ZyXEL Communications GS1920 User Handbook Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. GS1920 Series
  6. User handbook manual

ZyXEL Communications GS1920 User Handbook Manual

Hide thumbs Also See for GS1920:
Table of Contents

Advertisement

Quick Links

See also: Troubleshooting Manual , Handbook
User Handbook
Switch Series
Zyxel GS1920 / GS2210 / XGS2210 / GS3700 / XGS3700 /
XGS4600 / XS1920 / XS3700
Default Login Details
LAN IP Address
User Name
Password
Copyright © 2016 Zyxel Communications Corporation
https://192.168.1.1
admin
1234
www.zyxel.com
Version 1.0 Edition
1/100

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications GS1920

Summary of Contents for ZyXEL Communications GS1920

  • Page 1 User Handbook Switch Series Zyxel GS1920 / GS2210 / XGS2210 / GS3700 / XGS3700 / XGS4600 / XS1920 / XS3700 Default Login Details LAN IP Address https://192.168.1.1 User Name admin Version 1.0 Edition Password 1234 Copyright © 2016 Zyxel Communications Corporation...

  • Page 2: Related Documentation

    www.zyxel.com This handbook is a series of tutorials that guides you through various applications of the Zyxel. The purpose of the handbook is to show you how to proceed through an application rather than explain the meaning of GUI features. For the latter, see the Related Information section. Note: IP addresses, port numbers, and object names are just examples used in these tutorials, so you must replace them with the corresponding information from your own network environment when implementing a tutorial.

  • Page 3: Table Of Contents

    www.zyxel.com Table Of Content Configure the basic information on Switch ..........6 1.1 General Settings ......................6 1.1.1 How to configure management IP address? ..........6 1.1.2 How to configure switch host name? ............9 1.1.3 How to configure system time?..............10 Maintain Devices and Network ..............
  • Page 4 www.zyxel.com 3.1.7 How to configure VLAN Trunking on the switch?........30 Improve network reliability ................. 32 4.1 STP (Spanning Tree Protocol) ..................32 4.1.1 How to configure RSTP on the switch? ............33 4.1.2 How to configure MSTP on the switch? ............36 4.1.3 How to configure MRSTP on the switch? .............
  • Page 5 www.zyxel.com 7.1 802.1x Authentication ....................64 7.1.1 How to Implement 802.1X Port Authentication with Dynamic VLAN Assignment (Radius Server) ..................65 8.1 IP Source Guard ......................79 8.1.1 How to set DHCP snooping? (Dynamic) ............. 80 8.1.2 How to set static MAC binding? (Static) ............. 84 8.1.3 How to set ARP inspection? ................

  • Page 6: Configure The Basic Information On Switch

    www.zyxel.com Configure the basic information on Switch 1.1 General Settings 1.1.1 How to configure management IP address? Overview Management IP address provides to connect to the switch by using web browser to configure settings & save configuration of the entire switch. 1.
  • Page 7 www.zyxel.com Figure 2 Dashboard 7/100...
  • Page 8 www.zyxel.com 1. The highlight part, please enter the IP address & subnet mask of the switch. For example: (192.168.1.2, 255.255.255.0). Then click Apply to save the configuration. Figure 3 Basic Setting > IP Setup Verify 1. In this screen is to check the IP Address Information. Figure 4 Quick Button >...

  • Page 9: How To Configure Switch Host Name

    www.zyxel.com 1.1.2 How to configure switch host name? Overview Configure the switch with hostname for identification purpose. 1. Enter a hostname for identification purpose of the switch, and then click Apply to save the configuration. Figure 1 Basic setting > General setup Verify 1.

  • Page 10: How To Configure System Time

    www.zyxel.com 1.1.3 How to configure system time? Overview Set the system date and time for the switch. 1. First change the New Date, second change the New Time, and then click Apply to save the configuration. Figure 1 Basic Setting > General Setup Verify 1.

  • Page 11: Maintain Devices And Network

    www.zyxel.com Maintain Devices and Network 2.1 Firmware 2.1.1 How to upgrade firmware from GUI? Overview The switch can be maintained by upgrading it to the latest new firmware version. But make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device, uploading the wrong model firmware may damage your device.
  • Page 12 www.zyxel.com 2. To upgrade firmware image, users can select to upload firmware image to image 1 or 2 and click upgrade to activate the process. Firmware upgrades are only applied after a reboot. To reboot, go to Management > Maintenance >...

  • Page 13: How To Upgrade Firmware From Ftp

    www.zyxel.com 2.1.2 How to upgrade firmware from FTP? Overview Upgrade firmware by using File Transfer Protocol (FTP). 1. On the operating system open the Command Processor (CMD). Figure 1 PC > Start > All Programs > Accessories > Command Prompt 2.
  • Page 14 www.zyxel.com Verify 1. Go to website https://192.168.1.1, click the quick button (Status). Check in the Device Information >Firmware Version Figure 3 Basic Setting > System Info. 14/100...

  • Page 15: Reset

    www.zyxel.com 2.2 Reset 2.2.1 How to reset switch? Overview Reset the switch to its default settings. 1. In this page click the Factory default Icon, the switch will reset back to default settings. Then wait for the switch to restart. Figure 1 Management >...

  • Page 16: Vlan

    www.zyxel.com VLAN 3.1 Virtual Local Area Network Overview VLAN is a group of end stations with a common set of requirements; Independent of their physical location, floods traffic only to the ports belongs to that VLAN.  VLAN characteristic:  A broadcast domain. ...

  • Page 17: How To Configure Static Vlan On The Switch

    www.zyxel.com 3.1.1 How to configure Static VLAN on the switch? Overview Static VLAN is the widest used VLAN in real application. It can cross multiple switches. It does add s 4 bytes to be tagged frame into its normal MTU. Static VLAN topology, Figure 1 Note: In the scenario, both switch is configured with VLAN10/20, in order to let the...
  • Page 18 www.zyxel.com 2. Choose which control to be configured, Normal: for the port to dynamically join this VLAN group using GVRP. Fixed: to be permanent member of this VLAN group. Forbidden: prohibit the port from joining this VLAN group. Check the tagging to tag all outgoing frames with this VLAN group ID, then click Add.

  • Page 19: How To Configure Subnet Base Vlan On The Switch

    www.zyxel.com 3.1.2 How to configure Subnet Base VLAN on the switch? Overview Subnet based VLANs allow to group traffic into logical VLANs based on the source IP subnet you specify. Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN.
  • Page 20 www.zyxel.com 2. Check the Active box to activate the features and IP, Mask-bits & VID should be filled. Click Add to save the configuration. For more details click the HELP icon at the quick button. Figure 3 Advanced Application > VLAN > VLAN Configuration > Subnet-based VLAN Verify: 1.

  • Page 21: How To Configure Protocol Base Vlan On The Switch

    www.zyxel.com 3.1.3 How to configure Protocol Base VLAN on the switch? Overview Protocol-based VLANs allow you to group traffic into logical VLANs based on the protocol you specify. Allow users to classify source traffic by specific protocols. Notes: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN.
  • Page 22 www.zyxel.com 1. Check the Active box to activate the features. Choose which Ethernet-type to configure. Fill in the VID number that has been created on the static VLAN. Then click Add to save the configuration. Figure 2 Advanced Application > VLAN > VLAN Configuration > Protocol-based VLAN Verify 1.

  • Page 23: How To Configure Voice Vlan On The Switch

    www.zyxel.com 3.1.4 How to configure Voice VLAN on the switch? Overview Voice VLAN ensures that the sound quality of an IP phone is preserved from deteriorating when the data traffic on the Switch ports is high which enables the separation of voice and data traffic coming onto the Switch port. 1.
  • Page 24 www.zyxel.com Verify 1. Click the Index number to check & edit the configuration. Figure 3 Advanced Application > VLAN > VLAN Configuration >Voice VLAN 2. Display the VID number & the status VLAN. Figure 4 Advanced Application > VLAN 3. To confirm the port number belongs to which VID & VLAN. Figure 5 Advanced Application >...

  • Page 25: How To Configure Mac Base Vlan On The Switch

    www.zyxel.com 3.1.5 How to configure MAC Base VLAN on the switch? Overview MAC-based VLAN feature assigns incoming untagged packets to a VLAN and classifies the traffic based on the source MAC address of the packet. A feature that decides the VLAN for forwarding an untagged frame based on the source MAC address of the frame.
  • Page 26 www.zyxel.com Verify 1. It display the MAC based VLAN configuration. Click the Index number to change the configuration. Figure 3 Advanced Application > VLAN > VLAN Configuration > MAC-based VLAN 2. The device MAC address should be seen in the MAC table. Figure 4 Management >...

  • Page 27: How To Configure Gvrp On The Switch

    www.zyxel.com 3.1.6 How to configure GVRP on the switch? Overview GVRP a protocol dynamically exchange VLAN configuration information with other devices. GVRP topology: Figure 1 Note: In the scenario both switch port number 5 are enable with GVRP features, so that the switch 1 will learn the switch 2 VLAN configuration dynamically, same with switch 2 it will learn the VLAN configuration of switch 1 dynamically.
  • Page 28 www.zyxel.com Verify 1. Check in the Index table, it will appear a dynamic VLAN configuration, belongs to the other device configured with GVRP. Click the Index number to display the VLAN table. Figure 3 (Switch 1) Advanced Application > VLAN Figure 4 (Switch 1) Figure 5 (Switch 1) Figure 6 (Switch 2) Advanced Application >...
  • Page 29 www.zyxel.com Figure 7 (Switch 2) Figure 8 (Switch 2) Result: Figure 9 29/100...

  • Page 30: How To Configure Vlan Trunking On The Switch

    www.zyxel.com 3.1.7 How to configure VLAN Trunking on the switch? Overview VLAN trunking, allow an unknown VLAN groups frame pass through a port. Communicate with end device without the same VLAN configuration on the switch. VLAN trunking topology: Figure 1 Note: In the scenario the task is to let switch 1 VLAN10/20 communicate with switch 2 VLAN 10/20, but the highlight part 3 switch in the center are not configured with the same VLAN.
  • Page 31 www.zyxel.com Verify 1. Switch 1 VLAN10 can ping switch 3 VLAN10. Figure 3 Topology 2. Switch 2 will have the device MAC address & VID in the MAC Table. Management > MAC Table Figure 4 31/100...

  • Page 32: Improve Network Reliability

    www.zyxel.com Improve network reliability 4.1 STP (Spanning Tree Protocol) Overview Blocks a certain ports and there is only one active path for each network segment. It’s a loop avoidance mechanism, a protocol used to solve problems that are caused redundant topology like broadcast storm, multiple frame transmission & MAC database instability.

  • Page 33: How To Configure Rstp On The Switch

    www.zyxel.com 4.1.1 How to configure RSTP on the switch? Overview The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster convergence of the spanning tree than STP. In RSTP, there are additional port roles; alternate port & backup port, and the port states are discarding, learning, and forwarding.
  • Page 34 www.zyxel.com 2. Select and check which port should be activate with RSTP and click Apply to save the configuration. For more specific information please kindly click the HELP button. Figure 2 Advanced Application > Spanning Tree Protocol > RSTP 34/100...
  • Page 35 www.zyxel.com Verify 1. Figure 3, Figure 4 & Figure 5, In this screen display the RSTP process and port status. Figure 3, (Switch A) Advanced Application > Spanning Tree Protocol Management > Port Status Figure 4, (Switch B) Advanced Application > Spanning Tree Protocol Management >...

  • Page 36: How To Configure Mstp On The Switch

    www.zyxel.com 4.1.2 How to configure MSTP on the switch? Overview Multiple spanning-tree (MSTP), allows frames assigned to different VLANs to follow separate paths & provides multiple forwarding paths for data traffic and enables load balancing. Topology: Note: In the scenario both switches are configured with MSTP, configured with the same region &...
  • Page 37 www.zyxel.com 2. Check the Active box and click Apply to save the configuration & activate the feature. Switch in the same region should have the same Configuration name & Revision number. Please kindly use the HELP icon for more specific information.
  • Page 38 www.zyxel.com 4. select which port to be add in MSTI, configure the priority to decide which port should be disabled when one port or more forms a loop in a switch the higher the priority value will be disabled first. Path cost is the cost of transmitting. Click Add to save the configuration.

  • Page 39: How To Configure Mrstp On The Switch

    www.zyxel.com 4.1.3 How to configure MRSTP on the switch? Overview It’s an extension to RSTP to provide multiple ring extensions in one switch. Each spanning tree operates independently with its own bridge information. Protect network for self-recovery when a link goes down Topology: Note: In the scenario, switch A is configured with MRSTP and connected with 4 different RTP divided &...
  • Page 40 www.zyxel.com 2. The tree features are depend on the device and it’s design, some of the device can only configured 2 tree. Select and check how many STP to be configured in MRSTP. Figure 2, 3. Select and check which port to be configured and choose which STP (Tree) is it configured in Figure 2, then Apply to save the configuration.
  • Page 41 www.zyxel.com Verify 1. In this screen it will display the MRSTP status; user can change the Tree type to show each tree status. Figure 4, Advanced Application > Spanning Tree Protocol 41/100...

  • Page 42: Link Aggregation

    www.zyxel.com 4.2 Link Aggregation Overview Link aggregation a feature to aggregate one or more Ethernet interfaces to form a logical point-to-point link, known as a LAG, virtual link, or bundle, provides degradation if failure occurs and increase availability. It provides network redundancy by load-balancing traffic across all available links.

  • Page 43: How To Configure Static Trunk On The Switch

    www.zyxel.com 4.2.1 How to configure Static Trunk on the switch? Overview Static trunks are groups of two to eight ports that act as single virtual links. Static trunks are commonly used to improve network performance by increasing the available bandwidth between the switch and other network devices as well as to enhance the reliability of the connections between network devices.
  • Page 44 www.zyxel.com 2. Select which port to be bundle then choose the right Group ID that configured in step 1. Figure 3, Advanced Application > Link Aggregation > Link Aggregation Setting Verify 1. In this screen you can confirm the Link Aggregation (static trunk) configuration.

  • Page 45: How To Configure Lacp On The Switch

    www.zyxel.com 4.2.2 How to configure LACP on the switch? Overview Link Aggregation Control Protocol (LACP) is part of an IEEE specification (802.3ad) that allows you to bundle several physical ports together to form a single logical channel. LACP allows a switch to load sharing & can detect failure even if not directly connect, or remove the link from the group Figure 1, Difference between static Trunk &...
  • Page 46 www.zyxel.com Verify 1. In this screen user can check the LACP settings. Figure 3, Advanced Application > Link Aggregation 46/100...

  • Page 47: Vrrp (Layer 3)

    www.zyxel.com 4.3 VRRP (Layer 3) Overview Traditional network has one and only one gateway to put between internal network and external network. When the link of router has some trouble, the user can’t access to internet anymore. But when we enable VRRP, if MASTER router fails, and the BACKUP router will take over, and ensure the traffic still go through.

  • Page 48: How To Set Vrrp On The Switch

    www.zyxel.com 4.3.1 How to set VRRP on the switch? Overview Each host in a network is configured to send packets to a statically configured default gateway. The default gateway can become a single point of failure. Virtual Router Redundancy Protocol (VRRP), defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.
  • Page 49 www.zyxel.com 2. Configure IP interface & set default gateway for VLAN 1 & 2. Figure 2, Basic Setting > IP Setup >IP Configuration 49/100...
  • Page 50 www.zyxel.com 3. In this screen the highlight part is to configure & activate VRRP. Be sure to check Active to run VRRP features and Preempt Mode to let the switch choose the master. The Virtual Router ID, Primary & Secondary Virtual IP should have the same configure with the master &...

  • Page 51: How To Setup Cctv

    www.zyxel.com How to setup CCTV? 5.1 IGMP Routing Overview Use for routing multicast data within autonomous system, provides multicast forwarding capability to a layer 3 switch. 5.1.1 How to setup IPTV Layer3 environment? The network administrator want to separator the stream server and host in difference VLANs to avoid the other packets to affect the stream quality.
  • Page 52 www.zyxel.com 1. In the XGS-4528F, go to Advanced Application > VLAN > Static VLAN, to create VLAN 10 for IPTV Server and VLAN 20 for host. Active the VLAN 10 and type the Name and VLAN Group ID then select the Fixed and remove TX Tagging on Port 1.
  • Page 53 www.zyxel.com 2. Active the VLAN 20 and type the Name and VLAN Group ID then select the Fixed on Port 9.Click Add. Figure 3 Advanced Application > VLAN > Static VLAN 3. Go to Advanced Application > VLAN > VLAN Port Setting, to configure PVID 10 for Port 1.
  • Page 54 www.zyxel.com 4. Go to Basic Setting > IP Setup > IP Interface, to create ip address for VLAN 10and VLAN 20.Click Add. Figure 5 Basic Setting > IP Setup > IP Interface 54/100...
  • Page 55 www.zyxel.com 5. Go to IP Application > IGMP, active the IGMP router and select the Drop for unknown Multicast Frame and enable the IGMP-v2 for VLAN 20 interface. Unknown Multicast Frame Drop is able to discard IGMP packets flooding to all ports. Switch will send the General-Query when user enables IGMP-Version on VLAN interface.

  • Page 56: Igmp Snooping

    www.zyxel.com 5.2 IGMP Snooping Overview The switch can passively snoop on the IGMP packets transferred between IP multicast routers/switches and IP multicast host to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly.
  • Page 57 www.zyxel.com 2. Go to Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup, to create VLAN 20 for Host. Active the VLAN 20 and type the Name and VLAN Group ID then select the Fixed on Port 2 and Port 10 and remove TX Tagging on Port 2.Click Add.
  • Page 58 www.zyxel.com 4. Go to Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping, to set up IGMP-Snooping. Active the IGMP Snooping and choose the Unknown Multicast Frame to Drop. Click Apply. Figure 4, Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping Verify 1.

  • Page 59: How To Protect Network

    www.zyxel.com How to protect network? 6.1 MAC Filter Overview Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Scenario, Note, in this scenario Client A has been configured witch MAC filtering an action of discard destination, it means that it drop the frames to the destination MAC address (specified in the MAC address).

  • Page 60: How To Set Mac Filter

    www.zyxel.com 6.1.1 How to set MAC filter? 1. Check the Active box to activate filtering, select which action to be run. Input the specific MAC address of the device want to be configured and key in which VLAN ID then Add to save configuration. Figure 1, Advanced Application >...

  • Page 61: Layer 2 Isolation

    www.zyxel.com 6.2 Layer 2 isolation Overview This feature is to Block traffic communication between ports in the same VLAN, but it can communicate with the uplink port to access the internet. Topology, Note: Block all traffics within the same VLAN, but it can communicate with uplink port (port 24) 61/100...

  • Page 62: How To Setup L2 Isolation

    www.zyxel.com 6.2.1 How to setup L2 isolation? Topology, Note, all in the same VLAN can’t communicate with each other, but can communicate with uplink port. 1. In this screen, check Active to run features and specify which VLAN ID and input the uplink port then add to save configuration.
  • Page 63 www.zyxel.com Verify 1. According to the scenario, VLAN 100 PC1, PC2 & PC3 can’t communicate with each other, but they can communicate with Port 24 (uplink port) to access the internet. PC1 can’t ping PC2 PC1 can’t ping PC3 PC1 can ping uplink port 24. 63/100...

  • Page 64: Authentication

    www.zyxel.com 7.1 802.1x Authentication Overview 802.1 x authentications is a common security application which requires hosts to enter a username and password in order to be authenticated by an authentication server. The Zyxelenterprise switch models support 802.1x Port Authentication that forces hosts to submit valid user credentials before their traffic can be forwarded across the switch.

  • Page 65: How To Implement 802.1X Port Authentication With Dynamic Vlan

    www.zyxel.com 7.1.1 How to Implement 802.1X Port Authentication with Dynamic VLAN Assignment (Radius Server) Scenario and Topology Port Authentication: Upon detection of a new client (supplicant), the port on the switch (authenticator) will be enabled and set to an "unauthorized" state. In this state, only the 802.1x traffic will be allowed;...
  • Page 66 www.zyxel.com An authentication server informs the authenticator to process the host’s traffic on specific VLANs. This can be done by adding the following attributes on the user profile: Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-ID = <VLAN ID> With Dynamic VLAN Assignment, administrators allow a more flexible network access to the users.
  • Page 67 www.zyxel.com - Only the “VLAN 10” users can access Server-1. - Only the “VLAN 20” users can access Server-2. 1. Create VLAN 10 for Host and Server-1 Figure 1, Advance Application > VLAN > VLAN Configuration > Static VLAN Setup 67/100...
  • Page 68 www.zyxel.com 2. Create VLAN 20 for Host and Server-2. Figure 2, Advance Application > VLAN > VLAN Configuration > Static VLAN Setup 68/100...
  • Page 69 www.zyxel.com 3. Create VLAN 100 for the RADIUS server and management purpose Figure 3, Advance Application > VLAN > VLAN Configuration > Static VLAN Setup 69/100...
  • Page 70 www.zyxel.com 4. Configure the PVID of the port to the RADIUS server as management VLAN Figure 4, Advance Application > VLAN > VLAN Configuration > VLAN Port Setup 70/100...
  • Page 71 www.zyxel.com 5. Configure the DHCP service for VLAN 10 users Figure 5, IP Application > DHCP > DHCPv4 > VLAN 6. Configure the DHCP service for VLAN 20 user Figure 6, IP Application > DHCP > DHCPv4 > VLAN 71/100...
  • Page 72 www.zyxel.com 7. Input the RADIUS server’s IP address and set the shared secret as “12345” Figure 7, Advance Application > AAA > RADIUS Server Setup 8. Check Dot1x under the Authorization section Figure 8, Advance Application > AAA > AAA Setup 9.
  • Page 73 www.zyxel.com 10. Access the RADIUS server. Edit the Client profile located in /etc/freeradius/clients.conf for Core Switch /etc/freeradius/clients.conf Figure 10, 11. Edit the User profile located in /etc/freeradius/users for Host credentials and attributes /etc/freeradius/users Figure 11, 73/100...
  • Page 74 www.zyxel.com 12. Edit EAP profile located in /etc/freeradius/eap.conf to allow dynamic VLAN attributes /etc/freeradius/eap.conf Figure 12, 13. Restart the FreeRADIUS service to refresh the settings 74/100...
  • Page 75 www.zyxel.com Verification procedures 1. Access the Host PC. 2. Click the Start button and type services.msc into the search box. 3. In the Services window, locate the service named Wired AutoConfig. 4. Make sure the service status is “Started”. 5. Right-click on your network adapter and select Properties. 6.
  • Page 76 www.zyxel.com 7. Choose the network authentication method Microsoft: Protected EAP (PEAP). 8. Click on Additional Settings, select Specify authentication mode and specify User authentication. 9. Make sure that the Host PC is using the dynamic IP address configurations. 10. Connect the Host PC to port 1 of the Core Switch. 76/100...
  • Page 77 www.zyxel.com 11. Host PC should show “Additional information is needed to connect to this network.” 12. Enter the username (vlan10) and password (vlan10user) which must be consistent with the RADIUS server’s user profile settings. 13. Go to Windows command prompt and type “ipconfig /all”. The IP address should be assigned to the VLAN 10 network (192.168.10.X).
  • Page 78 www.zyxel.com 17. Host PC should show “Additional information is needed to connect to this network”. 18. Enter the username (vlan20) and password (vlan20user) which must be consistent with the RADIUS server’s user profile settings. 19. Go to Windows command prompt and type “ipconfig /all”. The IP address should be assigned to the VLAN 10 network (192.168.20.X).

  • Page 79: Ip Source Guard

    www.zyxel.com 8.1 IP Source Guard Overview Use IPv4 and IPv6 source guard to filter unauthorized DHCP and ARP packets in your network. It uses a binding table to distinguish between authorized and unauthorized DHCP ARP packets in your network. A binding contains: ...

  • Page 80: How To Set Dhcp Snooping? (Dynamic)

    www.zyxel.com 8.1.1 How to set DHCP snooping? (Dynamic) Overview DHCP snooping, you can configure the DHCP Server on a “Trusted Port” so that all clients can get the IP address from a trusted DHCP server. Also, all DHCP IP address assignments will be recorded into an internal table called the “Snooping Table”.
  • Page 81 www.zyxel.com 1. In this screen check the Active box then click Apply to enable DHCP snooping features. For the following options, please use the HELP icon for more information. Figure 1, Advanced Application > IP Source Guard > DHCP Snooping > Configure 81/100...
  • Page 82 www.zyxel.com 2. Select which port should be Trusted for the DHCP server or other switch and Rate specify the maximum number for DHCP packets (1-2048) that the Switch receives from each port each second. Figure 2, Advanced Application > IP Source Guard > DHCP Snooping > Configure >...
  • Page 83 www.zyxel.com Verify 1. Based on the scenario client A should get an IP of 192.168.1.X/24. Figure 4, Run Windows Command Processor (CMD) 83/100...

  • Page 84: How To Set Static Mac Binding? (Static)

    www.zyxel.com 8.1.2 How to set static MAC binding? (Static) Overview Static MAC address is an address that has been manually entered in the MAC address table, Static MAC address does not age out. After setting up a static MAC address on a port it reduce the need for broadcasting. Topology, Note: in the scenario switch port 1 has been configured static MAC binding with client A specific MAC address and given the port 1 an IP address of 192.168.1.101.
  • Page 85 www.zyxel.com 2. Input the specific MAC address of the device. User can specify the IP address, VLAN & port number. Figure 2, Advanced Application > IP Source Guard > Static Binding Verify 1. Based on the scenario client A should be configured with an IP address of 192.168.1.101 and can ping the switch IP 192.168.1.1.

  • Page 86: How To Set Arp Inspection

    www.zyxel.com 8.1.3 How to set ARP inspection? Overview This feature prevent ARP spoofing from the network to secure L2 forwarding, it contains a DHCP snooping table which can match and check which IP address is allowed to access the network, if It’s not the traffic will be blocked and classified to blacklist.
  • Page 87 www.zyxel.com 1. Check the Active box and click the Apply to run the feature. Please kindly use the HELP button for more specific information. Figure 1, Advanced Application > IP Source Guard > Source Guard setup > ARP Inspection > Configure 2.
  • Page 88 www.zyxel.com 3. Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. Figure 3, Advanced Application > IP Source Guard > Source Guard setup > ARP Inspection >...

  • Page 89: Access Control List (Acl)

    www.zyxel.com 9.1 Access Control List (ACL) Overview ACL (Access Control List) is the name of a combination of Classifier and Policy Rule. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming port number.

  • Page 90: How To Block Host To Access Internet

    www.zyxel.com 9.1.1 How to block host to access internet? Overview We define three rules. First, we define a classifier for the traffic that is coming from port 2 is the host and its source address 192.168.1.100; second, we specify a classifier for the traffic from port 2.
  • Page 91 www.zyxel.com 2. Select Active, set Name as “Port+IP”, Ingress port as 2, selects “Count” and Source IP as 192.168.1.100/32, then click Add to run feature. Figure 2 Advanced Application > Classifier> Classifier Configuration 91/100...
  • Page 92 www.zyxel.com 3. Select Active, set Name as “ARP”, Ingress port as 2, select “Count “and Ethernet Type as ARP, then click Add to run feature. Figure 3 Advanced Application > Classifier> Classifier Configuration Verify 1. In this screen display the classifiers status. Figure 4, Advanced Application >...

  • Page 93: How To Configure Classifier On The Switch

    www.zyxel.com 9.1.2 How to configure classifier on the switch? Overview After the classification, we need to define the policy rule to ensure that the traffic gets the deserved treatment in the network. Here, we also define three policy rules. The first policy rule is to forward (do not drop the matching frame previously marked for dropping) only the traffic from port 2 and with the ip address of 192.168.1.100.
  • Page 94 www.zyxel.com 2. Select Active, set Name as “Allowport2IP”, select classifier “Port+IP” and select “Do not drop the matching frame previously marked for dropping” in Action, then click Add to run feature. Figure 6 Advanced Application > Policy Rule 94/100...
  • Page 95 www.zyxel.com 3. Select Active, set Name as “AllowARP”, select classifier “ARP” and select “Do not drop the matching frame previously marked for dropping” in Action, then click Add to run feature. Figure 7 Advanced Application > Policy Rule Verify 1. In this screen it will display the policy rule status. Figure 8, Advanced Application >...
  • Page 96 www.zyxel.com Verify 1. Connect a PC ―A to the Switch on port2. Connect another PC ―B to the Switch on port10 with IP 192.168.1.200. First set the IP of PC ―A to 192.168.1.100. At this time, PC ―A can ping PC ―B. PC ―A can ping PC ―B 96/100...
  • Page 97 www.zyxel.com 2. However, if you set the IP of PC ―A to another IP besides 192.168.1.100, it can no longer ping PC ―B. PC ―A can no longer ping PC ―B 3. You may also know how many packets match the classifiers in Match Count of Classifier Status.

  • Page 98: Management

    www.zyxel.com 10.1 Management 10.1.1 How to change password? Overview User can change the switch administrator password. 1. In this screen the highlight part is how the user change the password then clicks Apply to save the settings. Figure 1, Management > Access Control > Logins Verify 1.

  • Page 99: How To Configure Remote Management Service

    www.zyxel.com 10.1.2 How to configure remote management service? Overview Remote management service is to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. 1. Select and check how many entry want to be Active. User can configure the range of an IP address and configure which remote should be use to login to the device.
  • Page 100 www.zyxel.com Verify 1. In this screen, user can check the remote management configuration. Figure 2, Management > Access Control > Remote Management 100/100...

This manual is also suitable for:

Gs2210Xgs2210Gs3700Xgs3700Xgs4600Xs1920 ... Show all

Table of Contents