024 Series Ethernet Switch may be referred to as “the switch” or “the device” in this User’s Guide.
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
TCP/IP configuration at start-up from a server. You can configure the switch as a DHCP client to obtain TCP/IP information (such as the IP address and subnet mask) from a DHCP server. If you disable the DHCP service, you must manually enter the TCP/IP information.
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
The ports allow the switch to connect to another Ethernet devices. Gigabit Ethernet Ports The ports allow the switch to connect to another WAN switch or daisy-chain to other switches. Mini-GBIC Slots Install SPF transceivers in these slots to connect to other Ethernet switches at longer distances than the Ethernet port.
This section shows a few examples of using the switch in various network environments. 1.4.1 Backbone Application In this application, the switch is an ideal solution for small networks where rapid growth can be expected in the near future. The switch can be used standalone for a group of heavy traffic users. You can connect computers directly to the switch’s port or connect other switches to the switch.
Figure 2 Bridging Application 1.4.3 High Performance Switched Example The switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance.
In this example, only ports that need access to the server need belong to VLAN 1. Ports can belong to other VLAN groups too. Chapter 8, “VLAN,” on page Chapter 1 Getting to Know Your Switch...
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the switch. These rubber feet help protect the switch from shock or vibration and ensure space between devices when stacking.
2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the switch, lining up the four screw holes on the bracket with the screw holes on the side of the switch.
ES-2024 Series User’s Guide Figure 8 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack.
Page 41
ES-2024 Series User’s Guide Chapter 2 Hardware Installation and Connection...
This chapter describes the front panel and rear panel of the switch and shows you how to make the hardware connections. 3.1 Front Panel Connection The figure below shows the front panel of the switch. Figure 9 Front Panel: ES-2024A Figure 10 Front Panel: ES-2024PWR The following table describes the port labels on the front panel.
• No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console cable to the console port of the switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.
These are slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA).
2 Pull the transceiver out of the slot. Figure 14 Transceiver Removal Example 3.2 Rear Panel The following figure shows the rear panel of the switch. The power receptacle is on the read panel. Figure 15 Rear Panel 3.2.1 Power Connector Make sure you are using the correct power source as shown on the panel.
To connect the power to the switch, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to the power source. 3.3 LEDs The LEDs are located on the front panel. The following table describes the LEDs on the front panel.
Page 47
ES-2024 Series User’s Guide Table 2 LEDs (continued) COLOR Green STATUS DESCRIPTION Blinking The port is sending or receiving data. The port is not sending or receiving data. Chapter 3 Hardware Overview...
4.2 System Login 1 Start your web browser. 2 Type “http://” and the IP address of the switch (for example, the default is 192.168.1.1) in the Location or Address field. Press 3 The login screen appears. The default username is admin and associated default password is 1234.
B - Click this link to save your configuration into the switch’s nonvolatile memory. Once saved, the configuration of your switch stays the same even if the switch’s power is turned off. C - Click this link to display the Status screen (or the home screen).
E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. 4.3.1 Menu Overview In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING APPLICATION...
This link takes you to a screen where you can configure general identification information about the switch. Switch Setup This link takes you to a screen where you can set up global switch parameters such as VLAN type, MAC address learning, GARP and priority queues. ADVANCED...
Page 52
This link takes you to a screen where you can configure the management IP address, subnet mask (necessary for switch management) and DNS (domain name server). Port Setup This link takes you to screens where you can configure settings for individual switch ports. Advanced Application VLAN This link takes you to screens where you can configure port-based or 802.1Q VLAN...
4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the switch’s power is turned off. Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory.
Note: Be careful not to lock yourself and others out of the switch. 4.6 Resetting the Switch If you lock yourself (and others) out of the switch, you can try accessing via the console port. If you still cannot correct the situation or forgot the password, you will need to reload the factory-default configuration file.
262144 bytes received. Erasing.. ES-2024A> atgo The switch is now reinitialized with the factory-default configuration file including the default password of “1234”. 4.7 Logging Out of the Web Configurator Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out.
This chapter shows how to set up the switch for an example network. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID • Configure the switch IP management address 5.1.1 Creating a VLAN...
10 to be a permanent member of the VLAN only. 4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the switch to remove VLAN tags before sending.
Figure 23 Initial Setup Example: Management IP Address 1 Connect your computer to any Ethernet port on the switch. Make sure your computer is in the same subnet as the switch. 2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator.
Page 59
ES-2024 Series User’s Guide 3 Click Basic Setting and IP Setup in the navigation panel. 4 Configure the related fields in the IP Setup screen. For the VLAN2 network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask.
System Status and Port This chapter describes the system status (web configurator home page) and port details screens. 6.1 Port Status Summary The home screen of the web configurator displays a port statistical summary table with links to each port showing statistical details. To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the switch. Section 11.2 on page 95 for more information).
PD MaxCurrent This field is available on ES-2024PWR. (mA) This field shows the maximum current a powered device can get from the switch. PD MaxPower This field is available on ES-2024PWR. (mW) This field shows the maximum power the switch can provide through this port.
Page 63
ES-2024 Series User’s Guide Table 7 Status: Port Details (continued) LABEL DESCRIPTION LACP This field shows if LACP is enabled on this port or not. TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port.
Page 64
Table 7 Status: Port Details (continued) LABEL DESCRIPTION 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length.
Page 65
ES-2024 Series User’s Guide Chapter 6 System Status and Port Statistics...
The real time is then displayed in the switch logs. The Switch Setup screen allows you to set up and configure global switch features. The IP Setup screen allows you to configure a switch IP address, subnet mask(s) and DNS (domain name server) for management purposes.
This field displays the amount of power the switch is currently supplying to the Power (W) connected PoE-enabled devices. Allocated This field displays the total amount of power the switch has reserved for PoE after Power (W) negotiating with the connected PoE device(s). Chapter 7 Basic Setting...
Page 68
Normal indicates that this fan is functioning above the minimum speed. Error indicates that this fan is functioning below the minimum speed. If Error displays, it is recommended that the fan(s) on the switch be replaced by a qualified technician.
Location Enter the geographic location (up to 32 characters) of your switch. Contact Person's Enter the name (up to 32 characters) of the person in charge of this switch. Name Login Use this drop-down list box to select which database the switch should use (first) to Precedence authenticate an administrator (user for switch management).
LABEL DESCRIPTION Use Time Server Enter the time service protocol that a timeserver sends when you turn on the switch. when Bootup Not all time servers support all protocols, so you may have to use trial and error to find a protocol that works. The main differences between them are the time format.
Chapter 8 on page 78 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.
Use the next two fields to configure the priority level-to-physical queue mapping. The switch has four physical queues that you can map to the 8 priority levels. On the switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
ES-2024 Series User’s Guide You can configure up to 64 IP addresses which are used to access and manage the switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 30 IP Setup The following table describes the labels in this screen.
Mask Enter the VLAN identification number. Click Add to save the new rule to the switch. It then displays in the summary table at the bottom of the screen. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode.
Page 76
This field is only available on the ES-2024PWR but not available for the Gigabit or mini-GBIC ports. A powered device (PD) is a device such as an access point or a switch, that supports PoE (Power over Ethernet) so that it can receive power from another device through a 10/100Mbps Ethernet port.
Page 77
ES-2024 Series User’s Guide Chapter 7 Basic Setting...
The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLANs groups beyond the local switch. Please refer to the following table for common IEEE 802.1Q VLAN terminology.
C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).
The following table describes the labels in this screen. Table 14 VLAN: VLAN Status LABEL DESCRIPTION The Number of This is the number of VLANs configured on the switch. VLAN Index This is the VLAN index number. Click an index number to display detailed VLAN status.
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamic - using GVRP, static - added as a permanent entry or other - added using Multicast VLAN Registration (MVR).
ES-2024 Series User’s Guide Figure 36 VLAN: Static VLAN The following table describes the related labels in this screen. Table 16 VLAN: Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. VLAN Group ID Enter the VLAN ID for this static entry;...
Click Add to add the settings as a new entry in the summary table below. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Port-based VLANs are specific only to the switch on which they were created. Note: When you activate port-based VLAN, the switch uses a default VLAN ID of 1. You cannot change it. In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID.
(its outgoing port). CPU refers to the switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the switch cannot be managed from that port.
Page 88
If you wish to allow two subscriber ports to talk to each other, you must define the egress port for both ports. CPU refers to the switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the switch cannot be managed from that port.
Page 89
ES-2024 Series User’s Guide Chapter 8 VLAN...
MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the switch. See on port security.
After you set the fields above, click Add to insert a new rule. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This chapter discusses static IP and MAC address port filtering. 10.1 Filtering Overview Port filtering means discarding (or dropping) packets based on the MAC addresses and VLAN group. 10.2 Configure a Filtering Rule Click Advanced Application and Filtering in the navigation panel to display the screen as shown next.
Page 93
LABEL DESCRIPTION Click Add to save the new rule to the switch. It then displays in the summary table at the bottom of the screen. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network.
This switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch. Hello Time...
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 98
Priority decides which port should be disabled when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128.
Page 99
ES-2024 Series User’s Guide Chapter 11 Spanning Tree Protocol...
The following table describes the related labels in this screen. Table 25 Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the switch. Port This field displays the port number. Chapter 12 Bandwidth Control ES-2024 Series User’s Guide...
Page 101
64. If you enter a number between 1729 and 1999, the rate is fixed at 1792. If you enter a number between 2000 and 103999, the switch rounds the number down to the nearest multiple of 1000.
Broadcast storm control limits the number of broadcast frames that can be stored in the switch buffer or sent out from the switch. Broadcast frames that arrive when the buffer is full are discarded. Enable this feature to reduce broadcast traffic coming into your network.
Page 103
64. If you enter a number between 1729 and 1999, the rate is fixed at 1792. If you enter a number between 2000 and 103999, the switch rounds the number down to the nearest multiple of 1000.
This chapter discusses the Mirror setup screens. 14.1 Mirroring Overview Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the mirror port without interference. 14.2 Port Mirroring Setup Click Advanced Application, Mirroring in the navigation panel to display the Mirroring screen.
Table 27 Mirroring LABEL DESCRIPTION Active Clear this check box to deactivate port mirroring on the switch. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port without interfering with the traffic flow on the original port(s). Select this port from this drop-down list box.
Page 106
(incoming) and Both. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 107
ES-2024 Series User’s Guide Chapter 14 Mirroring...
“standby” ports become operational without user intervention. Please note that: • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking.
ES-2024 Series User’s Guide 15.2.1 Link Aggregation ID LACP aggregation ID consists of the following information Table 28 Link Aggregation ID: Local Switch SYSTEM PRIORITY MAC ADDRESS 0000 Table 29 Link Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS 0000 15.3 Link Aggregation Status...
Select this checkbox to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535. The switch with the lowest Priority system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Page 111
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
16.1.1.1 Vendor Specific Attribute A Vendor Specific Attribute (VSA) is an attribute-value pair that is sent between a RADIUS server and the switch. Configure VSAs on the RADIUS sever to set the switch to perform the following actions on an authenticated user: •...
16.1.1.2 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server to assign a port on the switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for more information.
Figure 50 Port Authentication 16.3 Activating IEEE 802.1x Security To enable port authentication, first activate IEEE802.1x security (both on the switch and the port(s)) then configure the RADIUS server settings. From the Port Authentication screen, display the configuration screen as shown.
16.4 Configuring RADIUS Server Settings From the Port Authentication screen, click RADIUS to display the configuration screen as shown. You can configure two RADIUS servers on the switch. Use this screen to configure the first RADIUS server. Note: Use the CLI to configure the first or second RADIUS server.
Page 116
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the switch.
Page 117
ES-2024 Series User’s Guide Chapter 16 Port Authentication...
For maximum port security, enable this feature, disable MAC address learning and configure static MAC address(es) for a port. Functionally the switch allows for three possible outcomes with port security. You can configure the ports to: • Forward all packets and learn all MAC addresses.
Note: Changes in this row are copied to all the ports as soon as you Active Select this check box to enable the port security feature on this port. The switch forwards packets whose MAC address(es) is in the MAC address table on this port.
17.3 Port Security Example The following example demonstrates the various settings and results associated with different port security configurations. Ports 1 to 5 are configured to: • Port 1 - Forward all packets and learn all MAC addresses. • Port 2 - Forward all packets and learn all MAC addresses. •...
Page 121
ES-2024 Series User’s Guide Table 37 Port Security Example (continued) ACTIVATE PORT PORT SECURITY SETTINGS ACTIVATE LIMIT NO. OF ADDRESS LEARNED MAC LEARNING ADDRESSES Drop all packets from unknown MAC addresses, do not learn MAC addresses. Drop packets from unknown MAC addresses, learn up to 100 MAC addresses.
Strict Priority Queuing (SPQ) services queues based on priority only. As traffic comes into the switch, traffic on the highest priority queue, Q3 is transmitted first. When that queue empties, traffic on the next highest-priority queue, Q2 is transmitted until Q2 empties, and then traffic is transmitted on Q1 and so on.
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This allows you to control the distribution of multicast services (such as content information distribution) based on service plans and types of subscription. You can set the switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port.
ES-2024 Series User’s Guide The switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch.
Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Host Timeout Specify the time (from 1 to 16,711,450) in seconds that elapses before the switch removes an IGMP group membership entry if it does not receive report messages from the port.
Note: Changes in this row are copied to all the ports as soon as Immed. Leave Select this option to set the switch to remove this port from the multicast tree when an IGMP version 2 leave message is received on this port.
Click Add to save the settings to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Figure 59 MVR Network Example 19.5.1 Types of MVR Ports In MVR, a source port is a port on the switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast data. Once configured, the switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
When the subscriber changes the channel or turns off the computer, an IGMP leave message is sent to the switch to leave the multicast group. The switch sends a query to VLAN 1 on the receiver port (in this case, a DSL port on the switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic.
Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN. 802.1p Priority Select a priority level (0-7) with which the switch replaces the priority in outgoing IGMP control packets (belonging to this multicast VLAN). Mode Specify the MVR mode on the switch. Choices are Dynamic and Compatible.
Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
19.7.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the switch belong to VLAN 1. In addition, port 17 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic.
ES-2024 Series User’s Guide Figure 64 MVR Configuration Example To set the switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200.
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Address switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch. Chapter 20 Static Route ES-2024 Series User’s Guide...
Page 139
1 and 15. In practice, 2 or 3 is usually a good number. Clicking Add saves your changes to the switch's run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
21.2 Activating DiffServ Activate DiffServ to allow the switch to enable DiffServ on the selected port(s). Click IP Application, DiffServ in the navigation panel to display the screen as shown.
Click Cancel to start configuring this screen again. 21.3 DSCP-to-IEEE802.1p Priority Mapping You can configure the DSCP to IEEE802.1p mapping to allow the switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE802.1p mapping table.
To set the IEEE802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Click Config 1 to save the current running configuration to the first configuration file. Configuration Reboot Click Config 1 to reboot the system and load Configuration 1 on the switch. System Note: Make sure to click the Save button in any screen to save your...
3 In the web configurator, click the Save button to make the changes take effect. If you want to access the switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default switch IP address (192.168.1.1).
Figure 72 Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the switch in the File Path text box or click Browse to locate it. After you have specified the file, click Upgrade.
Back up your current switch configuration to a computer using the Backup Configuration screen. Figure 74 Backup Configuration Follow the steps below to back up the current switch configuration to your computer in this screen. 1 Click Backup. 2 Click Save to display the Save As screen.
The configuration file contains the settings in the screens such as password, switch setup, IP Setup, etc.. Once you have customized the switch's settings, they can be saved (as a plain text file) back to your computer under a filename of your choosing.
• FTP service is disabled in the Access Control screen. • The IP address(es) in the Secured Client Set in the Remote Management screen does not match the client IP address. If it does not match, the switch will disconnect the Telnet session immediately.
The following error message displays. Connection to host lost. C:\> If you disable multiple login while another administrator is accessing the switch via telnet, the switch will immediately log out the administrator and disconnect the telnet session. The following error message displays.
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (the switch). An agent translates the local management information from the managed switch into a form compatible with SNMP.
RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP • Private MIBs 23.3.2 SNMP Traps The switch sends traps to an SNMP manager when an event occurs. SNMP traps supported are outlined in the following table. Table 53 SNMP Traps...
Enter the IP addresses of up to four stations to send your SNMP traps to. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
23.4 Setting Up Login Accounts Up to five people (one administrator and four non-administrators) may access the switch via web configurator at any one time. • An administrator is someone who can both view and configure switch changes. The username for the Administrator is always admin. The default administrator password is 1234.
Set a user name (up to 32 characters long). Enter your new system password. Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
23.7 SSH Implementation on the Switch Your switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the switch for remote management and file transfer on port 22.
SSH. 23.7.2 SSH Login Example You can use an SSH client program to access the switch. The following figure shows an example using a text-based SSH client program. Refer to the documentation that comes with your SSH program for information on using it.
HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so.
Figure 83 Security Alert Dialog Box (Internet Explorer) 23.9.2 Netscape Navigator Warning Messages When you attempt to access the switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the switch.
Figure 85 Security Certificate 2 (Netscape) 23.9.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection.
ES-2024 Series User’s Guide 23.10 Service Port Access Control Service Access Control allows you to decide what services you may use to access the switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen.
Configure the IP address range of trusted computers from which you can manage this switch. End Address The switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The switch immediately disconnects the session if it does not match.
Page 163
ES-2024 Series User’s Guide Chapter 23 Access Control...
IP Ping Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform internal loopback test.
Page 165
ES-2024 Series User’s Guide Chapter 24 Diagnostic...
This chapter explains the syslog screens. 25.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164.
Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
The lower the number, the more critical the logs are. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 169
ES-2024 Series User’s Guide Chapter 25 Syslog...
Cluster Member Models Cluster Manager Cluster Members In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 92 Clustering Application Example Chapter 26 Cluster Management...
This field displays the role of this switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager This field displays the cluster manager switch’s hardware MAC address.
Go to the Clustering Management Status screen of the cluster manager switch and then click on an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
FTP PARAMETER User Password 370tx1.bin fw-00-13-49-00-00-01 config-00-13-49-00-00-01 This is the cluster member switch’s configuration file name as seen 26.3 Configuring Cluster Management Click Configuration from the Cluster Management screen to display the next screen. Refer to Section 26.1 on page 170...
Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). This is the VLAN ID and is only applicable if the switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 175
Click Add to save this part of the screen to the switch. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
• If the switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion.
This field displays drop if you configure a filter rule for the MAC address in the Filtering screen. Type This shows whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen). Chapter 27 MAC Table...
If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the switch puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address).
Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
This chapter shows you how you can copy the settings of one port onto other ports. 29.1 Clone a Port Cloning allows you to copy the basic and advanced settings from a source port to one or more destination ports. Click Management, Configure Clone to open the following screen. Figure 100 Configure Clone The following table describes the labels in this screen.
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This chapter introduces the commands and gives a summary of commands available. 30.1 Overview In addition to the web configurator, you can use line commands to configure the switch. Use line commands for advanced switch diagnosis and troubleshooting. If you have problems with your switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
Use the following steps to telnet into your switch. 1 Make sure your computer IP address and the switch IP address are on the same subnet. In Windows, click Start (usually in the bottom left corner), Run and then type (the default management IP address) and click OK.
Copyright (c) 1994 - 2005 ZyXEL Communications Corp. sysname> 30.3 The Login Screen After you have successfully established a connection to the switch using a direct console connection or telnet, a login screen displays. The following shows the login prompt on the console port.
For example, if you enter “ automatically displays. • Each interface refers to an Ethernet port on the switch. Commands configured after the interface command correspond to those ports. • Type multiple ports or port ranges separated by a comma. Ranges of port numbers are typed separated by a dash.
Config Commands available in this mode allow you to configure settings that affect the switch globally. Command modes that follow are sub-modes of the config mode and can only be accessed from within the config mode. Chapter 30 Introducing the Commands Section 16.1.1.1 on page 112...
Type sysname(config- port-channel interface)# followed by a port number. For example, nterface port- channel 10 configure port 10 on the switch. To enter mode, sysname(config-mvr)# enter followed by a VLAN ID (between 1 and 4094). For example, enter mvr 2 to configure multicast settings on VLAN 2.
Enter “ ” to display a list of commands you can use. sysname> help Commands available: help logout exit history enable show ip <cr> show hardware-monitor <C|F> show system-information ping help ping <ip|host-name> [vlan <vlan-id>][..] ping <ip|host-name> <cr> traceroute help traceroute <ip|host-name>...
30.9 Using Command History The switch keeps a list of commands you have entered for the current CLI session. You can use any commands in the history again by pressing the up ( ) or down ( ) arrow key to scroll through the previously used commands and press the list of commands.
30.11 Command Summary The following sections summarize the commands available in the switch together with a brief description of each command. Commands listed in the tables are in alphabetical order. See the related section in the User’s Guide for more background information.
Page 194
Displays all port security settings. Displays port security settings on <port-list> the specified port(s). Displays PoE (Power over Ethernet) settings on the switch. Only available on models with the PoE feature. Displays RADIUS server settings. Displays all secured client information.
Page 195
SSH version and addition commands to be executed on the server. Determines the path a packet takes to a device. Displays command help information. Saves current configuration to the configuration file the switch is currently using. Chapter 30 Introducing the Commands PRIVILEGE...
MAC address and <password- password. str> Configures a name to identify the cluster manager. Logs into a cluster member switch. 13 Enables DiffServ. Sets the DSCP-to-IEEE 802.1p mappings. Exits from the CLI. Configures GARP time settings. Displays help information.
Page 197
Sets the range of multicast address(es) in a profile. Enables IGMP snooping. Sets a priority level (0-7) to which the switch changes the priority in outgoing IGMP control packets. Sets the host timeout value. Sets the leave timeout value Sets how to treat traffic from unknown multicast group.
Page 198
Registration) configuration mode. Section 30.11.5 on page 208 for more information. Disable bandwidth control on the switch. Disables cluster management on the switch. Removes the cluster member. <mac- address> Disables the DiffServ settings. Resets the session timeout to the timeout default of 300 seconds.
Page 199
<interface- id> inactive Disables port mirroring on the switch. Disables another administrator from logging into Telnet. Disables MVR on the switch. Disables port authentication on the switch. Disables authentication on the <port-list> listed ports. Chapter 30 Introducing the Commands...
Page 200
<index> number from using the selected service remote management service(s). <[telnet][ft [http][icmp] [snmp][ssh][ https]> Disables FTP access to the switch. 13 Disables web browser control to http the switch. Disables secure web browser https access to the switch. icmp Disables ICMP access to the switch such as pinging and tracerouting.
Page 201
Removes ports from the specified trunk group. interface <port-list> Disables LACP in the specified <T1|T2|T3> trunk group. lacp Deletes the static VLAN entry. Disables GVRP on the switch. gvrp Disables VLAN tag checking on ingress- incoming traffic. check Disables port isolation. port- isolation Change the password for Enable mode.
Page 202
> high Enables MIB traps on the switch. Traps are initiated when the usage reaches the limit set by the usagethreshold Sets the percentage of power usage which initiates MIB traps.
Page 203
Sets the set community. Sets the trap community. Sets the IP addresses of up to four stations to send your SNMP traps Enables STP on the switch. Enables STP on a specified port. Sets the STP path cost for a path-cost specified port.
Page 204
Sets Hello Time, Maximum Age and Forward Delay. Displays help information. Sets the bridge priority of the switch. Sets the switch to use Strictly Priority Queuing (SPQ). Adds a remote host to which the switch can access using SSH service.
Specifies the VLAN type. Enables GVRP. Enables VLAN tag checking on incoming traffic. Enables port-isolation. Sets the switch to use Weighted Round Robin queuing (WRR). Sets the WRR weight. A weight value of one to eight is given to each variable from commands in Configure mode.
Page 206
IGMP queries received. Disables the specified port(s) on the switch. Enables intrusion lock on a port and a port cannot be connected again after you disconnected the cable. Enables port mirroring in the interface.
Page 207
Disables IGMP immediate leave igmp-immediate- on the port. leave Enables the port(s) on the inactive switch. intrusion-lock Disables intrusion-lock on a port so that a port can be connected again after you disconnected the cable. Disables port mirroring on the mirror port(s).
Configure mode. DESCRIPTION Enters the MVR (Multicast VLAN Registration) configuration mode. Sets a priority level (0-7) to which the switch changes the priority in outgoing IGMP control packets. Exist from the MVR configuration mode. Sets the multicast group range for the MVR.
VLAN group. Displays a list of available VLAN commands. Disables the specified VLAN. Sets the IP address and subnet mask <ip-address> of the switch in the specified VLAN. <mask> Chapter 30 Introducing the Commands PRIVILEGE PRIVILEGE...
Page 210
<port- list> Chapter 30 Introducing the Commands DESCRIPTION Sets the management IP address and <ip-address> subnet mask of the switch in the <mask> specified VLAN. [manageable] Sets a default gateway IP address for default- this VLAN. gateway <ip- address>...
Page 211
ES-2024 Series User’s Guide Chapter 30 Introducing the Commands...
This chapter describes some commands in more detail. 31.1 Overview These are commands that you may use frequently in maintaining your switch. 31.2 show Commands These are the commonly used 31.2.1 show interface Syntax: show interfaces <port-number> This command displays port statistics of the specified port(s). The following example shows that port 12 is up and the related information.
31.2.2 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all switch interfaces. The following figure shows the default interface settings. sysname> show ip IP Interface IP[172.23.37.107], Netmask[255.255.255.0], VID[1] sysname>...
31.2.4 show mac address-table all Syntax: show mac address-table all <sort> Where <sort> This command displays the MAC address(es) stored in the switch. The following example shows the MAC address table. sysname# show mac address-table all Port VLAN ID sysname# 31.2.5 show pwr...
ES-2024 Series User’s Guide This command displays the PoE settings on the ports and the PoE status on the device. The following shows an example. ES-2024PWR# show pwr Averaged Junction Temperature: 33 (c), 91 (f). Port State ---- ------ Enable Enable Enable Enable...
This command shows the general system information (such as the firmware version and system up time). An example is shown next. sysname> show system-information System Name System Contact System Location Ethernet Address ZyNOS F/W Version RomRasSize System up Time Bootbase Version sysname>...
Specifies the VLAN ID to which the Ethernet device belongs. Specifies the Time To Live (TTL) period. Specifies the time period to wait. Specifies how many tries the switch performs the traceroute function. followed by the port number and press...
31.7 Configuration File Maintenance The following sections shows how to manage the configuration files. 31.7.1 Resetting to the Factory Default Follow the steps below to reset the switch back to the factory defaults. 1 Enter erase running config 2 Enter write memory The following example resets the configuration file to the factory default settings.
Page 219
ES-2024 Series User’s Guide Chapter 31 Command Examples...
Configuration Mode Commands This chapter describes how to enable and configure your switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 32.1 Setting Login Accounts Syntax: logins username <username> password <password>...
An example is shown next. • Enable IGMP snooping on the switch. • Set the host-timeout • Set the switch to drop packets from unknown multicast groups. sysname(config)# igmp-snooping sysname(config)# igmp-snooping host-timeout 30 sysname(config)# igmp-snooping leave-timeout 30 sysname(config)# igmp-snooping unknown-multicast-frame drop 32.3 Configuring an IGMP Filter...
224.0.0.0 to 239.255.255.255 are used for IP multicasting. and specify the multicast IP addresses in the filter1 to belong to this profile. 225.255.255.255 or commands to enable and configure STP on the switch. ES-2024 Series User’s Guide end-address...
Page 223
• Set the bridge priority of the switch to 0. • Set the Hello Time to 4, Maximum Age to 20 and Forward Delay to 15 on the switch. • Enable STP on port 10 with a path cost of 150.
This command disables STP on the switch. 32.5.2 Resetting Commands Use the command to reset switch settings to their default values. Syntax: no https timeout This command resets the HTTPS session timeout to the default. An example is shown next. The session timeout is reset to 300 seconds.
ES-2024 Series User’s Guide Syntax: no ip route <ip> <mask> inactive where <ip> <mask> inactive An example is shown next. • Enable the IP route with the IP address of 192.168.11.1 and subnet mask of 255.255.255.0. This IP route must have already been created and made inactive prior to re-enable command being applied.
Disables port authentication on the switch. Disables the re-authentication mechanism on the listed port(s). Disables authentication on the listed ports. Disables the secure shell server encryption key. Your switch supports SSH versions 1 and 2 using RSA and DSA authentication.
Configure mode to enable PoE and configure Enables PoE on the specified port(s). Sets the PD priority on a port to allow the switch to allocate power to higher priority ports when the remaining power goes below 16W.
Remaining Power:185.0(W) ES-2024PWR# 32.7 Queuing Method Commands You can use the queuing method commands to configure queuing for outgoing traffic on the switch. You can only select one queuing method for the switch. Chapter 32 Configuration Mode Commands Class Priority...
• Set the queueing method to SPQ. sysname(config)# spq 32.8 Static Route Commands You can create and configure static routes on the switch by using the Syntax: ip route <ip> <mask> <next-hop-ip> ip route <ip> <mask> <next-hop-ip> [metric <metric>][name <name>]...
[name <name>] [inactive] An example is shown next. • Create a static route with the destination IP address of and the gateway IP address of 255.255.0.0 • Assigns a metric value of • Assigns the name sysname(config)# ip route 172.21.1.104 255.255.0.0 192.168.1.2 sysname(config)# ip route 172.21.1.104 255.255.0.0 192.168.1.2 metric 2 sysname(config)# ip route 172.21.1.104 255.255.0.0 192.168.1.2 name route1 32.9 Enabling MAC Filtering...
To enable a port authentication, you need to specify your RADIUS server details and select the ports which require external authentication. You can set up multiple RADIUS servers and specify how the switch will process authentication requests. 32.11.1 RADIUS Server Settings Configuring multiple RADIUS servers is only available via the command interpreter mode.
RADIUS server. If 2 RADIUS servers are configured and are in priority mode, this is the total time the switch will wait for a response from either server. Specifies the way the switch will process requests from the clients to the RADIUS server.
Page 233
See secretKey RADIUS server commands. • Specify the timeout period of 30 seconds that the switch will wait for a response from the RADIUS server. • Enable port authentication on ports 4 to12. • Activate reauthentication on the ports.
These are some commonly used configuration commands that belong to the group of commands. 33.1 Overview The interface commands allow you to configure the switch on a port by port basis. 33.2 Interface Command Examples This section provides examples of some frequently used interface commands.
• Enable ports 1, 4, 5 and 6 for configuration. • Enable port mirroring on the ports. Sets the maximum bandwidth allowed for outgoing traffic (egress) on the switch. Sets the maximum bandwidth allowed for incoming traffic (ingress) on the switch.
VLAN groups beyond the local switch. An example is shown next. • Enable IEEE 802.1Q tagged VLAN to configure tagged VLAN for the switch. • Enable ports one, three, four and five for configuration. • Enable GVRP on the interface.
<port-list> An example is shown next. • Enable port-based VLAN tagging on the switch. • Enable ports one, three, four and five for configuration. • Set the outgoing traffic ports as the CPU (0), seven (7), eight (8) and nine (9).
33.2.8 name Syntax: name <port-name-string> where <port-name-string> An example is shown next. • Enable ports one, three, four and five for configuration. • Set a name for the ports. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# name Test 33.2.9 speed-duplex Syntax: speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full> where <auto|10-half|10- full|100-half|100-...
ES-2024 Series User’s Guide • Enters interface command mode to configure port 1. • Execute the test • View the results. sysname(config)# interface port-channel 1 sysname(config-interface)# test Testing internal loopback on port Ethernet Port 1 Test ok. sysname(config-interface)# 33.3 Interface no Command Examples Similar to the commands in Enable and Config modes, the sub mode also disable certain features.
2000 sysname(config-interface)# exit 2 Configure your management VLAN. • Use the vlan <vlan-id> managing the switch, and the switch will activate the new management VLAN. • Use the inactive sysname(config)# vlan 3 sysname(config-vlan)# inactive Chapter 34 IEEE 802.1Q Tagged VLAN Commands...
This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 34.2.1 GARP Status Syntax: show garp This command shows the switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. sysname# show garp...
This command turns on GVRP in order to propagate VLAN information beyond the switch. 34.2.5 Disable GVRP Syntax: no vlan1q gvrp This command turns off GVRP so that the switch does not propagate VLAN information to other switches. 34.3 Port VLAN Commands You must configure the switch port VLAN settings in config-interface mode.
ES-2024 Series User’s Guide 34.3.1 Set Port VID Syntax: pvid <VID> where Specifies the VLAN number between 1 and 4094. <VID> This command sets the default VLAN ID on the port(s). The following example sets the default VID to 200 on ports 1 to 5. sysname(config)# interface port-channel 1-5 sysname(config-interface)# pvid 200 34.3.2 Set Acceptable Frame Type...
34.3.4.2 Forwarding Process Example 34.3.4.2.1 Tagged Frames 1 First the switch checks the VLAN ID (VID) of tagged frames or assigns temporary VIDs to untagged frames. 2 The switch then checks the VID in a frame’s tag against the SVLAN table.
The switch also does not forward frames to “forbidden” ports. 4 If after looking at the SVLAN, the switch does not have any ports to which it will send the frame, it won’t check the port filter.
• VID is the VLAN identification number. • Status shows whether the VLAN is static or active. • Elap-Time is the time since the VLAN was created on the switch. • The section of the last column shows which ports are tagged and which are TagCtl untagged.
IP address, your computer’s IP address must match it. Refer to the chapter on access control for details. Your computer’s and the switch’s IP addresses must be on the same subnet. See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.
ES-2024 Series User’s Guide 35.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Figure 102 Internet Options 3 Click Apply to save this setting. 35.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
ES-2024 Series User’s Guide Figure 103 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 35 Troubleshooting...
Figure 104 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 35.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
ES-2024 Series User’s Guide Figure 105 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Figure 106 Security Settings - Java Scripting 35.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
ES-2024 Series User’s Guide Figure 107 Security Settings - Java 35.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Figure 108 Java (Sun) 35.3 Problems with the Password Table 78 Troubleshooting the Password PROBLEM Cannot access the switch. Chapter 35 Troubleshooting CORRECTIVE ACTION The password field is case sensitive. Make sure that you enter the correct password using the proper casing.
Page 257
ES-2024 Series User’s Guide Chapter 35 Troubleshooting...
Product Specifications These are the switch product specifications. Table 79 General Product Specifications Ethernet 24 10/100 Base-TX interfaces Interface Auto-negotiation Auto-MDI/MDIX Compliant with IEEE 802.3/3u Back pressure flow control for half duplex Flow control for full duplex (IEEE 802.3x) RJ-45 Ethernet cable connector...
RFC2674 Bridge MIB extension (for IEEE 802.1Q) Private MIBs Table 81 Physical and Environmental Specifications LEDs Per switch: PWR, SYS, ALM Per Ethernet port: LNK/ACT, FDX/COL (ES-2024A), PoE (ES-2024PWR) Dimension Standard 19” rack mountable ES-2024A: 438 mm (W) x 173 mm (D) x 44.5 mm (H) ES-2024PWR: 438 mm (W) x 270 mm (D) x 44.5 mm (H)
Page 260
Table 81 Physical and Environmental Specifications (continued) Weight ES-2024A: 2.2 Kg ES-2024PWR: 4 Kg Temperature Operating: 0º C ~ 45º C (32º F ~ 113º F) Storage: -25º C ~ 70º C (13º F ~ 158º F) Humidity 10 ~ 90% (non-condensing) Power Supply 100-240VAC, 50/60Hz, ES-2024A: 0.4A...
Page 261
ES-2024 Series User’s Guide Product Specifications...
IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
ES-2024 Series User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 82 Classes of IP Addresses IP ADDRESS OCTET 1 Class A Network number Class B Network number Class C Network number An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number.
ES-2024 Series User’s Guide Table 85 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.240 255.255.255.248 255.255.255.252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C”...
Table 87 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.127 Table 88 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.255 Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 –...
The following table shows class C IP address last octet values for each subnet. Table 93 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS The following table is a summary for class “C” subnet planning. Table 94 Class C Subnet Planning NO.
170, 174 member memeber web configurator screen network example setup specification status switch models warning icon cluster manager cluster member clustering 32, 170 command and multicasting configure tagged VLAN example example exit...
Page 271
ES-2024 Series User’s Guide configuration file 54, 189 and commands configuration restore 54, 146 configuration, saving 53, 189 configure a static VLAN configure port authentication configuring STP connect power connection test console port connector default setting initial screen copying port setting See port cloning Copyright create login account Customer Support...
Page 272
getting help Gigabit Ethernet port Gigabit Interface Converter See GBIC Gigabit/GBIC combo port GMT (Greenwich Mean Time) GVRP hardware connection hardware feature hardware installation freestanding hardware monitor hardware nstallation rack-mounting help hop count HTTP over SSL See HTTPS HTTPS example HyperText Transfer Protocol over Secure Socket Layer See HTTPS IEEE 802.1p...
Page 273
ES-2024 Series User’s Guide mini GBIC See GBIC mirror port mirroring monitor port multicast address setup multicast group multicast settings multicast status multicast VLAN Multicast VLAN Registration See MVR multicasting 802.1 priority multiple login Multi-Tenant Unit See MTU configuration configuration example group configuration how it works mode...
Page 274
queue queue weight queueing queuing queuing algorithm select rack-mounting installation precautions requirement RADIUS RADIUS server Network example setup shared secret UDP port Rapid Spanning Tree Protocol See RSTP rear panel reauthentication reboot system registration product Related Documentation Remote Authentication Dial In User Service See RADIUS remote management service...
Page 275
Strict Priority Queuing (SPQ) Strict Priority Queuing See SPQ subnet subnet mask subnetting switch setup Syntax Conventions sys command example syslog log type protocol server setup setup severity level system information...
Page 276
warranty note web configuration menu summary web configurator getting help logout main screen navigation panel 49, 50 Weighted Round Robin See WRR queue weight ZyNOS (ZyXEL Network Operating System) Index ES-2024 Series User’s Guide...