ZyXEL Communications MGS-3712F User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Switch
  5. MGS-3712F
  6. User manual

ZyXEL Communications MGS-3712F User Manual

Metrogigabit switch
Hide thumbs Also See for MGS-3712F:
Table of Contents

Advertisement

Quick Links

MGS-3712/MGS-3712F
MetroGigabit Switch
Default Login Details
IP Address
http://192.168.1.1
http://192.168.0.1
User Name
Password
Firmware Version 3.90
www.zyxel.com
Edition 1, 10/2008
www.zyxel.com
(Out-of-band
MGMT port)
admin
1234
Copyright © 2008
ZyXEL Communications Corporation

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications MGS-3712F

Summary of Contents for ZyXEL Communications MGS-3712F

  • Page 1 MGS-3712/MGS-3712F MetroGigabit Switch Default Login Details IP Address http://192.168.1.1 http://192.168.0.1 (Out-of-band MGMT port) User Name admin Password 1234 Firmware Version 3.90 www.zyxel.com Edition 1, 10/2008 www.zyxel.com Copyright © 2008 ZyXEL Communications Corporation...

  • Page 3: About This User's Guide

    Refer to the included CD for support documents. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. MGS-3712/MGS-3712F User’s Guide...
  • Page 4 • Product model and serial number. • Warranty Information. • Date that you received your device. Brief description of the problem and the steps you took to solve it. MGS-3712/MGS-3712F User’s Guide...

  • Page 5: Document Conventions

    Syntax Conventions • The MGS-3712 and MGS-3712F models may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
  • Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router MGS-3712/MGS-3712F User’s Guide...

  • Page 7: Safety Warnings

    Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. MGS-3712/MGS-3712F User’s Guide...
  • Page 8 Safety Warnings MGS-3712/MGS-3712F User’s Guide...

  • Page 9: Table Of Contents

    VLAN Stacking ......................... 197 Multicast ..........................205 AAA ............................221 IP Source Guard ........................235 Loop Guard ..........................261 VLAN Mapping ........................265 Layer 2 Protocol Tunneling ...................... 269 IP Application ........................273 Static Route ..........................275 MGS-3712/MGS-3712F User’s Guide...
  • Page 10 Syslog ............................331 Cluster Management ....................... 335 MAC Table ..........................343 ARP Table ..........................347 Configure Clone ........................349 Troubleshooting & Product Specifications ............... 351 Troubleshooting ........................353 Product Specifications ......................357 Appendices and Index ......................365 MGS-3712/MGS-3712F User’s Guide...

  • Page 11: Table Of Contents

    2.3.3 Mounting the Switch on a Rack .................. 32 Chapter 3 Hardware Overview......................... 33 3.1 Front Panel ......................... 33 3.1.1 Console Port ......................35 3.1.2 Gigabit Ethernet Ports ....................35 3.1.3 Mini-GBIC Slots ......................36 3.1.4 Management Port ....................... 38 MGS-3712/MGS-3712F User’s Guide...
  • Page 12 6.1.1 Creating a VLAN ......................67 6.1.2 Setting Port VID ......................68 6.2 Configuring Switch Management IP Address ..............70 Chapter 7 System Status and Port Statistics ..................73 7.1 Overview ..........................73 7.2 Port Status Summary ...................... 73 MGS-3712/MGS-3712F User’s Guide...
  • Page 13 .................. 108 9.10 Create an IP-based VLAN Example .................110 9.11 Port-based VLAN Setup ....................111 9.11.1 Configure a Port-based VLAN ................112 Chapter 10 Static MAC Forward Setup ....................115 10.1 Overview ...........................115 10.2 Configuring Static MAC Forwarding ................115 MGS-3712/MGS-3712F User’s Guide...
  • Page 14 Chapter 15 Broadcast Storm Control ..................... 151 15.1 Broadcast Storm Control Setup ..................151 Chapter 16 Mirroring ..........................153 16.1 Port Mirroring Setup ....................... 153 Chapter 17 Link Aggregation ........................155 17.1 Link Aggregation Overview ..................... 155 MGS-3712/MGS-3712F User’s Guide...
  • Page 15 21.2 Configuring Policy Rules ....................186 21.3 Viewing and Editing Policy Configuration ................ 189 21.4 Policy Example ........................ 191 Chapter 22 Queuing Method........................193 22.1 Queuing Method Overview ..................... 193 22.1.1 Strictly Priority Queuing ..................193 22.1.2 Weighted Fair Queuing ..................193 MGS-3712/MGS-3712F User’s Guide...
  • Page 16 25.1.1 Local User Accounts ....................222 25.1.2 RADIUS and TACACS+ ..................222 25.2 AAA Screens ........................222 25.2.1 RADIUS Server Setup ..................223 25.2.2 TACACS+ Server Setup ..................225 25.2.3 AAA Setup ......................227 25.2.4 Vendor Specific Attribute ..................230 MGS-3712/MGS-3712F User’s Guide...
  • Page 17 28.3 Configuring VLAN Mapping ..................... 267 Chapter 29 Layer 2 Protocol Tunneling....................269 29.1 Layer 2 Protocol Tunneling Overview ................269 29.1.1 Layer 2 Protocol Tunneling Mode ................270 29.2 Configuring Layer 2 Protocol Tunneling ................271 Part IV: IP Application................273 MGS-3712/MGS-3712F User’s Guide...
  • Page 18 Maintenance .......................... 297 33.1 The Maintenance Screen ....................297 33.2 Load Factory Default ...................... 298 33.3 Save Configuration ......................298 33.4 Reboot System ........................ 299 33.5 Firmware Upgrade ......................299 33.6 Restore a Configuration File ..................300 MGS-3712/MGS-3712F User’s Guide...
  • Page 19 35.1 Diagnostic ........................329 Chapter 36 Syslog ............................ 331 36.1 Syslog Overview ......................331 36.2 Syslog Setup ........................332 36.3 Syslog Server Setup ....................... 333 Chapter 37 Cluster Management......................335 37.1 Cluster Management Status Overview ................335 MGS-3712/MGS-3712F User’s Guide...
  • Page 20 41.2 Switch Access and Login ....................354 41.3 Switch Configuration ......................356 Chapter 42 Product Specifications ......................357 Part VII: Appendices and Index ............365 Appendix A Common Services..................... 367 Appendix B Legal Information ....................371 Index............................375 MGS-3712/MGS-3712F User’s Guide...

  • Page 21: Introduction And Hardware

    Introduction and Hardware Getting to Know Your Switch (23) Hardware Installation and Connection (29) Hardware Overview (33) Tutorials (45)

  • Page 23: Getting To Know Your Switch

    100/1000 Mbps RJ-45 port, with either port or slot active at a time. In addition, the MGS-3712F has 8 mini-GBIC slots. With its built-in web configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed via Telnet, any terminal emulator program on the console port, or third-party SNMP management.

  • Page 24: Bridging Example

    Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 2 Bridging Application MGS-3712/MGS-3712F User’s Guide...

  • Page 25: High Performance Switching Example

    Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re- cabling. MGS-3712/MGS-3712F User’s Guide...

  • Page 26: Ways To Manage The Switch

    Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. MGS-3712/MGS-3712F User’s Guide...
  • Page 27 If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. MGS-3712/MGS-3712F User’s Guide...
  • Page 28 Chapter 1 Getting to Know Your Switch MGS-3712/MGS-3712F User’s Guide...

  • Page 29: Hardware Installation And Connection

    Switch and the connected cables. Make sure there is a power outlet nearby. Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord. Remove the adhesive backing from the rubber feet. MGS-3712/MGS-3712F User’s Guide...

  • Page 30: Chapter 2 Hardware Installation And Connection

    • Make sure the rack will safely support the combined weight of all the equipment it contains. • Make sure the position of the Switch does not make the rack unstable or top- heavy. Take all necessary precautions to anchor the rack securely before installing the unit. MGS-3712/MGS-3712F User’s Guide...

  • Page 31: Attaching The Mounting Brackets To The Switch

    Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. Repeat steps to install the second mounting bracket on the other side of the Switch. You may now mount the Switch on a rack. Proceed to the next section. MGS-3712/MGS-3712F User’s Guide...

  • Page 32: Mounting The Switch On A Rack

    Figure 7 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. Repeat steps to attach the second mounting bracket on the other side of the rack. MGS-3712/MGS-3712F User’s Guide...

  • Page 33: Hardware Overview

    Ethernet Ports Dual Personality Interfaces MGS-3712F The following figure shows the front panel of the MGS-3712F. The front panel contains the Switch LEDs, 8 slots for mini-GBIC (Gigabit Interface Converter) transceivers, also known as SFP (Single form-factor Pluggable) transceivers, four dual personality interfaces each consisting of a mini-GBIC slot and a 1000BASE-T MGS-3712/MGS-3712F User’s Guide...
  • Page 34 Chapter 3 Hardware Overview RJ-45 port, one console and one management port for local management, and a slot for alarm management. Figure 9 Front Panel: MGS-3712F Console Port LEDs Management Port Signal slot Mini-GBIC slots Dual Personality Interfaces The following table describes the port labels on the front panel.

  • Page 35: Console Port

    When the Switch’s auto-negotiation is turned off, an Ethernet port uses the pre-configured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect. MGS-3712/MGS-3712F User’s Guide...

  • Page 36: Mini-Gbic Slots

    3.1.3.1 Transceiver Installation Use the following steps to install a mini-GBIC transceiver (SFP module). Insert the transceiver into the slot with the exposed section of PCB board facing down. Press the transceiver firmly until it clicks into place. MGS-3712/MGS-3712F User’s Guide...
  • Page 37 Figure 10 Transceiver Installation Example Figure 11 Connecting the Fiber Optic Cables 3.1.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). Remove the fiber optic cables from the transceiver. Open the transceiver’s latch (latch styles vary). MGS-3712/MGS-3712F User’s Guide...

  • Page 38: Management Port

    Chapter 42 on page 357, and make sure you are using an appropriate power source. Keep the power supply switch and the Switch’s power switch in the OFF position until you come to the procedure for turning on the power. MGS-3712/MGS-3712F User’s Guide...
  • Page 39 Connect one end of a power wire to the Switch’s -48V (input) pin and tighten the captive screw. Connect the other end of the power wire to the negative terminal on the power supply. Insert the terminal block plug in the Switch’s terminal block header. MGS-3712/MGS-3712F User’s Guide...

  • Page 40: Signal Slot

    Insert the wire and release the spring clip. Repeat the process for the sensor’s other signal output wire. A total of four sensors may be connected to the Signal connector in this way using the remaining signal input pins. MGS-3712/MGS-3712F User’s Guide...
  • Page 41 Use wires of the correct gauge to connect either of the signal output pin pairs (1- normal close, 2-common) or (2-common, 3-normal open) on the Signal connector to the input signal pin pairs of an Signal connector on another ZyXEL Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 42: Rear Panel

    11 10 Pin Assignments 3.2 Rear Panel The following figures show the rear panels of the MGS-3712 and MGS-3712F models. The rear panel contains a connector for external backup power supply. Figure 17 Rear Panel: MGS-3712 Figure 18 Rear Panel: MGS-3712F...

  • Page 43: Leds

    The Gigabit port is negotiating in half-duplex mode. MGMT Green Blinking The system is transmitting/receiving to/from an Ethernet device. The port is connected at 10Mbps. The port is not connected at 10Mbps or to an Ethernet device. MGS-3712/MGS-3712F User’s Guide...

  • Page 44: Configuring The Switch

    You can access the command line interface using a terminal emulation program on a computer connected to the Switch console port (see Section 3.1.1 on page or access the Switch using Telnet. The next part of this guide discusses configuring the Switch using the web configurator. MGS-3712/MGS-3712F User’s Guide...

  • Page 45: Tutorials

    Note: For related information about DHCP snooping, see Section 26.1 on page 235. The settings in this tutorial are as the following. Table 3 Tutorial: Settings in this Tutorial PORT DHCP SNOOPING HOST VLAN PVID CONNECTED PORT TRUSTED DHCP Server 1 and 100 MGS-3712/MGS-3712F User’s Guide...
  • Page 46 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add. Figure 20 Tutorial: Create a VLAN and Add Ports to It MGS-3712/MGS-3712F User’s Guide...
  • Page 47 Figure 21 Tutorial: Tag Untagged Frames Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 22 Tutorial: Specify DHCP VLAN MGS-3712/MGS-3712F User’s Guide...
  • Page 48 If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry. See Section 26.1.1.3 on page 237. Figure 24 Tutorial: Enable DHCP Snooping on this VLAN MGS-3712/MGS-3712F User’s Guide...

  • Page 49: How To Use Dhcp Relay On The Switch

    DHCP requests. 4.2.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) to DHCP client A based on MGS-3712/MGS-3712F User’s Guide...

  • Page 50: Creating A Vlan

    Figure 26 Tutorial: DHCP Relay Scenario DHCP Server Port 2 192.168.2.3 PVID=102 VLAN 102 172.16.1.18 4.2.2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102. Access the web configurator through the Switch’s management port. MGS-3712/MGS-3712F User’s Guide...
  • Page 51 Name field and enter 102 in the VLAN Group ID field. Select Fixed to configure port 2 to be a permanent member of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. MGS-3712/MGS-3712F User’s Guide...
  • Page 52 Figure 29 Tutorial: Click the VLAN Port Setting Link Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. MGS-3712/MGS-3712F User’s Guide...

  • Page 53: Configuring Dhcp Relay

    Click IP Application > DHCP and then the Global link to open the DHCP Relay screen. Select the Active check box. Enter the DHCP server’s IP address (192.168.2.3 in this example) in the Remote DHCP Server 1 field. Select the Option 82 and the Information check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 54: Troubleshooting

    Client A is connected to the Switch’s port 2 in VLAN 102. You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. You clicked the Save link on the Switch to have your settings take effect. MGS-3712/MGS-3712F User’s Guide...

  • Page 55: Basic Configuration

    Basic Configuration The Web Configurator (57) Initial Setup Example (67) System Status and Port Statistics (73) Basic Setting (79)

  • Page 57: The Web Configurator

    Start your web browser. Type “http://” and the IP address of the Switch (the default management IP address is 192.168.1.1 through an in-band (non-MGMT) port and 192.168.0.1 through the MGMT port) in the Location or Address field. Press [ENTER]. MGS-3712/MGS-3712F User’s Guide...

  • Page 58: The Status Screen

    Figure 33 Web Configurator Home Screen (Status) B C D E A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. MGS-3712/MGS-3712F User’s Guide...
  • Page 59 In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION The following table describes the links in the navigation panel. Table 5 Navigation Panel Links LINK DESCRIPTION Basic Settings MGS-3712/MGS-3712F User’s Guide...
  • Page 60 This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets. Queuing This link takes you to a screen where you can configure queuing with Method associated queue weights for each port. MGS-3712/MGS-3712F User’s Guide...
  • Page 61 This link takes you to a screen where you can view the MAC addresses – IP address resolution table. Configure This link takes you to a screen where you can copy attributes of one port Clone to other ports. MGS-3712/MGS-3712F User’s Guide...

  • Page 62: Change Your Password

    Note: Use the Save link when you are done with a configuration session. 5.5 Switch Lockout You could block yourself (and all others) from using in-band-management (managing through the data ports) if you do one of the following: Delete the management VLAN (default is VLAN 1). MGS-3712/MGS-3712F User’s Guide...

  • Page 63: Resetting The Switch

    Switch’s power, you will see the initial screen. When you see the message “Press any key to enter Debug Mode within 3 seconds ...” press any key to enter debug mode. Type atlc after the “Enter Debug Mode” message. MGS-3712/MGS-3712F User’s Guide...

  • Page 64: Logging Out Of The Web Configurator

    Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session for security reasons. Figure 36 Web Configurator: Logout Screen MGS-3712/MGS-3712F User’s Guide...

  • Page 65: Help

    Chapter 5 The Web Configurator 5.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. MGS-3712/MGS-3712F User’s Guide...
  • Page 66 Chapter 5 The Web Configurator MGS-3712/MGS-3712F User’s Guide...

  • Page 67: Initial Setup Example

    You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 37 Initial Setup Network Example: VLAN MGS-3712/MGS-3712F User’s Guide...

  • Page 68: Setting Port Vid

    Switch’s power is turned off. 6.1.2 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. MGS-3712/MGS-3712F User’s Guide...
  • Page 69 Setting link. Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run- time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS-3712/MGS-3712F User’s Guide...

  • Page 70: Configuring Switch Management Ip Address

    Switch. Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator. See Section 5.2 on page 57 for more information. MGS-3712/MGS-3712F User’s Guide...
  • Page 71 VLAN ID you configure in the Static VLAN screen. Click Add to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS-3712/MGS-3712F User’s Guide...
  • Page 72 Chapter 6 Initial Setup Example MGS-3712/MGS-3712F User’s Guide...

  • Page 73: System Status And Port Statistics

    The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 7.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 40 Status MGS-3712/MGS-3712F User’s Guide...

  • Page 74: Chapter 7 System Status And Port Statistics

    This field shows the total amount of time in hours, minutes and seconds the port has been up. Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical information for that port, or select Any to clear statistics for all ports. MGS-3712/MGS-3712F User’s Guide...

  • Page 75: Status: Port Details

    This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber). MGS-3712/MGS-3712F User’s Guide...
  • Page 76 Excessive collision is defined as the number of maximum collisions before the retransmission count is reset. Late This is the number of times a late collision is detected, that is, after 512 bits of the packets have already been transmitted. MGS-3712/MGS-3712F User’s Guide...
  • Page 77 This field shows the number of packets (including bad packets) received that were between 1519 octets in length and the maximum frame size. The maximum frame size varies depending on your switch model. See Chapter 42 on page 357. MGS-3712/MGS-3712F User’s Guide...
  • Page 78 Chapter 7 System Status and Port Statistics MGS-3712/MGS-3712F User’s Guide...

  • Page 79: Basic Setting

    Setup screen allows you to set up and configure global Switch features. The IP Setup screen allows you to configure a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes. MGS-3712/MGS-3712F User’s Guide...

  • Page 80: System Information

    This field displays the maximum temperature measured at this sensor. This field displays the minimum temperature measured at this sensor. Threshold This field displays the upper temperature limit at this sensor. Status This field displays Normal for temperatures below the threshold and Error for those above. MGS-3712/MGS-3712F User’s Guide...
  • Page 81 This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. MGS-3712/MGS-3712F User’s Guide...

  • Page 82: General Setup

    Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. Contact Enter the name of the person in charge of this Switch. You can use up to Person's Name 32 printable ASCII characters; spaces are allowed. MGS-3712/MGS-3712F User’s Guide...
  • Page 83 European Union you would select Last, Sunday, March and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). MGS-3712/MGS-3712F User’s Guide...

  • Page 84: Introduction To Vlans

    With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. Chapter 9 on page 95 for information on port-based and 802.1Q tagged VLANs. MGS-3712/MGS-3712F User’s Guide...

  • Page 85: Switch Setup Screen

    Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. See the chapter on VLAN setup for more background information. MGS-3712/MGS-3712F User’s Guide...
  • Page 86 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3712F User’s Guide...

  • Page 87: Ip Setup

    IP address. The factory default subnet mask is 255.255.255.0. You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). MGS-3712/MGS-3712F User’s Guide...
  • Page 88 DNS (Domain Name System) is for mapping a domain name to its Server corresponding IP address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address. MGS-3712/MGS-3712F User’s Guide...
  • Page 89 The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring the fields again. MGS-3712/MGS-3712F User’s Guide...
  • Page 90 This field displays the IP address of the default gateway. Delete Check the management IP addresses that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the selected checkboxes in the Delete column. MGS-3712/MGS-3712F User’s Guide...

  • Page 91: Port Setup

    Enter a descriptive name that identifies this port. You can enter up to 64 alpha-numerical characters. Note: Due to space limitation, the port name may be truncated in some web configurator screens. Type This field displays 10/100/1000M for Gigabit connections. MGS-3712/MGS-3712F User’s Guide...
  • Page 92 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 93: Advanced

    Advanced VLAN (95) Loop Guard (261) Static MAC Forward Setup (115) VLAN Mapping (265) Static Multicast Forward Setup (119) Layer 2 Protocol Tunneling (269) Filtering (123) Spanning Tree Protocol (125) Bandwidth Control (147) Broadcast Storm Control (151) Mirroring (153) Link Aggregation (155) Port Authentication (165) Port Security (171) Classifier (177)

  • Page 95: Vlan

    3 Bits 1 Bit 12 bits 9.1.1 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware MGS-3712/MGS-3712F User’s Guide...

  • Page 96: Automatic Vlan Registration

    Please refer to the following table for common IEEE 802.1Q VLAN terminology. Table 13 IEEE 802.1Q VLAN Terminology VLAN TERM DESCRIPTION PARAMETER VLAN Type Permanent VLAN This is a static VLAN created manually. Dynamic VLAN This is a VLAN configured by a GVRP registration/ deregistration process. MGS-3712/MGS-3712F User’s Guide...

  • Page 97: Port Vlan Trunking

    VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with MGS-3712/MGS-3712F User’s Guide...

  • Page 98: Select The Vlan Type

    • sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. MGS-3712/MGS-3712F User’s Guide...

  • Page 99: Static Vlan Status

    GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR). Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. MGS-3712/MGS-3712F User’s Guide...

  • Page 100: Vlan Details

    Multicast VLAN Registration (MVR). 9.5.3 Configure a Static VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. Section 9.1 on page 95 for more information on static VLAN. To configure a MGS-3712/MGS-3712F User’s Guide...
  • Page 101 This name consists of up to 64 printable characters. VLAN Group Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Port The port number identifies the port you are configuring. MGS-3712/MGS-3712F User’s Guide...
  • Page 102 This field indicates whether the VLAN settings are enabled (Yes) or disabled (No). Name This field displays the descriptive name for this VLAN group. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 103: Configure Vlan Port Settings

    Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MGS-3712/MGS-3712F User’s Guide...

  • Page 104: Subnet Based Vlans

    IP subnets. Traffic for voice services is designated for IP subnet 172.16.1.0/24, video for 192.168.1.0/24 and data for 10.1.1.0/24. The Switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames. MGS-3712/MGS-3712F User’s Guide...

  • Page 105: Configuring Subnet Based Vlan

    Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 9.7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. MGS-3712/MGS-3712F User’s Guide...
  • Page 106 Check this box to activate the IP subnet VLAN you are creating or editing. Name Enter up to 32 alpha numeric characters to identify this subnet based VLAN. Enter the IP address of the subnet for which you want to configure this subnet based VLAN. MGS-3712/MGS-3712F User’s Guide...

  • Page 107: Protocol Based Vlans

    IEEE 802.1Q tagged VLAN. For example, port 1, 2, 3 and 4 belong to static VLAN 100, and port 4, 5, 6, 7 belong to static VLAN 120. You configure a protocol based VLAN A with priority 3 MGS-3712/MGS-3712F User’s Guide...

  • Page 108: Configuring Protocol Based Vlan

    Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 56 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN MGS-3712/MGS-3712F User’s Guide...
  • Page 109 This field shows the priority which is assigned to frames belonging to this protocol based VLAN. Delete Click this to delete the protocol based VLANs which you marked for deletion. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 110: Create An Ip-Based Vlan Example

    To add more ports to this protocol based VLAN. Click the index number of the protocol based VLAN entry. Click 1 Change the value in the Port field to the next port you want to add. Click Add. MGS-3712/MGS-3712F User’s Guide...

  • Page 111: Port-Based Vlan Setup

    Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. MGS-3712/MGS-3712F User’s Guide...

  • Page 112: Configure A Port-Based Vlan

    Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 58 Port Based VLAN Setup (All Connected) MGS-3712/MGS-3712F User’s Guide...
  • Page 113 (its outgoing port). CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port. MGS-3712/MGS-3712F User’s Guide...
  • Page 114 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 115: Static Mac Forward Setup

    Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See Chapter 19 on page for more information on port security. MGS-3712/MGS-3712F User’s Guide...
  • Page 116 This field displays the descriptive name for identification purposes for this static MAC address-forwarding rule. MAC Address This field displays the MAC address that will be forwarded and the VLAN identification number to which the MAC address belongs. MGS-3712/MGS-3712F User’s Guide...
  • Page 117 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...
  • Page 118 Chapter 10 Static MAC Forward Setup MGS-3712/MGS-3712F User’s Guide...

  • Page 119: Static Multicast Forward Setup

    24.3 on page 207). Figure 61 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to port(s) within a VLAN group. Figure 62 shows frames being forwarded to devices MGS-3712/MGS-3712F User’s Guide...

  • Page 120: Configuring Static Multicast Forwarding

    Figure 62 Static Mutlicast Forwarding to A Single Port Figure 63 Static Mutlicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). MGS-3712/MGS-3712F User’s Guide...
  • Page 121 Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to begin configuring this screen afresh. Index Click an index number to modify a static multicast MAC address rule for port(s). MGS-3712/MGS-3712F User’s Guide...
  • Page 122 This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 123: Filtering

    Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next. Figure 65 Advanced Application > Filtering MGS-3712/MGS-3712F User’s Guide...
  • Page 124 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MGS-3712/MGS-3712F User’s Guide...

  • Page 125: Spanning Tree Protocol

    RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. Note: In this user’s guide, “STP” refers to both STP and RSTP. 13.1.1 STP Terminology The root bridge is the base of the spanning tree. MGS-3712/MGS-3712F User’s Guide...

  • Page 126: How Stp Works

    Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. MGS-3712/MGS-3712F User’s Guide...

  • Page 127: Stp Port States

    In the following example, there are two RSTP instances (MRSTP 1 and MRSTP2) on switch A. To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree. MGS-3712/MGS-3712F User’s Guide...

  • Page 128: Multiple Stp

    13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be MGS-3712/MGS-3712F User’s Guide...
  • Page 129 MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region. MGS-3712/MGS-3712F User’s Guide...
  • Page 130 STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions MGS-3712/MGS-3712F User’s Guide...

  • Page 131: Spanning Tree Protocol Status Screen

    This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 132: Spanning Tree Configuration

    Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 133: Configure Rapid Spanning Tree Protocol

    Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 134 Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost - see Table 24 on page 126 for more information. MGS-3712/MGS-3712F User’s Guide...

  • Page 135: Rapid Spanning Tree Protocol Status

    MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. Hello Time This is the time interval (in seconds) at which the root switch transmits (second) a configuration message. The root bridge determines Hello Time, Max Age and Forwarding Delay. MGS-3712/MGS-3712F User’s Guide...
  • Page 136 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MGS-3712/MGS-3712F User’s Guide...

  • Page 137: Configure Multiple Rapid Spanning Tree Protocol

    Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 138 Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost - see Table 24 on page 126 for more information. MGS-3712/MGS-3712F User’s Guide...

  • Page 139: Multiple Rapid Spanning Tree Protocol Status

    Bridge is this switch. This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 140 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MGS-3712/MGS-3712F User’s Guide...

  • Page 141: Configure Multiple Spanning Tree Protocol

    13.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 128 for more information on MSTP. Figure 77 Advanced Application > Spanning Tree Protocol > MSTP MGS-3712/MGS-3712F User’s Guide...
  • Page 142 Click Cancel to begin configuring this screen afresh. Instance Use this section to configure MSTI (Multiple Spanning Tree Instance) settings. Instance Enter the number you want to use to identify this MST instance on the Switch. The Switch supports instance numbers 0-16. MGS-3712/MGS-3712F User’s Guide...
  • Page 143 This field displays the ID of an MST instance. VLAN This field displays the VID (or VID ranges) to which the MST instance is mapped. Active Port This field display the ports configured to participate in the MST instance. MGS-3712/MGS-3712F User’s Guide...

  • Page 144: Multiple Spanning Tree Protocol Status

    See Section 13.1.5 on page 128 more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 78 Advanced Application > Spanning Tree Protocol > Status: MSTP MGS-3712/MGS-3712F User’s Guide...
  • Page 145 This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 146 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. MGS-3712/MGS-3712F User’s Guide...

  • Page 147: Bandwidth Control

    CIR will be marked for drop. Note: The CIR should be less than the PIR. The sum of CIRs cannot be greater than or equal to the uplink bandwidth. MGS-3712/MGS-3712F User’s Guide...

  • Page 148: Bandwidth Control Setup

    The commit rate should be less than the peak rate. The sum of commit rates cannot be greater than or equal to the uplink bandwidth. Active Select this check box to activate peak rate limits on this port. MGS-3712/MGS-3712F User’s Guide...
  • Page 149 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3712F User’s Guide...
  • Page 150 Chapter 14 Bandwidth Control MGS-3712/MGS-3712F User’s Guide...

  • Page 151: Broadcast Storm Control

    DLF packets in your network. You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 80 Advanced Application > Broadcast Storm Control MGS-3712/MGS-3712F User’s Guide...
  • Page 152 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3712F User’s Guide...

  • Page 153: Mirroring

    Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 81 Advanced Application > Mirroring MGS-3712/MGS-3712F User’s Guide...
  • Page 154 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3712F User’s Guide...

  • Page 155: Link Aggregation

    The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking. The Switch supports the link aggregation IEEE802.3ad standard. This standard describes the Link Aggregation Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. MGS-3712/MGS-3712F User’s Guide...

  • Page 156: Link Aggregation Id

    Table 37 Link Aggregation ID: Peer Switch SYSTEM PORT MAC ADDRESS PORT NUMBER PRIORITY PRIORITY 0000 00-00-00-00-00-00 0000 0000 Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MGS-3712/MGS-3712F User’s Guide...

  • Page 157: Link Aggregation Status

    Refer to Section 17.2.1 on page 156 for more information on this field. The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group. MGS-3712/MGS-3712F User’s Guide...
  • Page 158 This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. MGS-3712/MGS-3712F User’s Guide...

  • Page 159: Link Aggregation Setting

    This is the only screen you need to configure to enable static link Aggregation aggregation. Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. MGS-3712/MGS-3712F User’s Guide...
  • Page 160 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 161: Link Aggregation Control Protocol

    Table 40 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable Aggregation dynamic link aggregation. Control Protocol Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). MGS-3712/MGS-3712F User’s Guide...

  • Page 162: Static Trunking Example

    Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 17.6 Static Trunking Example This example shows you how to create a static port trunk group for ports 2-5. MGS-3712/MGS-3712F User’s Guide...
  • Page 163 Click Apply when you are done. Figure 86 Trunking Example - Configuration Screen MGS-3712/MGS-3712F User’s Guide...
  • Page 164 Chapter 17 Link Aggregation Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. MGS-3712/MGS-3712F User’s Guide...

  • Page 165: Port Authentication

    When the client provides the login credentials, the Switch sends an authentication At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MGS-3712/MGS-3712F User’s Guide...

  • Page 166: Mac Authentication

    MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the MGS-3712/MGS-3712F User’s Guide...

  • Page 167: Port Authentication Configuration

    (both on the Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen. Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Figure 89 Advanced Application > Port Authentication MGS-3712/MGS-3712F User’s Guide...

  • Page 168: Activate Ieee 802.1X Security

    Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this checkbox to permit 802.1x authentication on this port. You must first allow 802.1x authentication on the Switch before configuring it on each port. MGS-3712/MGS-3712F User’s Guide...

  • Page 169: Activate Mac Authentication

    Click Cancel to begin configuring this screen afresh. 18.2.2 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. Figure 91 Advanced Application > Port Authentication > MAC Authentication MGS-3712/MGS-3712F User’s Guide...
  • Page 170 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 171: Port Security

    MAC address(es) for a port. It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. MGS-3712/MGS-3712F User’s Guide...

  • Page 172: Port Security Setup

    MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list. Port This field displays the port number. MGS-3712/MGS-3712F User’s Guide...
  • Page 173 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 174: Vlan Mac Address Limit

    This field displays the index number of the rule. Click an index number to change the settings. Active This field displays Yes when the rule is activated and No when is it deactivated. Port This field displays the number of the port to which this rule is applied. MGS-3712/MGS-3712F User’s Guide...
  • Page 175 This is the maximum number of MAC addresses which a port can learn in a VLAN. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MGS-3712/MGS-3712F User’s Guide...
  • Page 176 Chapter 19 Port Security MGS-3712/MGS-3712F User’s Guide...

  • Page 177: Classifier

    Use the Classifier screen to define the classifiers. After you define the classifier, you can specify actions (or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 21 on page 185. MGS-3712/MGS-3712F User’s Guide...
  • Page 178 Ethernet II tagged and Ethernet II untagged. A value of 802.3 indicates that the packets are formatted according to the IEEE 802.3 standards. A value of Ethernet II indicates that the packets are formatted according to RFC 894, Ethernet II encapsulation. MGS-3712/MGS-3712F User’s Guide...
  • Page 179 Specify the address prefix by entering the number of ones in the subnet mask. Address Prefix A subnet mask can be represented in a 32-bit notation. For example, the subnet mask “255.255.255.0” can be represented as “11111111.11111111.11111111.00000000”, and counting up the number of ones in this case results in 24. MGS-3712/MGS-3712F User’s Guide...

  • Page 180: Viewing And Editing Classifier Configuration

    Classifier screen. To change the settings of a rule, click a number in the Index field. Note: When two rules conflict with each other, a higher layer rule has priority over lower layer rule. Figure 95 Advanced Application > Classifier: Summary Table MGS-3712/MGS-3712F User’s Guide...
  • Page 181 The following table shows some common protocol types and the corresponding protocol number. Refer to http://www.iana.org/assignments/ protocol-numbers for a complete list. Table 48 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ICMP L2TP MGS-3712/MGS-3712F User’s Guide...

  • Page 182: Classifier Example

    Appendix A on page 367 for information on commonly used port numbers. 20.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. MGS-3712/MGS-3712F User’s Guide...
  • Page 183 Chapter 20 Classifier After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. Figure 96 Classifier: Example MGS-3712/MGS-3712F User’s Guide...
  • Page 184 Chapter 20 Classifier MGS-3712/MGS-3712F User’s Guide...

  • Page 185: Policy Rule

    DS field. DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. DSCP (6 bits) Unused (2 bits) MGS-3712/MGS-3712F User’s Guide...

  • Page 186: Configuring Policy Rules

    DSCP values and the configured policies. 21.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 20.2 on page 177 for more information. MGS-3712/MGS-3712F User’s Guide...
  • Page 187 Figure 97 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 50 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. MGS-3712/MGS-3712F User’s Guide...
  • Page 188 Select Replace the IP TOS with the 802.1 priority value to replace the TOS field with the value you configure in the Priority field. Select Set the Diffserv Codepoint field in the frame to set the DSCP field with the value you configure in the DSCP field. MGS-3712/MGS-3712F User’s Guide...

  • Page 189: Viewing And Editing Policy Configuration

    To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Policy screen. To change the settings of a rule, click a number in the Index field. Figure 98 Advanced Application > Policy Rule: Summary Table MGS-3712/MGS-3712F User’s Guide...
  • Page 190 This field displays the name you have assigned to this policy. Classifier(s This field displays the name(s) of the classifier to which this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 191: Policy Example

    The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 182). Figure 99 Policy Example MGS-3712/MGS-3712F User’s Guide...
  • Page 192 Chapter 21 Policy Rule MGS-3712/MGS-3712F User’s Guide...

  • Page 193: Queuing Method

    By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. Guaranteed quantum is calculated as Queue Weight x 2048 bytes. MGS-3712/MGS-3712F User’s Guide...

  • Page 194: Weighted Round Robin Scheduling (Wrr)

    Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. MGS-3712/MGS-3712F User’s Guide...

  • Page 195: Configuring Queuing

    Chapter 22 Queuing Method 22.2 Configuring Queuing Click Advanced Application > Queuing Method in the navigation panel. Figure 100 Advanced Application > Queuing Method MGS-3712/MGS-3712F User’s Guide...
  • Page 196 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 197: Vlan Stacking

    (SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to MGS-3712/MGS-3712F User’s Guide...

  • Page 198: Vlan Stacking Port Roles

    All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by SP VID). Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. MGS-3712/MGS-3712F User’s Guide...

  • Page 199: Vlan Tag Format

    Configure the fields as highlighted in the Switch VLAN Stacking screen. Table 54 Single and Double Tagged 802.11Q Frame Format Len/ FCS Untagged Etype Ethernet frame Priorit Len/ FCS IEEE 802.1Q Etype customer tagged frame SA Tunne Priori Priorit Len/ FCS Double- l TPID Etype tagged frame MGS-3712/MGS-3712F User’s Guide...

  • Page 200: Configuring Vlan Stacking

    The following table describes the labels in this screen. Table 56 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active Select this to enable VLAN stacking on the Switch. Port The port number identifies the port you are configuring. MGS-3712/MGS-3712F User’s Guide...

  • Page 201: Port-Based Q-In-Q

    23.4.1 Port-based Q-in-Q Port-based Q-in-Q lets the Switch treat all frames received on the same port as the same VLAN flows and add the same outer VLAN tag to them, even they have different customer VLAN IDs. MGS-3712/MGS-3712F User’s Guide...

  • Page 202: Selective Q-In-Q

    Click Cancel to begin configuring this screen afresh. 23.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Switch to add different outer VLAN tags to the incoming frames received on one port according to their inner VLAN tags. MGS-3712/MGS-3712F User’s Guide...
  • Page 203 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...
  • Page 204 This is the service provider’s priority level in the packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 205: Multicast

    (such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. MGS-3712/MGS-3712F User’s Guide...

  • Page 206: Igmp Snooping

    This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. MGS-3712/MGS-3712F User’s Guide...

  • Page 207: Multicast Setting

    Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Querier Select this option to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached. MGS-3712/MGS-3712F User’s Guide...
  • Page 208 This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host. MGS-3712/MGS-3712F User’s Guide...
  • Page 209 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 210: Igmp Snooping Vlan

    Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.1.4 on page 206 for more information on IGMP Snooping VLAN. Figure 107 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN MGS-3712/MGS-3712F User’s Guide...
  • Page 211 This field displays the ID number of the VLAN group. Delete Check the rule(s) that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 212: Igmp Filtering Profile

    Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile. If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. MGS-3712/MGS-3712F User’s Guide...

  • Page 213: Mvr Overview

    The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. Figure 109 MVR Network Example MGS-3712/MGS-3712F User’s Guide...

  • Page 214: Types Of Mvr Ports

    VLAN 1 on the receiver port (in this case, a DSL port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination MGS-3712/MGS-3712F User’s Guide...

  • Page 215: General Mvr Configuration

    VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to display the screen as shown next. Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 216 Compatible. Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports. Port This field displays the port number on the Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 217: Mvr Group Configuration

    All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. MGS-3712/MGS-3712F User’s Guide...
  • Page 218 Click Cancel to begin configuring this screen afresh. MVLAN This field displays the multicast VLAN ID. Name This field displays the descriptive name for this setting. Start This field displays the starting IP address of the multicast group. Address MGS-3712/MGS-3712F User’s Guide...

  • Page 219: Mvr Configuration Example

    S. Computers A, B and C in VLAN are able to receive the traffic. Figure 113 MVR Configuration Example To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 114 MVR Configuration Example MGS-3712/MGS-3712F User’s Guide...
  • Page 220 Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 115 MVR Group Configuration Example Figure 116 MVR Group Configuration Example MGS-3712/MGS-3712F User’s Guide...

  • Page 221: Aaa

    The external servers that perform authentication, authorization and accounting functions are known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see Section 25.1.2 on page 222) and TACACS+ (Terminal Access Controller Access-Control System Plus, see Section MGS-3712/MGS-3712F User’s Guide...

  • Page 222: Local User Accounts

    The AAA screens allow you to enable authentication, authorization, accounting or all of them on the Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or both) and then set up the authentication priority, activate authorization and configure accounting settings. MGS-3712/MGS-3712F User’s Guide...

  • Page 223: Radius Server Setup

    RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 119 Advanced Application > AAA > RADIUS Server Setup MGS-3712/MGS-3712F User’s Guide...
  • Page 224 Enter the IP address of an external RADIUS accounting server in dotted decimal notation. UDP Port The default port of a RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so. MGS-3712/MGS-3712F User’s Guide...

  • Page 225: Tacacs+ Server Setup

    Section 25.1.2 on page 222 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the AAA screen to view the screen as shown. Figure 120 Advanced Application > AAA > TACACS+ Server Setup MGS-3712/MGS-3712F User’s Guide...
  • Page 226 Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. TCP Port The default port of a TACACS+ server for accounting is 49. You need not change this value unless your network administrator instructs you to do MGS-3712/MGS-3712F User’s Guide...

  • Page 227: Aaa Setup

    Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 121 Advanced Application > AAA > AAA Setup MGS-3712/MGS-3712F User’s Guide...
  • Page 228 Exec: Allow an administrator which logs in the Switch through Telnet or SSH to have different access privilege level assigned via the external server. • Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via the external server. MGS-3712/MGS-3712F User’s Guide...
  • Page 229 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 230: Vendor Specific Attribute

    VSAs for users authenticating via the RADIUS server. The following table describes the VSAs supported on the Switch. Table 69 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 Assignment Vendor-Type = 1 Vendor-data = ingress rate (Kbps in decimal format) MGS-3712/MGS-3712F User’s Guide...

  • Page 231: Supported Radius Attributes

    Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This appendix lists the RADIUS attributes supported by the Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 232: Attributes Used For Authentication

    25.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator MGS-3712/MGS-3712F User’s Guide...

  • Page 233: Attributes Used For Accounting

    Table 71 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-Identifier NAS-IP-Address Service-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Session-Time Acct-Terminate-Cause Table 72 RADIUS Attributes - Exec Events via Telnet/SSH ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-Identifier NAS-IP-Address Service-Type Calling-Station-Id Acct-Status-Type Acct-Delay-Time MGS-3712/MGS-3712F User’s Guide...
  • Page 234 Table 73 RADIUS Attributes - Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-IP-Address NAS-Port Class Called-Station-Id Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output- Gigawords MGS-3712/MGS-3712F User’s Guide...

  • Page 235: Ip Source Guard

    • ARP inspection. Use this to filter unauthorized ARP packets on the network. If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you have to enable DHCP snooping before you enable ARP inspection. MGS-3712/MGS-3712F User’s Guide...

  • Page 236: Dhcp Snooping Overview

    The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server. If you set up the DHCP snooping database, the Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts. MGS-3712/MGS-3712F User’s Guide...
  • Page 237 (Chapter 32 on page 287). 26.1.1.4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch. Enable DHCP snooping on the Switch. Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. MGS-3712/MGS-3712F User’s Guide...

  • Page 238: Arp Inspection Overview

    These MAC address filters are different than regular MAC address filters (Chapter 12 on page 123). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. MGS-3712/MGS-3712F User’s Guide...

  • Page 239: Ip Source Guard

    Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns MGS-3712/MGS-3712F User’s Guide...

  • Page 240: Ip Source Guard Static Binding

    Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the MGS-3712/MGS-3712F User’s Guide...
  • Page 241 This binding was learned from information provided manually by an administrator. VLAN This field displays the source VLAN ID in the binding. Port This field displays the port number in the binding. If this field is blank, the binding applies to all ports. MGS-3712/MGS-3712F User’s Guide...
  • Page 242 Chapter 26 IP Source Guard Table 75 IP Source Guard Static Binding (continued) LABEL DESCRIPTION Delete Select this, and click Delete to remove the specified entry. Cancel Click this to clear the Delete check boxes above. MGS-3712/MGS-3712F User’s Guide...

  • Page 243: Dhcp Snooping

    Chapter 26 IP Source Guard 26.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 126 DHCP Snooping MGS-3712/MGS-3712F User’s Guide...
  • Page 244 DHCP snooping database for any reason. Startup failures This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database. MGS-3712/MGS-3712F User’s Guide...
  • Page 245 Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore. MGS-3712/MGS-3712F User’s Guide...

  • Page 246: Dhcp Snooping Configure

    TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 127 DHCP Snooping Configure MGS-3712/MGS-3712F User’s Guide...
  • Page 247 If there is a conflict, the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen (Section 26.4 on page 243). MGS-3712/MGS-3712F User’s Guide...

  • Page 248: Dhcp Snooping Port Configure

    You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 128 DHCP Snooping Port Configure MGS-3712/MGS-3712F User’s Guide...

  • Page 249: Dhcp Snooping Vlan Configure

    Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 32 on page 287) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To MGS-3712/MGS-3712F User’s Guide...
  • Page 250 DHCP VLAN, if specified, or VLAN. You can configure the system name in the General Setup screen. See Chapter 8 on page 79. You can specify the DHCP VLAN in the DHCP Snooping Configure screen. See Section 26.5 on page 246. MGS-3712/MGS-3712F User’s Guide...

  • Page 251: Arp Inspection Status

    Port This field displays the source port of the discarded ARP packet. Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). MGS-3712/MGS-3712F User’s Guide...

  • Page 252: Arp Inspection Vlan Status

    VLAN ID (End VID) you want to look at. Apply Click this to display the specified range of VLANs in the section below. This field displays the VLAN ID of each VLAN in the range specified above. MGS-3712/MGS-3712F User’s Guide...

  • Page 253: Arp Inspection Log Status

    This field displays the source VLAN ID of the ARP packet. Sender Mac This field displays the source MAC address of the ARP packet. Sender IP This field displays the source IP address of the ARP packet. MGS-3712/MGS-3712F User’s Guide...

  • Page 254: Arp Inspection Configure

    This field displays when the log message was generated. 26.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global MGS-3712/MGS-3712F User’s Guide...
  • Page 255 Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 26.6.2 on page 253. MGS-3712/MGS-3712F User’s Guide...

  • Page 256: Arp Inspection Port Configure

    Click this to reset the values in this screen to their last-saved values. 26.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives MGS-3712/MGS-3712F User’s Guide...
  • Page 257 These settings have no effect on trusted ports. Rate (pps) Specify the maximum rate (1-2048 packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit. MGS-3712/MGS-3712F User’s Guide...

  • Page 258: Arp Inspection Vlan Configure

    Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. MGS-3712/MGS-3712F User’s Guide...
  • Page 259 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MGS-3712/MGS-3712F User’s Guide...
  • Page 260 Chapter 26 IP Source Guard MGS-3712/MGS-3712F User’s Guide...

  • Page 261: Loop Guard

    If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: • It will receive broadcast messages sent out from the switch in loop state. MGS-3712/MGS-3712F User’s Guide...
  • Page 262 The following figure illustrates three switches forming a loop. A sample path of the loop guard probe packet is also shown. In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on MGS-3712/MGS-3712F User’s Guide...

  • Page 263: Loop Guard Setup

    Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled. Figure 140 Advanced Application > Loop Guard MGS-3712/MGS-3712F User’s Guide...
  • Page 264 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 265: Vlan Mapping

    VLAN ID from 12 into 123 before forwarding the packets. Any packets carrying a VLAN tag other than 12 (such as 10) and received on port 3 will be dropped. Figure 141 VLAN mapping example Service Provider Network Port 3 MGS-3712/MGS-3712F User’s Guide...

  • Page 266: Enabling Vlan Mapping

    Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 267: Configuring Vlan Mapping

    Cancel Click Cancel to reset the fields to your previous configuration. Index This is the number of the VLAN mapping entry in the table. MGS-3712/MGS-3712F User’s Guide...
  • Page 268 This is the priority level that replaces the customer priority level in the tagged packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...

  • Page 269: Layer 2 Protocol Tunneling

    B, C and D. Topology change information can be propagated throughout the service provider’s network. To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and MGS-3712/MGS-3712F User’s Guide...

  • Page 270: Layer 2 Protocol Tunneling Mode

    • The Tunnel port is an egress port at the edge of the service provider's network and connected to another service provider’s switch. Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port. MGS-3712/MGS-3712F User’s Guide...

  • Page 271: Configuring Layer 2 Protocol Tunneling

    Note: All the edge switches in the service provider’s network should be set to use the same MAC address for encapsulation. Port This field displays the port number. MGS-3712/MGS-3712F User’s Guide...
  • Page 272 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 273: Ip Application

    IP Application Static Route (275) Differentiated Services (279) DHCP (287)

  • Page 275: Static Route

    R1 which routes it back to the manager’s computer. The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2. Figure 147 Static Routing Overview SNMP Telnet MGS-3712/MGS-3712F User’s Guide...

  • Page 276: Configuring Static Routing

    Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the above fields to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. MGS-3712/MGS-3712F User’s Guide...
  • Page 277 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3712F User’s Guide...
  • Page 278 Chapter 30 Static Route MGS-3712/MGS-3712F User’s Guide...

  • Page 279: Differentiated Services

    Figure 149 DiffServ: Differentiated Service Field DSCP (6 bits) CU (2 bits) DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. MGS-3712/MGS-3712F User’s Guide...

  • Page 280: Diffserv Network Example

    Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria. MGS-3712/MGS-3712F User’s Guide...

  • Page 281: Trtcm-Color-Blind Mode

    Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green. Figure 151 TRTCM-Color-blind Mode Exceed Exceed Low Packet Loss PIR? CIR? High Packet Medium Packet Loss Loss MGS-3712/MGS-3712F User’s Guide...

  • Page 282: Trtcm-Color-Aware Mode

    Low Packet Red? Yellow? Loss PIR? CIR? Medium Packet High Packet High Packet Medium Packet Loss Loss Loss Loss 31.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). MGS-3712/MGS-3712F User’s Guide...
  • Page 283 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 284: Configuring 2-Rate 3 Color Marker Settings

    All incoming packets are evaluated against the CIR and PIR. Select color-aware to treat the packets as marked by some preceding entity. Incoming packets are evaluated based on their existing color. Incoming packets that are not marked proceed through the Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 285: Dscp-To-Ieee 802.1P Priority Settings

    The following table shows the default DSCP-to-IEEE802.1p mapping. Table 93 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0 – 7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE 802.1p MGS-3712/MGS-3712F User’s Guide...

  • Page 286: Configuring Dscp Settings

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 287: Dhcp

    • Global - The Switch forwards all DHCP requests to the same DHCP server. • VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. MGS-3712/MGS-3712F User’s Guide...

  • Page 288: Dhcp Status

    DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information. Please refer to RFC 3046 for more details. MGS-3712/MGS-3712F User’s Guide...

  • Page 289: Configuring Dhcp Global Relay

    Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 157 IP Application > DHCP > Global MGS-3712/MGS-3712F User’s Guide...

  • Page 290: Global Dhcp Relay Configuration Example

    Figure 158 Global DHCP Relay Network Example DHCP Server: 192.168.1.100 VLAN2 VLAN1 Configure the DHCP Relay screen as shown. Make sure you select the Option 82 check box to set the Switch to send additional information (such as the VLAN ID) MGS-3712/MGS-3712F User’s Guide...

  • Page 291: Configuring Dhcp Vlan Settings

    Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. Section 8.6 on page 87 for information on how to set up management IP addresses for VLANs. Figure 160 IP Application > DHCP > VLAN MGS-3712/MGS-3712F User’s Guide...

  • Page 292: Example: Dhcp Relay For Two Vlans

    The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server MGS-3712/MGS-3712F User’s Guide...
  • Page 293 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 161 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 162 DHCP Relay for Two VLANs Configuration Example MGS-3712/MGS-3712F User’s Guide...
  • Page 294 Chapter 32 DHCP MGS-3712/MGS-3712F User’s Guide...

  • Page 295: Management

    Management Maintenance (297) Access Control (305) Diagnostic (329) Syslog (331) Cluster Management (335) MAC Table (343) ARP Table (347) Configure Clone (349)

  • Page 297: Maintenance

    2) is currently operating on the Switch. Firmware Click Click Here to go to the Firmware Upgrade screen. Upgrade Restore Click Click Here to go to the Restore Configuration screen. Configuratio Backup Click Click Here to go to the Backup Configuration screen. Configuratio MGS-3712/MGS-3712F User’s Guide...

  • Page 298: Load Factory Default

    IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1). 33.3 Save Configuration Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 299: Reboot System

    Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. MGS-3712/MGS-3712F User’s Guide...

  • Page 300: Restore A Configuration File

    Path text box or click Browse to locate it. After you have specified the file, click Restore. "config" is the name of the configuration file on the Switch, so your backup configuration file is automatically renamed when you restore using this screen. MGS-3712/MGS-3712F User’s Guide...

  • Page 301: Backup A Configuration File

    The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing. MGS-3712/MGS-3712F User’s Guide...

  • Page 302: Ftp Command Line Procedure

    Enter open, followed by a space and the IP address of your Switch. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter bin to set transfer mode to binary. MGS-3712/MGS-3712F User’s Guide...

  • Page 303: Gui-Based Ftp Clients

    • FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MGS-3712/MGS-3712F User’s Guide...
  • Page 304 Chapter 33 Maintenance MGS-3712/MGS-3712F User’s Guide...

  • Page 305: Access Control

    See the CLI Reference Guide for more information on disabling multi-login. 34.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 169 Management > Access Control MGS-3712/MGS-3712F User’s Guide...

  • Page 306: About Snmp

    Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. MGS-3712/MGS-3712F User’s Guide...

  • Page 307: Snmp V3 And Security

    • RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c • RFC 1757 RMON • SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP MGS-3712/MGS-3712F User’s Guide...

  • Page 308: Snmp Traps

    This trap is sent when the 1.3.6.1.4.1.890.1.5.8.48.2 temperature goes above or 5.2.1 below the normal operating range. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.1 TemperatureEventClear MGS-3712F: This trap is sent when the 1.3.6.1.4.1.890.1.5.8.48.2 temperature returns to the 5.2.2 normal operating range. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.2 MGS-3712/MGS-3712F User’s Guide...
  • Page 309 This trap is sent when the 1.3.6.1.4.1.890.1.5.8.48.2 Switch gets the time and date 5.2.2 from a time server. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.2 intrusionloc IntrusionLockEventOn MGS-3712F: This trap is sent when intrusion 1.3.6.1.4.1.890.1.5.8.48.2 lock occurs on a port. 5.2.1 MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.1 MGS-3712/MGS-3712F User’s Guide...
  • Page 310 Ethernet link is up. .2.2 MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25 .2.2 linkdown linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. LinkDownEventOn MGS-3712F: This trap is sent when the 1.3.6.1.4.1.890.1.5.8.48.25 Ethernet link is down. .2.1 MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25 .2.1 MGS-3712/MGS-3712F User’s Guide...
  • Page 311 1.3.6.1.4.1.890.1.5.8.45.27 This trap is sent when all .2.2 device operating parameters return to the normal operating range. MGS-3712/MGS-3712F User’s Guide...
  • Page 312 This trap is sent when there is chableEventOn 1.3.6.1.4.1.890.1.5.8.48.2 no response message from the 5.2.1 RADIUS accounting server. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.1 RADIUSAccountingNotRea MGS-3712F: This trap is sent when the chableEventClear 1.3.6.1.4.1.890.1.5.8.48.2 RADIUS accounting server can 5.2.2 be reached. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.2 MGS-3712/MGS-3712F User’s Guide...
  • Page 313 This trap is sent when path to target has changed from a previously determined path. traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 This trap is sent when a traceroute test is completed. MGS-3712/MGS-3712F User’s Guide...
  • Page 314 This trap is sent when more 1.3.6.1.4.1.890.1.5.8.48.2 than 99% of the MAC table is 5.2.1 used. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.1 MacTableFullEventClear MGS-3712F: This trap is sent when less than 1.3.6.1.4.1.890.1.5.8.48.2 95% of the MAC table is used. 5.2.2 MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.2 5.2.2 MGS-3712/MGS-3712F User’s Guide...

  • Page 315: Configuring Snmp

    Switch detects a connectivity fault. 34.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. Figure 171 Management > Access Control > SNMP MGS-3712/MGS-3712F User’s Guide...
  • Page 316 SNMP v3 manager. Index This is a read-only number identifying a login account on the Switch. Username This field displays the username of a login account on the Switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 317 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 318: Configuring Snmp Trap Group

    Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 319: Setting Up Login Accounts

    This is the default administrator account with the “admin” user name. You cannot change the default administrator user name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped). New Password Enter your new system password. MGS-3712/MGS-3712F User’s Guide...

  • Page 320: Ssh Overview

    Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 174 SSH Communication Example MGS-3712/MGS-3712F User’s Guide...

  • Page 321: How Ssh Works

    Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. MGS-3712/MGS-3712F User’s Guide...

  • Page 322: Ssh Implementation On The Switch

    SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch. Please refer to the following figure. MGS-3712/MGS-3712F User’s Guide...

  • Page 323: Https Example

    When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. Click View Certificate if you want to verify that the certificate is from the Switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 324: Netscape Navigator Warning Messages

    Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. MGS-3712/MGS-3712F User’s Guide...
  • Page 325 Chapter 34 Access Control Select Accept this certificate permanently to import the Switch’s certificate into the SSL client. Figure 178 Security Certificate 1 (Netscape) example example example Figure 179 Security Certificate 2 (Netscape) example MGS-3712/MGS-3712F User’s Guide...

  • Page 326: The Main Screen

    Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed MGS-3712/MGS-3712F User’s Guide...

  • Page 327: Remote Management

    Cancel Click Cancel to begin configuring this screen afresh. 34.10 Remote Management Click Management > Access Control > Remote Management to view the screen as shown next. MGS-3712/MGS-3712F User’s Guide...
  • Page 328 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 329: Diagnostic

    This chapter explains the Diagnostic screen. 35.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 183 Management > Diagnostic MGS-3712/MGS-3712F User’s Guide...
  • Page 330 Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Enter a port number and click Port Test to perform an internal Test loopback test. MGS-3712/MGS-3712F User’s Guide...

  • Page 331: Syslog

    Error: There is an error condition on the system. Warning: There is a warning condition on the system. Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. MGS-3712/MGS-3712F User’s Guide...

  • Page 332: Syslog Setup

    The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 333: Syslog Server Setup

    This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...
  • Page 334 Chapter 36 Syslog MGS-3712/MGS-3712F User’s Guide...

  • Page 335: Cluster Management

    Maximum number of cluster members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches. Cluster Members The switches being managed by the cluster manager switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 336: Cluster Management Status

    Figure 186 Clustering Application Example 37.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 187 Management > Cluster Management: Status MGS-3712/MGS-3712F User’s Guide...

  • Page 337: Cluster Member Switch Management

    Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web MGS-3712/MGS-3712F User’s Guide...
  • Page 338 297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 390BBA0.bin fw-00-a0-c5-01-23-46 200 Port command okay 150 Opening data connection for STOR fw-00-a0-c5-01-23-46 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> MGS-3712/MGS-3712F User’s Guide...
  • Page 339 This is the cluster member switch’s firmware name as seen fw-00-a0-c5-01-23-46 in the cluster manager switch. config-00-a0-c5-01-23-46 This is the cluster member switch’s configuration file name as seen in the cluster manager switch. MGS-3712/MGS-3712F User’s Guide...

  • Page 340: Clustering Management Configuration

    Error in the Cluster Management Status screen and a warning icon ( ) appears in the member summary list below. Name Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). MGS-3712/MGS-3712F User’s Guide...
  • Page 341 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...
  • Page 342 Chapter 37 Cluster Management MGS-3712/MGS-3712F User’s Guide...

  • Page 343: Mac Table

    • If the Switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion. MGS-3712/MGS-3712F User’s Guide...

  • Page 344: Viewing The Mac Table

    Figure 191 MAC Table Flowchart 38.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 192 Management > MAC Table MGS-3712/MGS-3712F User’s Guide...
  • Page 345 This is the VLAN group to which this frame belongs. Port This is the port where the above MAC address is forwarded. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). MGS-3712/MGS-3712F User’s Guide...
  • Page 346 Chapter 38 MAC Table MGS-3712/MGS-3712F User’s Guide...

  • Page 347: Arp Table

    MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. MGS-3712/MGS-3712F User’s Guide...

  • Page 348: Viewing The Arp Table

    This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. This is the MAC address of the device with corresponding IP address above. Address Type This shows whether the MAC address is dynamic (learned by the Switch) or static. MGS-3712/MGS-3712F User’s Guide...

  • Page 349: Configure Clone

    40.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 194 Management > Configure Clone MGS-3712/MGS-3712F User’s Guide...
  • Page 350 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3712F User’s Guide...

  • Page 351: Troubleshooting & Product Specifications

    Troubleshooting & Product Specifications Troubleshooting (353) Product Specifications (357)

  • Page 353: Troubleshooting

    If the problem continues, contact the vendor. The ALM LED is on. Disconnect and re-connect the power adaptor to the Switch. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. MGS-3712/MGS-3712F User’s Guide...

  • Page 354: Switch Access And Login

    If this does not work, you have to reset the device to its factory defaults. See Section 5.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. MGS-3712/MGS-3712F User’s Guide...
  • Page 355 Turn the Switch off and on. Disconnect and re-connect the cord to the Switch. If this does not work, you have to reset the device to its factory defaults. See Section 5.6 on page MGS-3712/MGS-3712F User’s Guide...

  • Page 356: Switch Configuration

    Switch’s nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 33.3 on page 298 for more information about how to save your configuration. MGS-3712/MGS-3712F User’s Guide...

  • Page 357: Product Specifications

    Note: There is no tolerance for the DC input voltage Power Consumption 30 W maximum Interfaces MGS-3712F: 8 mini-GBIC (SFP) slots MGS-3712: 8 100/1000 Base-Tx ports All Models: 4 GbE Dual Personality interfaces (Each interface has one 1000Base-T RJ-45 port and one Small Form-Factor Pluggable (SFP) slot, with one port active at a time.)
  • Page 358 Relay IGMP Snooping The Switch supports IGMP snooping , enabling group multicast traffic to be only forwarded to ports that are members of that group; thus allowing you to significantly reduce multicast traffic passing through your Switch. MGS-3712/MGS-3712F User’s Guide...
  • Page 359 Loop Guard Use the loop guard feature to protect against network loops on the edge of your network. IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. MGS-3712/MGS-3712F User’s Guide...
  • Page 360 Cluster management (also known as iStacking) allows you to manage switches through one switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another. MGS-3712/MGS-3712F User’s Guide...
  • Page 361 Supports IEEE 802.3ad; static and dynamic (LACP) port trunking Aggregation Six groups (up to 8 ports each) Port All ports support port mirroring mirroring Support port mirroring per IP/TCP/UDP Bandwidth Supports rate limiting at 64 Kb increments control Provider BPDU transparency Bridge Layer2 protocol tunneling MGS-3712/MGS-3712F User’s Guide...
  • Page 362 IEEE 802.1x port-based authentication Limiting number of dynamic MAC addresses per port SSH v1/v2 Intrusion Lock Multiple RADIUS servers Multiple TACACS+ servers 802.1X VLAN and bandwidth assignment. IP source guard Static IP/MAC binding DHCP snooping ARP Inspection MAC authentication MGS-3712/MGS-3712F User’s Guide...
  • Page 363 IEEE 802.1D MAC Bridges IEEE 802.1p Traffic Types - Packet Priority IEEE 802.1Q Tagged VLAN IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation MGS-3712/MGS-3712F User’s Guide...
  • Page 364 Table 127 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.3ah Ethernet OAM (Operations, Administration and Maintenance) IEEE 802.3x Flow Control Safety UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) MGS-3712/MGS-3712F User’s Guide...

  • Page 365: Appendices And Index

    Appendices and Index Common Services (367) Legal Information (371) Index (375)

  • Page 367: Appendix A Common Services

    Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. MGS-3712/MGS-3712F User’s Guide...
  • Page 368 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING User-Defined Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. MGS-3712/MGS-3712F User’s Guide...
  • Page 369 TCP/UDP Secure Shell Remote Login Program. STRM WORKS 1558 Stream Works Protocol. SYSLOG Syslog allows you to send system logs to a UNIX server. TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). MGS-3712/MGS-3712F User’s Guide...
  • Page 370 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. MGS-3712/MGS-3712F User’s Guide...

  • Page 371: Appendix B Legal Information

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
  • Page 372 Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11. MGS-3712/MGS-3712F User’s Guide...
  • Page 373 Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. MGS-3712/MGS-3712F User’s Guide...
  • Page 374 Appendix B Legal Information MGS-3712/MGS-3712F User’s Guide...

  • Page 375: Index

    Class of Service (CoS) trusted ports classifier 177, 180 authentication and QoS setup editing example Authentication, Authorization and Accounting, see overview setup 177, 180 authorization viewing privilege levels cloning a port See port cloning setup MGS-3712/MGS-3712F User’s Guide...
  • Page 376 DHCP relay option 82 filtering database, MAC table DHCP snooping 45, 235, 236 firmware configuring upgrade 299, 338 DHCP relay option 82 flow control trusted ports back pressure untrusted ports IEEE802.3x DHCP snooping database forwarding diagnostics delay Ethernet port test MGS-3712/MGS-3712F User’s Guide...
  • Page 377 LACP MAC address mode overview PAgP point to point IEEE 802.1p, priority IEEE 802.1x tunnel port activate 168, 169, 225 UDLD reauthentication IEEE 802.1x, port authentication LACP 155, 272 IGMP system priority version timeout MGS-3712/MGS-3712F User’s Guide...
  • Page 378 Hello Time hello time MAC authentication Max Age aging time max age example max hops setup path cost MAC filter port priority and ARP inspection revision level MAC freeze status MAC table MTU (Multi-Tenant Unit) display criteria multicast MGS-3712/MGS-3712F User’s Guide...
  • Page 379 Port Aggregation Protocol, see PAgP PVID port authentication PVID (Priority Frame) and RADIUS 222, 223 PWR LED IEEE802.1x 168, 225 MAC authentication port based VLAN type port cloning 349, 350 MGS-3712/MGS-3712F User’s Guide...
  • Page 380 RFC 3164 static trunking example Round Robin Scheduling Static VLAN routing protocols static VLAN RSTP control rubber feet tagging status 58, 73 link aggregation MSTP port port details power safety certifications 135, 139 safety warnings MGS-3712/MGS-3712F User’s Guide...
  • Page 381 TACACS+ (Terminal Access Controller Access- Control System Plus) Tag Protocol Identifier, see TPID tagged VLAN Vendor Specific Attribute See VSA temperature ventilation temperature indicator ventilation holes terminal emulation 95, 99, 100, 199 time number of possible VIDs current priority frame MGS-3712/MGS-3712F User’s Guide...
  • Page 382 VLAN stacking configuration example port roles 198, 201 port-based Q-in-Q priority selective Q-in-Q TPID Tunnel TPID VLAN tag format VLAN tag format VLAN Trunking Protocol, see VTP VLAN, protocol based, See protocol based VLAN VT100 warranty note MGS-3712/MGS-3712F User’s Guide...

This manual is also suitable for:

Mgs-3712

Table of Contents