Page 1 GS-4012F/4024 Intelligent Layer 3+ Switch User’s Guide Version 3.8 4/2007 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. Switch Server Telephone GS-4012F/4024 User’s Guide Computer Notebook computer DSLAM Firewall Switch Router Document Conventions...
Page 6: Safety Warnings
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings GS-4012F/4024 User’s Guide...
Page 8 Safety Warnings GS-4012F/4024 User’s Guide...
Page 9: Table Of Contents
Introduction and Hardware ... 35 Getting to Know Your Switch ... 37 Hardware Installation and Connection ... 41 Hardware Overview ... 45 Basic Configuration ... 53 The Web Configurator ... 55 Initial Setup Example ... 65 System Status and Port Statistics ... 71 Basic Setting ...
Page 10 Contents Overview IP Multicast ... 249 Differentiated Services ... 251 DHCP ... 259 VRRP ... 267 Management, CLI, Troubleshooting ... 277 Maintenance ... 279 Access Control ... 285 Diagnostic ... 303 Syslog ... 305 Cluster Management ... 309 MAC Table ... 315 IP Table ...
Page 11: Table Of Contents
About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 25 List of Tables... 31 Part I: Introduction and Hardware ... 35 Chapter 1 Getting to Know Your Switch... 37 1.1 Introduction ...
Page 12 Table of Contents 3.2.1 Power Connector ... 49 3.2.2 External Backup Power Supply Connector ... 49 3.3 LEDs ... 50 Part II: Basic Configuration... 53 Chapter 4 The Web Configurator ... 55 4.1 Introduction ... 55 4.2 System Login ... 55 4.3 The Status Screen 4.3.1 Change Your Password 4.4 Saving Your Configuration ...
Page 13 7.6 IP Setup ... 83 7.6.1 IP Interfaces ... 83 7.7 Port Setup ... 85 Part III: Advanced... 89 Chapter 8 VLAN ... 91 8.1 Introduction to IEEE 802.1Q Tagged VLANs 8.1.1 Forwarding Tagged and Untagged Frames ... 91 8.2 Automatic VLAN Registration ... 92 8.2.1 GARP ...
Page 14 Table of Contents 11.1.5 Multiple STP ...112 11.2 Spanning Tree Protocol Status Screen ...114 11.3 Spanning Tree Configuration ...115 11.4 Configure Rapid Spanning Tree Protocol 11.5 Rapid Spanning Tree Protocol Status 11.6 Configure Multiple Rapid Spanning Tree Protocol 11.7 Multiple Rapid Spanning Tree Protocol Status 11.8 Configure Multiple Spanning Tree Protocol 11.9 Multiple Spanning Tree Protocol Status Chapter 12...
Page 15 Chapter 17 Port Security... 147 17.1 About Port Security ... 147 17.2 Port Security Setup ... 147 Chapter 18 Classifier... 151 18.1 About the Classifier and QoS ... 151 18.2 Configuring the Classifier ... 151 18.3 Viewing and Editing Classifier Configuration ... 154 18.4 Classifier Example ...
Page 16 Table of Contents 22.1.4 IGMP Snooping and VLANs ... 172 22.2 Multicast Status ... 172 22.3 Multicast Setting ... 172 22.4 IGMP Snooping VLAN ... 174 22.5 IGMP Filtering Profile ... 176 22.6 MVR Overview ... 177 22.6.1 Types of MVR Ports ... 177 22.6.2 MVR Modes ...
Page 17 24.7.2 ARP Inspection VLAN Configure ... 217 Chapter 25 Loop Guard... 219 25.1 Loop Guard Overview ... 219 25.2 Loop Guard Setup ... 221 Part IV: IP Application... 223 Chapter 26 Static Route ... 225 26.1 Configuring Static Routing ... 225 Chapter 27 RIP ...
Page 18 Table of Contents 30.1 DVMRP Overview ... 245 30.2 How DVMRP Works ... 245 30.2.1 DVMRP Terminology ... 246 30.3 Configuring DVMRP ... 246 30.3.1 DVMRP Configuration Error Messages ... 247 30.4 Default DVMRP Timer Values ... 248 Chapter 31 IP Multicast ...
Page 19 34.3 VRRP Configuration ... 269 34.3.1 IP Interface Setup ... 269 34.3.2 VRRP Parameters ... 270 34.3.3 Configuring VRRP Parameters ... 271 34.4 VRRP Configuration Summary ... 272 34.5 VRRP Configuration Examples ... 272 34.5.1 One Subnet Network Example ... 272 34.5.2 Two Subnets Example ...
Page 20 Table of Contents 36.7 Introduction to HTTPS ... 297 36.8 HTTPS Example ... 298 36.8.1 Internet Explorer Warning Messages ... 298 36.8.2 Netscape Navigator Warning Messages ... 299 36.8.3 The Main Screen ... 299 36.9 Service Port Access Control 36.10 Remote Management Chapter 37 Diagnostic...
Page 21 43.1 Overview ... 321 43.2 Viewing the Routing Table ... 321 Chapter 44 Configure Clone ... 323 44.1 Configure Clone ... 323 Chapter 45 Introducing Commands... 325 45.1 Overview ... 325 45.2 Accessing the CLI ... 325 45.2.1 The Console Port ... 325 45.3 The Login Screen ...
Page 22 Table of Contents 46.4 traceroute ... 380 46.5 Copy Port Attributes ... 381 46.6 Configuration File Maintenance ... 381 46.6.1 Using a Different Configuration File ... 382 46.6.2 Resetting to the Factory Default ... 382 Chapter 47 Configuration Mode Commands ... 383 47.1 Change the Out of Band Management IP Address ...
Page 23 48.3.1 no bandwidth-limit ... 401 Chapter 49 IEEE 802.1Q Tagged VLAN Commands ... 403 49.1 Configuring Tagged VLAN ... 403 49.2 Global VLAN1Q Tagged VLAN Configuration Commands ... 404 49.2.1 GARP Status ... 404 49.2.2 GARP Timer ... 404 49.2.3 GVRP Timer ... 405 49.2.4 Enable GVRP ...
Page 24 Table of Contents Appendix C Common Services ... 441 Appendix D Legal Information ... 445 Appendix E Customer Support... 449 Index... 453 GS-4012F/4024 User’s Guide...
Page 25: List Of Figures
Figure 1 Backbone Application ... 38 Figure 2 Bridging Application ... 38 Figure 3 High Performance Switched Workgroup Application ... 39 Figure 4 Shared Server Using VLAN Example ... 40 Figure 5 Attaching Rubber Feet ... 41 Figure 6 Attaching the Mounting Brackets ... 43 Figure 7 Mounting the Switch on a Rack ...
Page 26 List of Figures Figure 39 Subnet Based VLAN Application Example ... 98 Figure 40 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN ... 99 Figure 41 Port Based VLAN Setup (All Connected) ... 101 Figure 42 Port Based VLAN Setup (Port Isolation) ... 102 Figure 43 Advanced Application >...
Page 27 List of Figures Figure 82 Advanced Application > Multicast > Multicast Setting ... 173 Figure 83 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN ... 175 Figure 84 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile ... 176 Figure 85 MVR Network Example ...
Page 28 List of Figures Figure 125 OSPF Virtual Link ... 238 Figure 126 IP Multicast ... 241 Figure 127 IGMP Version 1 Example ... 242 Figure 128 IGMP Version 2 Example ... 242 Figure 129 IGMP Version 3 Example ... 243 Figure 130 IP Application >...
Page 29 Figure 168 Load Factory Default: Start ... 280 Figure 169 Reboot System: Confirmation ... 281 Figure 170 Firmware Upgrade ... 281 Figure 171 Restore Configuration ... 282 Figure 172 Backup Configuration ... 282 Figure 173 Access Control ... 285 Figure 174 SNMP Management Model ... 286 Figure 175 Access Control: SNMP ...
Page 30 List of Figures Figure 211 Network Number and Host ID ... 432 Figure 212 Subnetting Example: Before Subnetting ... 434 Figure 213 Subnetting Example: After Subnetting ... 435 Figure 214 Conflicting Computer IP Addresses Example ... 439 Figure 215 Conflicting Computer IP Addresses Example ... 439 Figure 216 Conflicting Computer and Router IP Addresses Example ...
Page 31: List Of Tables
List of Tables List of Tables Table 1 Front Panel ... 45 Table 2 LEDs ... 50 Table 3 Navigation Panel Sub-links Overview ... 57 Table 4 Web Configurator Screen Sub-links Details ... 58 Table 5 Navigation Panel Links ... 59 Table 6 Status ...
Page 32 List of Tables Table 39 Advanced Application > Port Authentication > 802.1x ... 144 Table 40 Advanced Application > Port Authentication > MAC Authentication ... 145 Table 41 Advanced Application > Port Security ... 148 Table 42 Advanced Application > Classifier ... 152 Table 43 Classifier: Summary Table ...
Page 33 List of Tables Table 82 RIP ... 228 Table 83 OSPF vs. RIP ... 229 Table 84 OSPF: Router Types ... 229 Table 85 OSPF Status ... 232 Table 86 OSPF Status: Common Output Fields ... 232 Table 87 OSPF Configuration: Activating and General Settings ... 234 Table 88 OSPF Configuration: Area Setup ...
Page 34 List of Tables Table 125 Syslog ... 306 Table 126 Syslog: Server Setup ... 307 Table 127 ZyXEL Clustering Management Specifications ... 309 Table 128 Cluster Management: Status ...311 Table 129 FTP Upload to Cluster Member Example ... 312 Table 130 Clustering Management Configuration ... 313 Table 131 MAC Table ...
Page 35: Introduction And Hardware
Introduction and Hardware Getting to Know Your Switch (37) Hardware Installation and Connection (41) Hardware Overview (45)
Page 37: Getting To Know Your Switch
H A P T E R Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction Your Switch is a stand-alone layer-3 Gigabit Ethernet switch. By integrating router functions, the Switch performs wire-speed layer-3 routing in addition to layer-2 switching. The GS-4024 is a stand-alone layer 3 Ethernet switch with 20 Gigabit Ethernet ports and 4 GbE dual personality interfaces for uplink.
Page 38: Bridging Example
Chapter 1 Getting to Know Your Switch Figure 1 Backbone Application 1.1.2 Bridging Example In this example application the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch.
Page 39: Ieee 802.1Q Vlan Application Examples
Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance. The Switch can provide the same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches.
Page 40: Figure 4 Shared Server Using Vlan Example
Chapter 1 Getting to Know Your Switch Figure 4 Shared Server Using VLAN Example GS-4012F/4024 User’s Guide...
Page 41: Hardware Installation And Connection
H A P T E R Hardware Installation and This chapter shows you how to install the hardware and make port connections. Example graphics are shown. 2.1 Freestanding Installation 1 Make sure the Switch is clean and dry. 2 Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and the connected cables.
Page 42: Mounting The Switch On A Rack
Chapter 2 Hardware Installation and Connection Do NOT block the ventilation holes. Leave space between devices when stacking. For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations.
Page 43: Mounting The Switch On A Rack
Figure 6 Attaching the Mounting Brackets 2 Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. 3 Repeat steps Switch. 4 You may now mount the Switch on a rack. Proceed to the next section. 2.2.3 Mounting the Switch on a Rack 1 Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the...
Page 44 Chapter 2 Hardware Installation and Connection GS-4012F/4024 User’s Guide...
Page 45: Hardware Overview
H A P T E R This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel Connection The figure below shows the front panel of the Switch. Figure 8 Front Panel: GS-4024 Figure 9 Front Panel: GS-4012F The following table describes the port labels on the front panel.
Page 46: Console Port
Chapter 3 Hardware Overview Table 1 Front Panel (continued) PORT DESCRIPTION Four Dual Each interface has one 1000 Base-T copper RJ-45 port and one Small Form-Factor Personality Pluggable (SFP) fiber port, with one port active at a time. Interfaces • 4 100/1000 Mbps RJ-45 Gigabit Ports: Connect these Gigabit Ethernet ports to high-bandwidth backbone network Ethernet switches.
Page 47: Sfp Slots
• Flow control: on 3.1.3 SFP Slots The Switch comes with SFP (Small Form-factor Pluggable) slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The Switch does not come with transceivers. You must use transceivers that comply with the SFP transceiver MultiSource Agreement (MSA).
Page 48: Rear Panel
Chapter 3 Hardware Overview Figure 11 Installed Transceiver 3.1.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). 1 Open the transceiver’s latch (latch styles vary). Figure 12 Opening the Transceiver’s Latch Example 2 Pull the transceiver out of the slot. Figure 13 Transceiver Removal Example 3.2 Rear Panel The following figures show the rear panels of the AC and DC power input model switches.
Page 49: Power Connector
Figure 14 Rear Panel: GS-4012F Figure 15 Rear Panel: GS-4024 Figure 16 Rear Panel: GS-4012F (DC Model) Figure 17 Rear Panel: GS-4024 (DC Model) 3.2.1 Power Connector Make sure you are using the correct power source as shown on the panel. To connect the power to the GS-4012F/4024 AC unit, insert the female end of power cord to the power receptacle on the rear panel.
Page 50: Leds
Chapter 3 Hardware Overview 3.3 LEDs The following table describes the LEDs. Table 2 LEDs COLOR Green Green Green MGMT Port Green Amber GS-4024 Model Gigabit Ethernet Ports LNK/ACT Green Amber Amber Mini-GBIC (SFP) Slots Green Green GS-4012F Model Mini-GBIC (SFP) Slots (Standalone and Part of Dual Personality Interface) Green STATUS DESCRIPTION...
Page 51 Table 2 LEDs (continued) COLOR Green Gigabit Ethernet Ports (Part of Dual Personality Interface) 1000 Green Amber GS-4012F/4024 User’s Guide STATUS DESCRIPTION Blinking The port is sending or receiving data. The port is not sending or receiving data or there is no connection.
Page 52 Chapter 3 Hardware Overview GS-4012F/4024 User’s Guide...
Page 53: Basic Configuration
Basic Configuration The Web Configurator (55) Initial Setup Example (65) System Status and Port Statistics (71) Basic Setting (77)
Page 55: The Web Configurator
H A P T E R The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 56: The Status Screen
Chapter 4 The Web Configurator Figure 18 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 19 Web Configurator Home Screen (Status) A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.
Page 57: Table 3 Navigation Panel Sub-Links Overview
C - Click this link to go to the status page of the Switch. D - Click this link to logout of the web configurator. E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens.
Page 58: Table 4 Web Configurator Screen Sub-Links Details
Chapter 4 The Web Configurator The following table lists the various web configurator screens within the sub-links. Table 4 Web Configurator Screen Sub-links Details ADVANCED BASIC SETTING APPLICATION System Info VLAN General Setup Switch Setup IP Setup Static MAC Forwarding Port Setup Filtering Spanning Tree Protocol...
Page 59: Table 5 Navigation Panel Links
The following table describes the links in the navigation panel. Table 5 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This link takes you to a screen that displays general system and hardware monitoring information. General Setup This link takes you to a screen where you can configure general identification information about the Switch.
Page 60 Chapter 4 The Web Configurator Table 5 Navigation Panel Links (continued) LINK DESCRIPTION Auth and Acct This link takes you to a screen where you can configure authentication and accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access-Control System Plus).
Page 61: Change Your Password
4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management, Access Control and then Logins to display the next screen. Figure 20 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory.
Page 62: Resetting The Switch
Chapter 4 The Web Configurator 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch.
Page 63: Logging Out Of The Web Configurator
Figure 21 Resetting the Switch: Via the Console Port Bootbase Version: V3.1 | 03/08/2007 18:36:17 RAM:Size = 64 Mbytes DRAM POST: Testing: 65536K OK DRAM Test SUCCESS ! FLASH: Intel 64M ZyNOS Version: V3.80(TS.0)b4 | 03/31/2007 20:43:39 Press any key to enter debug mode within 3 seconds... Enter Debug Mode GS-4024>...
Page 64 Chapter 4 The Web Configurator GS-4012F/4024 User’s Guide...
Page 65: Initial Setup Example
H A P T E R This chapter shows how to set up the Switch for an example network. 5.1 Overview The following lists the configuration steps for the example network: • Configure an IP interface • Configure DHCP server settings •...
Page 66: Configuring Dhcp Server Settings
Chapter 5 Initial Setup Example 2 Open your web browser and enter 192.168.0.1 (the default MGMT port IP address) in the address bar to access the web configurator. See information. 3 Click Basic Setting and IP Setup in the navigation panel. 4 Configure the related fields in the IP Setup screen.
Page 67: Creating A Vlan
5.1.3 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 24 Initial Setup Network Example: VLAN 1 Click Advanced Application and VLAN in the navigation panel and click the Static VLAN link.
Page 68: Setting Port Vid
Chapter 5 Initial Setup Example The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to be a permanent member of the VLAN only.
Page 69: Enabling Rip
5.1.5 Enabling RIP To exchange routing information with other routing devices across different routing domains, enable RIP (Routing Information Protocol) in the RIP screen. 1 Click IP Application > RIP in the navigation panel. 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information.
Page 70 Chapter 5 Initial Setup Example GS-4012F/4024 User’s Guide...
Page 71: System Status And Port Statistics
H A P T E R System Status and Port This chapter describes the system status (web configurator home page) and port details screens. 6.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
Page 72: Status: Port Details
Chapter 6 System Status and Port Statistics Table 6 Status (continued) LABEL DESCRIPTION Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half). It also shows the cable type (Copper or Fiber) for the combo ports.
Page 73: Figure 27 Status > Port Details
Figure 27 Status > Port Details The following table describes the labels in this screen. Table 7 Status: Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. Name This field displays the name of the port. Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half duplex).
Page 74 Chapter 6 System Status and Port Statistics Table 7 Status: Port Details (continued) LABEL DESCRIPTION Up Time This field shows the total amount of time the connection has been up. Tx Packet The following fields display detailed information about packets transmitted. TX Packet This field shows the number of good packets (unicast, multicast and broadcast) transmitted.
Page 75 Table 7 Status: Port Details (continued) LABEL DESCRIPTION 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length. 1024- This field shows the number of packets (including bad packets) received that were 1518 between 1024 and 1518 octets in length.
Page 76 Chapter 6 System Status and Port Statistics GS-4012F/4024 User’s Guide...
Page 77: Basic Setting
H A P T E R This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens. 7.1 Overview The System Info screen displays general Switch information (such as firmware version number) and hardware polling information (such as fan speeds). The General Setup screen allows you to configure general Switch identification information.
Page 78: Figure 28 System Info
Chapter 7 Basic Setting Figure 28 System Info The following table describes the labels in this screen. Table 8 System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. ZyNOS F/W This field displays the version number of the Switch 's current firmware including the Version date created.
Page 79: General Setup
Table 8 System Info (continued) LABEL DESCRIPTION Current This field displays this fan's current speed in Revolutions Per Minute (RPM). This field displays this fan's maximum speed measured in Revolutions Per Minute (RPM). This field displays this fan's minimum speed measured in Revolutions Per Minute (RPM).
Page 80: Table 9 Basic Setting > General Setup
Chapter 7 Basic Setting The following table describes the labels in this screen. Table 9 Basic Setting > General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. Location Enter the geographic location of your Switch.
Page 81: Introduction To Vlans
Table 9 Basic Setting > General Setup (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time. The time field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
Page 82: Figure 30 Basic Setting > Switch Setup
Chapter 7 Basic Setting Figure 30 Basic Setting > Switch Setup The following table describes the labels in this screen. Table 10 Basic Setting > Switch Setup LABEL DESCRIPTION VLAN Type Choose 802.1Q or Port Based. The VLAN Setup screen changes depending on whether you choose 802.1Q VLAN type or Port Based VLAN type in this screen.
Page 83: Ip Setup
Table 10 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION Priority Queue Assignment IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. Frames without an explicit priority tag are given the default priority of the ingress port.
Page 84: Figure 31 Basic Setting > Ip Setup
Chapter 7 Basic Setting Figure 31 Basic Setting > IP Setup The following table describes the labels in this screen. Table 11 Basic Setting > IP Setup LABEL DESCRIPTION Default Enter the IP address of the default outgoing gateway in dotted decimal notation, for Gateway example 192.168.1.254.
Page 85: Port Setup
Table 11 Basic Setting > IP Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 86: Figure 32 Basic Setting > Port Setup
Chapter 7 Basic Setting Figure 32 Basic Setting > Port Setup The following table describes the labels in this screen. Table 12 Basic Setting > Port Setup LABEL DESCRIPTION Port This is the port index number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 87 Table 12 Basic Setting > Port Setup (continued) LABEL DESCRIPTION Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode.
Page 88 Chapter 7 Basic Setting GS-4012F/4024 User’s Guide...
Page 89: Advanced
Advanced VLAN (91) Static MAC Forward Setup (105) Filtering (107) Spanning Tree Protocol (109) Bandwidth Control (127) Broadcast Storm Control (129) Mirroring (131) Link Aggregation (133) Port Authentication (141) Port Security (147) Classifier (151) Policy Rule (157) Queuing Method (163) VLAN Stacking (165) Multicast (171) Authentication &...
Page 91: Vlan
H A P T E R The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
Page 92: Automatic Vlan Registration
Chapter 8 VLAN 8.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 8.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and de- register attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP.
Page 93: Port Vlan Trunking
8.3 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices. Refer to the following figure.
Page 94: Static Vlan Status
Chapter 8 VLAN 8.5.1 Static VLAN Status Section 8.1 on page 91 Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 35 Advanced Application > VLAN: VLAN Status The following table describes the labels in this screen. Table 14 Advanced Application >...
Page 95: Configure A Static Vlan
The following table describes the labels in this screen. Table 15 Advanced Application > VLAN > VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen. This is the VLAN identification number that was configured in the Static VLAN screen.
Page 96: Configure Vlan Port Settings
Chapter 8 VLAN The following table describes the related labels in this screen. Table 16 Advanced Application > VLAN > Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 64 printable characters.
Page 97: Figure 38 Advanced Application > Vlan > Vlan Port Setting
Figure 38 Advanced Application > VLAN > VLAN Port Setting The following table describes the labels in this screen. Table 17 Advanced Application > VLAN > VLAN Port Setting LABEL DESCRIPTION GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network.
Page 98: Subnet Based Vlans
Chapter 8 VLAN Table 17 Advanced Application > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION VLAN Trunking Enable VLAN Trunking on ports connected to other switches or routers (but not ports directly connected to end users) to allow frames belonging to unknown VLAN groups to pass through the Switch.
Page 99: Configuring Subnet Based Vlan
8.7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 40 Advanced Application >...
Page 100: Port-Based Vlan Setup
Chapter 8 VLAN Table 18 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Setup LABEL DESCRIPTION Mask-Bits Enter the bit number of the subnet mask. To find the bit number, convert the subnet mask to binary format and add all the 1’s together. Take “255.255.255.0” for example. 255 converts to eight 1s in binary.
Page 101: Configure A Port-Based Vlan
In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 8.8.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the next screen.
Page 102: Figure 42 Port Based Vlan Setup (Port Isolation)
Chapter 8 VLAN Figure 42 Port Based VLAN Setup (Port Isolation) The following table describes the labels in this screen. Table 19 Port Based VLAN Setup label Description Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs.
Page 103 Table 19 Port Based VLAN Setup (continued) label Description Outgoing These are the egress ports; an egress port is an outgoing port, that is, a port through which a data packet leaves. If you wish to allow two subscriber ports to talk to each other, you must define the egress port for both ports.
Page 104 Chapter 8 VLAN GS-4012F/4024 User’s Guide...
Page 105: Static Mac Forward Setup
H A P T E R Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 9.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. 9.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table.
Page 106: Table 20 Advanced Application > Static Mac Forwarding
Chapter 9 Static MAC Forward Setup The following table describes the labels in this screen. Table 20 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box.
Page 107: Filtering
H A P T E R This chapter discusses MAC address port filtering. 10.1 Configure a Filtering Rule Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.
Page 108 Chapter 10 Filtering Table 21 Advanced Application > FIltering (continued) LABEL DESCRIPTION Action Select Discard source to drop frame from the source MAC address (specified in the MAC field). The Switch can still send frames to the MAC address. Select Discard destination to drop frames to the destination MAC address (specified in the MAC address).
Page 109: Spanning Tree Protocol
H A P T E R Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol •...
Page 110: How Stp Works
Chapter 11 Spanning Tree Protocol Path cost is the cost of transmitting a frame onto a LAN through that port. The recommended cost is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost.
Page 111: Stp Port States
11.1.3 STP Port States STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops. Table 23 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled (default).
Page 112: Multiple Stp
Chapter 11 Spanning Tree Protocol 11.1.5 Multiple STP Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include the following features: • One Common and Internal Spanning Tree (CIST) that represents the entire network’s connectivity.
Page 113: Figure 47 Mstp Network Example
Figure 47 MSTP Network Example VLAN 1 11.1.5.2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network. Each MSTP-enabled device can only belong to one MST region.
Page 114: Spanning Tree Protocol Status Screen
Chapter 11 Spanning Tree Protocol Figure 48 MSTIs in Different Regions 11.1.5.4 Common and Internal Spanning Tree (CIST) A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST.
Page 115: Spanning Tree Configuration
Figure 50 Advanced Application > Spanning Tree Protocol This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch.
Page 116: Configure Rapid Spanning Tree Protocol
Chapter 11 Spanning Tree Protocol 11.4 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 52 Advanced Application > Spanning Tree Protocol > RSTP The following table describes the labels in this screen.
Page 117: Rapid Spanning Tree Protocol Status
Table 25 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds.
Page 118: Figure 53 Advanced Application > Spanning Tree Protocol > Status: Rstp
Chapter 11 Spanning Tree Protocol This screen is only available after you activate RSTP on the Switch. Figure 53 Advanced Application > Spanning Tree Protocol > Status: RSTP The following table describes the labels in this screen. Table 26 Advanced Application > Spanning Tree Protocol > Status: RSTP LABEL Configuration Bridge...
Page 119: Configure Multiple Rapid Spanning Tree Protocol
11.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1 on page 109 Figure 54 Advanced Application > Spanning Tree Protocol > MRSTP The following table describes the labels in this screen. Table 27 Advanced Application >...
Page 120: Multiple Rapid Spanning Tree Protocol Status
Chapter 11 Spanning Tree Protocol Table 27 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL Max Age Forwarding Delay Port Active Priority Path Cost Tree Apply Cancel 11.7 Multiple Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next.
Page 121: Figure 55 Advanced Application > Spanning Tree Protocol > Status: Mrstp
This screen is only available after you activate MRSTP on the Switch. Figure 55 Advanced Application > Spanning Tree Protocol > Status: MRSTP The following table describes the labels in this screen. Table 28 Advanced Application > Spanning Tree Protocol > Status: MRSTP LABEL DESCRIPTION Configuration...
Page 122: Configure Multiple Spanning Tree Protocol
Chapter 11 Spanning Tree Protocol 11.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1.5 on page 112 Figure 56 Advanced Application > Spanning Tree Protocol > MSTP for more information on MSTP.
Page 123: Table 29 Advanced Application > Spanning Tree Protocol > Mstp
The following table describes the labels in this screen. Table 29 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Active Select this check box to activate MSTP on the Switch. Clear this checkbox to disable MSTP on the Switch.
Page 124: Multiple Spanning Tree Protocol Status
Chapter 11 Spanning Tree Protocol Table 29 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL VLAN Range Enabled VLAN(s) Port Active Priority Path Cost Cancel Instance VLAN Active Port Delete Cancel 11.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next.
Page 125: Figure 57 Advanced Application > Spanning Tree Protocol > Status: Mstp
This screen is only available after you activate MSTP on the Switch. Figure 57 Advanced Application > Spanning Tree Protocol > Status: MSTP The following table describes the labels in this screen. Table 30 Advanced Application > Spanning Tree Protocol > Status: MSTP LABEL DESCRIPTION Configuration...
Page 126 Chapter 11 Spanning Tree Protocol Table 30 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL Forwarding Delay (second) Cost to Bridge Port ID Configuration Name Revision Number Configuration Digest Topology Changed Times Time Since Last Change Instance: Instance VLAN MSTI...
Page 127: Bandwidth Control
H A P T E R This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out- going traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Page 128: Figure 58 Advanced Application > Bandwidth Control
Chapter 12 Bandwidth Control Figure 58 Advanced Application > Bandwidth Control The following table describes the related labels in this screen. Table 31 Advanced Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number.
Page 129: Broadcast Storm Control
H A P T E R Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 13.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports.
Page 130: Table 32 Advanced Application > Broadcast Storm Control
Chapter 13 Broadcast Storm Control The following table describes the labels in this screen. Table 32 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature.
Page 131: Mirroring
H A P T E R This chapter discusses port mirroring setup screens. 14.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application >...
Page 132: Table 33 Advanced Application > Mirroring
Chapter 14 Mirroring The following table describes the labels in this screen. Table 33 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port...
Page 133: Link Aggregation
H A P T E R This chapter shows you how to logically aggregate physical links to form one logical, higher- bandwidth link. 15.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link.
Page 134: Link Aggregation Id
Chapter 15 Link Aggregation • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings.
Page 135: Link Aggregation Setting
Table 36 Advanced Application > Link Aggregation Status (continued) LABEL DESCRIPTION Synchronized These are the ports that are currently transmitting data as one logical link in this trunk Ports group. Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number.
Page 136: Link Aggregation Control Protocol
Chapter 15 Link Aggregation The following table describes the labels in this screen. Table 37 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID...
Page 137: Figure 63 Advanced Application > Link Aggregation > Link Aggregation Setting > Lacp
Figure 63 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP The following table describes the labels in this screen. Table 38 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable Aggregation Control Protocol...
Page 138: Static Trunking Example
Chapter 15 Link Aggregation Table 38 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 139: Figure 65 Trunking Example - Configuration Screen
Chapter 15 Link Aggregation Figure 65 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. GS-4012F/4024 User’s Guide...
Page 140 Chapter 15 Link Aggregation GS-4012F/4024 User’s Guide...
Page 141: Port Authentication
H A P T E R This chapter describes the IEEE 802.1x and MAC authentication methods. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: •...
Page 142: Mac Authentication
Chapter 16 Port Authentication Figure 66 IEEE 802.1x Authentication Process New Connection Login Info Request Login Credentials 16.1.2 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch.
Page 143: Port Authentication Configuration
16.2 Port Authentication Configuration To enable port authentication, first activate the port authentication method(s) you want to use (both on the Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen. Click Advanced Application >...
Page 144: Activate Mac Authentication
Chapter 16 Port Authentication The following table describes the labels in this screen. Table 39 Advanced Application > Port Authentication > 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch Port This field displays the port number.
Page 145: Figure 70 Advanced Application > Port Authentication > Mac Authentication
Figure 70 Advanced Application > Port Authentication > MAC Authentication The following table describes the labels in this screen. Table 40 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch Name Prefix Type the prefix that is appended to all MAC addresses sent to the RADIUS server...
Page 146 Chapter 16 Port Authentication Table 40 Advanced Application > Port Authentication > MAC Authentication (continued) LABEL DESCRIPTION Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you Active Select this checkbox to permit MAC authentication on this port.
Page 147: Port Security
H A P T E R This chapter shows you how to set up port security. 17.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
Page 148: Figure 71 Advanced Application > Port Security
Chapter 17 Port Security Figure 71 Advanced Application > Port Security The following table describes the labels in this screen. Table 41 Advanced Application > Port Security LABEL DESCRIPTION Active Select this option to enable port security on the Switch. Port This field displays the port number.
Page 149 Table 41 Advanced Application > Port Security (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 150 Chapter 17 Port Security GS-4012F/4024 User’s Guide...
Page 151: Classifier
H A P T E R This chapter introduces and shows you how to configure the packet classifier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Page 152: Figure 72 Advanced Application > Classifier
Chapter 18 Classifier Figure 72 Advanced Application > Classifier The following table describes the labels in this screen. Table 42 Advanced Application > Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Packet Specify the format of the packet.
Page 153 Table 42 Advanced Application > Classifier (continued) LABEL DESCRIPTION Ethernet Select an Ethernet type or select Other and enter the Ethernet type number in Type hexadecimal value. Refer to Source Select Any to apply the rule to all MAC addresses. Address To specify a source, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs).
Page 154: Viewing And Editing Classifier Configuration
Chapter 18 Classifier 18.3 Viewing and Editing Classifier Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen. To change the settings of a rule, click a number in the Index field.
Page 155: Classifier Example
Some of the most common IP ports are: Table 45 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 18.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow.
Page 156: Figure 74 Classifier: Example
Chapter 18 Classifier Figure 74 Classifier: Example GS-4012F/4024 User’s Guide...
Page 157: Policy Rule
H A P T E R This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to 18 on page 151 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
Page 158: Configuring Policy Rules
Chapter 19 Policy Rule 19.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 75 Advanced Application > Policy Rule Section 18.2 on page GS-4012F/4024 User’s Guide...
Page 159: Table 46 Advanced Application > Policy Rule
The following table describes the labels in this screen. Table 46 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. Classifier(s) This field displays the active classifier(s) you configure in the Classifier screen. Select the classifier(s) to which this policy rule applies.
Page 160: Viewing And Editing Policy Configuration
Chapter 19 Policy Rule Table 46 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Outgoing Select Send the packet to the mirror port to send the packet to the mirror port. Select Send the packet to the egress port to send the packet to the egress port. Select Send the matching frames (broadcast or DLF, multicast, marked for dropping or to be sent to the CPU) to the egress port to send the broadcast, multicast, DLF, marked-to-drop or CPU frames to the egress port.
Page 161: Policy Example
19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page Figure 77 Policy Example GS-4012F/4024 User’s Guide Chapter 19 Policy Rule 155).
Page 162 Chapter 19 Policy Rule GS-4012F/4024 User’s Guide...
Page 163: Queuing Method
H A P T E R This chapter introduces the queuing methods supported. 20.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
Page 164: Configuring Queuing
Chapter 20 Queuing Method 20.2 Configuring Queuing Click Advanced Application, Queuing Method in the navigation panel. Figure 78 Queuing Method The following table describes the labels in this screen. Table 48 Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. Method Select SPQ (Strict Priority Queuing) or WRR (Weighted Round Robin).
Page 165: Vlan Stacking
H A P T E R This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 166: Vlan Stacking Port Roles
Chapter 21 VLAN Stacking Figure 79 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. •...
Page 167: Vlan Tag Format
21.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 49 VLAN Tag Format Type Priority Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information.
Page 168: Configuring Vlan Stacking
Chapter 21 VLAN Stacking Table 51 802.1Q Frame (SP)TPID (Service Provider) Tag Protocol IDentifier VLAN ID 21.4 Configuring VLAN Stacking Click Advanced Applications > VLAN Stacking to display the screen as shown. Figure 80 Advanced Application > VLAN Stacking The following table describes the labels in this screen. Table 52 Advanced Application >...
Page 169 Table 52 Advanced Application > VLAN Stacking (continued) LABEL DESCRIPTION Role Select Normal to have the Switch ignore frames received (or transmitted) on this port with VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Note: The Normal option is only supported on the GS-4012F model. Select Access Port to have the Switch add the SP TPID tag to all incoming frames received on this port.
Page 170 Chapter 21 VLAN Stacking GS-4012F/4024 User’s Guide...
Page 171: Multicast
H A P T E R This chapter shows you how to configure various multicast features. 22.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
Page 172: Igmp Snooping And Vlans
Chapter 22 Multicast The Switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your Switch.
Page 173: Figure 82 Advanced Application > Multicast > Multicast Setting
Figure 82 Advanced Application > Multicast > Multicast Setting The following table describes the labels in this screen. Table 54 Advanced Application > Multicast > Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping. Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group.
Page 174: Igmp Snooping Vlan
Chapter 22 Multicast Table 54 Advanced Application > Multicast > Multicast Setting (continued) LABEL Reserved Multicast Group Port Immed. Leave Group Limited Max Group Num. IGMP Filtering Profile IGMP Querier Mode Apply Cancel 22.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown.
Page 175: Figure 83 Advanced Application > Multicast > Multicast Setting > Igmp Snooping Vlan
Figure 83 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN The following table describes the labels in this screen. Table 55 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically.
Page 176: Igmp Filtering Profile
Chapter 22 Multicast Table 55 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN LABEL Index Name Delete Cancel 22.5 IGMP Filtering Profile An IGMP filtering profile specifies a range of multicast groups that clients connected to the Switch are able to join.
Page 177: Mvr Overview
Table 56 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile LABEL DESCRIPTION Click Add to save the profile to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 178: Mvr Modes
Chapter 22 Multicast 22.6.2 MVR Modes You can set your Switch to operate in either dynamic or compatible mode. In dynamic mode, the Switch sends IGMP leave and join reports to the other multicast devices (such as multicast routers or servers) in the multicast VLAN. This allows the multicast devices to update the multicast forwarding table to forward or not forward multicast traffic to the receiver ports.
Page 179: Figure 87 Advanced Application > Multicast > Multicast Setting > Mvr
Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 87 Advanced Application > Multicast > Multicast Setting > MVR The following table describes the related labels in this screen. Table 57 Advanced Application >...
Page 180: Mvr Group Configuration
Chapter 22 Multicast Table 57 Advanced Application > Multicast > Multicast Setting > MVR (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 181: Mvr Configuration Example
Figure 88 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration The following table describes the labels in this screen. Table 58 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration LABEL DESCRIPTION Multicast Select a multicast VLAN ID (that you configured in the MVR screen) from the drop- VLAN ID down list box.
Page 182: Figure 89 Mvr Configuration Example
Chapter 22 Multicast Figure 89 MVR Configuration Example To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 90 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen.
Page 183: Figure 92 Mvr Group Configuration Example
Chapter 22 Multicast Figure 92 MVR Group Configuration Example GS-4012F/4024 User’s Guide...
Page 184 Chapter 22 Multicast GS-4012F/4024 User’s Guide...
Page 185: Authentication & Accounting
H A P T E R Authentication & Accounting This chapter describes how to configure authentication and accounting settings on the Switch. 23.1 Authentication, Authorization and Accounting Authentication is the process of determining who a user is and validating access to the Switch. The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.
Page 186: Radius And Tacacs
Chapter 23 Authentication & Accounting 23.1.2 RADIUS and TACACS+ RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device.
Page 187: Figure 95 Advanced Application > Auth And Acct > Radius Server Setup
Figure 95 Advanced Application > Auth and Acct > RADIUS Server Setup The following table describes the labels in this screen. Table 60 Advanced Application > Auth and Acct > RADIUS Server Setup LABEL DESCRIPTION Authentication Use this section to configure your RADIUS authentication settings. Server Mode This field is only valid if you configure multiple RADIUS servers.
Page 188: Tacacs+ Server Setup
Chapter 23 Authentication & Accounting Table 60 Advanced Application > Auth and Acct > RADIUS Server Setup (continued) LABEL DESCRIPTION Delete Check this box if you want to remove an existing RADIUS server entry from the Switch. This entry is deleted when you click Apply. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 189: Figure 96 Advanced Application > Auth And Acct > Tacacs+ Server Setup
Figure 96 Advanced Application > Auth and Acct > TACACS+ Server Setup The following table describes the labels in this screen. Table 61 Advanced Application > Auth and Acct > TACACS+ Server Setup LABEL DESCRIPTION Authentication Use this section to configure your TACACS+ authentication settings. Server Mode This field is only valid if you configure multiple TACACS+ servers.
Page 190: Authentication And Accounting Setup
Chapter 23 Authentication & Accounting Table 61 Advanced Application > Auth and Acct > TACACS+ Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. This key is not sent over the network.
Page 191: Figure 97 Advanced Application > Auth And Acct > Auth And Acct Setup
Figure 97 Advanced Application > Auth and Acct > Auth and Acct Setup The following table describes the labels in this screen. Table 62 Advanced Application > Auth and Acct > Auth and Acct Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch.
Page 192 Chapter 23 Authentication & Accounting Table 62 Advanced Application > Auth and Acct > Auth and Acct Setup (continued) LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control >...
Page 193: Vendor Specific Attribute
Table 62 Advanced Application > Auth and Acct > Auth and Acct Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 194: Supported Radius Attributes
Chapter 23 Authentication & Accounting Table 63 Supported VSAs FUNCTION Egress Bandwidth Assignment Privilege Assignment 23.2.4.1 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server (refer to your RADIUS server documentation) to assign a port on the Switch to a VLAN based on IEEE 802.1x authentication.
Page 195: Attributes Used For Authentication
23.3.1 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 23.3.1.1 Attributes Used for Authenticating Privilege Access User-Name - the format of the User-Name attribute is $enab#$, where # is the privilege level (1=14) User-Password NAS-Identifier...
Page 196: Table 65 Radius Attributes - Exec Events Via Console
Chapter 23 Authentication & Accounting 23.3.2.2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent (the difference between Console and Telnet/SSH Exec events is that the Telnet/SSH events utilize the Calling-Station-Id attribute): Table 65 RADIUS Attributes - Exec Events via Console ATTRIBUTE...
Page 197 Chapter 23 Authentication & Accounting Table 67 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords GS-4012F/4024 User’s Guide...
Page 198 Chapter 23 Authentication & Accounting GS-4012F/4024 User’s Guide...
Page 199: Ip Source Guard
H A P T E R Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 24.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: •...
Page 200: Figure 98 Dhcp Snooping Database File Format
Chapter 24 IP Source Guard Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns dynamic bindings from trusted ports. The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
Page 201: Arp Inspection Overview
24.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: • Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes) •...
Page 202 Chapter 24 IP Source Guard 24.1.2.1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Page 203: Ip Source Guard
24.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
Page 204: Figure 101 Ip Source Guard Static Binding
Chapter 24 IP Source Guard Figure 101 IP Source Guard Static Binding The following table describes the labels in this screen. Table 69 IP Source Guard Static Binding LABEL MAC Address IP Address VLAN Port Cancel Clear Index MAC Address IP Address Lease Type...
Page 205: Dhcp Snooping
24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 102 DHCP Snooping GS-4012F/4024 User’s Guide Chapter 24 IP Source Guard...
Page 206: Table 70 Dhcp Snooping
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 70 DHCP Snooping LABEL Database Status Agent URL Write delay timer Abort timer Agent running Delay timer expiry Abort timer expiry Last succeeded time Last failed time Last failed reason Total attempts Startup failures...
Page 207 Table 70 DHCP Snooping (continued) LABEL Successful writes Failed writes Database detail First successful access Last ignored bindings counters Binding collisions Invalid interfaces Parse failures Expired leases Unsupported vlans Last ignored time Total ignored bindings counters Binding collisions Invalid interfaces Parse failures Expired leases Unsupported vlans...
Page 208: Dhcp Snooping Configure
Chapter 24 IP Source Guard 24.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database. The DHCP snooping database stores the current bindings on a secure, external TFTP server so that they are still available after a restart.
Page 209: Dhcp Snooping Port Configure
Table 71 DHCP Snooping Configure (continued) LABEL Database Agent URL Timeout interval Write delay interval Renew DHCP Snooping URL Apply Cancel 24.5.1 DHCP Snooping Port Configure Use this screen to specify whether ports are trusted or untrusted ports for DHCP snooping. The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
Page 210: Figure 104 Dhcp Snooping Port Configure
Chapter 24 IP Source Guard Figure 104 DHCP Snooping Port Configure The following table describes the labels in this screen. Table 72 DHCP Snooping Port Configure LABEL Port Server Trusted state Rate (pps) Apply Cancel DESCRIPTION This field displays the port number. If you configure the * port, the settings are applied to all of the ports.
Page 211: Dhcp Snooping Vlan Configure
24.5.2 DHCP Snooping VLAN Configure Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information requests that the Switch relays to a DHCP server for each VLAN. To open this screen, click Advanced Application >...
Page 212: Arp Inspection Status
Chapter 24 IP Source Guard 24.6 ARP Inspection Status Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Page 213: Arp Inspection Log Status
Figure 107 ARP Inspection VLAN Status The following table describes the labels in this screen. Table 75 ARP Inspection VLAN Status LABEL Show VLAN range Enabled VLAN Selected VLAN Apply Received Request Reply Forwarded Dropped 24.6.2 ARP Inspection Log Status Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet.
Page 214: Figure 108 Arp Inspection Log Status
Chapter 24 IP Source Guard Figure 108 ARP Inspection Log Status The following table describes the labels in this screen. Table 76 ARP Inspection Log Status LABEL Clearing log status table Total number of logs Index Port Sender Mac Sender IP Num Pkts Reason Time...
Page 215: Arp Inspection Configure
24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection >...
Page 216: Arp Inspection Port Configure
Chapter 24 IP Source Guard Table 77 ARP Inspection Configure (continued) LABEL Syslog rate Log interval Apply Cancel 24.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port.
Page 217: Arp Inspection Vlan Configure
The following table describes the labels in this screen. Table 78 ARP Inspection Port Configure LABEL Port Trusted State Limit Rate (pps) Burst interval (seconds) Apply Cancel 24.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN.
Page 218: Table 79 Arp Inspection Vlan Configure
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 79 ARP Inspection VLAN Configure LABEL VLAN Start VID End VID Apply Enabled Apply Cancel DESCRIPTION Use this section to specify the VLANs you want to manage in the section below.
Page 219: Loop Guard
H A P T E R This chapter shows you how to configure the Switch to guard against loops on the edge of your network. 25.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
Page 220: Figure 113 Switch In Loop State
Chapter 25 Loop Guard The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B. Figure 113 Switch in Loop State The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop state.
Page 221: Loop Guard Setup
After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see commands (see Section 45.12.4 on page 368 25.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown.
Page 222 Chapter 25 Loop Guard Table 80 Advanced Application > Loop Guard (continued) LABEL DESCRIPTION Active Select this check box to enable the loop guard feature on this port. The Switch sends probe packets from this port to check if the switch it is connected to is in loop state. If the switch that this port is connected is in loop state the Switch will shut down this port.
Page 223: Ip Application
IP Application Static Route (225) RIP (227) OSPF (229) IGMP (241) DVMRP (245) IP Multicast (249) Differentiated Services (251) DHCP (259) VRRP (267)
Page 225: Static Route
H A P T E R This chapter shows you how to configure static routes. 26.1 Configuring Static Routing Static routes tell the Switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application, Static Routing in the navigation panel to display the screen as shown. Figure 117 Static Routing The following table describes the related labels you use to create a static route.
Page 226 Chapter 26 Static Route Table 81 Static Routing (continued) LABEL DESCRIPTION Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks.
Page 227: Rip
H A P T E R This chapter shows you how to configure RIP (Routing Information Protocol). 27.1 RIP Overview RIP (Routing Information Protocol) allows a routing device to exchange routing information with other routers. The Direction field controls the sending and receiving of RIP packets. When set to: •...
Page 228: Figure 118 Rip
Chapter 27 RIP Figure 118 RIP The following table describes the labels in this screen. Table 82 RIP LABEL DESCRIPTION Active Select this check box to enable RIP on the Switch. Index This field displays the index number of an IP interface. Network This field displays the IP interface configured on the Switch.
Page 229: Ospf
H A P T E R This chapter describes the OSPF (Open Shortest Path First) routing protocol and shows you how to configure OSPF. 28.1 OSPF Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS).
Page 230: How Ospf Works
Chapter 28 OSPF The following figure depicts an OSPF network example. The backbone is area 0 with a backbone router. The internal routers are in area 1 and 2. The area border routers connect area 1 and 2 to the backbone. Figure 119 OSPF Network Example 28.1.2 How OSPF Works Layer 3 devices exchange routing information to build synchronized link state database within...
Page 231: Configuring Ospf
Figure 120 OSPF Router Election Example You can assign a priority to an interface which determines whether this router will be elected to be a DR or BDR. The router with the highest priority becomes the DR, while a router with a priority of 0 does not participate in router elections.
Page 232: Figure 121 Ospf Status
Chapter 28 OSPF Figure 121 OSPF Status The following table describes the labels in this screen. Table 85 OSPF Status LABEL DESCRIPTION OSPF This field displays whether OSPF is activated (Running) or not (Down). Interface The text box displays the OSPF status of the interface(s) on the Switch. Neighbor The text box displays the status of the neighboring router participating in the OSPF network.
Page 233: Ospf Configuration
Table 86 OSPF Status: Common Output Fields (continued) FIELD DESCRIPTION State This field displays the state of the Switch (backup or DR (designated router)). Priority This field displays the priority of the Switch. This number is used in the designated router election.
Page 234: Table 87 Ospf Configuration: Activating And General Settings
Chapter 28 OSPF OSPF Configuration: Activating and General Settings The follow table describes the related labels in this screen. Table 87 OSPF Configuration: Activating and General Settings LABEL DESCRIPTION Active OSPF is disabled by default. Select this option to enable it. Router ID Router ID uniquely identifies the Switch in an OSPF.
Page 235: Configure Ospf Areas
28.4 Configure OSPF Areas To ensure that the Switch receives only routing information from a trusted layer 3 devices, activate authentication. The OSPF supports three authentication methods: • None – no authentication is used. • Simple – authenticate link state updates using an 8 printable ASCII character password. •...
Page 236: View Ospf Area Information Table
Chapter 28 OSPF Table 88 OSPF Configuration: Area Setup (continued) LABEL DESCRIPTION Stub Network Select this option to set the area as a stub area. If you enter 0.0.0.0 in the Area ID field, the settings in the Stub Area fields are ignored.
Page 237: Figure 124 Ospf Interface
In the OSPF Configuration screen, click Interface to display the OSPF Interface screen. Figure 124 OSPF Interface The following table describes the labels in this screen. Table 90 OSPF Interface LABEL DESCRIPTION Network Select an IP interface. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area.
Page 238: Ospf Virtual-Links
Chapter 28 OSPF Table 90 OSPF Interface (continued) LABEL DESCRIPTION Priority The priority you assign to the interface is used in router elections to decide which router is going to be the Designated Router (DR) or the Backup Designated Router (BDR).
Page 239: Table 91 Ospf Virtual-Link
The following table describes the related labels in this screen. Table 91 OSPF Virtual-Link LABEL DESCRIPTION Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area.
Page 240 Chapter 28 OSPF GS-4012F/4024 User’s Guide...
Page 241: Igmp
H A P T E R This chapter shows you how to configure the Switch as a multicast router. 29.1 IGMP Overview IP multicast is an IETF standard for distributing data to multiple recipients. The following figure shows a multicast session and the relationship between a multicast server, multicast routers and multicast hosts.
Page 242: How Igmp Works
Chapter 29 IGMP The Switch supports IGMP version 1 (IGMP-v1), version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). Refer to RFC 1112, RFC 2236 and RFC 3376 for information on IGMP versions 1, 2 and 3 respectively. At start up, the Switch queries all directly connected networks to gather group membership.
Page 243: Port-Based Igmp
IGMP version 3 allows a multicast host to join a multicast group and specify from which source (multicast server) it wants to receive multicast packets. Alternatively, a multicast host can specify from which multicast servers it does not want to receive multicast packets. In the following figure multicast server X (IP address 10.1.1.1) and multicast server Z (IP address 13.2.2.2) both send multicast traffic to the same multicast group identified by the multicast IP address 225.1.1.1.
Page 244: Table 92 Ip Application > Igmp
Chapter 29 IGMP The following table describes the labels in this screen. Table 92 IP Application > IGMP LABEL DESCRIPTION Active Select this check box to enable IGMP on the Switch. Note: You cannot enable both IGMP snooping and IGMP at the same Unknown Specify the action to perform when the Switch receives an unknown multicast frame.
Page 245: Dvmrp
H A P T E R This chapter introduces DVMRP and tells you how to configure it. 30.1 DVMRP Overview DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast data within an autonomous system (AS). This DVMRP implementation is based on draft-ietf- idmr-dvmrp-v3-10.
Page 246: Dvmrp Terminology
Chapter 30 DVMRP Figure 131 How DVMRP Works 30.2.1 DVMRP Terminology DVMRP probes are used to discover other DVMRP Neighbors on a network. DVMRP reports are used to exchange DVMRP source routing information. These packets are used to build the DVMRP multicast routing table that is used to build source trees and also perform Reverse Path Forwarding (RPF) checks on incoming multicast packets.
Page 247: Dvmrp Configuration Error Messages
Table 93 DVMRP (continued) LABEL DESCRIPTION Index Index is the DVMRP configuration for the IP routing domain defined under Network. The maximum number of DVMRP configurations allowed is the maximum number of IP routing domains allowed on the Switch. See routing domains.
Page 248: Default Dvmrp Timer Values
Chapter 30 DVMRP 30.4 Default DVMRP Timer Values The following are some default DVMRP timer values. Table 94 DVMRP: Default Timer Values DVMRP FIELD Probe interval Report interval Route expiration time Prune lifetime Prune retransmission time Graft retransmission time DEFAULT VALUE 10 sec 35 sec 140 sec...
Page 249: Ip Multicast
H A P T E R This chapter shows you how to configure the IP Multicast screen. 31.1 IP Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (one sender to one recipient) or Broadcast (one sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the network - not everybody.
Page 250: Table 95 Ip Multicast
Chapter 31 IP Multicast The following table describes the labels in this screen. Table 95 IP Multicast LABEL DESCRIPTION Port This read-only field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 251: Differentiated Services
H A P T E R Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 32.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Page 252: Diffserv Network Example
Chapter 32 Differentiated Services 32.1.2 DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ-compliant network devices. The boundary node (A in network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules.
Page 253: Trtcm - Color-Blind Mode
• Green (low loss priority level) packets are forwarded. TRTCM operates in one of two modes: color-blind or color-aware. In color-blind mode, packets are marked based on evaluating against the PIR and CIR regardless of if they have previously been marked or not. In the color-aware mode, packets are marked based on both existing color and evaluation against the PIR and CIR.
Page 254: Activating Diffserv
Chapter 32 Differentiated Services 32.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). Click IP Application > DiffServ in the navigation panel to display the screen as shown. Figure 141 IP Application > DiffServ The following table describes the labels in this screen.
Page 255: Figure 142 Ip Application > Diffserv > 2-Rate 3 Color Marker
You cannot enable both TRTCM and Bandwidth Control at the same time. Figure 142 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen. Table 97 IP Application > DiffServ > 2-rate 3 Color Marker LABEL DESCRIPTION Active...
Page 256: Dscp-To-Ieee 802.1P Priority Settings
Chapter 32 Differentiated Services Table 97 IP Application > DiffServ > 2-rate 3 Color Marker (continued) LABEL DESCRIPTION DSCP Use this section to specify the DSCP values that you want to assign to packets based on the color they are marked via TRTCM. green Specify the DSCP value to use for packets with low packet loss priority.
Page 257: Table 99 Ip Application > Diffserv > Dscp Setting
The following table describes the labels in this screen. Table 99 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box.
Page 258 Chapter 32 Differentiated Services GS-4012F/4024 User’s Guide...
Page 259: Dhcp
H A P T E R This chapter shows you how to configure the DHCP feature. 33.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the Switch as a DHCP server or a DHCP relay agent.
Page 260: Dhcp Status
Chapter 33 DHCP 33.2 DHCP Status Click IP Application > DHCP in the navigation panel. The DHCP Status screen displays. Figure 144 IP Application > DHCP Status The following table describes the labels in this screen. Table 100 IP Application > DHCP Status LABEL DESCRIPTION Server Status...
Page 261: Dhcp Relay
The following table describes the labels in this screen. Table 101 IP Application > DHCP Server Status Detail LABEL DESCRIPTION Start IP Address This field displays the starting IP address of the IP address pool configured for this DHCP server instance. End IP Address This field displays the last IP address of the IP address pool configured for this DHCP server instance.
Page 262: Configuring Dhcp Global Relay
Chapter 33 DHCP The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field. The Option 82 field is in the DHCP headers of client DHCP request frames that the Switch relays to a DHCP server. Relay Agent Information can include the System Name of the Switch if you select this option.
Page 263: Global Dhcp Relay Configuration Example
Table 103 IP Application > DHCP > Global (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 264: Configuring Dhcp Vlan Settings
Chapter 33 DHCP 33.5 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.
Page 265: Table 104 Ip Application > Dhcp > Vlan
The following table describes the labels in this screen. Table 104 IP Application > DHCP > VLAN LABEL DESCRIPTION Enter the ID number of the VLAN to which these DHCP settings apply. DHCP Status Select whether the Switch should function as a DHCP Server or Relay for the specified VID.
Page 266: Example: Dhcp Relay For Two Vlans
Chapter 33 DHCP 33.5.1 Example: DHCP Relay for Two VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.168.1.100.
Page 267: Vrrp
H A P T E R This chapter shows you how to configure and monitor the Virtual Router Redundancy Protocol (VRRP) on the Switch. 34.1 VRRP Overview Each host on a network is configured to send packets to a statically configured default gateway (this Switch).
Page 268: Vrrp Status
Chapter 34 VRRP If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B. 34.2 VRRP Status Click IP Application, VRRP in the navigation panel to display the VRRP Status screen as shown next.
Page 269: Vrrp Configuration
34.3 VRRP Configuration The following sections describe the different parts of the VRRP Configuration screen. 34.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 7.6 on page 83 Click IP Application, VRRP and click the Configuration link to display the VRRP Configuration screen as shown next.
Page 270: Vrrp Parameters
Chapter 34 VRRP Table 106 VRRP Configuration: IP Interface LABEL DESCRIPTION Index This field displays the index number of an entry. Network This field displays the IP address and number of subnet mask bit of an IP domain. Authentication Select None to disable authentication. This is the default setting. Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface.
Page 271: Configuring Vrrp Parameters
34.3.3 Configuring VRRP Parameters After you set up an IP interface, configure the VRRP parameters in the VRRP Configuration screen. Figure 155 VRRP Configuration: VRRP Parameters The following table describes the labels in this screen. Table 107 VRRP Configuration: VRRP Parameters LABEL Active Name...
Page 272: Vrrp Configuration Summary
Chapter 34 VRRP 34.4 VRRP Configuration Summary To view a summary of all VRRP configurations on the Switch, scroll down to the bottom of the VRRP Configuration screen. Figure 156 VRRP Configuration: Summary The following table describes the labels in this screen. Table 108 VRRP Configuring: VRRP Parameters LABEL DESCRIPTION...
Page 273: Figure 157 Vrrp Configuration Example: One Virtual Router Network
Chapter 34 VRRP Figure 157 VRRP Configuration Example: One Virtual Router Network 172.21.1.1 172.21.1.10 172.21.1. You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 158 VRRP Example 1: VRRP Parameter Settings on Switch A Figure 159 VRRP Example 1: VRRP Parameter Settings on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both...
Page 274: Two Subnets Example
Chapter 34 VRRP Figure 161 VRRP Example 1: VRRP Status on Switch B 34.5.2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic. Hosts in the two network groups use different default gateways. Each switch is configured to backup a virtual router using VRRP.
Page 275: Figure 164 Vrrp Example 2: Vrrp Parameter Settings For Vr2 On Switch B
Chapter 34 VRRP Figure 164 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 165 VRRP Example 2: VRRP Status on Switch A Figure 166 VRRP Example 2: VRRP Status on Switch B GS-4012F/4024 User’s Guide...
Page 276 Chapter 34 VRRP GS-4012F/4024 User’s Guide...
Page 277: Management, Cli, Troubleshooting
Management, CLI, Troubleshooting Maintenance (279) Access Control (285) Diagnostic (303) Syslog (305) Cluster Management (309) MAC Table (315) IP Table (317) ARP Table (319) Routing Table (321) Configure Clone (323) Introducing Commands (325) User and Enable Mode Commands (377) Configuration Mode Commands (383) Interface Commands (395) IEEE 802.1Q Tagged VLAN Commands (403) Multicast VLAN Registration Commands (411)
Page 279: Maintenance
H A P T E R This chapter explains how to configure the screens that let you maintain the firmware and configuration files. 35.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management, Maintenance in the navigation panel to open the following screen. Figure 167 Maintenance The following table describes the labels in this screen.
Page 280: Load Factory Default
Chapter 35 Maintenance Table 109 Maintenance (continued) LABEL DESCRIPTION Save Click Config 1 to save the current configuration settings to Configuration 1 on the Configuration Switch. Click Config 2 to save the current configuration settings to Configuration 2 on the Switch.
Page 281: Reboot System
35.4 Reboot System Reboot System allows you to restart the Switch without physically turning the power off. It also allows you to load configuration one (Config 1) or configuration two (Config 2) when you reboot. Follow the steps below to reboot the Switch. 1 In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one.
Page 282: Restore A Configuration File
Chapter 35 Maintenance 35.6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 171 Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to display the Choose File screen (below) from which you can locate it.
Page 283: Ftp Command Line
35.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. 35.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on.
Page 284: Gui-Based Ftp Clients
Chapter 35 Maintenance 5 Enter to set transfer mode to binary. 6 Use to transfer files from the computer to the Switch, for example, firmware.bin ras Switch and renames it to “ras”. Similarly, configuration file on your computer (config.cfg) to the Switch and renames it to “config”.
Page 285: Access Control
H A P T E R This chapter describes how to control access to the Switch. 36.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
Page 286: About Snmp
Chapter 36 Access Control 36.3 About SNMP Simple Network Management Protocol (SNMP) is an application layer protocol used to manage and monitor TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the Switch through the network via SNMP version one (SNMPv1), SNMP version 2c or SNMP version 3.
Page 287: Snmp V3 And Security
36.3.1 SNMP v3 and Security SNMP v3 enhances security for SNMP management. SNMP managers can be required to authenticate with agents before conducting SNMP management sessions. Security can be further enhanced by encrypting the SNMP messages sent from the managers. Encryption protects the contents of the SNMP messages.
Page 288 Chapter 36 Access Control Table 113 SNMP System Traps (continued) OPTION OBJECT LABEL temperature TemperatureEventOn TemperatureEventClear voltage VoltageEventOn VoltageEventClear reset UncontrolledResetEventOn ControlledResetEventOn RebootEvent timesync RTCNotUpdatedEventOn RTCNotUpdatedEventClear intrusionlock IntrusionLockEventOn loopguard LoopguardEventOn OBJECT ID DESCRIPTION GS-4012F: This trap is sent when the 1.3.6.1.4.1.890.1.5.8.20.37.2.1 temperature goes above or below the normal operating range.
Page 289: Table 114 Snmp Interfacetraps
Table 114 SNMP InterfaceTraps OPTION OBJECT LABEL linkup linkUp LinkDownEventClear linkdown linkDown LinkDownEventOn autonegotiation AutonegotiationFailedEventO AutonegotiationFailedEventCl Table 115 AAA Traps OPTION OBJECT LABEL authentication authenticationFailure AuthenticationFailureEventOn GS-4012F: RADIUSNotReachableEvent RADIUSNotReachableEvent Clear GS-4012F/4024 User’s Guide OBJECT ID DESCRIPTION 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up.
Page 290: Table 116 Snmp Ip Traps
Chapter 36 Access Control Table 115 AAA Traps (continued) OPTION OBJECT LABEL accounting RADIUSAccountingNotReach ableEventOn RADIUSAccountingNotReach ableEventClear Table 116 SNMP IP Traps OPTION OBJECT LABEL ping pingProbeFailed pingTestFailed pingTestCompleted traceroute traceRouteTestFailed traceRouteTestCompleted OBJECT ID DESCRIPTION GS-4012F: This trap is sent when there is no 1.3.6.1.4.1.890.1.5.8.20.37.2.1 response message from the RADIUS accounting server.
Page 291: Configuring Snmp
Table 117 SNMP Switch Traps OPTION OBJECT LABEL STPNewRoot MRSTPNewRoot MSTPNewRoot STPTopologyChange MRSTPTopologyChange MSTPTopologyChange mactable MacTableFullEventOn MacTableFullEventClear rmon RmonRisingAlarm RmonFallingAlarm 36.3.4 Configuring SNMP From the Access Control screen, display the SNMP screen. You can click Access Control to go back to the Access Control screen. Use this screen to configure your SNMP settings. GS-4012F/4024 User’s Guide OBJECT ID DESCRIPTION...
Page 292: Figure 175 Access Control: Snmp
Chapter 36 Access Control Figure 175 Access Control: SNMP The following table describes the labels in this screen. Table 118 Access Control: SNMP LABEL General Setting Version Get Community Set Community Trap Community Trap Destination Version DESCRIPTION Use this section to specify the SNMP version and community (password) values. Select the SNMP version for the Switch.
Page 293: Configuring Snmp Trap Group
Table 118 Access Control: SNMP (continued) LABEL DESCRIPTION Port Enter the port number upon which the manager listens for SNMP traps. Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap. Note: This username must match an existing account on the Switch User Information Use this section to configure users for authentication with managers using SNMP Note: Use the username and password of the login accounts you...
Page 294: Setting Up Login Accounts
Chapter 36 Access Control Figure 176 Access Control: SNMP: Trap Group The following table describes the labels in this screen. Table 119 Access Control: SNMP: Trap Group LABEL DESCRIPTION Trap Destination Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers.
Page 295: Figure 177 Access Control: Logins
• A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. Click Access Control from the navigation panel and then click Logins from this screen. Figure 177 Access Control: Logins The following table describes the labels in this screen. Table 120 Access Control: Logins LABEL Administrator...
Page 296: Ssh Overview
Chapter 36 Access Control 36.4 SSH Overview Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 178 SSH Communication Example 36.5 How SSH works The following table summarizes how a secure connection is established between two remote...
Page 297: Ssh Implementation On The Switch
2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server.
Page 298: Https Example
Chapter 36 Access Control Figure 180 HTTPS Implementation If you disable HTTP in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 36.8 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https://Switch IP Address/”...
Page 299: Netscape Navigator Warning Messages
36.8.2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape.
Page 300: Service Port Access Control
Chapter 36 Access Control Figure 184 Example: Lock Denoting a Secure Connection 36.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later).
Page 301: Remote Management
The following table describes the fields in this screen. Table 121 Access Control: Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here. Active Select this option for the corresponding services that you want to allow to access the Switch.
Page 302 Chapter 36 Access Control Table 122 Access Control: Remote Management (continued) LABEL DESCRIPTION Telnet/FTP/ Select services that may be used for managing the Switch from the specified trusted HTTP/ICMP/ computers. SNMP/SSH/ HTTPS Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 303: Diagnostic
H A P T E R This chapter explains the Diagnostic screen. 37.1 Diagnostic Click Management, Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 187 Diagnostic The following table describes the labels in this screen.
Page 304 Chapter 37 Diagnostic GS-4012F/4024 User’s Guide...
Page 305: Syslog
H A P T E R This chapter explains the syslog screens. 38.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.
Page 306: Syslog Server Setup
Chapter 38 Syslog Figure 188 Syslog The following table describes the labels in this screen. Table 125 Syslog LABEL Syslog Logging Type Active Facility Apply Cancel 38.3 Syslog Server Setup Click Management and then Syslog in the navigation panel to display the Syslog Setup screen.
Page 307: Figure 189 Syslog: Server Setup
Figure 189 Syslog: Server Setup The following table describes the labels in this screen. Table 126 Syslog: Server Setup LABEL DESCRIPTION Active Select this check box to have the device send logs to this syslog server. Clear the check box if you want to create a syslog server entry but not have the device send logs to it (you can edit the entry later).
Page 308 Chapter 38 Syslog GS-4012F/4024 User’s Guide...
Page 309: Cluster Management
H A P T E R This chapter introduces cluster management. 39.1 Cluster Management Status Overview Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Page 310: Cluster Management Status
Chapter 39 Cluster Management Figure 190 Clustering Application Example 39.2 Cluster Management Status Click Management, Cluster Management in the navigation panel to display the following screen. A cluster can only have one manager. Figure 191 Cluster Management: Status GS-4012F/4024 User’s Guide...
Page 311: Cluster Member Switch Management
The following table describes the labels in this screen. Table 128 Cluster Management: Status LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager...
Page 312: Clustering Management Configuration
Chapter 39 Cluster Management Figure 193 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 Switch FTP version 1.0 ready at Thu Jan User (192.168.0.1:(none)): admin 331 Enter PASS command Password: 230 Logged in ftp> ls 200 Port command okay 150 Opening data connection for LIST --w--w--w-...
Page 313: Figure 194 Clustering Management Configuration
Figure 194 Clustering Management Configuration The following table describes the labels in this screen. Table 130 Clustering Management Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to be cluster managers will not be visible in the Clustering Candidates list.
Page 314 Chapter 39 Cluster Management Table 130 Clustering Management Configuration (continued) LABEL Apply Cancel Clustering Candidate List Password Cancel Refresh The next summary table shows the information for the clustering members configured. Index MacAddr Name Model Remove Cancel DESCRIPTION Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 315: Mac Table
H A P T E R This chapter introduces the MAC Table screen. 40.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).
Page 316: Viewing The Mac Table
Chapter 40 MAC Table 40.2 Viewing the MAC Table Click Management, MAC Table in the navigation panel to display the following screen. Figure 196 MAC Table The following table describes the labels in this screen. Table 131 MAC Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that...
Page 317: Ip Table
H A P T E R This chapter introduces the IP table. 41.1 IP Table Overview The IP Table screen shows how packets are forwarded or filtered across the Switch’s ports. It shows what device IP address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch).
Page 318: Viewing The Ip Table
Chapter 41 IP Table 41.2 Viewing the IP Table Click Management, IP Table in the navigation panel to display the following screen. Figure 198 IP Table The following table describes the labels in this screen. Table 132 IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that...
Page 319: Arp Table
H A P T E R This chapter introduces ARP Table. 42.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 320: Figure 199 Arp Table
Chapter 42 ARP Table Figure 199 ARP Table The following table describes the labels in this screen. Table 133 ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below.
Page 321: Routing Table
H A P T E R This chapter introduces the routing table. 43.1 Overview The routing table contains the route information to the network(s) that the Switch can reach. The Switch automatically updates the routing table with the RIP information received from other Ethernet devices.
Page 322 Chapter 43 Routing Table GS-4012F/4024 User’s Guide...
Page 323: Configure Clone
H A P T E R This chapter shows you how you can copy the settings of one port onto other ports. 44.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
Page 324: Table 135 Configure Clone
Chapter 44 Configure Clone The following table describes the labels in this screen. Table 135 Configure Clone LABEL DESCRIPTION Source/ Enter the source port under the Source label. This port’s attributes are copied. Destination Enter the destination port or ports under the Destination label. These are the ports Port which are going to have the same attributes as the source port.
Page 325: Introducing Commands
H A P T E R Introducing Commands This chapter introduces commands and gives a summary of commands available. 45.1 Overview In addition to the web configurator, you can use commands to configure the Switch. Use commands for advanced Switch diagnosis and troubleshooting. If you have problems with your Switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
Page 326: The Login Screen
When you turn on your Switch, it performs several internal tests as well as line initialization. You can view the initialization information using the console port. After the initialization, the login screen displays (refer to Copyright (c) 1994 - 2007 ZyXEL Communications Corp. initialize mgmt, ethernet address: 00:13:49:00:00:01 initialize switch, ethernet address: 00:13:49:00:00:02 Initializing switch unit 0...
Page 327: Changing The Password
• The required fields in a command are enclosed in angle brackets <>, for instance, means that you must specify an IP number for this command. <ip> • The optional fields in a command are enclosed in square brackets [], for instance, configure snmp-server [contact <system contact>] [location <system location>] means that the contact and location fields are optional.
Page 328: Privilege Levels
Chapter 45 Introducing Commands 45.7 Privilege Levels You can use a command whose privilege level is equal to or less than that of your login account. For example, if your login account has a privilege level of 12, you can use all commands with privilege levels from 0 to 12.
Page 329: Getting Help
The following table describes command interpreter modes and how to access them. Table 136 Command Interpreter Mode Summary MODE DESCRIPTION User Commands available in this mode are a subset of enable mode. You can perform basic tests and display general system information. Enable Commands available in this mode allow you to save configuration...
Page 330: List Of Available Commands
Chapter 45 Introducing Commands 45.9.1 List of Available Commands Enter “ ” to display a list of available commands and the corresponding sub commands. help sysname> help Commands available: help logout exit history enable show ip <cr> show hardware-monitor <C|F> show system-information show alarm-status show cpu-utilization...
Page 331: Using Command History
Enter <command> help sysname> ping help Commands available: ping <ip|host-name> < [ in-band|out-of-band|vlan <vlan-id> ] [ size <0-1472> ] [ -t ] > sysname> Enter to display detailed help information about the sub commands and <command> ? parameters. sysname> ping ? <ip|host-name>...
Page 332: Switch Configuration File
Chapter 45 Introducing Commands You must save your changes after each CLI session. All unsaved configuration changes are lost once you restart the Switch. sysname# write memory 45.11.1 Switch Configuration File When you configure the Switch using either the CLI (Command Line Interface) or web configurator, the settings are saved as a series of commands in a configuration file on the Switch.
Page 333: User Mode
45.12.1 User Mode The following table describes the commands available for User mode. Table 137 Command Summary: User Mode COMMAND help logout exit history enable <0-14> show hardware-monitor <C|F> system-information alarm-status cpu-utilization version flash version <cr> ping <IP|host-name> <IP|host-name> [vlan <vlan-id>] [size <0-1472>] [-t]...
Page 334: Enable Mode
Chapter 45 Introducing Commands 45.12.2 Enable Mode The following table describes the commands available for Enable mode. Table 138 Command Summary: Enable Mode COMMAND baudrate <1|2|3|4|5> boot config <index> clear arp inspection arp inspection arp inspection arp inspection dhcp snooping database loopguard configure...
Page 335 Table 138 Command Summary: Enable Mode (continued) COMMAND <0-14> erase running-config ethernet remote-loopback test <port> exit help history igmp-flush kick tcp <Session ID> logout mac-flush <port-num> interface logging ping <IP|host- name> [vlan <vlan- id>][..] reload config <index> renew dhcp snooping database GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands...
Page 336 Chapter 45 Introducing Commands Table 138 Command Summary: Enable Mode (continued) COMMAND renew dhcp <tftp://host/ snooping filename> database show alarm-status arp inspection DESCRIPTION Loads dynamic bindings from the specified DHCP snooping database. Displays whether authentication authentication and privilege checking is enabled on the Switch and what methods are used for authentication.
Page 337 Table 138 Command Summary: Enable Mode (continued) COMMAND classifier cluster cpu-utilization dhcp diffserv ethernet oam ethernet oam GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Displays statistics regarding the statistics total number of ARP packets received on the Switch. Displays statistics regarding the statistics vlan total number of ARP packets <vlan-list>...
Page 338 Chapter 45 Introducing Commands Table 138 Command Summary: Enable Mode (continued) COMMAND ethernet oam garp hardware-monitor https igmp-filtering igmp-snooping interfaces <port- number> interfaces config <port-list> DESCRIPTION Displays the configuration details summary of each OAM activated port. Displays GARP information. Displays current hardware monitor <C|F>...
Page 339 Table 138 Command Summary: Enable Mode (continued) COMMAND lacp logging GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Displays DVMRP neighbor dvmrp neighbor information. Displays the DVMRP prune dvmrp prune information. Displays the DVMRP routes. dvmrp route Displays multicast group details igmp group for each port(s).
Page 340 Chapter 45 Introducing Commands Table 138 Command Summary: Enable Mode (continued) COMMAND logins loopguard mac-aging-time mac- authentication mac- authentication mac-count mrstp <tree- index> mstp multicast multi-login DESCRIPTION Displays login account information. Displays which ports have loopguard enabled as well as their status.
Page 341 Table 138 Command Summary: Enable Mode (continued) COMMAND policy port-access- authenticator port-security radius-accounting radius-server remote-management router running-config service-control snmp-server spanning-tree GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Displays the specified MVR group <vlan-id> settings. Displays all policy related information. Displays the specified policy [name] related information.
Page 342 Chapter 45 Introducing Commands Table 138 Command Summary: Enable Mode (continued) COMMAND subnet-vlan system- information tacacs-server tacacs-accounting time timesync trunk version vlan vlan-stacking vlan1q <1|2> <[user@]dest-ip> test interface port- channel <port- list> traceroute <ip|host-name> [in-band|out-of- band|vlan <vlan- id>][ttl <1-255>] [wait <1-60>] [queries <1-10>] help DESCRIPTION...
Page 343: General Configuration Mode
Table 138 Command Summary: Enable Mode (continued) COMMAND write memory 45.12.3 General Configuration Mode The following table lists the commands in Configuration (or Config) mode. Table 139 Command Summary: Configuration Mode COMMAND accounting GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Saves current configuration to the configuration file the Switch is...
Page 344 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND authentication admin- <pw-string> password <confirm-string> inspection filter-aging-time log buffer vlan <vlan-list> DESCRIPTION Sets the update period for update periodic accounting sessions. This is the <1-2147483647> time the Switch waits to send an update to an accounting server after a session starts.
Page 345 Table 139 Command Summary: Configuration Mode (continued) COMMAND bandwidth- control bcp- transparenc classifier <name> <[packet- format <802.3untag|802.3t ag| EtherIIuntag| EtherIItag>] [priority <0-7>] [vlan <vlan- id>][ethernet-type <ether-num|ip|ipx| arp|rarp| appletalk|decnet| sna|netbios|dlc>] [source-mac <src- mac-addr>] [source-port <port-num>] [destination-mac <dest-mac-addr>] [dscp <0-63> ] [ip-protocol <protocol- num|tcp|udp|icmp|e ospf|rsvp|igmp|...
Page 346 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND member <mac- address> password <password-str> name <cluster name> rcommand <mac- address> default- <in-band|out-of- management band> dhcp dhcp-vlan <vlan- id> dhcp relay <vlan-id> server <vlan-id> smart-relay DESCRIPTION Sets the cluster member. Sets a descriptive name for the cluster.
Page 347 Table 139 Command Summary: Configuration Mode (continued) COMMAND dhcp snooping diffserv dscp <0-63> priority <0-7> ethernet exit garp join <100-65535> leave <msec> leaveall <msec> GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Sets the IP addresses of up to 3 helper-address DHCP servers.
Page 348 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND help history hostname <name_string> https cert-regeneration <rsa|dsa> timeout <0-65535> igmp- filtering profile <name> start-address <ip> end-address <ip> igmp- snooping 8021p-priority host-timeout leave-timeout unknown-multicast- frame <drop|flooding> reserved- multicast-group <drop|flooding> vlan interface port-channel...
Page 349 Table 139 Command Summary: Configuration Mode (continued) COMMAND name-server route source binding <mac-addr> vlan <vlan-id> <ip> lacp system-priority logins username <name> password <pwd> username <name> logout loopguard mac- authenticat nameprefix <name- string> password <name- string> timeout <1-3000> mac-aging- <10-3000> time GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION...
Page 350 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND mac-filter name <name> mac <mac-addr> vlan <vlan-id> drop <src/dst/both> mac-forward name <name> mac <mac-addr> vlan <vlan-id> interface <interface-id> mirror-port <port-num> mode zynos mrstp <tree-index> interface <port- list> help mstp configuration name hello-time <1-10>...
Page 351 Table 139 Command Summary: Configuration Mode (continued) COMMAND max-hop <1-255> revision <0-65535> multi-login <vlan-id> aaa accounting aaa authentication arp inspection GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Assigns the path cost to the interface port- specified ports. channel <port- list>...
Page 352 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND bandwidth-control bcp-transparency classifier cluster dhcp relay dhcp server <vlan- id> dhcp smart relay dhcp snooping DESCRIPTION Resets the maximum number of log-buffer logs syslog messages the Switch can send to the syslog server in one batch to the default value (4).
Page 353 Table 139 Command Summary: Configuration Mode (continued) COMMAND dhcp dhcp-vlan diffserv ethernet oam igmp-filtering igmp-snooping GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Specifies the VLAN IDs for vlan <vlan- VLANs you want to disable list> DHCP snooping on. Sets the Switch to not add the vlan <vlan- system name to DHCP requests list>...
Page 354 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND lacp logins <name> loopguard mac-authentication mac-authentication timeout mac-filter mac-forward mirror-port mrstp mrstp mstp DESCRIPTION Enables a specified IP static route <ip> route. <mask> inactive Disables the link aggregation control protocol (dynamic trunking) on the Switch.
Page 355 Table 139 Command Summary: Configuration Mode (continued) COMMAND multi-login mvr <vlan-id> password privilege <0-14> policy <name> port-access- authenticator port-security radius-accounting radius-server remote-management router GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Disables the assignment of instance <0-16> specific ports from an MST interface port- instance.
Page 356 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND service-control snmp-server DESCRIPTION Disables FTP access to the Switch. Disables web browser control to http the Switch. Disables secure web browser https access to the Switch. Disables ICMP access to the icmp Switch such as pinging and tracerouting.
Page 357 Table 139 Command Summary: Configuration Mode (continued) COMMAND spanning-tree storm-control subnet-based-vlan syslog tacacs-accounting tacacs-server time timesync trtcm trunk GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Disables STP. Disables STP on listed ports. <port-list> Disables the secure shell server encryption key. Your Switch <rsa1|rsa|dsa>...
Page 358 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND vlan vlan1q vlan-stacking password <password> password <password> DESCRIPTION Removes ports from the <T1|T2|T3|T4|T5 specified trunk group. |T6> interface <port-list> Disables LACP in the specified <T1|T2|T3|T4|T5 trunk group. |T6> lacp Deletes the static VLAN entry.
Page 359 Table 139 Command Summary: Configuration Mode (continued) COMMAND policy <name> classifier <classifier-list> < [vlan<vlan-id>] [egress-port <port-num>] [priority <0-7>] [dscp <0-63>] [tos <0-7>] [bandwidth <bandwidth>] [outgoing-packet- format <tagged|untagged>] [out-of-profile- dscp <0-63>] [forward-action <drop|forward>] [queue-action <prio-set|prio- queue|prio- replace-tos>] [diffserv-action <diff-set- tos|diff-replace- priority|diff-set- dscp>] [outgoing-mirror] [outgoing-eport]...
Page 360 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND port- security <port-list> queue priority <0-7> level <0-7> radius- host <index><ip> accounting timeout <1-1000> radius- host <index> <ip> server timeout <1-1000> mode remote- <index> start-addr management <ip> end-addr <ip> service <telnet|ftp|http| icmp|snmp>...
Page 361 Table 139 Command Summary: Configuration Mode (continued) COMMAND igmp ospf <router-id> GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Enables and enters the IGMP configuration mode. Leaves the IGMP configuration exit mode. Sets the Switch to Non-Querier non-querier mode. (If a multicast router with a lower IP address, it will stop sending Query messages on that network.)
Page 362 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION Enables MD5 authentication and area <area-id> sets the key ID and key for the virtual-link virtual link in the area. <router-id> message-digest- key <keyid> md5 <key> Sets a descriptive name for the area <area-id>...
Page 363 Table 139 Command Summary: Configuration Mode (continued) COMMAND vrrp network <ip- address>/<mask- bits> vr-id <1-7> uplink-gateway <ip> GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Deletes the OSPF network. no network <ip- addr/bits> Sets the Switch not to learn RIP no redistribute routing information.
Page 364 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND service- ftp <socket- control number> http <socket- number> <timeout> https <socket- number> icmp snmp ssh <socket- number> telnet <socket- number> snmp-server [contact <system contact>] [location <system location>] get-community <property>...
Page 365 Table 139 Command Summary: Configuration Mode (continued) COMMAND username <name> version <v2c|v3|v3v2c> spanning- tree mode <RSTP|MRSTP|MSTP> <port-list> <port-list> path- cost <1-65535> <port-list> priority <0-255> hello-time <1-10> maximum-age <6-40> forward-delay <4- 30> help GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Enables sending all interface interface type traps to a manager.
Page 366 Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND priority <0-61440> known-hosts <host- ip> <1024|ssh- rsa|ssh-dsa> <key> storm- control subnet- based-vlan dhcp-vlan-override name <name> source-ip <ip> mask-bits <mask- bits> vlan <vid> priority <0-7> syslog server <ip- address> type <type>...
Page 367 Table 139 Command Summary: Configuration Mode (continued) COMMAND mode time <Hour:Min:Sec> date <month/day/ year> daylight-saving- time help timezone <- 1200|...|1200> timesync <daytime|time|ntp> server <ip> trtcm mode <color- aware|color-blind> trunk <T1|T2|T3|T4|T5|T6 > <T1|T2|T3|T4|T5|T6 >lacp <T1|T2|T3|T4|T5|T6 >interface <port- list> interface <port- list> timeout <lacp-timeout>...
Page 368: Interface Port-Channel Commands
Chapter 45 Introducing Commands Table 139 Command Summary: Configuration Mode (continued) COMMAND <SPTPID> vlan-type <802.1q|port- based> 45.12.4 interface port-channel Commands The following table lists the Use these commands to configure the ports. Table 140 interface port-channel Commands COMMAND interface port- channel <port- list>...
Page 369 Table 140 interface port-channel Commands (continued) COMMAND bpdu-control <peer|tunnel|disc ard|network> broadcast-limit dhcp snooping trust dhcp snooping limit rate <pps> diffserv dlf-limit egress set <port- list> ethernet oam exit flow-control frame-type <all|tagged|untag ged> GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Sets the maximum bandwidth egress <Kbps>...
Page 370 Chapter 45 Introducing Commands Table 140 interface port-channel Commands (continued) COMMAND ge-spq gvrp help igmp-filtering igmp-group- limited igmp-immediate- leave igmp-querier-mode <auto|fixed|edge> inactive ingress-check intrusion-lock ipmc egress- untag-vlan <vlan- id> loopguard mac- authentication mirror multicast-limit DESCRIPTION Enables strict priority queuing <q0|q1|...|q7> starting with the specified queue and subsequent higher queues on the Gigabit ports.
Page 371 Table 140 interface port-channel Commands (continued) COMMAND name <port-name- string> GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Sets a name for the port(s). Enter a descriptive name (up to nine printable ASCII characters). Disables this port from being a arp inspection trusted port for ARP inspection.
Page 372 Chapter 45 Introducing Commands Table 140 interface port-channel Commands (continued) COMMAND pvid <vlan-id> speed-duplex trtcm DESCRIPTION Disables ingress checking on the ingress-check port(s). Disables intrusion-lock on a port intrusion-lock so that a port can be connected again after you disconnected the cable.
Page 373: Interface Route-Domain Commands
Table 140 interface port-channel Commands (continued) COMMAND vlan-stacking vlan-trunking weight <wt1> <wt2> ... <wt8> 45.12.5 interface route-domain Commands The following table lists the Use these commands to configure the IP routing domains. Table 141 interface route-domain Commands COMMAND interface route-domain <ip-address>/ <mask-bits>...
Page 374 Chapter 45 Introducing Commands Table 141 interface route-domain Commands (continued) COMMAND DESCRIPTION Sets the maximum time that the igmp query-max- router waits for a response to an response-time <1-25> general query message. Sets the amount of time in igmp last-member- seconds that the router waits for query-interval <1-25>...
Page 375: Config-Vlan Commands
45.12.6 config-vlan Commands The following table lists the Table 142 Command Summary: config-vlan Commands COMMAND vlan <vlan-id> exit fixed <port-list> forbidden <port- list> help inactive ip address name <name-str> normal <port- list> untagged <port- list> GS-4012F/4024 User’s Guide Chapter 45 Introducing Commands commands in configuration mode.
Page 376: Mvr Commands
Chapter 45 Introducing Commands 45.13 mvr Commands The following table lists the Table 143 Command Summary: mvr Commands COMMAND mvr <vlan- id> exit group <name-str> start-address <ip> end-address <ip> inactive mode <dynamic| compatible> name <name-str> receiver-port <port-list> source-port <port-list> tagged <port- list>...
Page 377: User And Enable Mode Commands
This command shows the general system information (such as the firmware version and system up time). An example is shown next. Copyright (c) 1994 - 2007 ZyXEL Communications Corp. sysname# show sys System Name System Contact System Location...
Page 378: Show Ip
Chapter 46 User and Enable Mode Commands 46.2.2 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all interfaces. Switch The following figure shows the default interface settings. sysname> show Management IP Address IP[192.168.0.1], Netmask[255.255.255.0], VID[0] IP Interface...
Page 379: Show Mac Address-Table
This command displays statistics of a port. The following example shows that port 2 is up and the related information. sysname# show interface 2 Port Info Port NO. Link Status LACP TxPkts RxPkts Errors Tx KBs/s Rx KBs/s Up Time TX Packet Tx Packets Multicast...
Page 380: Ping
Chapter 46 User and Enable Mode Commands 46.3 ping Syntax: ping <ip|host-name> < [in-band|out-of-band|vlan <vlan-id> ] [size -> <0-1472>] [-t]> where <ip|host-name> [in-band|out-of- band|vlan <vlan- id>] [size <0-1472>] [-t] This command sends Ping packets to an Ethernet device. The following example sends Ping requests to and displays the replies from an Ethernet device with an IP address of 192.168.1.100 sysname# ping 192.168.1.100...
Page 381: Copy Port Attributes
This command displays information about the route to an Ethernet device. The following example displays route information to an Ethernet device with an IP address of 192.168.1.100 sysname> traceroute 192.168.1.100 traceroute to 192.168.1.100, 30 hops max, 40 byte packet 1:192.168.1.100 (10 ms) (10 ms) (0 ms) traceroute done: sysname>...
Page 382: Using A Different Configuration File
Chapter 46 User and Enable Mode Commands 46.6.1 Using a Different Configuration File You can store up to two configuration files on the Switch. Only one configuration file is used at a time. By default the Switch uses the first configuration file (with an index number of 1). You can set the Switch to use a different configuration file.
Page 383: Configuration Mode Commands
H A P T E R Configuration Mode Commands This chapter describes how to enable and configure your Switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 47.1 Change the Out of Band Management IP Address Use the command to change the IP address of the out of band management port ip address...
Page 384: Configure Igmp Filter
Chapter 47 Configuration Mode Commands Syntax: igmp-snooping igmp-snooping 8021p-priority <0-7> igmp-snooping host-timeout <1-16711450> igmp-snooping leave-timeout <1-16711450> igmp-snooping unknown-multicast-frame <drop|flooding> igmp-snooping reserved-multicast-group <drop|flooding> where igmp-snooping 8021p-priority host-timeout <1- 16711450> leave-timeout <1- 16711450> unknown-multicast- frame <drop|flooding> reserved-multicast- group <drop|flooding> An example is shown next. •...
Page 385: Enabling Stp
where igmp filtering profile <name> start-address end-address An example is shown next. • Enable IGMP filtering on the Switch. • Create an IGMP filtering profile filter1 and specify the multicast IP addresses in the range 224.255.255.0 to 225.255.255.255 to belong to this profile. sysname(config)# igmp-filtering sysname(config)# igmp-filtering profile filter1 start-address 224.255.255.0 end-address 225.255.255.255...
Page 386 Chapter 47 Configuration Mode Commands where spanning-tree mrstp <treeIndex> priority <0-61440> hello-time <1-10> maximum-age <6-40> forward-delay <4- 30> <port-list> path- cost <1-65535> <port-list> priority <0-255> <port-list> treeIndex <1-4> An example using spanning-tree • Enable STP on the Switch. • Set the bridge priority of the Switch to 0. •...
Page 387: No Command Examples
• Enable STP on port 5 with a path cost of 150. • Set the priority for port 5 to 20. sysname(config)# spanning-tree priority 0 sysname(config)# spanning-tree hello-time 4 maximum-age 20 forward-delay sysname(config)# spanning-tree 5 path-cost 150 sysname(config)# spanning-tree 5 priority 20 47.5 no Command Examples These are the commonly used command examples that belong to the group commands are commands which are preceded by keyword...
Page 388: Other Examples Of No Commands
Chapter 47 Configuration Mode Commands where <ip> <mask> inactive An example is shown next. • Enable the IP route with the IP address of 192.168.11.1 and subnet mask of 255.255.255.0. This ip route must have already been created and made inactive prior to re- enable command being applied.
Page 389: Figure 202 No Port-Access-Authenticator Command Example
where <port-list> reauthenticate <port-list> An example is shown next. • Disable authentication on the Switch. • Disable re-authentication on ports one, three, four and five. • Disable authentication on ports one, six and seven. Figure 202 no port-access-authenticator Command Example sysname(config)# no port-access-authenticator sysname(config)# no port-access-authenticator 1,3-5 reauthenticate sysname(config)# no port-access-authenticator 1,6-7...
Page 390: Static Route Commands
Chapter 47 Configuration Mode Commands 47.6 Static Route Commands You can create and configure static routes on the Switch by using the Syntax: ip route <ip> <mask> <next-hop-ip> ip route <ip> <mask> <next-hop-ip> [metric <metric>][name <name>] --> [inactive] where <ip> <mask>...
Page 391: Enabling Trunking
where name <name> mac <mac-addr> vlan <vlan-id> drop <src/dst/both> An example is shown next. • Create a filtering rule called “filter1”. • Drop packets coming from and going to MAC address 00:12:00:12:00:12 on VLAN. sysname(config)# mac-filter name filter 1 sysname(config)# mac-filter name filter 1 mac 00:12:00:12:00:12 vlan 1 drop both 47.8 Enabling Trunking To create and enable a trunk, enter...
Page 392: Enabling Port Authentication
Chapter 47 Configuration Mode Commands • Enable dynamic link aggregation (LACP) on trunk 1. sysname(config)# trunk t1 sysname(config)# trunk t1 interface 5-8 sysname(config)# trunk t1 lacp 47.9 Enabling Port Authentication To enable a port authentication, you need to specify your RADIUS server details and select the ports which require external authentication.
Page 393: Port Authentication Settings
radius-server timeout <1- 1000> mode <priority|round-robin> Section 47.9.2 on page 393 47.9.2 Port Authentication Settings Use the port-access-authenticator Syntax: port-access-authenticator port-access-authenticator <port-list> port-access-authenticator <port-list> reauthenticate port-access-authenticator <port-list> reauth-period <reauth-period> where port-access-authenticator port-access-authenticator <port-list> reauthenticate reauth-period <reauth- period> An example is shown next. GS-4012F/4024 User’s Guide Chapter 47 Configuration Mode Commands Specifies the timeout period (in seconds) the...
Page 394 Chapter 47 Configuration Mode Commands • Specify RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password. See commands. • Specify the timeout period of 30 seconds that the Switch will wait for a response from the RADIUS server.
Page 395: Interface Commands
H A P T E R These are some commonly used configuration commands that belong to the group of commands. 48.1 Overview The interface commands allow you to configure the Switch on a port by port basis. 48.2 Interface Command Examples This section provides examples of some frequently used interface commands.
Page 396: Broadcast-Limit
Chapter 48 Interface Commands where <peer|tunnel|discard| network> An example is shown next. • Enable ports 1, 3, 4 and 5 for configuration. • Set the BPDU control to and five. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# bpdu-control tunnel sysname(config-interface)# 48.2.3 broadcast-limit Syntax: broadcast-limit broadcast-limit <pkt/s>...
Page 397: Mirror
where pir <Kbps> cir <Kbps> egress <Kbps> An example is shown next. • Enable port one for configuration. • Enable bandwidth control. • Set the outgoing traffic bandwidth limit to 5000Kbps. • Set the guaranteed bandwidth allowed for incoming traffic to 4000Kbps. •...
Page 398: Gvrp
Chapter 48 Interface Commands • Enable port mirroring for outgoing traffic. Traffic is copied from ports 1, 4, 5 and 6 to port three in order to examine it in more detail without interfering with the traffic flow on the original ports.
Page 399: Weight
where <all|tagged| untagged> An example is shown next. • Enable ports one, three, four and five for configuration. • Enable ingress checking on the ports. • Enable tagged frame-types on the interface. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# ingress-check sysname(config-interface)# frame-type tagged 48.2.9 weight Syntax: weight <wt1>...
Page 400: Qos Priority
Chapter 48 Interface Commands • Set the outgoing traffic ports as the CPU (0), seven (7) and eight (8). sysname(config)# vlan-type port-based sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# egress set 0,7,8 48.2.11 qos priority Syntax: qos priority <0 .. 7> where <0 ..
Page 401: Test
where <auto|10-half|10- full|100-half|100- full|1000-full> An example is shown next. • Enable ports one, three, four and five for configuration. • Set the speed to 100 Mbps in half duplex mode. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# speed-duplex 100-half 48.2.14 test You can perform an interface loopback test on specified ports. The test returns Failed! An example is shown next.
Page 402 Chapter 48 Interface Commands Syntax: no bandwidth-limit An example is shown next: • Disable bandwidth limit on port1 sysname(config)# interface port-channel 1 sysname(config-interface)# no bandwidth-limit GS-4012F/4024 User’s Guide...
Page 403: Ieee 802.1Q Tagged Vlan Commands
H A P T E R IEEE 802.1Q Tagged VLAN This chapter describes the IEEE 802.1Q Tagged VLAN and associated commands. 49.1 Configuring Tagged VLAN The following procedure shows you how to configure tagged VLAN. 1 Use the IEEE 802.1Q tagged VLAN commands to configure tagged VLAN for the Switch.
Page 404: Global Vlan1Q Tagged Vlan Configuration Commands
Chapter 49 IEEE 802.1Q Tagged VLAN Commands 49.2 Global VLAN1Q Tagged VLAN Configuration Commands This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 49.2.1 GARP Status Syntax: show garp This command shows the Switch’s GARP timer settings, including the join, leave and leave all timers.
Page 405: Gvrp Timer
The following example sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds and the Leave All Timer to 11000 milliseconds. sysname (config)# garp join 300 leave 800 leaveall 11000 49.2.3 GVRP Timer Syntax: show vlan1q gvrp This command shows the Switch’s GVRP settings.
Page 406: Set Acceptable Frame Type
Chapter 49 IEEE 802.1Q Tagged VLAN Commands The following example sets the default VID to 200 on ports 1 to 5. sysname (config)# interface port-channel 1-5 sysname (config-interface)# pvid 200 49.3.2 Set Acceptable Frame Type Syntax: frame-type <all|tagged|untagged> where <all|tagged| untagged>...
Page 407 where <vlan-id> <name-str> <port-list> • Enter to register the fixed • Enter to confirm registration of the normal <vlan-id> • Enter forbidden <vlan-id> • Enter no fixed • Enter to send outgoing frames without a tag. untagged • Enter no untagged 49.3.4.1 Modify a Static VLAN Table Example The following example configures ports 1 to 5 as fixed and untagged ports in VLAN 2000.
Page 408: Delete Vlan Id
Chapter 49 IEEE 802.1Q Tagged VLAN Commands 49.3.5 Delete VLAN ID Syntax: no vlan <vlan-id> where <vlan-id> This command deletes the specified VLAN ID entry from the static VLAN table. The following example deletes entry 2 in the static VLAN table. sysname (config)# no vlan 2 49.4 Enable VLAN Syntax:...
Page 409 • The section of the last column shows which ports are tagged and which are TagCtl untagged. sysname# show vlan The Number of VLAN: Idx. VID Status ---- ---- -------- ------------ ------------------------ Static Static Static GS-4012F/4024 User’s Guide Chapter 49 IEEE 802.1Q Tagged VLAN Commands Elap-Time TagCtl 0:12:13...
Page 410 Chapter 49 IEEE 802.1Q Tagged VLAN Commands GS-4012F/4024 User’s Guide...
Page 411: Multicast Vlan Registration Commands
H A P T E R Multicast VLAN Registration This chapter shows you how to use Multicast VLAN Registration (mvr) commands. 50.1 Overview Use the mvr commands in the configuration mode to create and configure multicast VLANs. If you want to enable IGMP snooping see 50.2 Create Multicast VLAN Use the following commands in the config-mvr mode to configure a multicast VLAN group.
Page 412: Chapter 50 Multicast Vlan Registration Commands
Chapter 50 Multicast VLAN Registration Commands mode <dynamic|compati ble> group name <name-str> start-address <ip> end-address <ip> • Enter MVR mode. Create a multicast VLAN with the name multiVlan and the VLAN ID of 3. • Specify source ports 2, 3, 5 and receiver ports 6-8. •...
Page 413: Routing Domain Command Examples
H A P T E R Routing Domain Command 51.0.1 interface route-domain Syntax: interface route-domain <ip-address>/<mask-bits> where = This is the IP address of the Switch in the routing domain. Specify <ip-address> = The number of bits in the subnet mask. Enter the subnet mask <mask-bits>...
Page 414: Chapter 51 Routing Domain Command Examples
Chapter 51 Routing Domain Command Examples GS-4012F/4024 User’s Guide...
Page 415: Troubleshooting
H A P T E R This chapter covers potential problems and possible remedies. 52.1 Problems Starting Up the Switch Table 144 Troubleshooting the Start-Up of Your Switch PROBLEM CORRECTIVE ACTION None of the LEDs Check the power connection and make sure the power source is turned on. turn on when you If the error persists, you may have a hardware problem.
Page 416: Pop-Up Windows, Javascripts And Java Permissions
Chapter 52 Troubleshooting 52.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 417: Figure 204 Internet Options
Figure 204 Internet Options 3 Click Apply to save this setting. 52.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 418: Figure 205 Internet Options
Chapter 52 Troubleshooting Figure 205 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 206 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen.
Page 419: Figure 207 Internet Options
6 Click Apply to save this setting. 52.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 207 Internet Options 2 Click the Custom Level...
Page 420: Figure 208 Security Settings - Java Scripting
Chapter 52 Troubleshooting Figure 208 Security Settings - Java Scripting 52.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 421: Problems With The Password
52.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 210 Java (Sun) 52.3 Problems with the Password Table 146 Troubleshooting the Password PROBLEM...
Page 422 Chapter 52 Troubleshooting GS-4012F/4024 User’s Guide...
Page 423: Appendices And Index
Appendices and Index Product Specifications (425) IP Addresses and Subnetting (431) Common Services (441) Legal Information (445) Customer Support (449) Index (453)
Page 425: Table 147 Hardware Specifications
P P E N D I X Product Specifications The following tables summarize the Switch’s hardware and firmware features. Table 147 Hardware Specifications SPECIFICATION Dimensions Weight Power Specification Interfaces LEDs Operating Environment Storage Environment Ground Wire Gauge GS-4012F/4024 User’s Guide DESCRIPTION Standard 19”...
Page 426: Appendix A Product Specifications
Appendix A Product Specifications Table 147 Hardware Specifications Power Wire Gauge Fuse Specification Table 148 Firmware Specifications FEATURE Default IP Address Default Subnet Mask Administrator User Name Default Password Number of Login Accounts Configurable on the Switch IP Routing Domain VLAN VLAN Stacking MAC Address Filter...
Page 427 Table 148 Firmware Specifications FEATURE Multicast VLAN Registration (MVR) IP Multicast OSPF DVMRP VRRP STP (Spanning Tree Protocol) / RSTP (Rapid STP) Loop Guard IP Source Guard Link Aggregation Port Authentication and Security Authentication and Accounting Device Management Port Cloning Syslog GS-4012F/4024 User’s Guide Appendix A Product Specifications...
Page 428: Table 149 Feature Specifications
Appendix A Product Specifications Table 148 Firmware Specifications FEATURE Firmware Upgrade Configuration Backup & Restoration Cluster Management Table 149 Feature Specifications Layer 2 Bridging Features Switching VLAN Port Aggregation Port mirroring Bandwidth control DESCRIPTION Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the Switch.
Page 429: Table 150 Standards Supported
Table 149 Feature Specifications (continued) Layer 3 IP Capability IPV4 support Features 64 IP routing domains 8K IP address table Wire speed IP forwarding Routing Unicast: RIP-V1/V2, OSPF V2 protocols Multicast: DVMRP, IGMP V1/V2/V3 Static Routing VRRP IP services DHCP relay; VLAN based DHCP server/relay DHCP Snooping Security IEEE 802.1x port-based authentication...
Page 430 Appendix A Product Specifications Table 150 Standards Supported (continued) STANDARD RFC 3164 RFC 3376 RFC 3414 RFC 3580 IEEE 802.1x IEEE 802.1D IEEE 802.1p IEEE 802.1Q IEEE 802.1w IEEE 802.1s IEEE 802.3 IEEE 802.3ad IEEE 802.3ah IEEE 802.3x Safety DESCRIPTION Syslog Internet Group Management Protocol, Version 3 User-based Security Model (USM) for version 3 of the Simple Network...
Page 431: Introduction To Ip Addresses
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 432: Appendix B Ip Addresses And Subnetting
Appendix B IP Addresses and Subnetting Figure 211 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 433: Table 152 Subnet Masks
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 152 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Page 434: Figure 212 Subnetting Example: Before Subnetting
Appendix B IP Addresses and Subnetting Table 154 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 435: Figure 213 Subnetting Example: After Subnetting
Figure 213 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 436: Table 156 Subnet 2
Appendix B IP Addresses and Subnetting Table 156 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 157 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address:...
Page 437: Table 160 24-Bit Network Number Subnet Planning
Table 159 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 160 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Page 438: Configuring Ip Addresses
Appendix B IP Addresses and Subnetting Table 161 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 439: Figure 214 Conflicting Computer Ip Addresses Example
IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses Example More than one device can not use the same IP address.
Page 440: Figure 216 Conflicting Computer And Router Ip Addresses Example
Appendix B IP Addresses and Subnetting Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet.
Page 441: Table 162 Commonly Used Services
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 442: Appendix C Common Services
Appendix C Common Services Table 162 Commonly Used Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined MSN Messenger NEW-ICQ NEWS NNTP PING POP3 PPTP PPTP_TUNNEL (GRE) RCMD REAL_AUDIO REXEC RLOGIN PROTOCOL PORT(S) DESCRIPTION File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.
Page 443 Table 162 Commonly Used Services (continued) NAME PROTOCOL RTELNET RTSP TCP/UDP SFTP SMTP SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET TCP/UDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE GS-4012F/4024 User’s Guide Appendix C Common Services PORT(S) DESCRIPTION Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
Page 444 Appendix C Common Services GS-4012F/4024 User’s Guide...
Page 446: Appendix D Legal Information
Appendix D Legal Information FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 447 condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 448 Appendix D Legal Information GS-4012F/4024 User’s Guide...
Page 449: Customer Support
José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika GS-4012F/4024 User’s Guide Customer Support...
Page 450: Appendix E Customer Support
• Support E-mail: support@zyxel.fi • Sales E-mail: sales@zyxel.fi • Telephone: +358-9-4780-8411 • Fax: +358-9-4780 8448 • Web Site: www.zyxel.fi • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 •...
Page 451 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 452 Appendix E Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 453: Index
Numerics 802.1P priority AAA (Authentication, Authorization and Accounting) access control limitations login account remote management service port SNMP accounting setup accounts and modes address learning, MAC Address Resolution Protocol (ARP) administrator password aggregator ID 135, 136 aging time alternative subnet mask notation applications backbone bridging...
Page 454 Index classifier 151, 153 and QoS editing example overview setup 151, 153, 154 viewing syntax conventions cloning a port See port cloning cluster management and switch passwords cluster manager 309, 313 cluster member 309, 314 cluster member firmware upgrade network example setup specification status...
Page 455 disclaimer double-tagged frames DR (Designated Router) DS (Differentiated Services) DSCP DSCP-to-IEEE802.1p mapping service level what it does DSCP (DiffServ Code Point) DVMRP Autonomous System default timer setting error message graft how it works implementation probe prune report setup terminology threshold DVMRP (Distance Vector Multicast Routing Protocol) dynamic link aggregation egress port...
Page 456 Index humidity IANA IEEE 802.1p, priority IEEE 802.1x activate 143, 144, 188, 190 reauthentication IEEE 802.1x, port authentication IGMP 241, 245 how it works port based setup version 171, 242 version 3 IGMP (Internet Group Management Protocol) IGMP filtering profile profiles IGMP snooping and VLANs...
Page 457 maintanence configuration backup firmware restoring configuration maintenance current configuration main screen Management Information Base (MIB) management port managementmanagement interface, See also CLI man-in-the-middle attacks hops metric and SNMP supported MIBs MIB (Management Information Base) mini GBIC ports connection speed connector type transceiver installation transceiver removal mirroring ports...
Page 458 Index router types status stub area 229, 236 virtual link virtual links vs RIP OSPF (Open Shortest Path First) password administrator Peak Information Rate (PIR) PHB (Per-Hop Behavior) ping, test connection PIR (Peak Information Rate) policy 159, 160 and classifier and DiffServ configuration example...
Page 459 Rapid Spanning Tree Protocol, See RSTP. rear panel reboot load configuration reboot system redistribute route registration product related documentation remote management service trusted computers resetting 62, 280 to factory default settings restoring configuration 62, 282 Reverse Path Forwarding (RPF) Reverse Path Multicasting (RPM) RFC 3164 configuration direction...
Page 460 Index port priority 117, 120 port state root port status 117, 120 terminology vs loop guard stub area 229, 236 stub area, See also OSPF subnet subnet based VLAN and DHCP VLAN setup subnet based VLANs subnet mask subnetting switch lockout switch reset switch setup switching...
Page 461 and DHCP automatic registration IGMP snooping ingress filtering introduction number of VLANs port isolation port number port settings port-based VLAN port-based, all connected port-based, isolation port-based, wizard static VLAN status 94, 95 subnet based tagged trunking 93, 98 type 82, 93 VLAN (Virtual Local Area Network) VLAN commands examples VLAN number...
Page 462 Index GS-4012F/4024 User’s Guide...

This manual is also suitable for:

Gs-4012f Gs-4024

ZyXEL Communications GS-4012 User Manual

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forward Setup

Chapter 10 Filtering

Chapter 11 Spanning Tree Protocol

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications GS-4012

Summary of Contents for ZyXEL Communications GS-4012