www.zyxel.com This handbook is a series of tutorials that guides you through various applications of the Zyxel. The purpose of the handbook is to show you how to proceed through an application rather than explain the meaning of GUI features. For the latter, see the Related Information section. Note: IP addresses, port numbers, and object names are just examples used in these tutorials, so you must replace them with the corresponding information from your own network environment when implementing a tutorial.
www.zyxel.com Table Of Content Configure the basic information on Switch ..........6 1.1 General Settings ......................6 1.1.1 How to configure management IP address? ..........6 1.1.2 How to configure switch host name? ............9 1.1.3 How to configure system time?..............10 Maintain Devices and Network ..............
Page 4
www.zyxel.com 3.1.7 How to configure VLAN Trunking on the switch?........30 Improve network reliability ................. 32 4.1 STP (Spanning Tree Protocol) ..................32 4.1.1 How to configure RSTP on the switch? ............33 4.1.2 How to configure MSTP on the switch? ............36 4.1.3 How to configure MRSTP on the switch? .............
Page 5
www.zyxel.com 7.1 802.1x Authentication ....................64 7.1.1 How to Implement 802.1X Port Authentication with Dynamic VLAN Assignment (Radius Server) ..................65 8.1 IP Source Guard ......................79 8.1.1 How to set DHCP snooping? (Dynamic) ............. 80 8.1.2 How to set static MAC binding? (Static) ............. 84 8.1.3 How to set ARP inspection? ................
www.zyxel.com Configure the basic information on Switch 1.1 General Settings 1.1.1 How to configure management IP address? Overview Management IP address provides to connect to the switch by using web browser to configure settings & save configuration of the entire switch. 1.
Page 8
www.zyxel.com 1. The highlight part, please enter the IP address & subnet mask of the switch. For example: (192.168.1.2, 255.255.255.0). Then click Apply to save the configuration. Figure 3 Basic Setting > IP Setup Verify 1. In this screen is to check the IP Address Information. Figure 4 Quick Button >...
www.zyxel.com 1.1.2 How to configure switch host name? Overview Configure the switch with hostname for identification purpose. 1. Enter a hostname for identification purpose of the switch, and then click Apply to save the configuration. Figure 1 Basic setting > General setup Verify 1.
www.zyxel.com 1.1.3 How to configure system time? Overview Set the system date and time for the switch. 1. First change the New Date, second change the New Time, and then click Apply to save the configuration. Figure 1 Basic Setting > General Setup Verify 1.
www.zyxel.com Maintain Devices and Network 2.1 Firmware 2.1.1 How to upgrade firmware from GUI? Overview The switch can be maintained by upgrading it to the latest new firmware version. But make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device, uploading the wrong model firmware may damage your device.
Page 12
www.zyxel.com 2. To upgrade firmware image, users can select to upload firmware image to image 1 or 2 and click upgrade to activate the process. Firmware upgrades are only applied after a reboot. To reboot, go to Management > Maintenance >...
www.zyxel.com 2.1.2 How to upgrade firmware from FTP? Overview Upgrade firmware by using File Transfer Protocol (FTP). 1. On the operating system open the Command Processor (CMD). Figure 1 PC > Start > All Programs > Accessories > Command Prompt 2.
Page 14
www.zyxel.com Verify 1. Go to website https://192.168.1.1, click the quick button (Status). Check in the Device Information >Firmware Version Figure 3 Basic Setting > System Info. 14/100...
www.zyxel.com 2.2 Reset 2.2.1 How to reset switch? Overview Reset the switch to its default settings. 1. In this page click the Factory default Icon, the switch will reset back to default settings. Then wait for the switch to restart. Figure 1 Management >...
www.zyxel.com VLAN 3.1 Virtual Local Area Network Overview VLAN is a group of end stations with a common set of requirements; Independent of their physical location, floods traffic only to the ports belongs to that VLAN. VLAN characteristic: A broadcast domain. ...
www.zyxel.com 3.1.1 How to configure Static VLAN on the switch? Overview Static VLAN is the widest used VLAN in real application. It can cross multiple switches. It does add s 4 bytes to be tagged frame into its normal MTU. Static VLAN topology, Figure 1 Note: In the scenario, both switch is configured with VLAN10/20, in order to let the...
Page 18
www.zyxel.com 2. Choose which control to be configured, Normal: for the port to dynamically join this VLAN group using GVRP. Fixed: to be permanent member of this VLAN group. Forbidden: prohibit the port from joining this VLAN group. Check the tagging to tag all outgoing frames with this VLAN group ID, then click Add.
www.zyxel.com 3.1.2 How to configure Subnet Base VLAN on the switch? Overview Subnet based VLANs allow to group traffic into logical VLANs based on the source IP subnet you specify. Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN.
Page 20
www.zyxel.com 2. Check the Active box to activate the features and IP, Mask-bits & VID should be filled. Click Add to save the configuration. For more details click the HELP icon at the quick button. Figure 3 Advanced Application > VLAN > VLAN Configuration > Subnet-based VLAN Verify: 1.
www.zyxel.com 3.1.3 How to configure Protocol Base VLAN on the switch? Overview Protocol-based VLANs allow you to group traffic into logical VLANs based on the protocol you specify. Allow users to classify source traffic by specific protocols. Notes: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN.
Page 22
www.zyxel.com 1. Check the Active box to activate the features. Choose which Ethernet-type to configure. Fill in the VID number that has been created on the static VLAN. Then click Add to save the configuration. Figure 2 Advanced Application > VLAN > VLAN Configuration > Protocol-based VLAN Verify 1.
www.zyxel.com 3.1.4 How to configure Voice VLAN on the switch? Overview Voice VLAN ensures that the sound quality of an IP phone is preserved from deteriorating when the data traffic on the Switch ports is high which enables the separation of voice and data traffic coming onto the Switch port. 1.
Page 24
www.zyxel.com Verify 1. Click the Index number to check & edit the configuration. Figure 3 Advanced Application > VLAN > VLAN Configuration >Voice VLAN 2. Display the VID number & the status VLAN. Figure 4 Advanced Application > VLAN 3. To confirm the port number belongs to which VID & VLAN. Figure 5 Advanced Application >...
www.zyxel.com 3.1.5 How to configure MAC Base VLAN on the switch? Overview MAC-based VLAN feature assigns incoming untagged packets to a VLAN and classifies the traffic based on the source MAC address of the packet. A feature that decides the VLAN for forwarding an untagged frame based on the source MAC address of the frame.
Page 26
www.zyxel.com Verify 1. It display the MAC based VLAN configuration. Click the Index number to change the configuration. Figure 3 Advanced Application > VLAN > VLAN Configuration > MAC-based VLAN 2. The device MAC address should be seen in the MAC table. Figure 4 Management >...
www.zyxel.com 3.1.6 How to configure GVRP on the switch? Overview GVRP a protocol dynamically exchange VLAN configuration information with other devices. GVRP topology: Figure 1 Note: In the scenario both switch port number 5 are enable with GVRP features, so that the switch 1 will learn the switch 2 VLAN configuration dynamically, same with switch 2 it will learn the VLAN configuration of switch 1 dynamically.
Page 28
www.zyxel.com Verify 1. Check in the Index table, it will appear a dynamic VLAN configuration, belongs to the other device configured with GVRP. Click the Index number to display the VLAN table. Figure 3 (Switch 1) Advanced Application > VLAN Figure 4 (Switch 1) Figure 5 (Switch 1) Figure 6 (Switch 2) Advanced Application >...
www.zyxel.com 3.1.7 How to configure VLAN Trunking on the switch? Overview VLAN trunking, allow an unknown VLAN groups frame pass through a port. Communicate with end device without the same VLAN configuration on the switch. VLAN trunking topology: Figure 1 Note: In the scenario the task is to let switch 1 VLAN10/20 communicate with switch 2 VLAN 10/20, but the highlight part 3 switch in the center are not configured with the same VLAN.
Page 31
www.zyxel.com Verify 1. Switch 1 VLAN10 can ping switch 3 VLAN10. Figure 3 Topology 2. Switch 2 will have the device MAC address & VID in the MAC Table. Management > MAC Table Figure 4 31/100...
www.zyxel.com Improve network reliability 4.1 STP (Spanning Tree Protocol) Overview Blocks a certain ports and there is only one active path for each network segment. It’s a loop avoidance mechanism, a protocol used to solve problems that are caused redundant topology like broadcast storm, multiple frame transmission & MAC database instability.
www.zyxel.com 4.1.1 How to configure RSTP on the switch? Overview The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster convergence of the spanning tree than STP. In RSTP, there are additional port roles; alternate port & backup port, and the port states are discarding, learning, and forwarding.
Page 34
www.zyxel.com 2. Select and check which port should be activate with RSTP and click Apply to save the configuration. For more specific information please kindly click the HELP button. Figure 2 Advanced Application > Spanning Tree Protocol > RSTP 34/100...
Page 35
www.zyxel.com Verify 1. Figure 3, Figure 4 & Figure 5, In this screen display the RSTP process and port status. Figure 3, (Switch A) Advanced Application > Spanning Tree Protocol Management > Port Status Figure 4, (Switch B) Advanced Application > Spanning Tree Protocol Management >...
www.zyxel.com 4.1.2 How to configure MSTP on the switch? Overview Multiple spanning-tree (MSTP), allows frames assigned to different VLANs to follow separate paths & provides multiple forwarding paths for data traffic and enables load balancing. Topology: Note: In the scenario both switches are configured with MSTP, configured with the same region &...
Page 37
www.zyxel.com 2. Check the Active box and click Apply to save the configuration & activate the feature. Switch in the same region should have the same Configuration name & Revision number. Please kindly use the HELP icon for more specific information.
Page 38
www.zyxel.com 4. select which port to be add in MSTI, configure the priority to decide which port should be disabled when one port or more forms a loop in a switch the higher the priority value will be disabled first. Path cost is the cost of transmitting. Click Add to save the configuration.
www.zyxel.com 4.1.3 How to configure MRSTP on the switch? Overview It’s an extension to RSTP to provide multiple ring extensions in one switch. Each spanning tree operates independently with its own bridge information. Protect network for self-recovery when a link goes down Topology: Note: In the scenario, switch A is configured with MRSTP and connected with 4 different RTP divided &...
Page 40
www.zyxel.com 2. The tree features are depend on the device and it’s design, some of the device can only configured 2 tree. Select and check how many STP to be configured in MRSTP. Figure 2, 3. Select and check which port to be configured and choose which STP (Tree) is it configured in Figure 2, then Apply to save the configuration.
Page 41
www.zyxel.com Verify 1. In this screen it will display the MRSTP status; user can change the Tree type to show each tree status. Figure 4, Advanced Application > Spanning Tree Protocol 41/100...
www.zyxel.com 4.2 Link Aggregation Overview Link aggregation a feature to aggregate one or more Ethernet interfaces to form a logical point-to-point link, known as a LAG, virtual link, or bundle, provides degradation if failure occurs and increase availability. It provides network redundancy by load-balancing traffic across all available links.
www.zyxel.com 4.2.1 How to configure Static Trunk on the switch? Overview Static trunks are groups of two to eight ports that act as single virtual links. Static trunks are commonly used to improve network performance by increasing the available bandwidth between the switch and other network devices as well as to enhance the reliability of the connections between network devices.
Page 44
www.zyxel.com 2. Select which port to be bundle then choose the right Group ID that configured in step 1. Figure 3, Advanced Application > Link Aggregation > Link Aggregation Setting Verify 1. In this screen you can confirm the Link Aggregation (static trunk) configuration.
www.zyxel.com 4.2.2 How to configure LACP on the switch? Overview Link Aggregation Control Protocol (LACP) is part of an IEEE specification (802.3ad) that allows you to bundle several physical ports together to form a single logical channel. LACP allows a switch to load sharing & can detect failure even if not directly connect, or remove the link from the group Figure 1, Difference between static Trunk &...
Page 46
www.zyxel.com Verify 1. In this screen user can check the LACP settings. Figure 3, Advanced Application > Link Aggregation 46/100...
www.zyxel.com 4.3 VRRP (Layer 3) Overview Traditional network has one and only one gateway to put between internal network and external network. When the link of router has some trouble, the user can’t access to internet anymore. But when we enable VRRP, if MASTER router fails, and the BACKUP router will take over, and ensure the traffic still go through.
www.zyxel.com 4.3.1 How to set VRRP on the switch? Overview Each host in a network is configured to send packets to a statically configured default gateway. The default gateway can become a single point of failure. Virtual Router Redundancy Protocol (VRRP), defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.
Page 49
www.zyxel.com 2. Configure IP interface & set default gateway for VLAN 1 & 2. Figure 2, Basic Setting > IP Setup >IP Configuration 49/100...
Page 50
www.zyxel.com 3. In this screen the highlight part is to configure & activate VRRP. Be sure to check Active to run VRRP features and Preempt Mode to let the switch choose the master. The Virtual Router ID, Primary & Secondary Virtual IP should have the same configure with the master &...
www.zyxel.com How to setup CCTV? 5.1 IGMP Routing Overview Use for routing multicast data within autonomous system, provides multicast forwarding capability to a layer 3 switch. 5.1.1 How to setup IPTV Layer3 environment? The network administrator want to separator the stream server and host in difference VLANs to avoid the other packets to affect the stream quality.
Page 52
www.zyxel.com 1. In the XGS-4528F, go to Advanced Application > VLAN > Static VLAN, to create VLAN 10 for IPTV Server and VLAN 20 for host. Active the VLAN 10 and type the Name and VLAN Group ID then select the Fixed and remove TX Tagging on Port 1.
Page 53
www.zyxel.com 2. Active the VLAN 20 and type the Name and VLAN Group ID then select the Fixed on Port 9.Click Add. Figure 3 Advanced Application > VLAN > Static VLAN 3. Go to Advanced Application > VLAN > VLAN Port Setting, to configure PVID 10 for Port 1.
Page 54
www.zyxel.com 4. Go to Basic Setting > IP Setup > IP Interface, to create ip address for VLAN 10and VLAN 20.Click Add. Figure 5 Basic Setting > IP Setup > IP Interface 54/100...
Page 55
www.zyxel.com 5. Go to IP Application > IGMP, active the IGMP router and select the Drop for unknown Multicast Frame and enable the IGMP-v2 for VLAN 20 interface. Unknown Multicast Frame Drop is able to discard IGMP packets flooding to all ports. Switch will send the General-Query when user enables IGMP-Version on VLAN interface.
www.zyxel.com 5.2 IGMP Snooping Overview The switch can passively snoop on the IGMP packets transferred between IP multicast routers/switches and IP multicast host to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly.
Page 57
www.zyxel.com 2. Go to Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup, to create VLAN 20 for Host. Active the VLAN 20 and type the Name and VLAN Group ID then select the Fixed on Port 2 and Port 10 and remove TX Tagging on Port 2.Click Add.
Page 58
www.zyxel.com 4. Go to Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping, to set up IGMP-Snooping. Active the IGMP Snooping and choose the Unknown Multicast Frame to Drop. Click Apply. Figure 4, Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping Verify 1.
www.zyxel.com How to protect network? 6.1 MAC Filter Overview Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Scenario, Note, in this scenario Client A has been configured witch MAC filtering an action of discard destination, it means that it drop the frames to the destination MAC address (specified in the MAC address).
www.zyxel.com 6.1.1 How to set MAC filter? 1. Check the Active box to activate filtering, select which action to be run. Input the specific MAC address of the device want to be configured and key in which VLAN ID then Add to save configuration. Figure 1, Advanced Application >...
www.zyxel.com 6.2 Layer 2 isolation Overview This feature is to Block traffic communication between ports in the same VLAN, but it can communicate with the uplink port to access the internet. Topology, Note: Block all traffics within the same VLAN, but it can communicate with uplink port (port 24) 61/100...
www.zyxel.com 6.2.1 How to setup L2 isolation? Topology, Note, all in the same VLAN can’t communicate with each other, but can communicate with uplink port. 1. In this screen, check Active to run features and specify which VLAN ID and input the uplink port then add to save configuration.
Page 63
www.zyxel.com Verify 1. According to the scenario, VLAN 100 PC1, PC2 & PC3 can’t communicate with each other, but they can communicate with Port 24 (uplink port) to access the internet. PC1 can’t ping PC2 PC1 can’t ping PC3 PC1 can ping uplink port 24. 63/100...
www.zyxel.com 7.1 802.1x Authentication Overview 802.1 x authentications is a common security application which requires hosts to enter a username and password in order to be authenticated by an authentication server. The Zyxelenterprise switch models support 802.1x Port Authentication that forces hosts to submit valid user credentials before their traffic can be forwarded across the switch.
www.zyxel.com 7.1.1 How to Implement 802.1X Port Authentication with Dynamic VLAN Assignment (Radius Server) Scenario and Topology Port Authentication: Upon detection of a new client (supplicant), the port on the switch (authenticator) will be enabled and set to an "unauthorized" state. In this state, only the 802.1x traffic will be allowed;...
Page 66
www.zyxel.com An authentication server informs the authenticator to process the host’s traffic on specific VLANs. This can be done by adding the following attributes on the user profile: Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-ID = <VLAN ID> With Dynamic VLAN Assignment, administrators allow a more flexible network access to the users.
Page 67
www.zyxel.com - Only the “VLAN 10” users can access Server-1. - Only the “VLAN 20” users can access Server-2. 1. Create VLAN 10 for Host and Server-1 Figure 1, Advance Application > VLAN > VLAN Configuration > Static VLAN Setup 67/100...
Page 69
www.zyxel.com 3. Create VLAN 100 for the RADIUS server and management purpose Figure 3, Advance Application > VLAN > VLAN Configuration > Static VLAN Setup 69/100...
Page 70
www.zyxel.com 4. Configure the PVID of the port to the RADIUS server as management VLAN Figure 4, Advance Application > VLAN > VLAN Configuration > VLAN Port Setup 70/100...
Page 71
www.zyxel.com 5. Configure the DHCP service for VLAN 10 users Figure 5, IP Application > DHCP > DHCPv4 > VLAN 6. Configure the DHCP service for VLAN 20 user Figure 6, IP Application > DHCP > DHCPv4 > VLAN 71/100...
Page 72
www.zyxel.com 7. Input the RADIUS server’s IP address and set the shared secret as “12345” Figure 7, Advance Application > AAA > RADIUS Server Setup 8. Check Dot1x under the Authorization section Figure 8, Advance Application > AAA > AAA Setup 9.
Page 73
www.zyxel.com 10. Access the RADIUS server. Edit the Client profile located in /etc/freeradius/clients.conf for Core Switch /etc/freeradius/clients.conf Figure 10, 11. Edit the User profile located in /etc/freeradius/users for Host credentials and attributes /etc/freeradius/users Figure 11, 73/100...
Page 74
www.zyxel.com 12. Edit EAP profile located in /etc/freeradius/eap.conf to allow dynamic VLAN attributes /etc/freeradius/eap.conf Figure 12, 13. Restart the FreeRADIUS service to refresh the settings 74/100...
Page 75
www.zyxel.com Verification procedures 1. Access the Host PC. 2. Click the Start button and type services.msc into the search box. 3. In the Services window, locate the service named Wired AutoConfig. 4. Make sure the service status is “Started”. 5. Right-click on your network adapter and select Properties. 6.
Page 76
www.zyxel.com 7. Choose the network authentication method Microsoft: Protected EAP (PEAP). 8. Click on Additional Settings, select Specify authentication mode and specify User authentication. 9. Make sure that the Host PC is using the dynamic IP address configurations. 10. Connect the Host PC to port 1 of the Core Switch. 76/100...
Page 77
www.zyxel.com 11. Host PC should show “Additional information is needed to connect to this network.” 12. Enter the username (vlan10) and password (vlan10user) which must be consistent with the RADIUS server’s user profile settings. 13. Go to Windows command prompt and type “ipconfig /all”. The IP address should be assigned to the VLAN 10 network (192.168.10.X).
Page 78
www.zyxel.com 17. Host PC should show “Additional information is needed to connect to this network”. 18. Enter the username (vlan20) and password (vlan20user) which must be consistent with the RADIUS server’s user profile settings. 19. Go to Windows command prompt and type “ipconfig /all”. The IP address should be assigned to the VLAN 10 network (192.168.20.X).
www.zyxel.com 8.1 IP Source Guard Overview Use IPv4 and IPv6 source guard to filter unauthorized DHCP and ARP packets in your network. It uses a binding table to distinguish between authorized and unauthorized DHCP ARP packets in your network. A binding contains: ...
www.zyxel.com 8.1.1 How to set DHCP snooping? (Dynamic) Overview DHCP snooping, you can configure the DHCP Server on a “Trusted Port” so that all clients can get the IP address from a trusted DHCP server. Also, all DHCP IP address assignments will be recorded into an internal table called the “Snooping Table”.
Page 81
www.zyxel.com 1. In this screen check the Active box then click Apply to enable DHCP snooping features. For the following options, please use the HELP icon for more information. Figure 1, Advanced Application > IP Source Guard > DHCP Snooping > Configure 81/100...
Page 82
www.zyxel.com 2. Select which port should be Trusted for the DHCP server or other switch and Rate specify the maximum number for DHCP packets (1-2048) that the Switch receives from each port each second. Figure 2, Advanced Application > IP Source Guard > DHCP Snooping > Configure >...
Page 83
www.zyxel.com Verify 1. Based on the scenario client A should get an IP of 192.168.1.X/24. Figure 4, Run Windows Command Processor (CMD) 83/100...
www.zyxel.com 8.1.2 How to set static MAC binding? (Static) Overview Static MAC address is an address that has been manually entered in the MAC address table, Static MAC address does not age out. After setting up a static MAC address on a port it reduce the need for broadcasting. Topology, Note: in the scenario switch port 1 has been configured static MAC binding with client A specific MAC address and given the port 1 an IP address of 192.168.1.101.
Page 85
www.zyxel.com 2. Input the specific MAC address of the device. User can specify the IP address, VLAN & port number. Figure 2, Advanced Application > IP Source Guard > Static Binding Verify 1. Based on the scenario client A should be configured with an IP address of 192.168.1.101 and can ping the switch IP 192.168.1.1.
www.zyxel.com 8.1.3 How to set ARP inspection? Overview This feature prevent ARP spoofing from the network to secure L2 forwarding, it contains a DHCP snooping table which can match and check which IP address is allowed to access the network, if It’s not the traffic will be blocked and classified to blacklist.
Page 87
www.zyxel.com 1. Check the Active box and click the Apply to run the feature. Please kindly use the HELP button for more specific information. Figure 1, Advanced Application > IP Source Guard > Source Guard setup > ARP Inspection > Configure 2.
Page 88
www.zyxel.com 3. Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. Figure 3, Advanced Application > IP Source Guard > Source Guard setup > ARP Inspection >...
www.zyxel.com 9.1 Access Control List (ACL) Overview ACL (Access Control List) is the name of a combination of Classifier and Policy Rule. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming port number.
www.zyxel.com 9.1.1 How to block host to access internet? Overview We define three rules. First, we define a classifier for the traffic that is coming from port 2 is the host and its source address 192.168.1.100; second, we specify a classifier for the traffic from port 2.
Page 91
www.zyxel.com 2. Select Active, set Name as “Port+IP”, Ingress port as 2, selects “Count” and Source IP as 192.168.1.100/32, then click Add to run feature. Figure 2 Advanced Application > Classifier> Classifier Configuration 91/100...
Page 92
www.zyxel.com 3. Select Active, set Name as “ARP”, Ingress port as 2, select “Count “and Ethernet Type as ARP, then click Add to run feature. Figure 3 Advanced Application > Classifier> Classifier Configuration Verify 1. In this screen display the classifiers status. Figure 4, Advanced Application >...
www.zyxel.com 9.1.2 How to configure classifier on the switch? Overview After the classification, we need to define the policy rule to ensure that the traffic gets the deserved treatment in the network. Here, we also define three policy rules. The first policy rule is to forward (do not drop the matching frame previously marked for dropping) only the traffic from port 2 and with the ip address of 192.168.1.100.
Page 94
www.zyxel.com 2. Select Active, set Name as “Allowport2IP”, select classifier “Port+IP” and select “Do not drop the matching frame previously marked for dropping” in Action, then click Add to run feature. Figure 6 Advanced Application > Policy Rule 94/100...
Page 95
www.zyxel.com 3. Select Active, set Name as “AllowARP”, select classifier “ARP” and select “Do not drop the matching frame previously marked for dropping” in Action, then click Add to run feature. Figure 7 Advanced Application > Policy Rule Verify 1. In this screen it will display the policy rule status. Figure 8, Advanced Application >...
Page 96
www.zyxel.com Verify 1. Connect a PC ―A to the Switch on port2. Connect another PC ―B to the Switch on port10 with IP 192.168.1.200. First set the IP of PC ―A to 192.168.1.100. At this time, PC ―A can ping PC ―B. PC ―A can ping PC ―B 96/100...
Page 97
www.zyxel.com 2. However, if you set the IP of PC ―A to another IP besides 192.168.1.100, it can no longer ping PC ―B. PC ―A can no longer ping PC ―B 3. You may also know how many packets match the classifiers in Match Count of Classifier Status.
www.zyxel.com 10.1 Management 10.1.1 How to change password? Overview User can change the switch administrator password. 1. In this screen the highlight part is how the user change the password then clicks Apply to save the settings. Figure 1, Management > Access Control > Logins Verify 1.
www.zyxel.com 10.1.2 How to configure remote management service? Overview Remote management service is to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. 1. Select and check how many entry want to be Active. User can configure the range of an IP address and configure which remote should be use to login to the device.
Page 100
www.zyxel.com Verify 1. In this screen, user can check the remote management configuration. Figure 2, Management > Access Control > Remote Management 100/100...