ZyXEL Communications 43222612 User Manual

Table of Contents

Quick Links

Download this manual

User's Guide

GS2220 Series

8/24/44-Port GbE L2 Switch with 2/4 Dual Personality GbE Uplinks

8/24/44-Port GbE L2 PoE Switch with 2/4 Dual Personality GbE Uplinks

Default Login Details

Management IP

Address

User Name

Password

http://DHCP-assigned IP

http://192.168.1.1

admin

1234

Version 4.70 Edition 2, 12/2020

Table of Contents

Troubleshooting

Summary of Contents for ZyXEL Communications 43222612

Page 1 8/24/44-Port GbE L2 Switch with 2/4 Dual Personality GbE Uplinks 8/24/44-Port GbE L2 PoE Switch with 2/4 Dual Personality GbE Uplinks Default Login Details Version 4.70 Edition 2, 12/2020 Management IP http://DHCP-assigned IP Address http://192.168.1.1 User Name admin Password 1234 Copyright © 2020 Zyxel Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Page 3: Document Conventions
Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 4: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................23 Getting to Know Your Switch ......................24 Hardware Installation and Connection ..................... 33 Hardware Panels ..........................39 Technical Reference ........................49 Web Configurator ..........................50 Initial Setup Example ..........................79 Tutorials ..............................84 Status ..............................95 Basic Setting ............................
Page 5 Contents Overview Link Layer Discovery Protocol (LLDP) ....................318 Anti-Arpscan ............................339 BPDU Guard ............................344 OAM ..............................347 ZULD ..............................354 Auto PD Recovery ..........................358 Static Route ............................363 Differentiated Services ........................366 DHCP ..............................370 ARP Setup ............................383 Maintenance ............................
Page 6: Table Of Contents
Table of Contents Table of Contents Document Conventions ........................3 Contents Overview ..........................4 Table of Contents ..........................6 Part I: User’s Guide..................23 Chapter 1 Getting to Know Your Switch ......................24 1.1 Introduction ............................. 24 1.1.1 Management Method ......................25 1.1.2 Management Modes ......................25 1.1.3 Mode Changing ........................
Page 7 Table of Contents 2.5.4 Mounting the Switch on a Rack ..................37 Chapter 3 Hardware Panels..........................39 3.1 Front Panel Connections ....................... 39 3.1.1 Gigabit Ethernet Ports ......................40 3.1.2 PoE (GS2220-10HP, GS2220-28HP and GS2220-50HP) ............41 3.1.3 SFP Slots ..........................41 3.1.4 Dual Personality Interfaces ....................
Page 8 Table of Contents 5.1.1 Create a VLAN ........................79 5.1.2 Set Port VID ..........................81 5.1.3 Configure Switch Management IP Address ............... 82 Chapter 6 Tutorials ...............................84 6.1 Overview ............................84 6.2 How to Use DHCPv4 Snooping on the Switch ................84 6.3 How to Use DHCPv4 Relay on the Switch ..................
Page 9 Table of Contents 8.10.2 IPv6 Interface Status ......................121 8.10.3 IPv6 Configuration ......................123 8.10.4 IPv6 Global Setup ......................124 8.10.5 IPv6 Interface Setup ......................125 8.10.6 IPv6 Link-Local Address Setup ..................126 8.10.7 IPv6 Global Address Setup ....................127 8.10.8 IPv6 Neighbor Discovery Setup ..................
Page 10 Table of Contents 11.1.1 What You Can Do ......................156 11.1.2 What You Need To Know ....................156 11.2 Configure Static Multicast Forwarding ..................157 Chapter 12 Filtering..............................159 12.1 Filtering Overview ........................159 12.1.1 What You Can Do ......................159 12.2 Configure a Filtering Rule ......................
Page 11 Table of Contents 16.1 Mirroring Overview ........................185 16.2 Port Mirroring Setup ........................185 Chapter 17 Link Aggregation ..........................187 17.1 Link Aggregation Overview ....................... 187 17.1.1 What You Can Do ......................187 17.1.2 What You Need to Know ....................187 17.2 Link Aggregation Status ......................
Page 12 Table of Contents 21.3 Classifier Configuration ......................208 21.3.1 Viewing and Editing Classifier Configuration Summary ..........212 21.4 Classifier Global Setting Configuration ..................213 21.5 Classifier Example ........................214 Chapter 22 Policy Rule ............................216 22.1 Policy Rules Overview ........................ 216 22.1.1 What You Can Do ......................
Page 13 Table of Contents 25.1 Authentication, Authorization and Accounting (AAA) ............246 25.1.1 What You Can Do ......................246 25.1.2 What You Need to Know ....................246 25.2 AAA Screens ..........................247 25.3 RADIUS Server Setup ........................247 25.4 TACACS+ Server Setup ....................... 249 25.5 AAA Setup ...........................
Page 14 Table of Contents 28.4 IPv6 Source Binding Status ......................280 28.5 IPv6 Static Binding Setup ......................281 28.6 IPv6 Source Guard Policy Setup ....................282 28.7 IPv6 Source Guard Port Setup ....................283 28.8 IPv6 Snooping Policy Setup ....................... 284 28.9 IPv6 Snooping VLAN Setup ......................
Page 15 Table of Contents Chapter 33 Error-Disable .............................308 33.1 Error-Disable Overview ....................... 308 33.1.1 CPU Protection Overview ....................308 33.1.2 Error-Disable Recovery Overview ..................308 33.1.3 What You Can Do ......................308 33.2 Error-Disable Settings ........................309 33.3 Error-Disable Status ........................309 33.4 CPU Protection Configuration ....................
Page 16 Table of Contents 37.2 Anti-Arpscan Status ........................340 37.3 Anti-Arpscan Host Status ......................340 37.4 Anti-Arpscan Trust Host ......................341 37.5 Anti-Arpscan Configure ......................342 Chapter 38 BPDU Guard ............................344 38.1 BPDU Guard Overview ....................... 344 38.1.1 What You Can Do ......................344 38.2 BPDU Guard Status ........................
Page 17 Table of Contents Chapter 43 Differentiated Services ........................366 43.1 DiffServ Overview ........................366 43.1.1 What You Can Do ......................366 43.1.2 What You Need to Know ....................366 43.2 Activating DiffServ ........................367 43.3 DSCP-to-IEEE 802.1p Priority Settings ..................368 43.3.1 Configuring DSCP Settings ....................
Page 18 Table of Contents 46.2.3 Reboot System ........................389 46.2.4 Factory Default ........................390 46.2.5 Custom Default ......................... 390 46.3 Firmware Upgrade ........................391 46.4 Restore Configuration ........................ 392 46.5 Backup Configuration ........................ 393 46.6 Auto Configuration ........................393 46.7 Tech-Support ..........................394 46.7.1 Tech-Support Download ....................
Page 19 Table of Contents 49.1 Overview ............................. 429 49.2 System Log ..........................429 Chapter 50 Syslog Setup .............................430 50.1 Syslog Overview .......................... 430 50.1.1 What You Can Do ......................430 50.2 Syslog Setup ..........................430 Chapter 51 Cluster Management........................433 51.1 Cluster Management Overview ....................433 51.1.1 What You Can Do ......................
Page 20 Table of Contents 56.1 IPv6 Neighbor Table Overview ....................448 56.2 Viewing the IPv6 Neighbor Table ..................... 448 Chapter 57 Port Status ............................450 57.1 Overview ............................. 450 57.2 Port Status ............................ 450 57.2.1 Port Details ......................... 451 57.2.2 DDMI ........................... 454 57.2.3 DDMI Details ........................
Page 21 Table of Contents 61.7.1 VLAN Detail ........................483 61.8 Static VLAN ..........................484 61.9 VLAN Port Setting ........................486 61.10 Multicast ............................ 488 61.10.1 What You Can Do ......................488 61.11 IPv4 Multicast Status ......................... 488 61.12 IGMP Snooping ......................... 489 61.13 IGMP Snooping VLAN ......................
Page 22 Table of Contents 65.1 Power, Hardware Connections, and LEDs ................518 65.2 Switch Access and Login ......................519 65.3 Switch Configuration ........................520 Appendix A Customer Support ..................... 522 Appendix B Common Services ...................... 528 Appendix C IPv6..........................531 Appendix D Legal Information ...................... 539 Index ..............................544 GS2220 Series User’s Guide...
Page 23: User's Guide
User’s Guide...
Page 24: Getting To Know Your Switch
H A P T E R Getting to Know Your Switch 1.1 Introduction This chapter introduces the main features and applications of the Switch. The GS2220 Series consists of the following models: • GS2220-10 • GS2220-10HP • GS2220-28 • GS2220-28HP •...
Page 25: Management Method
Chapter 1 Getting to Know Your Switch Table 1 GS2220 Series Comparison Table FEATURE GS2220-10 GS2220-10HP GS2220-28 GS2220-28HP GS2220-50 GS2220-50HP Rubber feet for desktop placement Wall-mount Rack-mount Figure 1 GS2220 Series Switch Application 1.1.1 Management Method With its built-in Web Configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed through Telnet, any terminal emulator program using the Command Line Interface (CLI), or third-party SNMP management.
Page 26: Mode Changing
Chapter 1 Getting to Know Your Switch 1.1.3 Mode Changing This section describes how to change the Switch’s management mode. Note: If you change the Switch’s management mode from standalone mode to Nebula- managed mode, the configuration settings of the Switch will be overwritten with what you have configured in Nebula.
Page 27: Zon Utility
Chapter 1 Getting to Know Your Switch Note: The Switch goes into Nebula-managed mode automatically after it can access the Nebula web portal and is successfully registered there. Its login password and settings are then overwritten with what you have configured in the Nebula web portal. From Nebula-managed to Standalone To return to direct management standalone mode, just remove (unregister) the Switch from the organization or site in the Nebula web portal.
Page 28: Poe
Chapter 1 Getting to Know Your Switch 1.1.6 PoE The Switch is a Power Sourcing Equipment (PSE) because it provides a source of power through its Ethernet ports. Each device that receives power through an Ethernet port is a Powered Device (PD). The Switch can adjust the power supplied to each PD according to the PoE standard the PD supports.
Page 29: Backbone Example Application
Chapter 1 Getting to Know Your Switch Figure 3 PoE Example Application 1.2.2 Backbone Example Application The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch.
Page 30: Bridging Or Fiber Uplink Example Application
Chapter 1 Getting to Know Your Switch 1.2.3 Bridging or Fiber Uplink Example Application In this example, the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers through the Switch.
Page 31: Ieee 802.1Q Vlan Application Examples
Chapter 1 Getting to Know Your Switch 1.2.5 IEEE 802.1Q VLAN Application Examples A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one or more groups. With VLAN, a station cannot directly talk to or hear from stations that are not in the same groups unless such traffic first goes through a router.
Page 32: Ways To Manage The Switch
Chapter 1 Getting to Know Your Switch 1.3 Ways to Manage the Switch Use any of the following methods to manage the Switch. • NCC (Zyxel Nebula Control Center). With the NCC, you can remotely manage and monitor the Switch through a cloud-based network management system. See Section 8.11 on page 131 or the NCC User’s Guide for detailed information about how to access the NCC and manage your Switch...
Page 33: Hardware Installation And Connection
H A P T E R Hardware Installation and Connection 2.1 Installation Scenarios This chapter shows you how to install and connect the Switch. The Switch can be: • Placed on a desktop. • Wall-mounted on a wall. • Rack-mounted on a standard EIA rack. 2.2 Safety Precautions Please observe the following before using the Switch: •...
Page 34: Wall Mounting (Gs2220-10 And Gs2220-10Hp Only)
Chapter 2 Hardware Installation and Connection Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. Figure 8 Attaching Rubber Feet Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and the connected cables.
Page 35 Chapter 2 Hardware Installation and Connection Select a position free of obstructions on a wall strong enough to hold the weight of the Switch. Mark two holes on the wall at the appropriate distance apart for the screws. WARNING! Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws.
Page 36: Mounting The Switch On A Rack
Chapter 2 Hardware Installation and Connection WARNING! The Switch should be wall-mounted horizontally, and make sure the front panel is facing down. The Switch's side panels with ventilation slots should not be facing up or down as this position is less safe. 2.5 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size, 19-inch rack or in a wiring closet with other equipment.
Page 37: Precautions
Chapter 2 Hardware Installation and Connection • Eight M3 flat head screws and a #2 Philips screwdriver. • Four M5 flat head screws and a #2 Philips screwdriver. 2.5.2 Precautions • Make sure the rack will safely support the combined weight of all the equipment it contains. The maximum weight a bracket can hold is 21.5 kg.
Page 38 Chapter 2 Hardware Installation and Connection Figure 10 Mounting the Switch on a Rack Figure 11 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. Note: Make sure you tighten all the four screws to prevent the Switch from getting slanted.
Page 39: Hardware Panels
H A P T E R Hardware Panels This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel Connections The following figures show the front panels of the Switch. Figure 12 Front Panel: GS2220-10 Figure 13 Front Panel: GS2220-10HP Figure 14 Front Panel: GS2220-28...
Page 40: Gigabit Ethernet Ports
Chapter 3 Hardware Panels The following table describes the ports. Table 3 Panel Connections CONNECTOR DESCRIPTION 8/24/48 1000Base-T These are 10/100/1000Base-T auto-negotiating and auto-crossover Ethernet ports. RJ-45 Ethernet Ports Connect these ports to a computer, a hub, a router, or an Ethernet switch. 2 SFP Slots Use SFP transceivers in these ports for high-bandwidth backbone connections.
Page 41: Poe (Gs2220-10Hp, Gs2220-28Hp And Gs2220-50Hp)
Chapter 3 Hardware Panels Note: The dual personality ports change to fiber mode directly when inserting the fiber module. When auto-negotiation is turned on, an Ethernet port negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer Ethernet port does not support auto- negotiation or turns off this feature, the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode.
Page 42 Chapter 3 Hardware Panels you install or remove a transceiver. STORAGE! All modules are dust sensitive. When not in use, always keep the dust plug on. Avoid getting dust and other contaminant into the optical bores, as the optics do not work correctly when obstructed with dust.
Page 43: Dual Personality Interfaces
Chapter 3 Hardware Panels Attach an ESD preventive wrist strap to your wrist and to a bare metal surface on the chassis. Remove the fiber cables from the transceiver. Pull out the latch and down to unlock the transceiver (latch styles vary). Note: Make sure the transceiver’s latch is pushed all the way down, so the transceiver can be pulled out successfully.
Page 44: Console Port
Chapter 3 Hardware Panels Figure 24 Combo Port Example: Gigabit Port and SFP Transceiver Slot 3.1.5 Console Port This console port is for troubleshooting only. With instructions from customer support, connect the male 9- pin end of the RS-232 console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.
Page 45: Grounding
Chapter 3 Hardware Panels Figure 29 Rear Panel: GS2220-50 Figure 30 Rear Panel: GS2220-50HP 3.2.1 Grounding Grounding is a safety measure to direct excess electric charge to the ground. It prevents damage to the Switch, and protects you from electrocution. Use the grounding screw on the rear panel and the ground wire of the AC power supply to ground the Switch.
Page 46: Ac Power Connection
Chapter 3 Hardware Panels Attach the other end of the ground cable to a grounding bar located on the rack where you install the Switch or to an on-site grounding terminal. Figure 32 Attach Ground Cable to Grounding Bar or On-site Grounding Terminal The grounding terminal of the server rack or on-site grounding terminal must also be grounded and connected to the building’s main grounding electrode.
Page 47: Leds
Chapter 3 Hardware Panels 3.3 LEDs After you connect the power to the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting. Table 4 LED Descriptions COLOR STATUS DESCRIPTION Green The Switch is receiving power from the power module in the power slot. Blinking The Switch is returning to the last-saved custom default configuration settings.
Page 48 Chapter 3 Hardware Panels Table 4 LED Descriptions (continued) COLOR STATUS DESCRIPTION LNK/ACT Green Blinking The Switch is transmitting or receiving to or from a 1000 Mbps Ethernet network. The link to a 1000 Mbps Ethernet network is up. Amber Blinking The Switch is transmitting or receiving to or from a 10 Mbps or a 100 Mbps Ethernet network.
Page 49: Technical Reference
Technical Reference...
Page 50: Web Configurator
H A P T E R Web Configurator 4.1 Overview This section introduces the configuration and functions of the Web Configurator. The Web Configurator is an HTML-based management interface that allows easy system setup and management through Internet browser. Use a browser that supports HTML5, such as Microsoft Edge, Internet Explorer 11, Mozilla Firefox, or Google Chrome.
Page 51 Chapter 4 Web Configurator Figure 34 Web Configurator: Login Click Login to log into the Web Configurator to manage the Switch directly. The default user name is admin and associated default password is 1234. The following screen appears. Figure 35 Select Mode Select the Web Configurator in Standard Mode that has a complete set of configuration for network installation.
Page 52 Chapter 4 Web Configurator If you select Standard Mode, go directly to step 9. The Setup Wizard screen will appear after selecting the Networked AV Mode. You can use the Setup Wizard screen to configure the Switch’s Networked AV mode’s basic or advanced settings (see Section 4.4 on page 58 for details).
Page 53 Chapter 4 Web Configurator Password/SNMP Setting Figure 37 Web Configurator: Warning Figure 38 Web Configurator: Password Change the default administrator and/or SNMP passwords, and then click Apply to save your changes. Table 5 Web Configurator: Password/SNMP LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name.
Page 54: Zyxel One Network (Zon) Utility
Chapter 4 Web Configurator Table 5 Web Configurator: Password/SNMP (continued) LABEL DESCRIPTION Set Community Enter the Set Community string, which is the password for the incoming Set- requests from the management station. The Set Community string is only used by SNMP managers using SNMP version 2c or lower. Trap Community Enter the Trap Community string, which is the password sent with each trap to the SNMP manager.
Page 55: Run The Zon Utility
Chapter 4 Web Configurator • 2 GB RAM • 100 MB free hard disk • WXGA (Wide XGA 1280 by 800) 4.3.2 Run the ZON Utility Double-click the ZON Utility to run it. The first time you run the ZON Utility, you will see if your device and firmware version support the ZON Utility.
Page 56 Chapter 4 Web Configurator Figure 40 ZON Utility Screen Select a network adapter to which your supported devices are connected. Figure 41 Network Adapter Click the Go button for the ZON Utility to discover all supported devices in your network. Figure 42 Discovery The ZON Utility screen shows the devices discovered.
Page 57 Chapter 4 Web Configurator Figure 43 ZON Utility Screen Select a device and then use the icons to perform actions. Some functions may not be available for your devices. Note: You must know the selected device admin password before taking actions on the device using the ZON Utility icons.
Page 58: Networked Av Mode Wizard
Chapter 4 Web Configurator Table 6 ZON Utility Icons ICON DESCRIPTION 8 Change Password Use this icon to change the admin password of the selected device. You must know the current admin password before changing to a new one. 9 Configure NCC You must have Internet access to use this feature.
Page 59: Basic Settings
Chapter 4 Web Configurator Figure 45 Wizard Link in Networked AV Mode The Setup Wizard contains the following parts: • Use the Basic Settings when networked AV service runs on management VLAN, using the combo/ fiber port for inter-switch connection. •...
Page 60 Chapter 4 Web Configurator Each field is described in the following table. Table 8 Wizard > Basic Settings > Step 1 IP LABEL DESCRIPTION Host Name This field displays a host name. IP Interface Select DHCP Client if the Switch is connected to a router with the DHCP server enabled. You then need to check the router for the IP address assigned to the Switch in order to access the Switch’s Web Configurator again.
Page 61 Chapter 4 Web Configurator Each field is described in the following table. Table 9 Wizard > Basic Settings > Step 2 Password LABEL DESCRIPTION Administrator's Password Current password Type the existing system password (1234 is the default password when shipped). New password Enter your new system password.
Page 62 Chapter 4 Web Configurator Figure 48 Wizard > Basic Settings > Step 3 Networked AV Each field is described in the following table. Table 10 Wizard > Basic Settings > Step 3 Networked AV LABEL DESCRIPTION Skip Networked AV Click this option to avoid using the basic default AVoIP settings. The default AVoIP settings Mode Settings can be seen in Step 4 Summary under Networked AV –...
Page 63 Chapter 4 Web Configurator Figure 49 Wizard > Basic Settings > Step 4 Summary Each field is described in the following table. Table 12 Wizard > Basic Settings > Step 4 Summary LABEL DESCRIPTION Setup IP Host Name This field displays a host name. IP Interface This field displays whether the WAN interface is using a DHCP IP address or a static IP address.
Page 64: Advanced Settings
Chapter 4 Web Configurator Table 12 Wizard > Basic Settings > Step 4 Summary (continued) LABEL DESCRIPTION Networked AV VLAN This field displays the Switches’ IP address for it to be managed over the AVoIP network. IGMP Snooping This field displays Active when IGMP Snooping is enabled to forward group multicast traffic only to ports that are members of that group.
Page 65 Chapter 4 Web Configurator Figure 50 Wizard > Advanced Settings > Step 1 IP Each field is described in the following table. Table 13 Wizard > Advanced Settings > Step 1 IP LABEL DESCRIPTION Host Name This field displays a host name. IP Interface Select DHCP Client if the Switch is connected to a router with the DHCP server enabled.
Page 66 Chapter 4 Web Configurator Figure 51 Wizard > Advanced Settings > Step 2 Password Each field is described in the following table. Table 14 Wizard > Advanced Settings > Step 2 Password LABEL DESCRIPTION Administrator's Password Current password Type the existing system password (1234 is the default password when shipped). New password Enter your new system password.
Page 67 Chapter 4 Web Configurator Table 14 Wizard > Advanced Settings > Step 2 Password (continued) LABEL DESCRIPTION Trap Community Enter the Trap Community string, which is the password sent with each trap to the SNMP manager. The Trap Community string is only used by SNMP managers using SNMP version 2c or lower. Previous Click Previous to show the previous screen.
Page 68 Chapter 4 Web Configurator Table 15 Wizard > Advanced Settings > Step 3 Networked AV LABEL DESCRIPTION Select all ports After you create a VLAN, select the ports to be assigned to the Networked AV VLAN. Select all ports to assign the same role all ports. You can select a port by clicking it.
Page 69: Web Configurator Layout
Chapter 4 Web Configurator Table 16 Wizard > Advanced Settings > Step 4 Summary (continued) LABEL DESCRIPTION IP Interface This field displays whether the WAN interface is using a DHCP IP address or a static IP address. This field displays the VLAN ID. IP Address This field displays the Switches’...
Page 70 Chapter 4 Web Configurator different models. The following figure shows the navigating components of a Web Configurator screen. Figure 54 Web Configurator Home Screen (Status) Click the menu items to open sub-menu links, and then click on a sub-menu link to open the screen –...
Page 71 Chapter 4 Web Configurator Click this link to go to the Neighbor screen where you can see and manage neighbor devices – learned by the Switch. In the navigation panel, click a main link to reveal a list of sub-menu links. Table 17 Navigation Panel Sub-links Overview (Standard Mode) BASIC SETTING ADVANCED APPLICATION...
Page 72 Chapter 4 Web Configurator Table 18 Navigation Panel Links (Standard Mode) (continued) LINK DESCRIPTION PoE Setup For PoE models. This link takes you to a screen where you can set priorities, PoE power-up settings and schedule so that the Switch is able to reserve and allocate power to certain PDs. Interface Setup This link takes you to a screen where you can configure settings for individual interface type and ID.
Page 73 Chapter 4 Web Configurator Table 18 Navigation Panel Links (Standard Mode) (continued) LINK DESCRIPTION Loop Guard This link takes you to a screen where you can configure protection against network loops that occur on the edge of your network. VLAN Mapping This link takes you to screens where you can configure VLAN mapping settings on the Switch.
Page 74 Table 18 Navigation Panel Links (Standard Mode) (continued) LINK DESCRIPTION ARP Table This link takes you to a screen where you can view the MAC addresses – IP address resolution table. Path MTU Table This link takes you to a screen where you can view the path MTU aging time, index, destination address, MTU, and expire settings.
Page 75: Change Your Password
Chapter 4 Web Configurator Table 20 Navigation Panel Links (Networked AV Mode) (continued) LINK DESCRIPTION SWITCHING Broadcast Storm This link takes you to a screen to set up broadcast filters. Control Link Aggregation This link takes you to screens where you can logically aggregate physical links to form one logical, higher-bandwidth link.
Page 76: Save Your Configuration
Chapter 4 Web Configurator Figure 55 Change Administrator Login Password 4.6 Save Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Click the Save link in the upper right hand corner of the Web Configurator to save your configuration to non-volatile memory.
Page 77: Reset The Switch
Chapter 4 Web Configurator Change a service port number but forget it. You forgot to log out of the Switch from a computer before logging in again on another computer. Note: Be careful not to lock yourself and others out of the Switch. 4.8 Reset the Switch If you lock yourself (and others) from the Switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the Switch back to the factory defaults.
Page 78 Click the Help link from a Web Configurator screen to view an online help description of that screen. GS2220 Series User’s Guide...
Page 79: Initial Setup Example
Chapter 5 Initial Setup Example H A P T E R Initial Setup Example 5.1 Overview This chapter shows how to set up the Switch for an example network. The following lists the configuration steps for the initial setup: • Create a VLAN •...
Page 80 Chapter 5 Initial Setup Example In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID.
Page 81: Set Port Vid
Chapter 5 Initial Setup Example Switch’s power is turned off. 5.1.2 Set Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2.
Page 82: Configure Switch Management Ip Address
Chapter 5 Initial Setup Example 5.1.3 Configure Switch Management IP Address If the Switch fails to obtain an IP address from a DHCP server, the Switch will use 192.168.1.1 as the management IP address. You can configure another IP address in a different subnet for management purposes.
Page 83 Chapter 5 Initial Setup Example Configure the related fields in the IP Setup screen. For the VLAN2 network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask. In the VID field, enter the ID of the VLAN group to which you want this management IP address to belong.
Page 84: Tutorials
Chapter 6 Tutorials H A P T E R Tutorials 6.1 Overview This chapter provides some examples of using the Web Configurator to set up and use the Switch. The tutorials include: • How to Use DHCPv4 Snooping on the Switch •...
Page 85 Go to Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup, and create a VLAN with ID of 100. Add ports 4, 5 and 6 in the VLAN by selecting Fixed in the Control field as shown. De-select Tx Tagging because you do not want outgoing traffic to contain this VLAN tag. Click Add.
Page 86 Chapter 6 Tutorials Figure 62 Tutorial: Tag Untagged Frames Go to Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 63 Tutorial: Specify DHCP VLAN Click the Port link at the top right corner.
Page 87 Chapter 6 Tutorials Figure 64 Tutorial: Set the DHCP Server Port to Trusted Go to Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN, show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply. Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen.
Page 88: How To Use Dhcpv4 Relay On The Switch
Chapter 6 Tutorials Figure 66 Tutorial: Check the Binding If DHCP Snooping Works You can also telnet. Use the command “show dhcp snooping binding” to see the DHCP snooping binding table as shown next. sysname# show dhcp snooping binding MacAddress IpAddress Lease Type...
Page 89 Chapter 6 Tutorials Figure 68 Tutorial: Set VLAN Type to 802.1Q Click Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup. In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 102 for example) in the Name field and enter 102 in the VLAN Group ID field.
Page 90 Chapter 6 Tutorials Figure 69 Tutorial: Create a Static VLAN Click the VLAN Configuration link in the Static VLAN Setup screen and then the VLAN Port Setup link in the VLAN Configuration screen. Figure 70 Tutorial: Click the VLAN Port Setting Link Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.
Page 91: Configure Dhcpv4 Relay
Figure 71 Tutorial: Add Tag for Frames Received on Port 2 11 Click the Save link in the upper right corner of the Web Configurator to save your configuration permanently. 6.3.3 Configure DHCPv4 Relay Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information (such as the VLAN ID) to DHCP requests.
Page 92: Troubleshooting
Chapter 6 Tutorials 6.3.4 Troubleshooting Check client A’s IP address. If it did not receive the IP address 172.16.1.18, make sure: Client A is connected to the Switch’s port 2 in VLAN 102. You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch.
Page 93 Chapter 6 Tutorials Setting up the Switch Open the Web Configurator. Go to the Management > Maintenance screen, and click the Click Here button next to the Auto Configuration field. Figure 73 Tutorial: Auto Configuration Screen Select the check box in the Active field to enable auto configuration. Select DHCP in the Mode field and click Apply to save your changes.
Page 94 Chapter 6 Tutorials Figure 75 Tutorial: Save Configuration and Reboot System Go to the Management > System Log screen to see if auto configuration was performed successfully. Figure 76 Tutorial: Log Check the screens to see if it is the configuration file you want to load. If it is not, go through the steps above to check your configurations.
Page 95: Status
Chapter 7 Status H A P T E R Status 7.1 Overview This chapter describes the screens for System Status and Neighbor Details. 7.1.1 What You Can Do • Use the Status screen (Section 7.2 on page 95) to see the Switch’s general device information, system status, and IP addresses.
Page 96 Chapter 7 Status Figure 78 Status The following table describes the labels in this screen. Table 22 Status LABEL DESCRIPTION Device Information Device Type This field displays the model name of this Switch. System Name This field displays the name used to identify the Switch on any network. Boot Version This field displays the version number and date of the boot module that is currently on the Switch.
Page 97: Neighbor Screen
Chapter 7 Status Table 22 Status (continued) LABEL DESCRIPTION Hybrid Mode This field displays whether the Switch is in Standalone mode or Cloud mode. In Standalone mode you can see a link to a QR code to register the Switch to use NCC (Nebula Control Center). Cloud Control This field displays the registration and connection status between the Switch and the NCC Status...
Page 98 Chapter 7 Status Figure 79 Status > Neighbor The following table describes the fields in the above screen. Table 23 Status > Neighbor LABEL DESCRIPTION Port This shows the port of the Switch, on which the neighboring device is discovered. Port Name This shows the port description of the Switch.
Page 99: Neighbor Detail
Chapter 7 Status Table 23 Status > Neighbor (continued) LABEL DESCRIPTION Reset to Default Click the Reset button to reset the neighboring device to its factory default settings. A warning message “Are you sure you want to load factory default?” appears prompting you to confirm the action.
Page 100 Chapter 7 Status The following table describes the fields in the above screen. Table 24 Status > Neighbor > Neighbor Detail LABEL DESCRIPTION Local Port This shows the port of the Switch, on which the neighboring device is discovered. Desc. This shows the port description of the Switch.
Page 101: Basic Setting
Chapter 8 Basic Setting H A P T E R Basic Setting 8.1 Overview This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup, Port Setup, PoE Setup, Interface Setup, IPv6, and Cloud Management screens. 8.1.1 What You Can Do •...
Page 102 Chapter 8 Basic Setting Figure 81 Basic Setting > System Info The following table describes the labels in this screen. Table 25 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the product model of the Switch.
Page 103: General Setup
Chapter 8 Basic Setting Table 25 Basic Setting > System Info (continued) LABEL DESCRIPTION Temperature The Switch has temperature sensors that are capable of detecting and reporting if the Unit temperature rises above the threshold. You may choose the temperature unit (Centigrade or Fahrenheit) in this field.
Page 104 Chapter 8 Basic Setting Figure 82 Basic Setting > General Setup The following table describes the labels in this screen. Table 26 Basic Setting > General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters;...
Page 105: Introduction To Vlans
Chapter 8 Basic Setting Table 26 Basic Setting > General Setup (continued) LABEL DESCRIPTION New Date (yyyy- Enter the new date in year, month and day format. The new date then appears in the Current mm-dd) Date field after you click Apply. Time Zone Select the time difference between UTC (Universal Time Coordinated, formerly known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box.
Page 106: Switch Setup
Chapter 8 Basic Setting Note: VLAN is unidirectional; it only governs outgoing traffic. 8.5 Switch Setup Click Basic Setting > Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen.
Page 107: Ip Setup
Chapter 8 Basic Setting Table 27 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds. Each port has a single Leave All Period timer. Leave All Timer must be larger than Leave Timer. Priority Queue Assignment IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service.
Page 108: Ip Status Details
Chapter 8 Basic Setting The following table describes the labels in this screen. Table 28 Basic Setting > IP Status LABEL DESCRIPTION IP Status Domain Name This field displays the IP address of the DNS server. Server Source This field displays whether the DNS server address is configured manually (Static) or obtained automatically using DHCPv4.
Page 109: Ip Configuration
Chapter 8 Basic Setting Figure 86 Basic Setting > IP Setup > IP Status Details: DHCP The following table describes the labels in this screen. Table 30 Basic Setting > IP Setup > IP Status Details: DHCP LABEL DESCRIPTION Type This shows the IP address is dynamically assigned from a DHCP server (DHCP).
Page 110 Chapter 8 Basic Setting Figure 87 Basic Setting > IP Setup > IP Configuration The following table describes the labels in this screen. Table 31 Basic Setting > IP Setup > IP Configuration LABEL DESCRIPTION Domain Name Enter a domain name server IPv4 address in order to be able to use a domain name instead of Server 1/2 an IP address.
Page 111: Network Proxy Configuration
Chapter 8 Basic Setting Table 31 Basic Setting > IP Setup > IP Configuration (continued) LABEL DESCRIPTION IP Subnet Enter the IP subnet mask of an IP routing domain in dotted decimal notation, for example, Mask 255.255.252.0. Default Type the IP address of the default outgoing gateway in dotted decimal notation, for example Gateway 172.21.43.254.
Page 112: Port Setup
Chapter 8 Basic Setting Figure 88 Network Proxy Configuration Application As of this writing, this setting only allows communication between the Switch and the NCC. Figure 89 Basic Setting > IP Setup > IP Configuration > Network Proxy Configuration The following table describes the labels in this screen. Table 32 Basic Setting >...
Page 113 Chapter 8 Basic Setting Figure 90 Basic Setting > Port Setup The following table describes the labels in this screen. Table 33 Basic Setting > Port Setup LABEL DESCRIPTION Port This is the port index number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 114: Poe Status
Chapter 8 Basic Setting Table 33 Basic Setting > Port Setup (continued) LABEL DESCRIPTION Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port.
Page 115 Chapter 8 Basic Setting Note: The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. To view the current amount of power that PDs are receiving from the Switch, click Basic Setting > PoE Setup.
Page 116: Poe Time Range Setup
Chapter 8 Basic Setting Table 34 Basic Setting > PoE Status (continued) LABEL DESCRIPTION State This field shows which ports can receive power from the Switch. You can set this in Section 8.8.2 on page 117. • Disable – The PD connected to this port cannot get power supply. •...
Page 117: Poe Setup
Chapter 8 Basic Setting Figure 93 Basic Setting > PoE Setup > PoE Time Range Setup The following table describes the labels in this screen. Table 35 Basic Setting > PoE Setup > PoE Time Range Setup LABEL DESCRIPTION Port Enter the number of the port to which you want to apply a schedule.
Page 118 Chapter 8 Basic Setting Figure 94 Basic Setting > PoE Setup The following table describes the labels in this screen. Table 36 Basic Setting > PoE Setup LABEL DESCRIPTION PoE Mode Select the power management mode you want the Switch to use. •...
Page 119 Chapter 8 Basic Setting Table 36 Basic Setting > PoE Setup (continued) LABEL DESCRIPTION Power-Up Set how the Switch provides power to a connected PD at power-up. 802.3af – the Switch follows the IEEE 802.3af Power over Ethernet standard to supply power to the connected PDs during power-up.
Page 120: Interface Setup
Chapter 8 Basic Setting 8.9 Interface Setup An IPv6 address is configured on a per-interface basis. The interface can be a physical interface (for example, an Ethernet port) or a virtual interface (for example, a VLAN). The Switch supports the VLAN interface type for IPv6 at the time of writing.
Page 121: Ipv6
Chapter 8 Basic Setting 8.10 IPv6 Use this screen to view the IPv6 interface status and configure the Switch’s management IPv6 addresses. 8.10.1 IPv6 Status Click Basic Setting > IPv6 in the navigation panel to display the IPv6 status screen as shown next. Figure 96 Basic Setting >...
Page 122 Chapter 8 Basic Setting Figure 97 Basic Setting > IPv6 > IPv6 Interface Status The following table describes the labels in this screen. Table 39 Basic Setting > IPv6 > IPv6 Interface Status LABEL DESCRIPTION IPv6 Active This field displays whether the IPv6 interface is activated or not. MTU Size This field displays the Maximum Transmission Unit (MTU) size for IPv6 packets on this interface.
Page 123: Ipv6 Configuration
Chapter 8 Basic Setting Table 39 Basic Setting > IPv6 > IPv6 Interface Status (continued) LABEL DESCRIPTION Joined Group This field displays the IPv6 multicast addresses of groups the Switch’s interface joins. Address(es) ND DAD Active This field displays whether Neighbor Discovery (ND) Duplicate Address Detection (DAD) is enabled on the interface.
Page 124: Ipv6 Global Setup
Chapter 8 Basic Setting Figure 98 Basic Setting > IPv6 > IPv6 Configuration The following table describes the labels in this screen. Table 40 Basic Setting > IPv6 > IPv6 Configuration LABEL DESCRIPTION IPv6 Global Setup Click the link to go to a screen where you can configure the global IPv6 settings on the Switch.
Page 125: Ipv6 Interface Setup
Chapter 8 Basic Setting The following table describes the labels in this screen. Table 41 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Setup LABEL DESCRIPTION IPv6 Hop Limit Specify the maximum number of hops (from 1 to 255) in router advertisements. This is the maximum number of hops on which an IPv6 packet is allowed to transmit before it is discarded by an IPv6 router, which is similar to the TTL field in IPv4.
Page 126: Ipv6 Link-Local Address Setup
Chapter 8 Basic Setting Table 42 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup (continued) LABEL DESCRIPTION Active This field displays whether the IPv6 interface is activated or not. Address This field displays whether stateless auto-configuration is enabled on the interface. Autoconfig 8.10.6 IPv6 Link-Local Address Setup A link-local address uniquely identifies a device on the local network (the LAN).
Page 127: Ipv6 Global Address Setup
Chapter 8 Basic Setting 8.10.7 IPv6 Global Address Setup Use this screen to configure the interface’s IPv6 global address. Click the link next to IPv6 Global Address Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 102 Basic Setting >...
Page 128: Ipv6 Neighbor Discovery Setup
Chapter 8 Basic Setting Table 44 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup (continued) LABEL DESCRIPTION EUI-64 This shows whether the interface ID of the global address is generated using the EUI-64 format. Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries.
Page 129: Ipv6 Neighbor Setup
Chapter 8 Basic Setting Table 45 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Discovery Setup (continued) LABEL DESCRIPTION NS Interval This field displays the time interval (in milliseconds) at which neighbor solicitations are re-sent for this interface. Reachable This field displays how long (in milliseconds) a neighbor is considered reachable for this interface.
Page 130: Dhcpv6 Client Setup
Chapter 8 Basic Setting Table 46 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup (continued) LABEL DESCRIPTION Interface This is the name of the IPv6 interface you created. Neighbor This field displays the IPv6 address of the neighboring device which can be reached through the Address interface.
Page 131: Cloud Management
Chapter 8 Basic Setting Table 47 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup (continued) LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Clear Click Clear to reset the fields to the factory defaults. Index This is the interface index number.
Page 132: Nebula Switch Registration
Chapter 8 Basic Setting Figure 107 Basic Setting > Cloud Management > Nebula Control Center Discovery Select Active to turn on NCC discovery on the Switch. If the Switch has Internet access and has been registered in the NCC, it will go into cloud management mode. In cloud management mode, NCC will first check if the firmware on the Switch needs to be upgraded.
Page 133: Vlan
H A P T E R VLAN 9.1 Overview This chapter shows you how to configure 802.1Q tagged and port-based VLANs. The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. Note: If you have enabled CLV mode in the Command Line Interface (CLI) to configure the Switch's VLAN settings, further VLAN changes you make through the Web Configurator will not be saved and applied completely.
Page 134: What You Need To Know
Chapter 9 VLAN 9.1.2 What You Need to Know Read this section to know more about VLAN and how to configure the screens. 9.2 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were created.
Page 135 Chapter 9 VLAN GARP Timers Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network.
Page 136 Chapter 9 VLAN Figure 109 Port VLAN Trunking 9.2.0.3 VLAN Priority At the time of writing, you can create Static VLANs, Voice VLANs, Vendor ID-based VLANs, Subnet Based VLANs, Protocol Based VLANs and MAC Based VLANs on the Switch when the VLAN type is set to 802.1Q. When a packet is received, the Switch processes the VLAN rules in sequence.
Page 137: Vlan Status
Chapter 9 VLAN 802.1Q Static VLAN Make sure 802.1Q is selected in the Basic Setting > Switch Setup screen. Use a static VLAN to decide whether an incoming frame on a port should be • sent to a VLAN group as normal depending on its VLAN tag. •...
Page 138: Vlan Details
Chapter 9 VLAN Table 49 Advanced Application > VLAN: VLAN Status (continued) LABEL DESCRIPTION Tagged Port This field shows the tagged ports that are participating in the VLAN. Untagged Port This field shows the untagged ports that are participating in the VLAN. Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up.
Page 139: Vlan Configuration
Chapter 9 VLAN 9.4 VLAN Configuration Use this screen to view IEEE 802.1Q VLAN parameters for the Switch. Click Advanced Application > VLAN > VLAN Configuration to see the following screen. Figure 113 Advanced Application > VLAN > VLAN Configuration The following table describes the labels in the above screen.
Page 140 Chapter 9 VLAN Figure 114 Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup The following table describes the related labels in this screen. Table 52 Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings.
Page 141: Configure Vlan Port Settings
Chapter 9 VLAN Table 52 Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup (continued) LABEL DESCRIPTION Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 142: Subnet Based Vlans
Chapter 9 VLAN The following table describes the labels in this screen. Table 53 Advanced Application > VLAN > VLAN Configuration > VLAN Port Setup LABEL DESCRIPTION GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network.
Page 143: Configuring Subnet Based Vlan
Chapter 9 VLAN For example, an ISP (Internet Services Provider) may divide different types of services it provides to customers into different IP subnets. Traffic for voice services is designated for IP subnet 172.16.1.0/24, video for 192.168.1.0/24 and data for 10.1.1.0/24. The Switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames.
Page 144 Chapter 9 VLAN Figure 117 Advanced Application > VLAN > VLAN Configuration > Subnet Based VLAN Setup The following table describes the labels in this screen. Table 54 Advanced Application > VLAN > VLAN Configuration > Subnet Based VLAN Setup LABEL DESCRIPTION Active...
Page 145: Protocol Based Vlans
Chapter 9 VLAN Table 54 Advanced Application > VLAN > VLAN Configuration > Subnet Based VLAN Setup (continued) LABEL DESCRIPTION Name This field shows the name the subnet based VLAN. This field shows the IP address of the subnet for this subnet based VLAN. Mask-Bits This field shows the subnet mask in bit number format for this subnet based VLAN.
Page 146 Chapter 9 VLAN Figure 119 Advanced Application > VLAN > VLAN Configuration > Protocol Based VLAN Setup The following table describes the labels in this screen. Table 55 Advanced Application > VLAN > VLAN Configuration > Protocol Based VLAN Setup LABEL DESCRIPTION Active...
Page 147: Voice Vlan
Chapter 9 VLAN Table 55 Advanced Application > VLAN > VLAN Configuration > Protocol Based VLAN Setup LABEL DESCRIPTION Delete Click this to delete the protocol based VLANs which you marked for deletion. Cancel Click Cancel to clear the check boxes. 9.9 Voice VLAN Voice VLAN is a VLAN that is specifically allocated for voice traffic.
Page 148: Mac Based Vlan
Chapter 9 VLAN The following table describes the fields in the above screen. Table 56 Advanced Application > VLAN > VLAN Configuration > Voice VLAN Setup LABEL DESCRIPTION Voice VLAN Global Setup Voice VLAN Click the second radio button if you want to enable the Voice VLAN feature. Enter a VLAN ID number that is associated with the Voice VLAN.
Page 149: Vendor Id Based Vlan
Chapter 9 VLAN This feature allows users to change ports without having to reconfigure the VLAN. You can assign priority to the MAC-based VLAN and define a MAC to VLAN mapping table by entering a specified source MAC address in the MAC-based VLAN setup screen. You can also delete a MAC-based VLAN entry in the same screen.
Page 150 Chapter 9 VLAN the source MAC address of the packet is looked up in a Vendor ID to VLAN mapping table. If an entry is found, the corresponding VLAN ID is assigned to the packet. The assigned VLAN ID is verified against the VLAN table.
Page 151: Port-Based Vlan Setup
Chapter 9 VLAN Table 58 Advanced Application > VLAN > VLAN Configuration > Vendor ID Based VLAN Setup LABEL DESCRIPTION Cancel Click Cancel to clear the fields in the vendor ID based VLAN entry. Index This field displays the index number of the vendor ID based VLAN entry. Name This field displays the name of the vendor ID based VLAN entry.
Page 152 Chapter 9 VLAN Figure 123 Advanced Application > VLAN: Port Based VLAN Setup (All Connected) Figure 124 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) GS2220 Series User’s Guide...
Page 153 Chapter 9 VLAN The following table describes the labels in this screen. Table 59 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs.
Page 154: Static Mac Forwarding
H A P T E R Static MAC Forwarding 10.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. Use these screens to configure static MAC address forwarding. 10.1.1 What You Can Do Use the Static MAC Forwarding screen (Section 10.2 on page 154) to assign static MAC addresses for a...
Page 155 Chapter 10 Static MAC Forwarding The following table describes the labels in this screen. Table 60 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box.
Page 156: Static Multicast Forwarding
Chapter 11 Static Multicast Forwarding H A P T E R Static Multicast Forwarding 11.1 Overview This chapter discusses how to configure forwarding rules based on multicast MAC addresses of devices on your network. Use these screens to configure static multicast address forwarding. 11.1.1 What You Can Do Use the Static Multicast Forwarding screen (Section 11.2 on page...
Page 157: Configure Static Multicast Forwarding
Chapter 11 Static Multicast Forwarding Figure 127 Static Multicast Forwarding to a Single Port Figure 128 Static Multicast Forwarding to Multiple Ports 11.2 Configure Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific ports.
Page 158 Chapter 11 Static Multicast Forwarding The following table describes the labels in this screen. Table 61 Advanced Application > Static Multicast Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box.
Page 159: Filtering
Chapter 12 Filtering H A P T E R Filtering 12.1 Filtering Overview This chapter discusses MAC address port filtering. Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). 12.1.1 What You Can Do Use the Filtering screen (Section 12.2 on page...
Page 160 Chapter 12 Filtering The following table describes the related labels in this screen. Table 62 Advanced Application > Filtering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by de-selecting this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule.
Page 161: Spanning Tree Protocol
Chapter 13 Spanning Tree Protocol H A P T E R Spanning Tree Protocol 13.1 Spanning Tree Protocol Overview The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. •...
Page 162 Chapter 13 Spanning Tree Protocol spanning tree than STP (while also being backwards compatible with STP-only aware bridges). In RSTP, topology change information is directly propagated throughout the network from the device that generates the topology change. In STP, a longer delay is required as the device that causes a topology change first notifies the root bridge that then notifies the network.
Page 163 Chapter 13 Spanning Tree Protocol blocking state to forwarding state so as to eliminate transient loops. Table 64 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. Listening All BPDUs are received and processed.
Page 164: Spanning Tree Protocol Status
Chapter 13 Spanning Tree Protocol 13.2 Spanning Tree Protocol Status The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown.
Page 165: Rapid Spanning Tree Protocol Status
Chapter 13 Spanning Tree Protocol 13.4 Rapid Spanning Tree Protocol Status The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.1 on page 161 for more information on RSTP.
Page 166: Configure Rapid Spanning Tree Protocol
Chapter 13 Spanning Tree Protocol Table 66 Advanced Application > Spanning Tree Protocol > Spanning Tree Protocol Status: RSTP LABEL DESCRIPTION Port State This field displays the port state in STP. • Discarding – The port does not forward or process received frames or learn MAC addresses, but still listens for BPDUs.
Page 167 Chapter 13 Spanning Tree Protocol Figure 135 Advanced Application > Spanning Tree Protocol > RSTP The following table describes the labels in this screen. Table 67 Advanced Application > Spanning Tree Protocol > RSTP LABEL DESCRIPTION Status Click Status to display the RSTP Status screen. Active Select this check box to activate RSTP.
Page 168: Configure Multiple Spanning Tree Protocol
Table 67 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Forwarding Delay This is the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every Switch must receive information about topology changes before it starts to forward frames.
Page 169 Chapter 13 Spanning Tree Protocol Figure 136 Advanced Application > Spanning Tree Protocol > MSTP The following table describes the labels in this screen. Table 68 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen. Port Click Port to display the MSTP Port screen.
Page 170 Table 68 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. MaxAge This is the maximum time (in seconds) a switch can wait without receiving a BPDU before attempting to reconfigure.
Page 171: Multiple Spanning Tree Protocol Port Configuration
Chapter 13 Spanning Tree Protocol Table 68 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost.
Page 172: Multiple Spanning Tree Protocol Status
Chapter 13 Spanning Tree Protocol Table 69 Advanced Application > Spanning Tree Protocol > MSTP > Port (continued) LABEL DESCRIPTION Edge Select this check box to configure a port as an edge port when it is directly attached to a computer.
Page 173 Chapter 13 Spanning Tree Protocol Figure 138 Advanced Application > Spanning Tree Protocol > Status: MSTP The following table describes the labels in this screen. Table 70 Advanced Application > Spanning Tree Protocol > Status: MSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MSTP to edit MSTP settings on the Switch.
Page 174 Table 70 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Configuration A configuration digest is generated from the VLAN-MSTI mapping information. Digest This field displays the 16-octet signature that is included in an MSTP BPDU. This field displays the digest when MSTP is activated on the system.
Page 175: Configure Multiple Rapid Spanning Tree Protocol
Chapter 13 Spanning Tree Protocol 13.8 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 139 Advanced Application > Spanning Tree Protocol > MRSTP The following table describes the labels in this screen. Table 71 Advanced Application >...
Page 176: Multiple Rapid Spanning Tree Protocol Status
Table 71 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Forwarding Delay This is the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames.
Page 177 Chapter 13 Spanning Tree Protocol Figure 140 Advanced Application > Spanning Tree Protocol > Status: MRSTP The following table describes the labels in this screen. Table 72 Advanced Application > Spanning Tree Protocol > Status: MRSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MRSTP to edit MRSTP settings on the Switch.
Page 178: Technical Reference
Chapter 13 Spanning Tree Protocol Table 72 Advanced Application > Spanning Tree Protocol > Status: MRSTP (continued) LABEL DESCRIPTION Port Role This field displays the role of the port in STP. • Root – A forwarding port on a non-root bridge, which has the lowest path cost and is the best port from the non-root bridge to the root bridge.
Page 179: Mst Region
Chapter 13 Spanning Tree Protocol With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP. Figure 142 MSTP Network Example 13.10.2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network.
Page 180: Common And Internal Spanning Tree (Cist)
Chapter 13 Spanning Tree Protocol Figure 143 MSTIs in Different Regions 13.10.4 Common and Internal Spanning Tree (CIST) A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/ RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST.
Page 181: Bandwidth Control
H A P T E R Bandwidth Control 14.1 Bandwidth Control Overview This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port.
Page 182 Chapter 14 Bandwidth Control The following table describes the related labels in this screen. Table 73 Advanced Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number. Settings in this row apply to all ports.
Page 183: Broadcast Storm Control
Chapter 15 Broadcast Storm Control H A P T E R Broadcast Storm Control 15.1 Broadcast Storm Control Overview This chapter introduces and shows you how to configure the broadcast storm control feature. Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports.
Page 184 Chapter 15 Broadcast Storm Control The following table describes the labels in this screen. Table 74 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature.
Page 185: Mirroring
Chapter 16 Mirroring H A P T E R Mirroring 16.1 Mirroring Overview This chapter discusses port mirroring setup screens. Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference.
Page 186 Chapter 16 Mirroring The following table describes the labels in this screen. Table 75 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail without Port...
Page 187: Link Aggregation
Chapter 17 Link Aggregation H A P T E R Link Aggregation 17.1 Link Aggregation Overview This chapter shows you how to logically aggregate physical links to form one logical, higher-bandwidth link. Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
Page 188: Link Aggregation Status
Chapter 17 Link Aggregation operational port fails, then one of the “standby” ports become operational without user intervention. Please note that: • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. •...
Page 189: Link Aggregation Setting
Chapter 17 Link Aggregation The following table describes the labels in this screen. Table 78 Advanced Application > Link Aggregation Status LABEL DESCRIPTION Group ID This field displays the group ID to identify a trunk group, that is, one logical link containing multiple ports.
Page 190 Chapter 17 Link Aggregation Figure 149 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen. Table 79 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID...
Page 191: Link Aggregation Control Protocol
Chapter 17 Link Aggregation Table 79 Advanced Application > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 192: Technical Reference
Chapter 17 Link Aggregation Table 80 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP (continued) LABEL DESCRIPTION Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number.
Page 193 Chapter 17 Link Aggregation Figure 152 Trunking Example Configuration Screen – Your trunk group 1 (T1) configuration is now complete. GS2220 Series User’s Guide...
Page 194: Port Authentication
Chapter 18 Port Authentication H A P T E R Port Authentication 18.1 Port Authentication Overview This chapter describes the IEEE 802.1x, MAC, Guest VLAN, and Compound authentication methods. Port authentication is a way to validate access to ports on the Switch to clients based on an external authentication server.
Page 195: What You Need To Know
• Use the Guest Vlan screen (Section 18.5 on page 199) to enable and assign a guest VLAN to a port. • Use the Compound Authentication screen (Section 18.6 on page 201) to allow network access for clients that pass either IEEE 802.1x authentication OR MAC authentication, or pass both IEEE 802.1x authentication AND MAC authentication.
Page 196: Port Authentication Configuration
Chapter 18 Port Authentication Figure 154 MAC Authentication Process 18.2 Port Authentication Configuration To enable port authentication, first activate the port authentication methods (both on the Switch and the ports), then configure the RADIUS server settings in the AAA > RADIUS Server Setup screen. Click Advanced Application >...
Page 197 Figure 156 Advanced Application > Port Authentication > 802.1x The following table describes the labels in this screen. Table 81 Advanced Application > Port Authentication > 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch before configuring it on each port.
Page 198: Activate Mac Authentication
Chapter 18 Port Authentication Table 81 Advanced Application > Port Authentication > 802.1x (continued) LABEL DESCRIPTION Quiet-period secs Specify the number of seconds the port remains in the HELD state and rejects further authentication requests from the connected client after a failed authentication exchange. Tx-period secs Specify the number of seconds the Switch waits for client’s response before re-sending an identity request to the client.
Page 199: Guest Vlan
Chapter 18 Port Authentication The following table describes the labels in this screen. Table 82 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch before configuring it on each port.
Page 200 Chapter 18 Port Authentication example), the user (A in the example) that is not IEEE 802.1x capable or fails to enter the correct user name and password can still access the port, but traffic from the user is forwarded to the guest VLAN. That is, unauthenticated users can have access to limited network resources in the same guest VLAN, such as the Internet.
Page 201: Compound Authentication
Table 83 Advanced Application > Port Authentication > Guest VLAN (continued) LABEL DESCRIPTION Active Select this check box to enable the guest VLAN feature on this port. Clients that fail authentication are placed in the guest VLAN and can receive limited services. Guest Vlan A guest VLAN is a pre-configured VLAN on the Switch that allows non-authenticated users to access limited network resources through the Switch.
Page 202 Chapter 18 Port Authentication Figure 160 Advanced Application > Port Authentication > Compound Authentication Mode The following table describes the labels in this screen. Table 84 Advanced Application > Port Authentication > Compound Authentication Mode LABEL DESCRIPTION Port This field displays a port number. * means all ports. Settings in this row apply to all ports.
Page 203: Port Security
H A P T E R Port Security This chapter shows you how to set up port security. 19.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 32K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 32K.
Page 204 Chapter 19 Port Security The following table describes the labels in this screen. Table 85 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the ports (separated by a comma) on which you want to enable port security and disable MAC address learning.
Page 205: Time Range
Chapter 20 Time Range H A P T E R Time Range 20.1 Time Range Overview You can set up one-time and recurring schedules for time-oriented features, such as PoE and classifier. The UAG supports one-time and recurring schedules. One-time schedules are effective only once, while recurring schedules usually repeat.
Page 206 Chapter 20 Time Range The following table describes the labels in this screen. Table 86 Advanced Application > Time Range LABEL DESCRIPTION Name Enter a descriptive name for this rule for identifying purposes. Type Select Absolute to create a one-time schedule. One-time schedules begin on a specific start date and time and end on a specific stop date and time.
Page 207: Classifier
Chapter 21 Classifier H A P T E R Classifier 21.1 Classifier Overview This chapter introduces and shows you how to configure the packet classifier on the Switch. It also discusses Quality of Service (QoS) and classifier concepts as employed by the Switch. 21.1.1 What You Can Do •...
Page 208: Classifier Status
Chapter 21 Classifier 21.2 Classifier Status Use this screen to view the classifiers configured on the Switch and how many times the traffic matches the rules. Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown.
Page 209 Chapter 21 Classifier Figure 164 Advanced Application > Classifier > Classifier Configuration The following table describes the labels in this screen. Table 88 Advanced Application > Classifier > Classifier Configuration LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes.
Page 210 Chapter 21 Classifier Table 88 Advanced Application > Classifier > Classifier Configuration (continued) LABEL DESCRIPTION Select this option to have the Switch create a log message when the rule is applied and record the number of matched packets in a particular time interval. Note: Make sure you also enable logging in the Classifier Global Setting screen.
Page 211 Chapter 21 Classifier Table 88 Advanced Application > Classifier > Classifier Configuration (continued) LABEL DESCRIPTION DSCP Select Any to classify traffic from any DSCP or select the second option and specify a DSCP (DiffServ Code Point) number between 0 and 63 in the field provided. IPv4/IPv6 Preceden Select Any to classify traffic from any precedence or select the second option and specify an IP...
Page 212: Viewing And Editing Classifier Configuration Summary
Chapter 21 Classifier 21.3.1 Viewing and Editing Classifier Configuration Summary To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen. To change the settings of a rule, click a number in the Index field. Note: When two rules conflict with each other, a higher layer rule has priority over lower layer rule.
Page 213: Classifier Global Setting Configuration
Chapter 21 Classifier In the Internet Protocol there is a field, called “Protocol”, to identify the next level protocol. The following table shows some common protocol types and the corresponding protocol number. Refer to http:// www.iana.org/assignments/protocol-numbers for a complete list. Table 91 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER...
Page 214: Classifier Example
Chapter 21 Classifier Table 93 Advanced Application > Classifier > Classifier Configuration > Classifier Global Setting LABEL DESCRIPTION Active Select this to allow the Switch to create a log when packets match a classifier rule during a defined time interval. Interval Select the length of the time period (in seconds) to count matched packets for a classifier rule.
Page 215 Chapter 21 Classifier Figure 167 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy (in the Policy screen) to define actions on the classified traffic flow. GS2220 Series User’s Guide...
Page 216: Policy Rule
Chapter 22 Policy Rule H A P T E R Policy Rule 22.1 Policy Rules Overview This chapter shows you how to configure policy rules. A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 21 on page for more information).
Page 217: Configuring Policy Rules
22.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Click Advanced Application > Policy Rule in the navigation panel to display the screen as shown. Figure 168 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 94 Advanced Application >...
Page 218 Chapter 22 Policy Rule Table 94 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION General VLAN ID Specify a VLAN ID. Egress Port Type the number of an outgoing port. Priority Specify a priority level. Rate Limit You can configure the desired bandwidth available to a traffic flow. Traffic that exceeds the maximum bandwidth allocated (in cases where the network is congested) is called out-of-profile traffic.
Page 219: Policy Example
Table 94 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. Index This field displays the policy index number. Click an index number to edit the policy. Active This field displays Yes when policy is activated and No when is it deactivated.
Page 220: Queuing Method
23 17 HAPTER Queuing Method 23.1 Queuing Method Overview This chapter introduces the queuing methods supported. Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
Page 221: Configuring Queuing
Chapter 23 Queuing Method Weighted Round Robin Scheduling (WRR) uses the same algorithm as round robin scheduling, but services queues based on their priority and queue weight (the number you configure in the queue Weight field) rather than a fixed amount of bandwidth. WRR is activated only when a port has more traffic than it can handle.
Page 222 Chapter 23 Queuing Method The following table describes the labels in this screen. Table 95 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 223: Multicast
Chapter 24 Multicast H A P T E R Multicast 24.1 Multicast Overview This chapter shows you how to configure various multicast features. Traditionally, IP packets are transmitted in one of either two ways Unicast (one sender to one recipient) –...
Page 224 Chapter 24 Multicast IP Multicast Addresses In IPv4, a multicast address allows a device to send packets to a specific group of hosts (multicast group) in a different subnetwork. A multicast IP address represents a traffic receiving group, not individual receiving devices. IP addresses in the Class D range (224.0.0.0 to 239.255.255.255) are used for IP multicasting.
Page 225 Chapter 24 Multicast MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding table. When an MLD host wants to join a multicast group, it sends an MLD Report message for that address. An MLD Done message is similar to an IGMP Leave message.
Page 226 Chapter 24 Multicast Figure 171 MVR Network Example Types of MVR Ports In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
Page 227: Multicast Setup
Chapter 24 Multicast Figure 172 MVR Multicast Television Example 24.2 Multicast Setup Use this screen to configure IGMP for IPv4 or MLD for IPv6 and set up multicast VLANs. Click Advanced Application > Multicast in the navigation panel. Figure 173 Advanced Application > Multicast Setup The following table describes the labels in this screen.
Page 228: Igmp Snooping
Chapter 24 Multicast The following table describes the labels in this screen. Table 97 Advanced Application > Multicast > IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group.
Page 229 Chapter 24 Multicast Table 98 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION Querier Select this option to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached. Querier Version IGMP snooping query works only when both host and Switch support the same IGMP version.
Page 230 Chapter 24 Multicast Table 98 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION Reserved Multicast The IP address range of 224.0.0.0 to 224.0.0.255 are reserved for multicasting on the local Group network only. For example, 224.0.0.1 is for all hosts on a local network segment and 224.0.0.9 is used to send RIP routing information to all RIP v2 routers on the same network segment.
Page 231: Igmp Snooping Vlan
Chapter 24 Multicast Table 98 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION IGMP Filtering Select the name of the IGMP filtering profile to use for this port. Otherwise, select Default to Profile prohibit the port from joining any multicast group. You can create IGMP filtering profiles in the Multicast >...
Page 232: Igmp Filtering Profile
Chapter 24 Multicast The following table describes the labels in this screen. Table 99 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically.
Page 233 Chapter 24 Multicast Figure 177 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile The following table describes the labels in this screen. Table 100 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile LABEL DESCRIPTION Profile Name...
Page 234: Ipv6 Multicast Status
24.4 IPv6 Multicast Status Click Advanced Application > Multicast > IPv6 Multicast to display the screen as shown. This screen shows the IPv6 multicast group information. See Section 24.1 on page 223 for more information on multicasting. Figure 178 Advanced Application > Multicast > IPv6 Multicast The following table describes the fields in the above screen.
Page 235: Mld Snooping-Proxy Vlan
Chapter 24 Multicast 24.4.2 MLD Snooping-proxy VLAN Click the VLAN link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy screen to display the screen as shown. See Section 24.1 on page 223 for more information on multicasting.
Page 236: Mld Snooping-Proxy Vlan Port Role Setting
Table 103 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN LABEL DESCRIPTION Robustness Variable Enter the number of queries. A multicast address entry (learned only on an upstream port by snooping) is removed from the forwarding table when there is no response to the configured number of queries sent by the router connected to the upstream port.
Page 237 Chapter 24 Multicast Figure 181 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting The following table describes the fields in the above screen. Table 104 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting LABEL DESCRIPTION...
Page 238: Mld Snooping-Proxy Filtering
Chapter 24 Multicast Table 104 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting (continued) LABEL DESCRIPTION Leave Timeout Enter the MLD snooping normal leave timeout (in milliseconds) the Switch uses to update the forwarding table for the specified downstream ports.
Page 239: Mld Snooping-Proxy Filtering Profile
Chapter 24 Multicast Table 105 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 240: General Mvr Configuration
The following table describes the fields in the above screen. Table 106 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rules for a profile that you have already added, enter the profile name and specify a different IP multicast address range.
Page 241 Chapter 24 Multicast Figure 184 Advanced Application > Multicast > MVR The following table describes the related labels in this screen. Table 107 Advanced Application > Multicast > MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one single multicast VLAN to be shared among different subscriber VLANs on the network.
Page 242: Mvr Group Configuration
Table 107 Advanced Application > Multicast > MVR (continued) LABEL DESCRIPTION Source Port Select this option to set this port as the MVR source port that sends and receives multicast traffic. All source ports must belong to a single multicast VLAN. Receiver Port Select this option to set this port as a receiver port that only receives multicast traffic.
Page 243 Chapter 24 Multicast Figure 185 Advanced Application > Multicast > MVR > Group Configuration The following table describes the labels in this screen. Table 108 Advanced Application > Multicast > MVR > Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID (that you configured in the MVR screen) from the drop-down list box.
Page 244: Mvr Configuration Example
Chapter 24 Multicast 24.5.2 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the Switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S.
Page 245 Chapter 24 Multicast Figure 188 MVR Group Configuration Example-1 EXAMPLE Figure 189 MVR Group Configuration Example-2 EXAMPLE GS2220 Series User’s Guide...
Page 246: Aaa
H A P T E R 25.1 Authentication, Authorization and Accounting (AAA) This chapter describes how to configure authentication, authorization and accounting settings on the Switch. The external servers that perform authentication, authorization and accounting functions are known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service) and TACACS+ (Terminal Access Controller Access-Control System Plus) as the external authentication, authorization, and accounting server.
Page 247: Aaa Screens
Chapter 25 AAA track when users log in, log out, execute commands and so on. Accounting can also record system related actions such as boot up and shut down times of the Switch. Local User Accounts By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server.
Page 248 Chapter 25 AAA Figure 192 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen. Table 110 Advanced Application > AAA > RADIUS Server Setup LABEL DESCRIPTION Authentication Use this section to configure your RADIUS authentication settings. Server Mode This field is only valid if you configure multiple RADIUS servers.
Page 249: Tacacs+ Server Setup
Chapter 25 AAA Table 110 Advanced Application > AAA > RADIUS Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters [ ? ], [ | ], [ ' ], [ " ] or [ , ]) as the key to be shared between the external RADIUS server and the Switch.
Page 250 Chapter 25 AAA Figure 193 Advanced Application > AAA > TACACS+ Server Setup The following table describes the labels in this screen. Table 111 Advanced Application > AAA > TACACS+ Server Setup LABEL DESCRIPTION Authentication Use this section to configure your TACACS+ authentication settings. Server Mode This field is only valid if you configure multiple TACACS+ servers.
Page 251: Aaa Setup
Chapter 25 AAA Table 111 Advanced Application > AAA > TACACS+ Server Setup (continued) LABEL DESCRIPTION Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the TACACS+ server. Index This is a read-only number representing a TACACS+ accounting server entry. IP Address Enter the IP address of an external TACACS+ accounting server in dotted decimal notation.
Page 252 Chapter 25 AAA The following table describes the labels in this screen. Table 112 Advanced Application > AAA > AAA Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch. Privilege Enable These fields specify which database the Switch should use (first, second and third) to authenticate access privilege level for administrator accounts (users for Switch management).
Page 253: Technical Reference
Chapter 25 AAA Table 112 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Type The Switch supports the following types of events to be sent to the accounting servers: • System – Configure the Switch to send information when the following system events occur: system boots up, system shuts down, system accounting is enabled, system accounting is disabled.
Page 254 Chapter 25 AAA • Assign account privilege levels (See the CLI Reference Guide for more information on account privilege levels) for the authenticated user. The VSAs are composed of the following: • Vendor-ID: An identification number assigned to the company by the IANA (Internet Assigned Numbers Authority).
Page 255: Supported Radius Attributes
Chapter 25 AAA Table 114 Supported Tunnel Protocol Attribute FUNCTION ATTRIBUTE VLAN Assignment Tunnel-Type = VLAN(13) Tunnel-Medium-Type = 802(6) VLAN ID Tunnel-Private-Group-ID = Note: You must also create a VLAN with the specified VID on the Switch. Note: The bolded values in this table are fixed values as defined in RFC 3580. 25.6.2 Supported RADIUS Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication elements in a user profile, which is stored on the RADIUS server.
Page 256: Attributes Used For Accounting
Chapter 25 AAA This value is set to Ethernet(15) on the Switch. – Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 25.6.4 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 25.6.4.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier...
Page 257 Chapter 25 AAA Table 116 RADIUS Attributes – Exec Events through Telnet/SSH (continued) ATTRIBUTE START INTERIM-UPDATE STOP Service-Type    Calling-Station-Id    Acct-Status-Type    Acct-Delay-Time    Acct-Session-Id    Acct-Authentic   ...
Page 258: Ip Source Guard
Chapter 26 IP Source Guard H A P T E R IP Source Guard 26.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: •...
Page 259: Ip Source Guard
Chapter 26 IP Source Guard • Static bindings. Use this to create static bindings in the binding table. • DHCP snooping. Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically. • ARP inspection. Use this to filter unauthorized ARP packets on the network. If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you have to enable DHCP snooping before you enable ARP inspection.
Page 260: Ipv4 Source Guard Setup
26.3 IPv4 Source Guard Setup Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
Page 261 Chapter 26 IP Source Guard Figure 197 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding The following table describes the labels in this screen. Table 120 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding LABEL DESCRIPTION ARP Freeze...
Page 262 Table 120 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding LABEL DESCRIPTION Cancel Click this to reset the values above based on the last selected static binding or, if not applicable, to clear the fields above. Clear Click Clear to reset the fields to the factory defaults.
Page 263: Dhcp Snooping
Chapter 27 DHCP Snooping H A P T E R DHCP Snooping 27.1 DHCP Snooping Overview With DHCP snooping, the Switch can build the binding table dynamically by snooping DHCP packets (dynamic bindings) and filter unauthorized DHCP packets in your network. The Switch uses a binding table to distinguish between authorized and unauthorized DHCP packets in your network.
Page 264 Chapter 27 DHCP Snooping Figure 198 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping The following table describes the labels in this screen. Table 121 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping LABEL DESCRIPTION Database Status...
Page 265 Chapter 27 DHCP Snooping Table 121 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping LABEL DESCRIPTION Agent running This field displays the status of the current update or access of the DHCP snooping database. none: The Switch is not accessing the DHCP snooping database.
Page 266: Dhcp Snooping Configure
Table 121 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping LABEL DESCRIPTION Parse failures This field displays the number of bindings the Switch ignored because the Switch was unable to understand the binding in the DHCP binding database. Expired leases This field displays the number of bindings the Switch ignored because the lease time had already expired.
Page 267: Dhcp Snooping Port Configure
Chapter 27 DHCP Snooping The following table describes the labels in this screen. Table 122 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLAN and specify trusted ports.
Page 268: Dhcp Snooping Vlan Configure
Figure 200 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > Port The following table describes the labels in this screen. Table 123 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure >...
Page 269: Dhcp Snooping Vlan Port Configure
Chapter 27 DHCP Snooping To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN. Figure 201 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure >...
Page 270: Technical Reference
Chapter 27 DHCP Snooping Figure 202 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN > Port The following table describes the labels in this screen. Table 125 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure >...
Page 271: Dhcp Snooping Overview
Chapter 27 DHCP Snooping 27.4.1 DHCP Snooping Overview Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the binding table dynamically. This can prevent clients from getting IP addresses from unauthorized DHCP servers. 27.4.1.1 Trusted vs. Untrusted Ports Every port is either a trusted port or an untrusted port for DHCP snooping.
Page 272 Chapter 27 DHCP Snooping from previous updates. Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the file, that binding and all others after it are ignored.
Page 273: Arp Inspection
Chapter 28 ARP Inspection H A P T E R ARP Inspection 28.1 ARP Inspection Status Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Page 274: Arp Inspection Vlan Status
28.1.1 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > VLAN Status. Figure 205 Advanced Application >...
Page 275: Arp Inspection Configure
Chapter 28 ARP Inspection Figure 206 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Log Status The following table describes the labels in this screen. Table 128 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Log Status LABEL DESCRIPTION...
Page 276 Configure. Figure 207 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure The following table describes the labels in this screen. Table 129 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure LABEL DESCRIPTION...
Page 277: Arp Inspection Port Configure
Chapter 28 ARP Inspection Table 129 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 278: Arp Inspection Vlan Configure
Chapter 28 ARP Inspection Table 130 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure > Port (continued) LABEL DESCRIPTION Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). The Switch does not discard ARP packets on trusted ports for any reason.
Page 279: Ipv6 Source Guard Overview
Chapter 28 ARP Inspection The following table describes the labels in this screen. Table 131 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure > VLAN LABEL DESCRIPTION VLAN Search by Specify the VLANs you want to manage in the section below. Use a comma (,) to separate individual VLANs or a dash (–) to indicates a range of VLANs.
Page 280: Ipv6 Source Binding Status
Chapter 28 ARP Inspection 28.4 IPv6 Source Binding Status Use this screen to look at the current IPv6 dynamic and static bindings and to remove dynamic bindings based on IPv6 address and/or IPv6 prefix. Bindings are used to distinguish between authorized and unauthorized packets in the network.
Page 281: Ipv6 Static Binding Setup
Chapter 28 ARP Inspection 28.5 IPv6 Static Binding Setup Use this screen to manually create an IPv6 source guard binding table entry and manage IPv6 static bindings. Static bindings are uniquely identified by the source IPv6 address / prefix. Each source IPv6 address / prefix can only be in one static binding.
Page 282: Ipv6 Source Guard Policy Setup
Chapter 28 ARP Inspection Table 133 Advanced Application > IP Source Guard > IPv6 Static Binding Setup (continued) LABEL DESCRIPTION Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Select an entry check box and click Delete to remove the specified entry.
Page 283: Ipv6 Source Guard Port Setup
Chapter 28 ARP Inspection Table 134 Advanced Application > IP Source Guard > IPv6 Source Guard Policy Setup (continued) LABEL DESCRIPTION Clear Click this to clear the fields above. Index This field displays a sequential number for each policy. Name This field displays the descriptive name for identification purposes for this IPv6 source guard policy.
Page 284: Ipv6 Snooping Policy Setup
Chapter 28 ARP Inspection Table 135 Advanced Application > IP Source Guard > IPv6 Source Guard Port Setup LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 285: Ipv6 Snooping Vlan Setup
Chapter 28 ARP Inspection Table 136 Advanced Application > IP Source Guard > IPv6 Snooping Policy Setup (continued) LABEL DESCRIPTION Protocol This field displays the protocols learned from DHCPv6 sniffed packets. Prefix Glean This field displays the IPv6 prefixes learned from DHCPv6 sniffed packets. Limit Address This field displays the number of IPv6 addresses and prefixes learned using the IPv6 snooping Count...
Page 286: Ipv6 Dhcp Trust Setup
Chapter 28 ARP Inspection 28.10 IPv6 DHCP Trust Setup Use this screen to specify which ports are trusted for DHCPv6 snooping. To open this screen, click Advanced Application > IP Source Guard > IPv6 DHCP Trust Setup. Note: DHCPv6 solicit packets are sent from a DHCPv6 client to a DHCPv6 server. Reply packets from a DHCPv6 server connected to an untrusted port are discarded.
Page 287: Technical Reference
Chapter 28 ARP Inspection Table 138 Advanced Application > IP Source Guard > IPv6 DHCP Trust Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 288 Chapter 28 ARP Inspection • They appear only in the ARP Inspection screens and commands, not in the MAC Address Filter screens and commands. 28.11.1.2 Trusted vs. Untrusted Ports Every port is either a trusted port or an untrusted port for ARP inspection. This setting is independent of the trusted or untrusted setting for DHCP snooping.
Page 289: Loop Guard
H A P T E R Loop Guard 29.1 Loop Guard Overview This chapter shows you how to configure the Switch to guard against loops on the edge of your network. Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
Page 290 Chapter 29 Loop Guard and reach switch B, they are sent back to port N on A as they are rebroadcast from B. Figure 219 Switch in Loop State The loop guard feature checks to see if a loop guard enabled port is connected to a Switch in loop state.
Page 291: Loop Guard Setup
Chapter 29 Loop Guard 29.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature cannot be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled. Figure 222 Advanced Application >...
Page 292: Vlan Mapping
Chapter 30 VLAN Mapping H A P T E R VLAN Mapping This chapter shows you how to configure VLAN mapping on the Switch. 30.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network.
Page 293: Enable Vlan Mapping
Chapter 30 VLAN Mapping 30.2 Enable VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown. Figure 224 Advanced Application > VLAN Mapping The following table describes the labels in this screen. Table 140 Advanced Application >...
Page 294 Chapter 30 VLAN Mapping Figure 225 Advanced Application > VLAN Mapping > VLAN Mapping Configuration The following table describes the labels in this screen. Table 141 Advanced Application > VLAN Mapping > VLAN Mapping Configuration LABEL DESCRIPTION Active Check this box to activate this rule. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Page 295 Chapter 30 VLAN Mapping Table 141 Advanced Application > VLAN Mapping > VLAN Mapping Configuration (continued) LABEL DESCRIPTION Delete Check the rules that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. GS2220 Series User’s Guide...
Page 296: Layer 2 Protocol Tunneling
Chapter 31 Layer 2 Protocol Tunneling H A P T E R Layer 2 Protocol Tunneling 31.1 Layer 2 Protocol Tunneling Overview This chapter shows you how to configure layer 2 protocol tunneling on the Switch. 31.1.1 What You Can Do Use the Layer 2 Protocol Tunnel screen (Section 31.1 on page 296) to enable layer 2 protocol tunneling...
Page 297: Configuring Layer 2 Protocol Tunneling
Chapter 31 Layer 2 Protocol Tunneling spanning tree, even though switch A is not directly connected to switches B, C and D. Topology change information can be propagated throughout the service provider’s network. To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (Uni-Directional Link Detection).
Page 298 Chapter 31 Layer 2 Protocol Tunneling Figure 228 Advanced Application > Layer 2 Protocol Tunneling The following table describes the labels in this screen. Table 142 Advanced Application > Layer 2 Protocol Tunneling LABEL DESCRIPTION Active Select this to enable layer 2 protocol tunneling on the Switch. Destination Specify a MAC address with which the Switch uses to encapsulate the layer 2 protocol packets MAC Address...
Page 299 Chapter 31 Layer 2 Protocol Tunneling Table 142 Advanced Application > Layer 2 Protocol Tunneling (continued) LABEL DESCRIPTION Point to Point The Switch supports PAgP (Port Aggregation Protocol), LACP (Link Aggregation Control Protocol) and UDLD (UniDirectional Link Detection) tunneling for a point-to-point topology. Both PAgP and UDLD are Cisco’s proprietary data link layer protocols.
Page 300: Pppoe
Chapter 32 PPPoE H A P T E R PPPoE 32.1 PPPoE Intermediate Agent Overview This chapter describes how the Switch gives a PPPoE termination server additional information that the server can use to identify and authenticate a PPPoE client. A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients.
Page 301 Chapter 32 PPPoE This tag is defined in RFC 2516 and has the following format for this feature. Table 143 PPPoE Intermediate Agent Vendor-specific Tag Format Tag_Type Tag_Len Value (0x0105) The Tag_Type is 0x0105 for vendor-specific tags, as defined in RFC 2516. The Tag_Len indicates the length of Value, i1 and i2.
Page 302: Pppoe
Chapter 32 PPPoE WT-101 Default Circuit ID Syntax If you do not configure a Circuit ID string for a specific VLAN on a port or for a specific port, and disable the flexible Circuit ID syntax in the PPPoE > Intermediate Agent screen, the Switch automatically generates a Circuit ID string according to the default Circuit ID syntax which is defined in the DSL Forum Working Text (WT)-101.
Page 303: Pppoe Intermediate Agent
32.3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client. Click Advanced Application > PPPoE > Intermediate Agent in the navigation panel to display the screen as shown.
Page 304: Pppoe Ia Per-Port
Chapter 32 PPPoE Table 148 Advanced Application > PPPoE > Intermediate Agent (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 305: Pppoe Ia Per-Port Per-Vlan
Chapter 32 PPPoE Table 149 Advanced Application > PPPoE > Intermediate Agent > Port (continued) LABEL DESCRIPTION Server Trusted Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). State Trusted ports are uplink ports connected to PPPoE servers. If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session-confirmation), or PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE server and received on a trusted port, the Switch forwards it to all other ports.
Page 306: Pppoe Ia For Vlan
Chapter 32 PPPoE The following table describes the labels in this screen. Table 150 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN LABEL DESCRIPTION Show Port Enter a port number to show the PPPoE Intermediate Agent settings for the specified VLAN(s) on the port.
Page 307 Chapter 32 PPPoE The following table describes the labels in this screen. Table 151 Advanced Application > PPPoE > Intermediate Agent > VLAN LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to configure in the section below. Start VID Enter the lowest VLAN ID you want to configure in the section below.
Page 308: Error-Disable
H A P T E R Error-Disable 33.1 Error-Disable Overview This chapter shows you how to configure the rate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error.
Page 309: Error-Disable Settings
Chapter 33 Error-Disable 33.2 Error-Disable Settings Use this screen to go to the screens where you can configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Figure 234 Advanced Application > Errdisable The following table describes the labels in this screen.
Page 310 Chapter 33 Error-Disable Figure 235 Advanced Application > Errdisable > Errdisable Status The following table describes the labels in this screen. Table 153 Advanced Application > Errdisable > Errdisable Status LABEL DESCRIPTION Inactive-reason mode reset Port List Enter the number of the ports (separated by a comma) on which you want to reset inactive- reason status.
Page 311: Cpu Protection Configuration
Chapter 33 Error-Disable Table 153 Advanced Application > Errdisable > Errdisable Status (continued) LABEL DESCRIPTION Status This field displays the errdisable status • Forwarding: The Switch is forwarding packets. Rate-limitation mode is always in Forwarding status. • Err-disable: The Switch disables the port on which the control packets are received (inactive-port) or drops specified control packets on the port (inactive-reason).
Page 312: Error-Disable Detect Configuration
Chapter 33 Error-Disable Table 154 Advanced Application > Errdisable > CPU protection (continued) LABEL DESCRIPTION Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary. Changes in this row are copied to all the ports as soon as you make them.
Page 313: Error-Disable Recovery Configuration
Chapter 33 Error-Disable Table 155 Advanced Application > Errdisable > Errdisable Detect (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 314: Vlan Isolation
Chapter 34 VLAN Isolation H A P T E R VLAN Isolation This chapter shows you how to configure the Switch to prevent communications between ports in a VLAN. 34.1 VLAN Isolation Overview Vlan Isolation allows you to do port isolation within a VLAN in a simple way. You specify which ports in a VLAN is not isolated by adding it to the promiscuous port list.
Page 315 Chapter 34 VLAN Isolation Figure 240 Advanced Application > VLAN Isolation The following table describes the labels in this screen. Table 157 Advanced Application > VLAN Isolation LABEL DESCRIPTION Active Check this box to enable VLAN Isolation in a VLAN. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Page 316: Green Ethernet
Chapter 35 Green Ethernet H A P T E R Green Ethernet This chapter shows you how to configure the Switch to reduce the power consumed by switch ports. 35.1 Green Ethernet Overview Green Ethernet reduces switch port power consumption in the following ways. IEEE 802.3az Energy Efficient Ethernet (EEE) If EEE is enabled, both sides of a link support EEE and there is no traffic, the port enters Low Power Idle (LPI) mode.
Page 317 Chapter 35 Green Ethernet Figure 241 Advanced Application > Green Ethernet The following table describes the labels in this screen. Table 158 Advanced Application > Green Ethernet LABEL DESCRIPTION Select this to activate Energy Efficient Ethernet globally. Auto Power Select this to activate Auto Power Down globally. Down Short Reach Select this to activate Short Reach globally.
Page 318: Link Layer Discovery Protocol (Lldp)
Chapter 36 Link Layer Discovery Protocol (LLDP) H A P T E R Link Layer Discovery Protocol (LLDP) 36.1 LLDP Overview The LLDP (Link Layer Discovery Protocol) is a layer 2 protocol. It allows a network device to advertise its identity and capabilities on the local network.
Page 319: Lldp-Med Overview
Chapter 36 Link Layer Discovery Protocol (LLDP) The next figure demonstrates that the network devices Switches and Routers (S and R) transmit and receive device information through LLDPDU and the network manager can query the information using Simple Network Management Protocol (SNMP). Figure 242 LLDP Overview 36.2 LLDP-MED Overview LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) is an extension to the standard...
Page 320: Lldp Settings
Chapter 36 Link Layer Discovery Protocol (LLDP) Figure 243 LLDP-MED Overview 36.3 LLDP Settings Click Advanced Application > LLDP in the navigation panel to display the screen as shown next. Figure 244 Advanced Application > LLDP The following table describes the labels in this screen. Table 159 Advanced Application >...
Page 321: Lldp Local Status
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 159 Advanced Application > LLDP (continued) LABEL DESCRIPTION LLDP-MED LLDP-MED Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for Media Configuration Endpoint Devices) parameters. LLDP-MED Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for Media Network Policy Endpoint Devices) network policy parameters.
Page 322: Lldp Local Port Status Detail
The following table describes the labels in this screen. Table 160 Advanced Application > LLDP > LLDP Local Status LABEL DESCRIPTION Basic TLV Chassis ID TLV This displays the chassis ID of the local Switch, that is the Switch you are configuring. The chassis ID is identified by the chassis ID subtype.
Page 323 Chapter 36 Link Layer Discovery Protocol (LLDP) Figure 246 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail GS2220 Series User’s Guide...
Page 324 The following table describes the labels in this screen. Table 161 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail LABEL DESCRIPTION Local Port This displays the number of the Switch’s port. Basic TLV These are the Basic TLV flags Port ID TLV The port ID TLV identifies the specific port that transmitted the LLDP frame.
Page 325: Lldp Remote Status
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 161 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (continued) LABEL DESCRIPTION Network Policy This displays a network policy for the specified application. • Voice • Voice-Signaling •...
Page 326: Lldp Remote Port Status Detail
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 162 Advanced Application > LLDP > LLDP Remote Status (continued) LABEL DESCRIPTION System Name This displays the system name of the remote device. Management This displays the management address of the remote device. It could be the MAC address or Address IP address.
Page 327 Chapter 36 Link Layer Discovery Protocol (LLDP) Table 163 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Basic TLV) (continued) LABEL DESCRIPTION System Name This displays the system name of the remote device. System This displays the system description of the remote device.
Page 328 The following table describes the labels in the Dot1 and Dot3 parts of the screen. Table 164 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Dot1 and Dot3 TLV) LABEL DESCRIPTION Dot1 TLV Port VLAN ID This displays the VLAN ID of this port on the remote device.
Page 329 Chapter 36 Link Layer Discovery Protocol (LLDP) Figure 250 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) GS2220 Series User’s Guide...
Page 330 The following table describes the labels in the MED TLV part of the screen. Table 165 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) LABEL DESCRIPTION MED TLV LLDP Media Endpoint Discovery (MED) is an extension of LLDP that provides additional capabilities to support media endpoint devices.
Page 331: Lldp Configuration
Chapter 36 Link Layer Discovery Protocol (LLDP) 36.6 LLDP Configuration Use this screen to configure global LLDP settings on the Switch. Click Advanced Application > LLDP > LLDP Configuration (Click Here) to display the screen as shown next. Figure 251 Advanced Application > LLDP > LLDP Configuration The following table describes the labels in this screen.
Page 332: Lldp Configuration Basic Tlv Setting
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 166 Advanced Application > LLDP > LLDP Configuration (continued) LABEL DESCRIPTION Admin Status Select whether LLDP transmission and/or reception is allowed on this port. • Disable – not allowed • Tx-Only – transmit only •...
Page 333: Lldp Configuration Org-Specific Tlv Setting
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 167 Advanced Application > LLDP > LLDP Configuration > Basic TLV Setting (continued) LABEL DESCRIPTION System Name Select the check boxes to enable or to disable the sending of System Name TLVs on the ports.
Page 334: Lldp-Med Configuration
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 168 Advanced Application > LLDP > LLDP Configuration > Org-specific TLV Setting (continued) LABEL DESCRIPTION Power Via MDI Note: For PoE models only. The Power Via MDI TLV allows network management to advertise and discover the MDI power support capabilities of the sending port on the remote device.
Page 335: Lldp-Med Network Policy
Chapter 36 Link Layer Discovery Protocol (LLDP) Table 169 Advanced Application > LLDP > LLDP-MED Configuration LABEL DESCRIPTION MED TLV Setting Location Select to enable transmitting LLDP-MED location TLV. Network Policy Select to enable transmitting LLDP-MED Network Policy TLV. Apply Click Apply to save the changes to the Switch’s run-time memory.
Page 336: Lldp-Med Location
Table 170 Advanced Application > LLDP > LLDP-MED Network Policy (continued) LABEL DESCRIPTION DSCP Enter the DSCP value of the network policy. The value is defined from 0 through 63 with the 0 representing use of the default DSCP value. Priority Enter the priority value for the network policy.
Page 337 Chapter 36 Link Layer Discovery Protocol (LLDP) Figure 256 Advanced Application > LLDP > LLDP-MED Location The following table describes the labels in this screen. Table 171 Advanced Application > LLDP > LLDP-MED Location LABEL DESCRIPTION Port Enter the port number you want to set up the location within the LLDP-MED network. Location The LLDP-MED uses geographical coordinates and Civic Address to set the location Coordinates...
Page 338 Table 171 Advanced Application > LLDP > LLDP-MED Location (continued) LABEL DESCRIPTION Datum Select the appropriate geodetic datum used by GPS. • WGS84 • NAD83-NAVD88 • NAD83-MLLW Civic Address Enter the Civic Address by providing information such as Country, State, County, City, Street, Number, ZIP code and other additional information.
Page 339: Anti-Arpscan
Chapter 37 Anti-Arpscan H A P T E R Anti-Arpscan 37.1 Anti-Arpscan Overview Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It shows the IP address and MAC addresses of all hosts found.
Page 340: Anti-Arpscan Status
• Go to Basic Setting > Port Setup. Clear Active and click Apply. Then select Active and click Apply again. • Go to Application > Errdisable > Errdisable Recovery and set the interval for Anti-arpscan. After the interval expires, the closed ports will become active and start receiving packets again. •...
Page 341: Anti-Arpscan Trust Host
Chapter 37 Anti-Arpscan Figure 258 Advanced Application > Anti-Arpscan > Host Status The following table describes the fields in the above screen. Table 173 Advanced Application > Anti-Arpscan > Host Status LABEL DESCRIPTION Clear Filtered host A filtered host is a blocked IP address. Port List Type a port number or a series of port numbers separated by commas and spaces, and then click Clear to unblock all hosts connected to these ports.
Page 342: Anti-Arpscan Configure
The following table describes the fields in the above screen. Table 174 Advanced Application > Anti-Arpscan > Trust Host LABEL DESCRIPTION Name Type a descriptive name of up to 32 printable ASCII characters to identify this host. Host IP Type the IP address of the host. Mask A trusted host may consist of a subnet of IP addresses.
Page 343 Chapter 37 Anti-Arpscan The following table describes the fields in the above screen. Table 175 Advanced Application > Anti-Arpscan > Configure LABEL DESCRIPTION Active Select this to enable Anti-arpscan on the Switch. Port Threshold A port threshold is determined by the number of packets received per second on the port. If the received packet rate is over the threshold, then the port is put into an Err-Disable state.
Page 344: Bpdu Guard
Chapter 38 BPDU Guard H A P T E R BPDU Guard 38.1 BPDU Guard Overview A BPDU (Bridge Protocol Data Units) is a data frame that contains information about STP. STP-aware switches exchange BPDUs periodically. The BPDU guard feature allows you to prevent any new STP-aware switch from connecting to an existing network and causing STP topology changes in the network.
Page 345: Bpdu Guard Configuration
Chapter 38 BPDU Guard The following table describes the fields in the above screen. Table 176 Advanced Application > BPDU Guard Status LABEL DESCRIPTION BPDU guard globally This field displays whether BPDU guard is activated on the Switch. configuration Port This field displays the port number.
Page 346 Chapter 38 BPDU Guard Table 177 Advanced Application > BPDU Guard > BPDU Guard Configuration (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 347: Oam
Chapter 39 OAM H A P T E R 39.1 OAM Overview Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE 802.3ah is a link monitoring protocol. It utilizes OAM Protocol Data Units or OAM PDUs to transmit link status information between directly connected Ethernet devices.
Page 348: Oam Details
Chapter 39 OAM Figure 263 Advanced Application > OAM Status The following table describes the fields in the above screen. Table 178 Advanced Application > OAM Status LABEL DESCRIPTION Local This section displays information about the ports on the Switch. Port This field displays the port number.
Page 349 Chapter 39 OAM Figure 264 Advanced Application > OAM Status > OAM Details The following table describes the fields in the above screen. Table 179 Advanced Application > OAM Status > OAM Details LABEL DESCRIPTION Discovery This section displays OAM configuration details and operational status of the port on the Switch and/or the remote device.
Page 350 Chapter 39 OAM Table 179 Advanced Application > OAM Status > OAM Details (continued) LABEL DESCRIPTION Unidirectional This field indicates whether or not the port can send information PDUs to transmit fault information when the receive path is non-operational. Remote loopback This field indicates whether or not the port can use loopback control PDUs to put the remote device into loopback mode.
Page 351: Oam Configuration
Chapter 39 OAM Table 179 Advanced Application > OAM Status > OAM Details (continued) LABEL DESCRIPTION Statistics This section displays the number of OAM packets transferred on the port of the Switch. Information OAMPDU This field displays the number of OAM PDUs sent on the port. Information OAMPDU This field displays the number of OAM PDUs received on the port.
Page 352 Chapter 39 OAM Figure 265 Advanced Application > OAM > OAM Configuration The following table describes the fields in the above screen. Table 180 Advanced Application > OAM > OAM Configuration LABEL DESCRIPTION Active Select this option to enable Ethernet OAM on the Switch. Port This field displays the port number.
Page 353: Oam Remote Loopback
Chapter 39 OAM 39.4 OAM Remote Loopback Use this screen to perform a remote loopback test. In the OAM Status screen click Remote Loopback to display the screen as shown. Figure 266 Advanced Application > OAM > OAM Remote Loopback The following table describes the fields in the above screen.
Page 354: Zuld
Chapter 40 ZULD H A P T E R ZULD 40.1 ZULD Overview A unidirectional link is a connection where the link is up on both ends, but only one end can receive packets. This may happen if OAM was initially enabled but then disabled, there are mis-configured transmitting or receiving lines or the hardware is malfunctioning.
Page 355: Zuld Status
Chapter 40 ZULD • Ports advertise their unidirectional link detection capability using OAMPDUs, so all connected devices must support OAM as well as ZULD. You need to enable OAM on the Switch by going to Advanced Application > OAM > Configuration and selecting Active. OAM must be enabled on other connected devices too.
Page 356: Zuld Configuration
Chapter 40 ZULD Table 182 Advanced Application > ZULD Status (continued) LABEL DESCRIPTION Mode This field indicates what ZULD will do when a unidirectional link is detected. In Normal mode, ZULD only sends a syslog and trap when it detects a unidirectional link. In Aggressive mode, ZULD shuts down the port (puts it into an ErrDisable state) as well as sends a syslog and trap when it detects a unidirectional link.
Page 357 Chapter 40 ZULD The following table describes the fields in the above screen. Table 183 Advanced Application > ZULD > Configuration LABEL DESCRIPTION Active Select this to enable ZULD on the Switch. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 358: Auto Pd Recovery
Chapter 41 Auto PD Recovery H A P T E R Auto PD Recovery 41.1 Auto PD Recovery Overview Things can go wrong with any network devices. A PD (for example, IP camera) may slow down or freeze and need to be restarted if it is overworked or a bug causes a memory leak. When a connected PD ceases to respond, Automatic PD Recovery allows the Switch to restart the PD by turning it off and on without the need for on-site troubleshooting.
Page 359 Chapter 41 Auto PD Recovery Figure 271 Advanced Application > Auto PD Recovery The following table describes the labels in this screen. Table 184 Advanced Application > Auto PD Recovery LABEL DESCRIPTION Active Select this option to enable Auto PD Recovery on the Switch. Port This field displays the index number of a port on the Switch.
Page 360: Activate The Automatic Pd Recovery
Chapter 41 Auto PD Recovery Table 184 Advanced Application > Auto PD Recovery (continued) LABEL DESCRIPTION Polling Count Specify how many times the Switch is to resend a ping request before considering the PD unreachable. For example, If there is no ping reply from the PD after the Polling Interval has elapsed, Polling Count starts from 1.
Page 361 Chapter 41 Auto PD Recovery Figure 272 Auto PD Recovery (Ping Mode) Figure 273 Auto PD Recovery (LLDP Mode) Select the desired ports in the Active column. Select the Mode. GS2220 Series User’s Guide...
Page 362 Chapter 41 Auto PD Recovery When you select Ping, the connected PD’s IPv4 or IPv6 address to which the Switch sends ping requests will display automatically if the PD supports LLDP. If not, enter the IP address of the PDs in the Neighbor field.
Page 363: Static Route
H A P T E R Static Route 42.1 Static Routing Overview This chapter shows you how to configure static routes. The Switch uses IP for communication with management computers, for example using HTTP, Telnet, SSH, or SNMP. Use IP static routes to have the Switch respond to remote management stations that are not reachable through the default gateway.
Page 364: Static Routing
Chapter 42 Static Route 42.2 Static Routing Click IP Application > Static Routing in the navigation panel to display the screen as shown. Click the link next to IPv4 Static Route to open a screen where you can create IPv4 static routing rules. Figure 275 IP Application >...
Page 365 Chapter 42 Static Route The following table describes the related labels you use to create a static route. Table 185 IP Application > Static Routing > IPv4 Static Route LABEL DESCRIPTION Active This field allows you to activate or deactivate this static route. Name Enter a descriptive name (up to 10 printable ASCII characters) for identification purposes.
Page 366: Differentiated Services
Chapter 43 Differentiated Services H A P T E R Differentiated Services 43.1 DiffServ Overview This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority.
Page 367: Activating Diffserv
priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ- compliant network devices. The boundary node (A in Figure 278) in a DiffServ network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze)
Page 368: Dscp-To-Ieee 802.1P Priority Settings
Chapter 43 Differentiated Services Figure 279 IP Application > DiffServ The following table describes the labels in this screen. Table 186 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch. Port This field displays the index number of a port on the Switch. Settings in this row apply to all ports.
Page 369 Chapter 43 Differentiated Services Figure 280 IP Application > DiffServ > DSCP Setting The following table describes the labels in this screen. Table 188 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box.
Page 370: Dhcp
Chapter 44 DHCP H A P T E R DHCP 44.1 DHCP Overview This chapter shows you how to configure the DHCP feature. DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. If you configure the Switch as a DHCP relay agent, then the Switch forwards DHCP requests to DHCP server on your network.
Page 371: Dhcp Configuration
Chapter 44 DHCP DHCPv4 Configuration Options The DHCPv4 configuration on the Switch is divided into Global and VLAN screens. The screen you should use for configuration depends on the DHCP services you want to offer the DHCP clients on your network. Choose the configuration screen based on the following criteria: •...
Page 372: Dhcpv4 Relay
Chapter 44 DHCP 44.4 DHCPv4 Relay Configure DHCP relay on the Switch if the DHCP clients and the DHCP server are not in the same broadcast domain. During the initial IP address leasing, the Switch helps to relay network information (such as the IP address and subnet mask) between a DHCP client and a DHCP server.
Page 373: Dhcpv4 Option 82 Profile
Chapter 44 DHCP 44.4.1.2 Sub-Option Format There are two types of sub-option: “Agent Circuit ID Sub-option” and “Agent Remote ID Sub-option”. They have the following formats. Table 192 DHCP Relay Agent Circuit ID Sub-option Format SubOpt Code Length Value Slot ID, Port ID, VLAN ID, System Name or String (1 byte) (1 byte) Table 193 DHCP Relay Agent Remote ID Sub-option Format...
Page 374: Configuring Dhcpv4 Global Relay
Chapter 44 DHCP Table 194 IP Application > DHCP > DHCPv4 > Option 82 Profile (continued) LABEL DESCRIPTION slot-port Select this option to have the Switch add the number of port that the DHCP client is connected vlan Select this option to have the Switch add the ID of VLAN which the port belongs to. hostname This is the system name you configure in the Basic Setting >...
Page 375: Configure Dhcpv4 Global Relay Port
Chapter 44 DHCP Figure 284 IP Application > DHCP > DHCPv4 > Global The following table describes the labels in this screen. Table 195 IP Application > DHCP > DHCPv4 > Global LABEL DESCRIPTION Active Select this check box to enable DHCPv4 relay. Remote DHCP Enter the IP address of a DHCPv4 server in dotted decimal notation.
Page 376: Global Dhcp Relay Configuration Example
Chapter 44 DHCP The following table describes the labels in this screen. Table 196 IP Application > DHCP > DHCPv4 > Global > Port LABEL DESCRIPTION Port Enter the number of ports to which you want to apply the specified DHCP option 82 profile. You can enter multiple ports separated by (no space) comma (,) or hyphen (–).
Page 377: Dhcpv4 Vlan Setting
Chapter 44 DHCP Figure 286 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown. Make sure you select a DHCP option 82 profile (default1 in this example) to set the Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server.
Page 378: Configure Dhcpv4 Vlan Port
Chapter 44 DHCP Figure 288 IP Application > DHCP > DHCPv4 > VLAN The following table describes the labels in this screen. Table 197 IP Application > DHCP > DHCPv4 > VLAN LABEL DESCRIPTION Enter the ID number of the VLAN to which these DHCP settings apply. Remote Enter the IP address of a DHCP server in dotted decimal notation.
Page 379: Example: Dhcp Relay For Two Vlans
Figure 289 IP Application > DHCP > DHCPv4 > VLAN > Port The following table describes the labels in this screen. Table 198 IP Application > DHCP > DHCPv4 > VLAN > Port LABEL DESCRIPTION Enter the ID number of the VLAN you want to configure here. Port Enter the number of ports to which you want to apply the specified DHCP option 82 profile.
Page 380: Dhcpv6 Relay
Chapter 44 DHCP Figure 290 DHCP Relay for Two VLANs VLAN 1 VLAN 2 For the example network, configure the VLAN Setting screen as shown. Figure 291 DHCP Relay for Two VLANs Configuration Example EXAMPLE 44.5 DHCPv6 Relay A DHCPv6 relay agent is on the same network as the DHCPv6 clients and helps forward messages between the DHCPv6 server and clients.
Page 381 Chapter 44 DHCP Use this screen to configure DHCPv6 relay settings for a specific VLAN on the Switch. Click IP Application > DHCP > DHCPv6 > DHCPv6 Relay in the navigation panel to display the screen as shown. Figure 292 IP Application > DHCP > DHCPv6 Relay The following table describes the labels in this screen.
Page 382: Dhcp Server Guard
Chapter 44 DHCP 44.6 DHCP Server Guard Use this screen to specify whether ports are trusted or untrusted ports for DHCP packets. Click IP Application > DHCP > DHCP Server Guard in the navigation panel to display the screen as shown. Figure 293 IP Application >...
Page 383: Arp Setup
Chapter 45 ARP Setup H A P T E R ARP Setup 45.1 ARP Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 384 Chapter 45 ARP Setup In the following example, the Switch does not have IP address and MAC address mapping information for hosts A and B in its ARP table, and host A wants to ping host B. Host A sends an ARP request to the Switch and then sends an ICMP request after getting the ARP reply from the Switch.
Page 385: Arp Setup
Chapter 45 ARP Setup address and ICMP reply. 45.2 ARP Setup Click IP Application > ARP Setup in the navigation panel to display the screen as shown. Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port. Figure 294 IP Application >...
Page 386 Chapter 45 ARP Setup Figure 295 IP Application > ARP Setup > ARP Learning The following table describes the labels in this screen. Table 201 IP Application > ARP Setup > ARP Learning LABEL DESCRIPTION Port This field displays the port number. Settings in this row apply to all ports.
Page 387: Maintenance
H A P T E R Maintenance 46.1 Overview This chapter explains how to configure the screens that let you maintain the firmware and configuration files. 46.1.1 What You Can Do • Use the Maintenance screen (Section 46.2 on page 387) to manage firmware and your configuration files.
Page 388 Chapter 46 Maintenance Figure 296 Management > Maintenance The following table describes the labels in this screen. Table 202 Management > Maintenance LABEL DESCRIPTION Firmware Click Click Here to go to the Firmware Upgrade screen. Upgrade Restore Click Click Here to go to the Restore Configuration screen. Configuration Backup Click Click Here to go to the Backup Configuration screen.
Page 389: Erase Running-Configuration
Chapter 46 Maintenance 46.2.1 Erase Running-Configuration Follow the steps below to clear current configuration on the Switch. This will reset the Switch back to its factory defaults. Or, click the Factory Default button in Reboot System. In the Maintenance screen, click the Click Here button next to Erase Running-Configuration to clear all Switch configuration information you configured and return to the Zyxel default configuration settings.
Page 390: Factory Default
Chapter 46 Maintenance In the Maintenance screen, click a configuration button next to Reboot System to reboot and load that configuration file. The confirmation screen displays. Click OK again and then wait for the Switch to restart. This takes up to 2 minutes. This does not affect the Switch’s configuration.
Page 391: Firmware Upgrade
Chapter 46 Maintenance Figure 299 Load Custom Default: Confirmation 46.3 Firmware Upgrade Use the following screen to upgrade your Switch to the latest firmware. The Switch supports dual firmware images, Firmware 1 and Firmware 2. Use this screen to specify which image is updated when firmware is uploaded using the Web Configurator and to specify which image is loaded when the Switch starts up.
Page 392: Restore Configuration
Chapter 46 Maintenance After the process is complete, see the System Info screen to verify your current firmware version number. Table 203 Management > Maintenance > Firmware Upgrade LABEL DESCRIPTION Name This is the name of the Switch that you are configuring. Version The Switch has 2 firmware sets, Firmware 1 and Firmware 2, residing in flash.
Page 393: Backup Configuration
Chapter 46 Maintenance 46.5 Backup Configuration Backing up your Switch configurations allows you to create various “snap shots” of your device from which you may restore at a later date. Back up your current Switch configuration to a computer using the Backup Configuration screen. Figure 302 Management >...
Page 394: Tech-Support
Chapter 46 Maintenance The following table describes the labels in this screen. Table 204 Management > Maintenance > Auto Configuration LABEL DESCRIPTION Use this section to view the auto configuration status after you restarted the Switch. Mode This field shows the mode (DHCP or HTTPS) that is used for auto configuration after you enabled auto configuration and restarted the Switch.
Page 395 Chapter 46 Maintenance Figure 304 Management > Maintenance > Tech-Support You may need WordPad or similar software to see the log report correctly. The table below describes the fields in the above screen. Table 205 Management > Maintenance > Tech-Support LABEL DESCRIPTION Type a number ranging from 50 to 100 in the CPU threshold box, and type another...
Page 396: Tech-Support Download
Chapter 46 Maintenance Table 205 Management > Maintenance > Tech-Support (continued) LABEL DESCRIPTION Mbuf Click Download to see the Mbuf log report. The log includes Mbuf over threshold information. This log report is stored in flash memory. Click Download to see the Read Only Memory (ROM) log report. This report is stored in flash memory.
Page 397: Https Certificates
The following table describes the labels in this screen. Table 206 Management > Maintenance > Certificates LABEL DESCRIPTION File Path Click Choose File or Browse to find the certificate file you want to upload. Password Enter the certificate file’s password that was created when the PKCS #12 file was exported. The password consists of up to 32 ASCII characters.
Page 398: Technical Reference
Chapter 46 Maintenance Figure 307 Management > Maintenance > Certificates > HTTPS 46.9 Technical Reference This section provides technical background information on the topics discussed in this chapter. 46.9.1 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands.
Page 399: Ftp Command Line Procedure
Chapter 46 Maintenance and has a “bin” filename extension. Table 207 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File config *.cfg This is the configuration filename on the Switch. Uploading the config file replaces the specified configuration file system, including your Switch configurations, system-related data (including the default password), the error log and the trace log.
Page 400: Gui-Based Ftp Clients
Chapter 46 Maintenance 46.9.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 208 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous.
Page 401: Access Control
Chapter 47 Access Control H A P T E R Access Control 47.1 Access Control Overview This chapter describes how to control access to the Switch. A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed.
Page 402: Configure Snmp
Chapter 47 Access Control Figure 308 Management > Access Control The following table describes the labels in this screen. Table 210 Management > Access Control LABEL DESCRIPTION SNMP Click this link to configure your SNMP settings. Logins Click this link to assign which users can access the Switch through the Web Configurator at any one time.
Page 403: Configure Snmp Trap Group
Chapter 47 Access Control The following table describes the labels in this screen. Table 211 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch. The SNMP version on the Switch must match the version on the SNMP manager.
Page 404: Enable Or Disable Sending Of Snmp Traps On A Port
Chapter 47 Access Control Figure 310 Management > Access Control > SNMP > Trap Group The following table describes the labels in this screen. Table 212 Management > Access Control > SNMP > Trap Group LABEL DESCRIPTION Trap Destination IP Select one of your configured trap destination IP addresses.
Page 405: Configure Snmp User
Chapter 47 Access Control Figure 311 Management > Access Control > SNMP > Trap Group > Port The following table describes the labels in this screen. Table 213 Management > Access Control > SNMP > Trap Group > Port LABEL DESCRIPTION Option Select the trap type you want to configure here.
Page 406 Chapter 47 Access Control Figure 312 Management > Access Control > SNMP > User The following table describes the labels in this screen. Table 214 Management > Access Control > SNMP > User LABEL DESCRIPTION User Information Note: Use the user name and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager.
Page 407: Set Up Login Accounts
Chapter 47 Access Control Table 214 Management > Access Control > SNMP > User (continued) LABEL DESCRIPTION Group SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP managers in one group are assigned common access rights to MIBs. Specify in which SNMP group this user is.
Page 408 Chapter 47 Access Control Figure 313 Management > Access Control > Logins The following table describes the labels in this screen. Table 215 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name.
Page 409: Service Access Control
Chapter 47 Access Control Table 215 Management > Access Control > Logins (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 410: Remote Management
Chapter 47 Access Control Table 216 Management > Access Control > Service Access Control (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 411: Technical Reference
Chapter 47 Access Control Table 217 Management > Access Control > Remote Management (continued) LABEL DESCRIPTION Telnet/FTP/ Select services that may be used for managing the Switch from the specified trusted computers. HTTP/ICMP/ SNMP/SSH/ HTTPS Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 412 Chapter 47 Access Control manager issues a request and the agent returns responses using the following protocol operations: Table 218 SNMP Commands LABEL DESCRIPTION Allows the manager to retrieve an object variable from the agent. GetNext Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Page 413 Chapter 47 Access Control Table 219 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION fanspeed zyHwMonitorFanSpeedOutO 1.3.6.1.4.1.890.1.15.3.26.2.1 This trap is sent when the fan speed goes fRange above or below the normal operating range. zyHwMonitorFANSpeedOut 1.3.6.1.4.1.890.1.15.3.26.2.6 This trap is sent when the fan speed is OfRangeRecovered recovered from the out of range to normal operating range.
Page 414 Chapter 47 Access Control Table 219 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION zyPoePowerPortOverload 1.3.6.1.4.1.890.1.15.3.59.4.1 This trap is sent when the port is turned off to supply power due to overloading. (For PoE models zyPoePowerPortShortCircuit 1.3.6.1.4.1.890.1.15.3.59.4.2 This trap is sent when the port is turned off to only) supply power due to short circuit.
Page 415 Chapter 47 Access Control Table 219 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION stacking zyStackingChannelUp 1.3.6.1.4.1.890.1.15.3.97.4.1 This trap is sent when stacking channel changes from down to up. zyStackingChannelDown 1.3.6.1.4.1.890.1.15.3.97.4.2 This trap is sent when stacking channel changes from up to down.
Page 416 Chapter 47 Access Control Table 220 SNMP Interface Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION lldp lldpRemTablesChange 1.0.8802.1.1.2.0.0.1 The trap is sent when entries in the remote database have any updates. Link Layer Discovery Protocol (LLDP), defined as IEEE 802.1ab, enables LAN devices that support LLDP to exchange their configured settings.
Page 417 Chapter 47 Access Control Table 221 SNMP AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION authentication authenticationFailure 1.3.6.1.6.3.1.1.5.5 This trap is sent when authentication fails due to incorrect user name and/or password. zyAaaAuthenticationFailure 1.3.6.1.4.1.890.1.15.3.8.3.1 This trap is sent when authentication fails due to incorrect user name and/or password.
Page 418: Ssh Overview
Chapter 47 Access Control Table 223 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION STPNewRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP root switch changes. zyMrstpNewRoot 1.3.6.1.4.1.890.1.15.3.5 This trap is sent when the MRSTP root switch changes. 2.3.1 zyMstpNewRoot 1.3.6.1.4.1.890.1.15.3.5 This trap is sent when the MSTP root switch changes.
Page 419 Chapter 47 Access Control Figure 318 How SSH Works Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server.
Page 420: Introduction To Https
Chapter 47 Access Control 47.7.2.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. 47.7.3 Introduction to HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
Page 421 Internet Explorer Warning Messages Internet Explorer 6 When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the Web Configurator login screen;...
Page 422 Chapter 47 Access Control Figure 322 Certificate Error (Internet Explorer 11) EXAMPLE Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser. Figure 323 Certificate (Internet Explorer 11) EXAMPLE Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a Your connection is not secure screen may display.
Page 423 Chapter 47 Access Control Figure 324 Security Alert (Mozilla Firefox) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the Web Configurator login screen. Figure 325 Security Alert (Mozilla Firefox) EXAMPLE GS2220 Series User’s Guide...
Page 424: Google Chrome Warning Messages
47.7.4 Google Chrome Warning Messages When you attempt to access the Switch HTTPS server, a Your connection is not private screen may display. If that is the case, click Advanced and then Proceed to x.x.x.x (unsafe) to proceed to the Web Configurator login screen.
Page 425 Chapter 47 Access Control Figure 327 Example: Lock Denoting a Secure Connection EXAMPLE GS2220 Series User’s Guide...
Page 426: Diagnostic
H A P T E R Diagnostic 48.1 Overview This chapter explains the Diagnostic screen. You can use this screen to help you identify problems. 48.2 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to ping IP addresses, run a traceroute, perform port tests or show the Switch’s location between devices.
Page 427 Chapter 48 Diagnostic The following table describes the labels in this screen. Table 224 Management > Diagnostic LABEL DESCRIPTION Ping Test IPv4 Select this option if you want to ping an IPv4 address, and select vlan to specify the ID number of the VLAN to which the Switch is to send ping requests.
Page 428 Chapter 48 Diagnostic Table 224 Management > Diagnostic (continued) LABEL DESCRIPTION Pair status Ok: The physical connection between the wire-pair is okay. Open: There is no physical connection (an open circuit detected) between the wire-pair. Short: There is a short circuit detected between the wire-pair. Unknown: The Switch failed to run cable diagnostics on the cable connected this port.
Page 429: System Log
H A P T E R System Log 49.1 Overview A log message stores the information for viewing. 49.2 System Log Click Management > System Log in the navigation panel to open this screen. Use this screen to check current system logs. Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first.
Page 430: Syslog Setup
Chapter 50 Syslog Setup H A P T E R Syslog Setup 50.1 Syslog Overview This chapter explains the syslog screens. The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.
Page 431 Chapter 50 Syslog Setup Figure 330 Management > Syslog Setup The following table describes the labels in this screen. Table 226 Management > Syslog Setup LABEL DESCRIPTION Syslog Select Active to turn on syslog (system logging) and then configure the syslog setting. Logging Type This column displays the names of the categories of logs that the device can generate.
Page 432 Chapter 50 Syslog Setup Table 226 Management > Syslog Setup (continued) LABEL DESCRIPTION Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 433: Cluster Management
Chapter 51 Cluster Management H A P T E R Cluster Management 51.1 Cluster Management Overview This chapter introduces cluster management. Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Page 434: What You Can Do
Chapter 51 Cluster Management 51.1.1 What You Can Do • Use the Cluster Management Status screen (Section 51.2 on page 434) to view the role of the Switch within the cluster and to access a cluster member Switch’s Web Configurator. •...
Page 435: Clustering Management Configuration
Table 228 Management > Cluster Management Status (continued) LABEL DESCRIPTION Model This field displays the model name. Status This field displays: Online (the cluster member Switch is accessible) Error (for example the cluster member Switch password was changed or the Switch was set as the manager and so left the member list, and so on) Offline (the Switch is disconnected –...
Page 436: Technical Reference
Chapter 51 Cluster Management Table 229 Management > Cluster Management > Configuration (continued) LABEL DESCRIPTION This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster. Switches that are not in the same VLAN group are not visible in the Clustering Candidates list.
Page 437 Chapter 51 Cluster Management Figure 334 Cluster Management: Cluster Member Web Configurator Screen example 51.4.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example.
Page 438 Figure 335 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 Switch FTP version 1.0 ready at Thu Jan 1 00:58:46 1970 User (192.168.0.1:(none)): admin 331 Enter PASS command Password: 230 Logged in ftp> ls 200 Port command okay 150 Opening data connection for LIST --w--w--w-...
Page 439: Mac Table
Chapter 52 MAC Table H A P T E R MAC Table 52.1 MAC Table Overview This chapter introduces the MAC Table screen. The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports.
Page 440: Viewing The Mac Table
Figure 336 MAC Table Flowchart 52.2 Viewing the MAC Table Use this screen to search specific MAC addresses. You can also directly add dynamic MAC addresses into the static MAC forwarding table or MAC filtering table from the MAC table using this screen. Click Management >...
Page 441 The following table describes the labels in this screen. Table 231 Management > MAC Table LABEL DESCRIPTION Condition Select one of the buttons and click Search to only display the data which matches the criteria you specified. Select All to display any entry in the MAC table of the Switch. Select Static to display the MAC entries manually configured on the Switch.
Page 442: Arp Table
Chapter 53 ARP Table H A P T E R ARP Table 53.1 Overview This chapter introduces ARP Table. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 443 Figure 338 Management > ARP Table The following table describes the labels in this screen. Table 232 Management > ARP Table LABEL DESCRIPTION Condition Specify how you want the Switch to remove ARP entries when you click Flush. Select All to remove all of the dynamic entries from the ARP table. Select IP Address and enter an IP address to remove the dynamic entries learned with the specified IP address.
Page 444: Path Mtu Table
Chapter 54 Path MTU Table H A P T E R Path MTU Table 54.1 Path MTU Overview This chapter introduces the IPv6 Path MTU table. The largest size (in bytes) of a packet that can be transferred over a data link is called the maximum transmission unit (MTU).
Page 445: Configure Clone
Chapter 55 Configure Clone H A P T E R Configure Clone 55.1 Overview This chapter shows you how you can copy the settings of one port onto other ports. 55.2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
Page 446 Chapter 55 Configure Clone Figure 340 Management > Configure Clone GS2220 Series User’s Guide...
Page 447 Chapter 55 Configure Clone The following table describes the labels in this screen. Table 234 Management > Configure Clone LABEL DESCRIPTION Source/ Enter the source port under the Source label. This port’s attributes are copied. Destination Enter the destination port or ports under the Destination label. These are the ports which are going Port to have the same attributes as the source port.
Page 448: Ipv6 Neighbor Table
Chapter 56 IPv6 Neighbor Table H A P T E R IPv6 Neighbor Table 56.1 IPv6 Neighbor Table Overview This chapter introduces the IPv6 neighbor table. An IPv6 host is required to have a neighbor table. If there is an address to be resolved or verified, the Switch sends out a neighbor solicitation message.
Page 449 Chapter 56 IPv6 Neighbor Table Table 235 Management > IPv6 Neighbor Table (continued) LABEL DESCRIPTION This field displays the MAC address of the IPv6 interface on which the IPv6 address is configured or the MAC address of the neighboring device. Status This field displays whether the neighbor IPv6 interface is reachable.
Page 450: Port Status
H A P T E R Port Status 57.1 Overview This chapter introduces the port status screens. 57.2 Port Status This screen displays a port statistical summary with links to each port showing statistical details. To view the port statistics, click Status in all Web Configurator screens and then the Port Status link in the Quick Links section of the Status screen to display the Port Status screen as shown next.
Page 451: Port Details
Chapter 57 Port Status Table 236 Management > Port Status (continued) LABEL DESCRIPTION For PoE models only. This field displays whether or not a powered device (PD) is allowed to receive power from the Switch on this port. LACP This fields displays whether LACP (Link Aggregation Control Protocol) has been enabled on the port.
Page 452 Chapter 57 Port Status Figure 343 Management > Port Status > Port Details The following table describes the labels in this screen. Table 237 Management > Port Status > Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. Name This field displays the name of the port.
Page 453 Chapter 57 Port Status Table 237 Management > Port Status > Port Details (continued) LABEL DESCRIPTION This field shows the percentage of actual transmitted frames on this port as a percentage of the Utilization% Link speed. Rx kB/s This field shows the number of kilobytes per second received on this port. This field shows the percentage of actual received frames on this port as a percentage of the Link Utilization% speed.
Page 454: Ddmi
Chapter 57 Port Status Table 237 Management > Port Status > Port Details (continued) LABEL DESCRIPTION 1024 to This field shows the number of packets (including bad packets) received that were between 1024 1518 and 1518 octets in length. Giant This field shows the number of packets (including bad packets) received that were between 1519 octets and the maximum frame size.
Page 455 Chapter 57 Port Status Figure 345 Management > Port Status > DDMI > DDMI Details The following table describes the labels in this screen. Table 239 Management > Port Status > DDMI > DDMI Details LABEL DESCRIPTION Transceiver Information Port No This identifies the SFP port.
Page 456: Port Utilization
Chapter 57 Port Status Table 239 Management > Port Status > DDMI > DDMI Details (continued) LABEL DESCRIPTION Current This displays the current status for each monitored DDMI parameter. High Alarm This displays the high value alarm threshold for each monitored DDMI parameter. An alarm Threshold signal is reported to the Switch if the monitored DDMI parameter reaches this value.
Page 457: Networked Av Mode
H A P T E R Networked AV Mode 58.1 Overview Aside from the Web Configurator in Standard mode that has a complete set of configuration for network installation, you can switch to Networked AV mode. Networked AV mode contains just the necessary configurations for setting up and managing audio-video traffic on your network.
Page 458 Chapter 58 Networked AV Mode Figure 348 Summary The following table describes the labels in this screen. Table 241 Summary LABEL DESCRIPTION Auto Refresh Enter the number of seconds when the Summary screen details will be updated. Click the Pause or Play icon to stop or resume the screen update, or to update the automatic refresh interval.
Page 459 Chapter 58 Networked AV Mode Table 241 Summary (continued) LABEL DESCRIPTION Power Usage(W) This chart displays the used PoE Watts over the total number of Watts provided on this Switch. Cloud Control This displays the registration and connection status between the Switch and the NCC (Nebula Status Control Center).
Page 460: System
Chapter 59 System H A P T E R System 59.1 What You Can Do • Use the System Information screen (Section 59.2 on page 460) to check the firmware version number and monitor the Switch temperature. • Use the General Setup screen (Section 59.3 on page 461) to configure general settings such as the system name and time.
Page 461: General Setup
Chapter 59 System The following table describes the labels in this screen. Table 242 System > System Information LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the product model of the Switch. Use this information when searching for firmware upgrade or looking for other support information in the website.
Page 462 Chapter 59 System Figure 350 System > General Setup The following table describes the labels in this screen. Table 243 System > General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters;...
Page 463: Cloud Management
Chapter 59 System Table 243 System > General Setup (continued) LABEL DESCRIPTION New Date (yyyy- Enter the new date in year, month and day format. The new date then appears in the Current mm-dd) Date field after you click Apply. Time Zone Select the time difference between UTC (Universal Time Coordinated, formerly known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box.
Page 464 Chapter 59 System • The Nebula Control Center Discovery feature is enabled. • The Switch has been registered in the NCC. The Cloud Management screen displays links to Nebula Switch Registration which has a QR code containing the Switch’s serial number and MAC address for handy registration of the Switch at NCC. Click System >...
Page 465: Port
Chapter 60 Port H A P T E R Port 60.1 What You Can Do • Use the PoE Status screen (Section 60.2 on page 465) to view the current amount of power that PDs are receiving from the Switch. •...
Page 466 Chapter 60 Port Figure 353 Port > PoE Setup > PoE Status The following table describes the labels in this screen. Table 244 Port > PoE Setup > PoE Status LABEL DESCRIPTION PoE Mode This field displays the power management mode used by the Switch, whether it is in Classification or Consumption mode.
Page 467: Poe Setup
Chapter 60 Port Table 244 Port > PoE Setup > PoE Status (continued) LABEL DESCRIPTION Class This shows the power classification of the PD. Each PD has a specified maximum power that fall under one of the classes. The Class is a number from 0 to 4, where each value represents the range of power that the Switch provides to the PD.
Page 468 Chapter 60 Port The following table describes the labels in this screen. Table 245 Port > PoE Setup > PoE Setup LABEL DESCRIPTION PoE Mode Select the power management mode you want the Switch to use. • Classification – Select this if you want the Switch to reserve the maximum power for each PD according to the PD’s power class and priority level.
Page 469: Port Setup
Chapter 60 Port Table 245 Port > PoE Setup > PoE Setup (continued) LABEL DESCRIPTION Wide Range Select this to let the Switch have a wider detection range for the PD. Detection The Switch detects whether a connected device is a powered device or not before supplying power to the port.
Page 470 Chapter 60 Port The following table describes the labels in this screen. Table 246 Port > Port Setup LABEL DESCRIPTION Port This is the port index number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 471 Chapter 60 Port Table 246 Port > Port Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 472: Switching
Chapter 61 Switching H A P T E R Switching 61.1 Broadcast Storm Control Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Page 473: Link Aggregation
Chapter 61 Switching The following table describes the labels in this screen. Table 247 Security > Broadcast Storm Control LABEL DESCRIPTION Active Set this switch to ON to enable traffic storm control on the Switch. Otherwise, select OFF to disable this feature. Port This field displays the port number.
Page 474: Link Aggregation Status
Chapter 61 Switching • Use the Link Aggregation Setting screen (Section 61.4 on page 475) to configure to enable static link aggregation. • Use the Link Aggregation Control Protocol screen (Section 61.5 on page 477) to enable Link Aggregation Control Protocol (LACP). 61.3 Link Aggregation Status Use the Link Aggregation Status screen to view ports you have configured to be in the trunk group, ports that are currently transmitting data as one logical link in the trunk group and so on.
Page 475: Link Aggregation Setting
Chapter 61 Switching Table 248 Switching > Link Aggregation > Link Aggregation Status (continued) LABEL DESCRIPTION Criteria This shows the outgoing traffic distribution algorithm used in this trunk group. Packets from the same source and/or to the same destination are sent over the same link within the trunk. src-mac means the Switch distributes traffic based on the packet’s source MAC address.
Page 476 Chapter 61 Switching Figure 359 Switching > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen. Table 249 Switching > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID...
Page 477: Link Aggregation Control Protocol
Chapter 61 Switching Table 249 Switching > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the src-dst-mac distribution type.
Page 478 Chapter 61 Switching Figure 360 Switching > Link Aggregation > Link Aggregation Control Protocol The following table describes the labels in this screen. Table 250 Switching > Link Aggregation > Link Aggregation Control Protocol LABEL DESCRIPTION Link Note: Do NOT configure this screen unless you want to enable dynamic link Aggregation aggregation.
Page 479: Vlan
Chapter 61 Switching Table 250 Switching > Link Aggregation > Link Aggregation Control Protocol (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 480 Chapter 61 Switching Figure 361 Shared Server Using VLAN Example IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were created. The VLANs can –...
Page 481 Figure 362 VLAN Forwarding Frame A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain.
Page 482: Vlan Status
Chapter 61 Switching Table 251 IEEE 802.1Q VLAN Terminology (continued) VLAN PARAMETER TERM DESCRIPTION VLAN Tag Control Tagged Ports belonging to the specified VLAN tag all outgoing frames transmitted. Untagged Ports belonging to the specified VLAN do not tag all outgoing frames transmitted.
Page 483: Vlan Detail
Chapter 61 Switching Figure 364 Switching > VLAN: VLAN Status The following table describes the labels in this screen. Table 252 Switching > VLAN: VLAN Status LABEL DESCRIPTION VLAN Search by Enter existing VLAN ID numbers (separated by a comma) and click Search to display only the specified VLANs in the list below.
Page 484: Static Vlan
Chapter 61 Switching Figure 365 Switching > VLAN > VLAN Status > VLAN Detail The following table describes the labels in this screen. Table 253 Switching > VLAN > VLAN Status > VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen. This is the VLAN identification number that was configured in the corresponding VLAN configuration screen.
Page 485 Figure 366 Switching > VLAN > Static VLAN The following table describes the related labels in this screen. Table 254 Switching > VLAN > Static VLAN LABEL DESCRIPTION Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries.
Page 486: Vlan Port Setting
Chapter 61 Switching The following table describes the related labels in this screen. Table 255 Switching > VLAN > Static VLAN > Add or Edit Static VLAN LABEL DESCRIPTION ACTIVE Select this switch to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 64 printable characters.
Page 487 Chapter 61 Switching Figure 368 Switching > VLAN > VLAN Port Setting The following table describes the labels in this screen. Table 256 Switching > VLAN > VLAN Port Setting LABEL DESCRIPTION Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 488: Multicast
Chapter 61 Switching Table 256 Switching > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 489: Igmp Snooping
Chapter 61 Switching The following table describes the labels in this screen. Table 257 Switching > Multicast > IPv4 Multicast Status LABEL DESCRIPTION Index This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group.
Page 490 Chapter 61 Switching Figure 370 Switching > Multicast > IGMP Snooping The following table describes the labels in this screen. Table 258 Switching > Multicast > IGMP Snooping LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP snooping. Active Select ON to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group.
Page 491 Chapter 61 Switching Table 258 Switching > Multicast > IGMP Snooping (continued) LABEL DESCRIPTION Report Proxy Select this option to allow the Switch to act as the IGMP report proxy and leave proxy. It will report group changes to a connected multicast router. The Switch not only checks IGMP packets between multicast routers or switches and multicast hosts to learn the multicast group membership, but also replaces the source MAC address in an IGMP v1/v2 report with its own MAC address before forwarding to the multicast router or...
Page 492 Table 258 Switching > Multicast > IGMP Snooping (continued) LABEL DESCRIPTION Normal Leave Enter an IGMP normal leave timeout value (from 200 to 6348800) in miliseconds. Select this option to have the Switch use this timeout to update the forwarding table for the port. In normal leave mode, when the Switch receives an IGMP leave message from a host on a port, it forwards the message to the multicast router.
Page 493: Igmp Snooping Vlan
Chapter 61 Switching 61.13 IGMP Snooping VLAN The Switch can perform IGMP snooping on up to 16 VLANs. You can configure the Switch to automatically learn multicast group membership of any VLANs. The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets. This is referred to as auto mode. Alternatively, you can specify the VLANs that IGMP snooping should be performed on.
Page 494: Igmp Filtering Profile
Chapter 61 Switching Table 259 Switching > Multicast > IGMP Snooping VLAN (continued) LABEL DESCRIPTION Click Add to create a new entry or Edit to update an existing one. Edit This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 495 Chapter 61 Switching Figure 373 Switching > Multicast > IGMP Filtering Profile The following table describes the labels in this screen. Table 261 Switching > Multicast > IGMP Filtering Profile LABEL DESCRIPTION Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries.
Page 496 Chapter 61 Switching Table 262 Switching > Multicast > IGMP Filtering Profile > Add Profile (continued) LABEL DESCRIPTION End Address Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile. If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields.
Page 497: Networking
Chapter 62 Networking H A P T E R Networking This section shows you how to configure the default gateway device, the default domain name server and add IP domains. 62.1 IP Setup Use the IP Setup screen to configure the default gateway device, the default domain name server and add IP domains.
Page 498 The following table describes the labels in this screen. Table 264 Networking > IP Setup LABEL DESCRIPTION Default Management IP Address Use these fields to create or edit IP routing domains on the Switch. DHCP Client Select this option if you have a DHCP server that can assign the Switch an IP address, subnet mask, a default gateway IP address and a domain name server IP address automatically.
Page 499: Security
Chapter 63 Security H A P T E R Security 63.1 Access Control A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed.
Page 500 Chapter 63 Security Figure 377 Security > Access Control > Logins The following table describes the labels in this screen. Table 266 Security > Access Control > Logins LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name.
Page 501: Remote Management
Chapter 63 Security Table 266 Security > Access Control > Logins (continued) LABEL DESCRIPTION Privilege Type the privilege level for this user. At the time of writing, users may have a privilege level of 0, 3, 13, or 14 representing different configuration rights as shown below. •...
Page 502 Chapter 63 Security Figure 378 Security > Access Control > Remote Management The following table describes the labels in this screen. Table 267 Security > Access Control > Remote Management LABEL DESCRIPTION Entry This is the client set index number. A “client set” is a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch.
Page 503: Configure Snmp
Chapter 63 Security 63.4 Configure SNMP Use this screen to configure your SNMP settings. Simple Network Management Protocol (SNMP) is an application layer protocol used to manage and monitor TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE).
Page 504 Chapter 63 Security Encryption protects the contents of the SNMP messages. When the contents of the SNMP messages are encrypted, only the intended recipients can read them. Click Security > Access Control > SNMP > SNMP to view the screen as shown. Figure 380 Security >...
Page 505: Configure Snmp Trap Group
Chapter 63 Security Table 269 Security > Access Control > SNMP > SNMP (continued) LABEL DESCRIPTION Port Enter the port number upon which the manager listens for SNMP traps. Username Enter the user name to be sent to the SNMP manager along with the SNMP v3 trap. This user name must match an existing account on the Switch (configured in the Security >...
Page 506: Enable Or Disable Sending Of Snmp Traps On A Port
Chapter 63 Security The following table describes the labels in this screen. Table 270 Security > Access Control > SNMP > Trap Group LABEL DESCRIPTION Trap Destination IP Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers.
Page 507 Chapter 63 Security Figure 382 Security > Access Control > SNMP > Trap Group Port The following table describes the labels in this screen. Table 271 Security > Access Control > SNMP > Trap Group Port LABEL DESCRIPTION Option Select the trap type you want to configure here. Port This field displays a port number.
Page 508: Configure Snmp User
Chapter 63 Security 63.7 Configure SNMP User From the SNMP screen, click User Information to view the screen as shown. Use the User Information screen to view SNMP users for authentication with managers using SNMPv3 and SNMPv2c. An SNMP user is an SNMP manager.
Page 509 Chapter 63 Security The following table describes the labels in this screen. Table 273 Security > Access Control > SNMP > User Information > Add or Edit User Information LABEL DESCRIPTION User Information Note: Use the user name and password of the login accounts you specify in this screen to create accounts on the SNMPv3 or SNMPv2c manager.
Page 510: Service Access Control
Chapter 63 Security 63.8 Service Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computers” for each service in the Remote Management screen (discussed earlier).
Page 511: Maintenance
Chapter 64 Maintenance H A P T E R Maintenance This section explains how to configure the screens that let you maintain the firmware and configuration files. 64.1 What You Can Do • Use the Backup Configuration screen (Section 64.2 on page 511) to save your configuration for later use.
Page 512: Firmware Upgrade
Chapter 64 Maintenance Choose the type of configuration files for backup (running, current, and custom default). Click Backup. If a dialog box pops up asking whether you want to open or save the file, click Save File to download it to the default downloads folder on your computer.
Page 513: Reboot System
Chapter 64 Maintenance 64.4 Reboot System Reboot System allows you to restart the Switch without physically turning the power off. It also allows you to load the Current Configuration, a Custom Default or the Factory Default configuration when you reboot. Follow the steps below to reboot the Switch. Click Maintenance >...
Page 514: Restore Configuration
Chapter 64 Maintenance Click Current Configuration and follow steps 1 to 2 to reboot and load the current configuration on the Switch. Click Factory Default and follow steps 1 to 2 to reboot and load Zyxel factory default configuration settings on the Switch. Click Custom Default and follow steps 1 to 2 to reboot and load a customized default file on the Switch.
Page 515: Tech-Support
Chapter 64 Maintenance Click Current Configuration to save the current configuration settings permanently to the Switch. This configuration is set up according to your network environment. Click Custom Default to save the current configuration settings permanently to a customized default file on the Switch.
Page 516 Chapter 64 Maintenance to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 396 Maintenance > Port Mirror The following table describes the labels in this screen. Table 277 Maintenance > Port Mirror LABEL DESCRIPTION Active...
Page 517: Troubleshooting And Appendices
Troubleshooting and Appendices...
Page 518: Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Switch Access and Login • Switch Configuration 65.1 Power, Hardware Connections, and LEDs The Switch does not turn on.
Page 519: Switch Access And Login
Chapter 65 Troubleshooting 65.2 Switch Access and Login I forgot the IP address for the Switch. The default in-band IP address in standalone mode is http://DHCP-assigned IP (when connecting to a DHCP server) or 192.168.1.1. Use the NCC (Nebula Control Center) or the ZON utility to find the IP address. If this does not work, you have to reset the device to its factory defaults.
Page 520: Switch Configuration
Chapter 65 Troubleshooting I can see the Login screen, but I cannot log in to the Switch. Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are case-sensitive, so make sure [Caps Lock] is not on. You may have exceeded the maximum number of concurrent Telnet sessions.
Page 521 Chapter 65 Troubleshooting I accidentally unplugged the Switch. I am not sure which configuration file will be loaded. If you plug the power cable back to the Switch, it will reboot and load the configuration file that was used the last time. For example, if Config 1 was used on the Switch before you accidentally unplugged the Switch, Config 1 will be loaded when rebooting.
Page 522: Appendix A Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • http://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • https://www.zyxel.com/cn/zh/ India • Zyxel Technology India Pvt Ltd. • https://www.zyxel.com/in/en/ Kazakhstan •...
Page 523 • http://www.zyxel.com.sg Taiwan • Zyxel Communications Corporation • https://www.zyxel.com/tw/zh/ Thailand • Zyxel Thailand Co., Ltd. • https://www.zyxel.com/th/th/ Vietnam • Zyxel Communications Corporation – Vietnam Office • https://www.zyxel.com/vn/vi Europe Belarus • Zyxel BY • https://www.zyxel.by Belgium • Zyxel Communications B.V. • https://www.zyxel.com/be/nl/...
Page 524 Appendix A Customer Support • https://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • https://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • https://www.zyxel.com/cz/cs/ Denmark • Zyxel Communications A/S • https://www.zyxel.com/dk/da/ Estonia • Zyxel Estonia • https://www.zyxel.com/ee/et/ Finland • Zyxel Communications • https://www.zyxel.com/fi/fi/ France •...
Page 525 • Zyxel Communications Poland • https://www.zyxel.com/pl/pl/ Romania • Zyxel Romania • https://www.zyxel.com/ro/ro Russia • Zyxel Russia • https://www.zyxel.com/ru/ru/ Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • https://www.zyxel.com/sk/sk/ Spain • Zyxel Communications ES Ltd. • https://www.zyxel.com/es/es/ Sweden • Zyxel Communications • https://www.zyxel.com/se/sv/ Switzerland •...
Page 526 Appendix A Customer Support Turkey • Zyxel Turkey A.S. • https://www.zyxel.com/tr/tr/ • Zyxel Communications UK Ltd. • https://www.zyxel.com/uk/en/ Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com South America Argentina • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Brazil • Zyxel Communications Brasil Ltda. • https://www.zyxel.com/br/pt/ Colombia •...
Page 527 Appendix A Customer Support Middle East • Zyxel Communications Corporation • https://www.zyxel.com/me/en/ North America • Zyxel Communications, Inc. – North America Headquarters • https://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • https://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • https://www.zyxel.com/za/en/...
Page 528: Appendix B Common Services
P P E N D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type or code numbers and services, visit the IANA (Internet Assigned Number Authority) web site.
Page 529 Appendix B Common Services Table 278 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTPS HTTPS is a secured http session often used in e- commerce. ICMP User-Defined Internet Control Message Protocol is often used for diagnostic or routing purposes. 4000 This is a popular Internet chat program.
Page 530 Appendix B Common Services Table 278 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.
Page 531: Appendix C Ipv6
P P E N D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 IP addresses.
Page 532 Appendix C IPv6 Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Page 533 Appendix C IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses 4 bits for each character (1 – 10, A – F). Each block’s 16 bits are then represented by 4 hexadecimal characters. For example, FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000.
Page 534 Appendix C IPv6 client may send a Renew or Rebind message at the client's discretion. Renew Renew Renew Rebind to S1 to S1 to S1 to S2 Renew Renew Renew Rebind to S1 to S1 to S1 to S2 DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients.
Page 535 Appendix C IPv6 forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters. IPv6 Cache An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router list. The Switch maintains and updates its IPv6 caches constantly using the information from response messages.
Page 536 Appendix C IPv6 Example – Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP or 2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 537 Appendix C IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example – Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 538 Appendix C IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
Page 539: Appendix D Legal Information
Regulatory Notice and Statement United States of America The following information applies if you use the product within USA area. US Importer: Zyxel Communications, Inc, 1130 North Miller Street Anaheim, CA92806-2001, https://www.zyxel.com/us/en/ Federal Communications Commission (FCC) EMC Statement • This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference.
Page 540 Appendix D Legal Information List of National Codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria Liechtenstein Belgium Lithuania Bulgaria Luxembourg Croatia Malta Cyprus Netherlands Czech Republic Norway Denmark Poland Estonia Portugal Finland Romania France Serbia Germany Slovakia...
Page 541 Appendix D Legal Information • PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. (for products with mini-GBIC slots or laser products, such as fiber-optic transceiver and GPON products) • APPAREIL À LASER DE CLASS 1 (for products with mini-GBIC slots or laser products, such as fiber-optic transceiver and GPON products). •...
Page 542 Appendix D Legal Information 台灣以下訊息僅適用於產品銷售至台灣地區 • 這是甲類的資訊產品，在居住的環境中使用時，可能會造成射頻干擾，在這種情況下，使用者會被要求採取某些適當的對策。」安全警告 – 為了您的安全，請先閱讀以下警告及指示 : • 請勿將此產品接近水、火焰或放置在高溫的環境。 • 避免設備接觸 – 任何液體 - 切勿讓設備接觸水、雨水、高濕度、污水腐蝕性的液體或其他水份。 – 灰塵及污物 - 切勿接觸灰塵、污物、沙土、食物或其他不合適的材料。 • 雷雨天氣時，不要安裝，使用或維修此設備。有遭受電擊的風險。 • 切勿重摔或撞擊設備，並勿使用不正確的電源變壓器。 • 若接上不正確的電源變壓器會有爆炸的風險。 • 請勿隨意更換產品內的電池。 • 如果更換不正確之電池型式，會有爆炸的風險，請依製造商說明書處理使用過之電池。 • 請將廢電池丟棄在適當的電器或電子設備回收處。 • 請勿將設備解體。 • 請勿阻礙設備的散熱孔，空氣對流不足將會造成設備損害。 •...
Page 543 Register your product online at www.zyxel.com to receive email notices of firmware upgrades and related information. Trademarks ZyNOS (Zyxel Network Operating System) and ZON (Zyxel One Network) are registered trademarks of Zyxel Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 544: Index
Index Index Numbers bridging fiber uplink IEEE 802.1Q VLAN 802.1P priority 114, 470 switched workgroup how it works learning mode overview setup accounting authentication ARP (Address Resolution Protocol) authorization ARP inspection 258, 287 AAA (Authentication, Authorization and and MAC filter Accounting) configuring access control...
Page 545 Index status viewing clearance back up Switch installation configuration file 393, 511 cloning a port, see port cloning Backup Configuration screen 393, 511, 514 Cloud Management screen bandwidth control 181, 182 cluster management ingress rate and switch passwords setup cluster manager 433, 435 Bandwidth Control screen cluster member...
Page 546 Index customer support DHCPv6 Client Setup screen DHCPv6 relay 31, 380 interface-ID remote-ID DHCPv6 Relay screen diagnostics date Ethernet port test current ping daylight saving time 105, 463 Differentiated Service (DiffServ) DDMI Details screen DiffServ DDMI screen activate DES (Data Encryption Standard) DS field DHCP DSCP...
Page 547 Index control packets freestanding installation CPU protection precautions detect procedure recovery front panel status error-disable recovery file transfer procedure Ethernet broadcast address restrictions over WAN 383, 442 Ethernet MAC full duplex 102, 461 Ethernet port Ethernet OAM Ethernet port auto-crossover auto-negotiating dual personality Ethernet port test...
Page 548 Index implementation IP address 108, 109 public keys, private keys Switch management HTTPS Certificates screen IP setup HTTPS example IP Setup screen 83, 107, 497 IP source guard ARP inspection 258, 287 DHCP snooping static bindings IP Status Detail screen IANA (Internet Assigned Number Authority) IP subnet mask 108, 109...
Page 549 Index IPv6 Link-Local Address Setup screen link aggregation (trunking) example IPv6 multicast status Link Aggregation Control Protocol (LACP) IPv6 Neighbor Setup screen Link Aggregation Control Protocol screen IPv6 Neighbor Table screen Link Aggregation Setting screen IPv6 screen Link Aggregation Status screen Link Layer Discovery Protocol LLDP basic TLV...
Page 550 Index Maximum Transmission Unit (MTU) Mbuf (Memory Buffer) 395, 515 MD5 (Message Digest 5) MAC (Media Access Control) 102, 461 MDIX (Media Dependent Interface Crossover) MAC address 102, 442, 461 maximum number per port Media Access Control 102, 461 MAC address learning 106, 204 Memory Buffer specify limit...
Page 551 Index multicast MAC address Org-specific TLV Setting screen Multi-Tenant Unit overheating prevention configuration network example MVR (Multicast VLAN Registration) myZyxel account PAgP password administrator 53, 408, 500 change change through Wizard 61, 66 navigation panel write down Standard mode password change Surveillance mode through Password / SNMP link NCC registration...
Page 552 Index method agent sub-options configuration Port Based VLAN Setup screen drop PPPoE packets port cloning 445, 447 port state advanced settings 445, 447 sub-option format basic settings 445, 447 tag format port details trusted ports port isolation untrusted ports Setting Wizard VLAN Port Mirror screen PPPoE Intermediate Agent...
Page 553 Index Reboot System screen Secure Shell, see SSH recurring schedule service access control 409, 510 service port 409, 510 registration product Service Access Control screen Regulatory Notice and Statement Setup Wizard parts remote management 31, 410, 501 service Setup Wizard screen 411, 502 trusted computers 410, 502...
Page 554 Index static bindings fanless-type usage precaution fan-type usage precaution static MAC address switch lockout static MAC forwarding Switch reset Static MAC Forwarding screen Switch Setup screen static multicast forwarding Switch’s QR code Static Multicast Forwarding screen syslog 288, 430 static route protocol enable settings...
Page 555 Index removal priority frame 134, 480 transceiver MultiSource Agreement (MSA) VID (VLAN Identifier) 134, 480 transceivers View-based Access Control Model (VACM) Trap Group screen Virtual Local Area Network 403, 505 traps VLAN destination acceptable frame type 403, 504 142, 487 and IGMP snooping troubleshooting automatic registration...
Page 556 Index VLAN-unaware devices supported firmware version voice VLAN supported models Voice VLAN Setup screen Switch IP address ZON utility use for troubleshooting ZULD example probe time status wall mounting ZULD (Zyxel Unidirectional Link Detection) distance above the floor ZyNOS (Zyxel Network Operating System) 398, 543 distance between holes Zyxel AP Configurator (ZAC)

This manual is also suitable for:

Gs2220-10 Gs2220-10hp Gs2220-28 Gs2220-28hp Gs2220-50 Gs2220-50hp ... Show all

ZyXEL Communications 43222612 User Manual

Chapter 3 Hardware Panels

Chapter 4 Web Configurator

Chapter 6 Tutorials

Chapter 7 Status

Chapter 8 Basic Setting

Chapter 9 VLAN

Chapter 10 Static MAC Forwarding

Chapter 12 Filtering

Chapter 14 Bandwidth Control

Chapter 16 Mirroring

Chapter 17 Link Aggregation

Chapter 18 Port Authentication

Chapter 19 Port Security

Chapter 20 Time Range

Chapter 21 Classifier

Chapter 22 Policy Rule

Chapter 23 Queuing Method

Chapter 24 Multicast

Chapter 25 AAA

Chapter 26 IP Source Guard

Chapter 27 DHCP Snooping

Chapter 28 ARP Inspection

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications 43222612

Summary of Contents for ZyXEL Communications 43222612