Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 6
ES-3148 User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
ES-3148 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
+36-1-3259100 +7-3272-590-698 www.zyxel.kz +7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Costa Rica Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica ZyXEL Communications Czech s.r.o.
Page 9
+380-44-494-49-32 +44-1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44-1344 303034 ftp.zyxel.co.uk ES-3148 User’s Guide REGULAR MAIL ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland ZyXEL Russia Ostrovityanova 37a Str.
2.1 Freestanding Installation ...43 2.2 Mounting the Switch on a Rack ...44 2.2.1 Rack-mounted Installation Requirements ...44 2.2.1.1 Precautions ...44 2.2.2 Attaching the Mounting Brackets to the Switch ...44 2.2.3 Mounting the Switch on a Rack ...44 Table of Contents Table of Contents...
Page 12
Initial Setup Example ... 63 5.1 Overview ...63 5.1.1 Creating a VLAN ...63 5.1.2 Setting Port VID ...64 5.2 Configuring Switch Management IP Address ...65 Chapter 6 System Status and Port Statistics ... 67 6.1 Port Status Summary 6.1.1 Status: Port Details ...48...
Page 13
Chapter 7 Basic Setting ... 73 7.1 Overview ...73 7.2 System Information 7.3 General Setup 7.4 Introduction to VLANs ...77 7.5 Switch Setup Screen 7.6 IP Setup 7.6.1 Management IP Addresses ...80 7.7 Port Setup Chapter 8 VLAN ... 87 8.1 Introduction to IEEE 802.1Q Tagged VLAN...
Page 14
ES-3148 User’s Guide 11.1.1 STP Terminology ...107 11.1.2 How STP Works ...108 11.1.3 STP Port States ...108 11.1.4 Multiple RSTP ...109 11.2 Spanning Tree Protocol Main Screen ...109 11.3 Configure Rapid Spanning Tree Protocol 11.4 Rapid Spanning Tree Protocol Status 11.5 Configure Multiple Rapid Spanning Tree Protocol 11.6 Multiple Rapid Spanning Tree Protocol Status Chapter 12...
Page 15
Chapter 17 Port Security... 137 17.1 About Port Security ...137 17.2 Port Security Setup ...137 Chapter 18 Classifier ... 141 18.1 About the Classifier and QoS ...141 18.2 Configuring the Classifier ...141 18.3 Viewing and Editing Classifier Configuration ...144 18.4 Classifier Example ...145 Chapter 19 Policy Rule...
Page 16
ES-3148 User’s Guide 22.1.3 IGMP Snooping ...165 22.2 Multicast Status ...166 22.3 Multicast Setting ...166 22.4 IGMP Filtering Profile ...169 22.5 MVR Overview ...170 22.5.1 Types of MVR Ports ...170 22.5.2 MVR Modes ...171 22.5.3 How MVR Works ...171 22.6 General MVR Configuration ...171 22.7 MVR Group Configuration ...173 22.7.1 MVR Configuration Example ...175 Chapter 23...
Page 17
Cluster Management ... 215 30.1 Cluster Management Status Overview ...215 30.2 Cluster Management Status ...216 30.2.1 Cluster Member Switch Management ...217 30.2.1.1 Uploading Firmware to a Cluster Member Switch ...218 30.3 Clustering Management Configuration ...219 Chapter 31 MAC Table ... 223 31.1 MAC Table Overview ...223...
Page 18
34.8 Getting Help ...233 34.8.1 List of Available Commands ...234 34.9 Using Command History ...236 34.10 Saving Your Configuration ...236 34.10.1 Switch Configuration File ...236 34.10.2 Logging Out ...237 34.11 Command Summary ...237 34.11.1 User Mode ...237 34.11.2 Enable Mode ...238 34.11.3 General Configuration Mode ...243...
Page 19
35.2.5 show mac address-table ...265 35.3 ping ...266 35.4 traceroute ...266 35.5 Copy Port Attributes ...267 35.6 Configuration File Maintenance ...268 35.6.1 Using a Different Configuration File ...268 35.6.2 Resetting to the Factory Default ...269 Chapter 36 Configuration Mode Commands... 271 36.1 Enabling IGMP Snooping ...271 36.2 Configure IGMP Filter ...272 36.3 Enabling STP ...273...
Page 20
39.1 Overview ...301 39.2 Create Multicast VLAN ...301 Chapter 40 Troubleshooting ... 303 40.1 Problems Starting Up the Switch ...303 40.2 Problems Accessing the Switch ...303 40.2.1 Pop-up Windows, JavaScripts and Java Permissions ...304 40.2.1.1 Internet Explorer Pop-up Blockers ...304 40.2.1.2 JavaScripts ...307...
Page 21
ES-3148 User’s Guide Appendix A Product Specifications ... 313 Appendix B IP Addresses and Subnetting ... 317 Index... 325 Table of Contents...
Figure 18 Example Xmodem Upload ... 61 Figure 19 Reload the Configuration file: Via Console Port ... 61 Figure 20 Resetting the Switch: Via the Console Port ... 62 Figure 21 Web Configurator: Logout Screen ... 62 Figure 22 Initial Setup Network Example: VLAN ... 63 Figure 23 Initial Setup Network Example: Port VID ...
Page 24
ES-3148 User’s Guide Figure 39 Protocol Based VLAN ... 96 Figure 40 Protocol Based VLAN Configuration Example ... 97 Figure 41 Port Based VLAN Setup (All Connected) ... 99 Figure 42 Port Based VLAN Setup (Port Isolation) ... 100 Figure 43 Static MAC Forwarding ... 103 Figure 44 Filtering ...
Page 25
Figure 108 Cluster Management: Status ... 217 Figure 109 Cluster Management: Cluster Member Web Configurator Screen ... 218 Figure 110 Example: Uploading Firmware to a Cluster Member Switch ... 219 Figure 111 Clustering Management Configuration ... 220 Figure 112 MAC Table Flowchart ... 223 Figure 113 MAC Table ...
Settings and then click Control Panel. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • The ES-3148 may be referred to as “the ES-3148”, “the switch”, or “the device” in this User’s Guide.
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Gigabit port and one slot for mini-GBIC transceiver (SFP module) with one port active at a time. With its built-in web configurator, managing and configuring the switch is easy. In addition, the switch can also be managed via Telnet, any terminal emulator program on the console port, or third-party SNMP management. 1.2 Software Features This section describes the general software features of the switch.
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
Page 35
Maintenance and Management Features • Access Control You can specify the service(s) and computer IP address(es) to control access to the switch for management. • Cluster Management Cluster management (also known as iStacking) allows you to manage switches through one switch, called the cluster manager.
• The ES-3148 supports IGMP snooping enabling group multicast traffic to be only forwarded to ports that are members of that group; thus allowing you to significantly reduce multicast traffic passing through your switch. • Broadcast storm control Quality of Service •...
Connect a backup power supply device to this port to ensure uninterrupted network connection in the event of a power failure. Fans The fans cool the switch sufficiently to allow reliable operation of the switch in even poorly ventilated rooms or basements. Power The ES-3148 requires 100~240VAC/1.5A power.
ES-3148 User’s Guide 1.4.1 Backbone Application In this application, the switch is an ideal solution for small networks where rapid growth can be expected in the near future. The switch can be used standalone for a group of heavy traffic users. You can connect computers directly to the switch’s port or connect other switches to the switch.
Figure 2 Bridging Application 1.4.3 High Performance Switched Example The switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance.
In this example, only ports that need access to the server need belong to VLAN 1. Ports can belong to other VLAN groups too. Chapter 8 on page Chapter 1 Getting to Know Your Switch...
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the switch. These rubber feet help protect the switch from shock or vibration and ensure space between devices when stacking.
2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the switch, lining up the four screw holes on the bracket with the screw holes on the side of the switch.
ES-3148 User’s Guide Figure 8 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack.
This chapter describes the front panel and rear panel of the switch and shows you how to make the hardware connections. 3.1 Panel Connections The figure below shows the front panel of the switch. Figure 9 Front Panel The following table describes the ports on the panels.
These are slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA).
Figure 10 Transceiver Installation Example 2 Press the transceiver firmly until it clicks into place. 3 The switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly. Figure 11 Installed Transceiver 3.1.2.2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver (SFP module).
• No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console cable to the console port of the switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.
Make sure you are using the correct power source as shown on the panel. To connect the power to the switch, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to the power source.
Page 52
ES-3148 User’s Guide Table 3 LEDs (continued) COLOR LNK/ACT Green Amber Green Green Gigabit Port LNK/ACT Green Amber Amber MGMT Green Amber STATUS DESCRIPTION Blinking The system is transmitting/receiving to/from a 10 Mbps or a 1000 Mbps Ethernet network. The link to a 10 Mbps or a 1000 Mbps Ethernet network is up. Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network.
4.2 System Login 1 Start your web browser. 2 Type “http://” and the IP address of the switch (for example, the default for the management port is 192.168.0.1 and for the switch port is 192.168.1.1) in the Location or Address field. Press 3 The login screen appears.
B - Click this link to save your configuration into the switch’s nonvolatile memory. Nonvolatile memory is the configuration of your switch that stays the same even if the switch’s power is turned off.
4.4 Menu Overview In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview BASIC SETTING Chapter 4 The Web Configurator ADVANCED ROUTING PROTOCOL MANAGEMENT APPLICATION ES-3148 User’s Guide...
ES-3148 User’s Guide The following table lists the various web configurator screens within the sub-links. Table 5 Web Configurator Screen Sub-links Details BASIC SETTING System Info General Setup Switch Setup IP Setup Port Setup ADVANCED ROUTING PROTOCOL MANAGEMENT APPLICATION VLAN...
This link takes you to a screen where you can configure general identification information about the switch. Switch Setup This link takes you to a screen where you can set up global switch parameters such as VLAN type, MAC address learning, GARP and priority queues. IP Setup...
Routing Protocol Static Routing This link takes you to screens where you can configure static routes. A static route defines how the switch should forward traffic by configuring the TCP/IP parameters manually. DiffServ This link takes you to screens where you can configure DiffServ and DSCP settings.
Note: Use the Save link when you are done with a configuration session. 4.6 Switch Lockout You could block yourself (and all others) from accessing the switch through the web configurator if you do one of the following: 1 Deleting the management VLAN (default is VLAN 1).
IP address is 192.168.0.1. 4.7 Resetting the Switch If you lock yourself (and others) out of the switch, you can try using out-of-band management. If you still cannot correct the situation or forgot the password, you will need to reload the factory-default configuration file.
1 Connect to the console port using a computer with terminal emulation software. See the chapter on hardware connections for details. 2 Disconnect and reconnect the switch's power to begin a session. When you reconnect the switch's power, you will see the initial screen.
Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session both for security reasons and so as you don’t lock out other switch administrators. Figure 21 Web Configurator: Logout Screen 4.9 Help...
This chapter shows how to set up the switch for an example network. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID • Configure the switch IP management address 5.1.1 Creating a VLAN...
IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the switch, select Fixed to configure port 1 to be a permanent member of the VLAN only. 4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the switch to remove VLAN tags before sending.
Figure 24 Initial Setup Example: Management IP Address 1 Connect your computer to any Ethernet port on the switch. Make sure your computer is in the same subnet as the switch. 2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator.
Page 66
This is the same as the VLAN ID you configure in the Static VLAN screen. 6 Select the Manageable check box to allow the switch to be managed from the ports belonging to VLAN2 using this specified IP address.
System Status and Port This chapter describes the system status (web configurator home page) and port details screens. 6.1 Port Status Summary The home screen of the web configurator displays a port statistical summary table with links to each port showing statistical details. To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the switch. Section 11.1.3 on page 108 for more information).
Figure 26 Status: Port Details The following table describes the labels in this screen. Table 8 Status: Port Details LABEL DESCRIPTION Port Info Name This field shows the name of the port. Link This field shows whether the Ethernet connection is down, and the speed/duplex mode.
Page 70
ES-3148 User’s Guide Table 8 Status: Port Details (continued) LABEL DESCRIPTION LACP This field shows if LACP is enabled on this port or not. TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port.
Page 71
Table 8 Status: Port Details (continued) LABEL DESCRIPTION This field shows the number of packets (including bad packets) received that were 64 octets in length. 65-127 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length.
Page 72
ES-3148 User’s Guide Chapter 6 System Status and Port Statistics...
The real time is then displayed in the switch logs. The Switch Setup screen allows you to set up and configure global switch features. The IP Setup screen allows you to configure a switch IP address, subnet mask(s) and DNS (domain name server) for management purposes.
You may choose the temperature unit (Centigrade or Fahrenheit) in this field. Temperature MAC, CPU and PHY refer to the location of the temperature sensors on the switch printed circuit board. Current This field displays the current temperature measured at this sensor.
This field displays the maximum voltage measured at this point. This field displays the minimum voltage measured at this point. Threshold This field displays the minimum voltage at which the switch should work. Status Normal indicates that the voltage is within an acceptable operating range at this point;...
Enter the geographic location of your switch. You can use up to 32 printable ASCII characters; spaces are not allowed. Contact Person's Enter the name of the person in charge of this switch. You can use up to 32 Name printable ASCII characters; spaces are not allowed.
1970-1-1 0:0. Time Server IP Enter the IP address of your timeserver. The switch searches for the timeserver for Address up to 60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds.
Chapter 8 on page 87 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.
Page 79
Use the next two fields to configure the priority level-to-physical queue mapping. The switch has eight physical queues that you can map to the 8 priority levels. On the switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
IP address. 7.6.1 Management IP Addresses The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address.
In-band Management IP Address DHCP Client Select this option if you have a DHCP server that can assign the switch an IP address, subnet mask, a default gateway IP address and a domain name server IP address automatically. Static IP Select this option if you don’t have a DHCP server or if you wish to assign static IP...
Select this option to allow the switch to be managed using this specified IP address. Click Add to save the new rule to the switch’s run-time memory. It then displays in the summary table at the bottom of the screen.
When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode.
Page 85
Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLANs groups beyond the local switch. Please refer to the following table for common IEEE 802.1Q VLAN terminology.
C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamic - using GVRP, static - added as a permanent entry or other - added using Multicast VLAN Registration (MVR).
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamic - using GVRP, static - added as a permanent entry or other - added using Multicast VLAN Registration (MVR).
ES-3148 User’s Guide Figure 36 VLAN: Static VLAN The following table describes the related labels in this screen. Table 17 VLAN: Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. VLAN Group ID Enter the VLAN ID for this static entry;...
LABEL DESCRIPTION Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
When an upstream frame is received on a port (configured for a protocol based VLAN), the switch checks if a tag is added already and its protocol. The untagged packets of the same protocol are then placed in the same protocol based VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol.
Advanced Applications, VLAN screens. Priority Select the priority level that the switch will assign to frames belonging to this VLAN. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Table 19 Protocol Based VLAN Setup (continued) LABEL DESCRIPTION Name This field shows the name the protocol based VLAN. Ethernet Type This field shows which Ethernet protocol is part of this protocol based VLAN. This field shows the VLAN ID of the port. Priority This field shows the priority which is assigned to frames belonging to this protocol based VLAN.
Port-based VLANs are specific only to the switch on which they were created. Note: When you activate port-based VLAN, the switch uses a default VLAN ID of 1. You cannot change it.
(its outgoing port). CPU refers to the switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the switch cannot be managed from that port.
MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the switch. See on port security.
Enter the port where the MAC address entered in the previous field will be automatically forwarded. Click Apply to save your rule to the switch’s run-time memory. The switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This chapter discusses static IP and MAC address port filtering. 10.1 Configure a Filtering Rule Filtering means sifting traffic going through the switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application and Filtering in the navigation panel to display the screen as shown next.
Page 106
Type the VLAN group identification number. Click Add to save this rule to the switch’s run-time memory. The switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
• IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol The switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 11.1 STP/RSTP Overview (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers.
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network.
MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
ES-3148 User’s Guide Figure 46 Spanning Tree Protocol RSTP and MRSTP The following table describes the labels in this screen. Table 25 Spanning Tree Protocol: Status LABEL DESCRIPTION RSTP This link takes you to the Rapid Spanning Tree Protocol configuration screen. See Section 11.3 on page MRSTP This link takes you to the Multiple Rapid Spanning Tree Protocol configuration...
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
This switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch. Hello Time...
STP tree. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch.
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
This switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch. Hello Time...
This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out- going traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Table 30 Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the switch. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 119
DESCRIPTION Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Table 31 Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the switch. Clear this check box to disable this feature. Port This field displays a port number. Settings in this row apply to all ports.
This chapter discusses the Mirror setup screens. 14.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application, Mirroring in the navigation panel to display the Mirroring screen.
LABEL DESCRIPTION Active Select this check box to activate port mirroring on the switch. Clear this check box to disable the feature. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port without interfering with the traffic flow on the original port(s).
“standby” ports become operational without user intervention. Please note that: • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking.
ES-3148 User’s Guide 15.2.1 Link Aggregation ID LACP aggregation ID consists of the following information Table 33 Link Aggregation ID: Local Switch SYSTEM PRIORITY MAC ADDRESS 0000 Table 34 Link Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS 0000 15.3 Link Aggregation Control Protocol Status Click Advanced Application, Link Aggregation in the navigation panel.
The following table describes the labels in this screen. Table 35 Link Aggregation Control Protocol Status LABEL DESCRIPTION Index This field displays the trunk ID to identify a trunk group, that is, one logical link containing multiple ports. Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number.
Select this checkbox to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535. The switch with the lowest Priority system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Page 129
Select either 1 second or 30 seconds. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 130
ES-3148 User’s Guide Chapter 15 Link Aggregation...
This chapter describes the 802.1x authentication method and RADIUS server connection setup. See Section 36.9 on page 281 additional Radius server settings as well as multiple Radius server configuration. 16.1 Port Authentication Overview IEEE 802.1x is an extended authentication protocol Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server.
16.1.1.2 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server to assign a port on the switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for more information.
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the switch.
Table 40 Port Authentication: 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the switch. Note: You must first enable 802.1x authentication on the switch Port This field displays a port number. before configuring it on each port.
Page 135
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 136
ES-3148 User’s Guide Chapter 16 Port Authentication...
Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch. The switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
MAC addresses aged out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “254”. “0” means this feature is disabled.
Page 139
DESCRIPTION Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 140
ES-3148 User’s Guide Chapter 17 Port Security...
This chapter introduces and shows you how to configure the packet classifier on the switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
ES-3148 User’s Guide Figure 61 Classifier The following table describes the labels in this screen. Table 42 Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Packet Specify the format of the packet.
Page 143
Protocol Refer to Table 45 on page 145 You may select Establish Only for TCP protocol type. This means that the switch will pick out the packets that are sent to establish TCP connections. Source Enter a source IP address in dotted decimal notation.
ES-3148 User’s Guide Table 42 Classifier (continued) LABEL DESCRIPTION Click Add to insert the entry in the summary table below. Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. 18.3 Viewing and Editing Classifier Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen.
Table 44 Common Ethernet Types and Protocol Number ETHERNET TYPE Chaosnet X.25 Level 3 XNS Compat Banyan Systems BBN Simnet IBM SNA AppleTalk AARP Some of the most common IP ports are: Table 45 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP...
This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to 18 on page 141 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
ES-3148 User’s Guide 19.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to for more information. Click Advanced Applications and then Policy Rule in the navigation panel to display the screen as shown. Section 18.2 on page Chapter 19 Policy Rule...
Profile DSCP number for out-of-profile traffic. DSCP Action Specify the action(s) the switch takes on the associated classified traffic flow. Forwarding Select No change to forward the packets. Select Discard the packet to drop the packets. Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before.
Table 46 Policy (continued) LABEL DESCRIPTION Diffserv Select No change to keep the TOS and/or DSCP fields in the packets. Select Set the packet’s TOS field to set the TOS field with the value you configure in the TOS field. Select Replace the IP TOS with the 802.1 priority value to replace the TOS field with the value you configure in the Priority field.
ES-3148 User’s Guide The following table describes the labels in this screen. Table 47 Policy: Summary Table LABEL DESCRIPTION Index This field displays the policy index number. Click an index number to edit the policy. Active This field displays Yes when policy is activated and No when is it deactivated. Name This field displays the descriptive name for this policy.
20.1.1 Strictly Priority Strictly Priority (SP) services queues based on priority only. As traffic comes into the switch, traffic on the highest priority queue, Q7 is transmitted first. When that queue empties, traffic on the next highest-priority queue, Q6 is transmitted until Q6 empties, and then traffic is transmitted on Q5 and so on.
ES-3148 User’s Guide 20.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port.
Enable subsequent queue(s) after and including the specified queue for the 10/100 Mbps Ethernet ports. For example, if you select Q5, the switch services traffic on Q5, Q6 and Q7 using Strictly Priority. Select None to always use WFQ or WRR for the 10/100 Mbps Ethernet ports.
GE Port This field is applicable only when you select WFQ or WRR. Select a queue (Q0 to Q7) to have the switch use Strictly Priority to service the Enable subsequent queue(s) after and including the specified queue for the gigabit ports. For example, if you select Q5, the switch services traffic on Q5, Q6 and Q7 using Strictly Priority.
This chapter shows you how to configure VLAN stacking on your switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
ES-3148 User’s Guide Figure 68 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. •...
TPID (Tag Protocol Identifier) is the customer IEEE 802.1Q tag. • If the VLAN stacking port role is Access Port, then the switch adds the SP TPID tag to all incoming frames on the service provider's edge devices (1 and 2 in the VLAN stacking example figure).
LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the switch. SP TPID SP TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information. Choose 0x8100 or 0x9100 from the drop-down list box or select Others and then enter a four-digit hexadecimal number from 0x0000 to 0xFFFF.
Page 163
VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the switch add the SP TPID tag to all incoming frames received on this port. Select Access Port for ingress ports at the edge of the service provider's network.
This allows you to control the distribution of multicast services (such as content information distribution) based on service plans and types of subscription. You can set the switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port.
ES-3148 User’s Guide The switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch.
Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Host Timeout Specify the time (from 1 to 16,711,450) in seconds that elapses before the switch removes an IGMP group membership entry if it does not receive report messages from the port.
Page 168
(or server). The switch forwards IGMP join or leave packets to an IGMP query port. Select Auto to have the switch use the port as an IGMP query port if the port receives IGMP query packets. Select Fixed to have the switch always use the port as an IGMP query port. Select this when you connect an IGMP multicast server to the port.
If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. Click Add to save the settings to the switch. Clear Click Clear to clear the fields to the factory defaults.
Figure 73 MVR Network Example 22.5.1 Types of MVR Ports In MVR, a source port is a port on the switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast data. Once configured, the switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
When the subscriber changes the channel or turns off the computer, an IGMP leave message is sent to the switch to leave the multicast group. The switch sends a query to VLAN 1 on the receiver port (in this case, a DSL port on the switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic.
Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN. 802.1p Priority Select a priority level (0-7) with which the switch replaces the priority in outgoing IGMP control packets (belonging to this multicast VLAN). Chapter 22 Multicast...
Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
IP address for a multicast group. Refer to Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
22.7.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic.
ES-3148 User’s Guide Figure 78 MVR Configuration Example To set the switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200.
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a DHCP server. You can configure the switch to relay client DHCP requests to a DHCP server and the server's responses back to the clients.
This read-only field displays the system name you configure in the General Setup screen. Select the check box for the switch to add the system name to the DHCP client DHCP requests that it relays to a DHCP server. Apply Click Apply to save your changes to the switch’s run-time memory.
This chapter shows you how to configure static routes. 24.1 Configuring Static Route Static routes tell the switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application, Static Routing in the navigation panel to display the screen as shown.
Page 182
Gateway IP Enter the IP address of the gateway. The gateway is an immediate neighbor of your Address switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch. Metric The metric represents the “cost”...
This chapter shows you how to set up Diffserv Code Point (DSCP) on each port and how to convert DSCP values to IEEE 802.1p values. 25.1 DiffServ Overview DiffServ Code Point (DSCP) is a field used for packet classification on DiffServ networks. The higher the value, the higher the priority.
This allows you to activate DiffServ on a per port basis. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
DSCP value. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Table 62 Maintenance LABEL DESCRIPTION Current This field displays which configuration (Configuration 1 or Configuration 2) is currently operating on the switch. Firmware Click Click Here to go to the Firmware Upgrade screen. Upgrade Restore Click Click Here to go to the Restore Configuration screen.
3 In the web configurator, click the Save button to make the changes take effect. If you want to access the switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default switch IP address (192.168.1.1).
The following screen displays. Figure 87 Reboot System: Confirmation 2 Click OK again and then wait for the switch to restart. This takes up to two minutes. This does not affect the switch’s configuration. Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the switch.
Figure 88 Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the switch in the File Path text box or click Browse to locate it. After you have specified the file, click Upgrade.
Back up your current switch configuration to a computer using the Backup Configuration screen. Figure 90 Backup Configuration Follow the steps below to back up the current switch configuration to your computer in this screen. 1 Click Backup. 2 Click Save to display the Save As screen.
If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the switch only recognizes “config” and “ras”. Be sure you keep unaltered copies of both files for later use.
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the switch will disconnect the Telnet session immediately. Chapter 26 Maintenance DESCRIPTION Enter the address of the host server.
This chapter describes how to control access to the switch. 27.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share four sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (the switch). An agent translates the local management information from the managed switch into a form compatible with SNMP.
RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP 27.3.2 SNMP Traps The switch sends traps to an SNMP manager when an event occurs. SNMP traps supported are outlined in the following table. Table 67 SNMP Traps...
Enter the IP addresses of up to four stations to send your SNMP traps to. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
• A non-administrator (username is something other than admin) is someone who can view but not configure switch settings. Click Access Control from the navigation panel and then click Logins from this screen. Figure 94 Access Control: Logins The following table describes the labels in this screen.
DESCRIPTION Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Your switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time.
(you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always...
27.8 HTTPS Example If you haven’t changed the default HTTPS port on the switch, then in your browser enter “https://switch IP Address/” as the web site address where “switch IP Address” is the IP address or domain name of the switch you wish to access.
Figure 100 Security Certificate 2 (Netscape) 27.8.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. A lock displayed in the bottom right of the browser status bar denotes a secure connection.
Figure 101 Example: Lock Denoting a Secure Connection 27.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later).
From the Access Control screen, display the Remote Management screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the switch. Click Access Control to return to the Access Control screen.
Configure the IP address range of trusted computers from which you can manage this switch. End Address The switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The switch immediately disconnects the session if it does not match.
IP Ping Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test.
This chapter explains the syslog screens. 29.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164.
Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
The lower the number, the more critical the logs are. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Cluster Member Models Cluster Manager Cluster Members In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Chapter 30 Cluster Management H A P T E R...
ES-3148 User’s Guide Figure 107 Clustering Application Example 30.2 Cluster Management Status Click Management, Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Chapter 30 Cluster Management...
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
Figure 109 Cluster Management: Cluster Member Web Configurator Screen 30.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example.
User Password 360lt0.bin fw-00-a0-c5-01-23-46 config-00-a0-c5-01-23-46 This is the cluster member switch’s configuration file name as seen 30.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen to display the next screen. Chapter 30 Cluster Management...
Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). This is the VLAN ID and is only applicable if the switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 221
Chapter 30 Cluster Management DESCRIPTION Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
(learned by the switch) or static (manually entered in the Static MAC Forwarding screen). The switch uses the MAC table to determine how to forward frames. See the following figure. 1 The switch examines a received frame and learns the port on which this source MAC address came.
Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen). Chapter 31 MAC Table...
If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the switch puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address).
Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
This chapter shows you how you can copy the settings of one port onto other ports. 33.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management, Configure Clone to open the following screen. Figure 115 Configure Clone Chapter 33 Configure Clone ES-3148 User’s Guide...
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
This chapter introduces commands and gives a summary of commands available. 34.1 Overview In addition to the web configurator, you can use commands to configure the switch. Use commands for advanced switch diagnosis and troubleshooting. If you have problems with your switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
1 For local management, connect your computer to the RJ-45 management port (labeled MGMT) on the switch. 2 Make sure your computer IP address and the switch IP address are on the same subnet. In Windows, click Start (usually in the bottom left corner), Run and then type (the default management IP address) and click OK.
• Use the up or down arrow key to scroll through the command history list. • You may enter a unique part of a command and press [TAB] to have the switch automatically display the full command. For example, if you enter “...
ES-3148 User’s Guide Use the following commands to specify privilege levels for login accounts. Syntax: logins username <username> password <password> logins username <username> privilege <0-14> where username <username> password <password> privilege <0-14> 34.7 Command Modes There are three command modes: User, Enable and Configure. The modes (and commands) available to you depend on what level of privilege your account has.
Config Commands available in this mode allow you to configure settings that affect the switch globally. Command modes that follow are sub-modes of the config mode and can only be accessed from within the config mode. Config-vlan...
ES-3148 User’s Guide • List of available commands under a command group. • Detailed descriptions of the commands. 34.8.1 List of Available Commands Enter “ ” to display a list of available commands and the corresponding sub commands. help sysname> help Commands available: help logout...
Page 235
Enter “ ” to display a list of commands you can use. sysname# ? baudrate boot cable-diagnostics configure copy disable enable erase exit help history igmp-flush kick logout mac-flush ping reload show traceroute write Enter <command> help sysname> ping help Commands available: ping <ip|host-name>...
34.9 Using Command History The switch keeps a list of recently used commands available to you for reuse. You can use any commands in the history again by pressing the up ( ) or down ( ) arrow key to scroll through the previously used commands and press of commands.
34.11 Command Summary The following sections summarize the commands available in the switch together with a brief description of each command. Commands listed in the tables are in the same order as they are displayed in the CLI. See the related section in the User’s Guide for more background information.
ES-3148 User’s Guide Table 84 Command Summary: User Mode (continued) COMMAND help <1|2> <[user@]dest- ip> 34.11.2 Enable Mode The following table describes the commands available for Enable mode. Table 85 Command Summary: Enable Mode COMMAND help logout exit history enable disable configure stk-port-...
Page 240
ES-3148 User’s Guide Table 85 Command Summary: Enable Mode (continued) COMMAND vlan running-config timesync time garp loginPrecedence logging vlan-stacking https DESCRIPTION Displays bandwidth control bandwidth- settings on the port(s). control Displays outgoing port information egress on the port(s). Displays broadcast storm control bstorm-control settings on the port(s).
Page 241
DIsplays all MVR (Multicast VLAN Registration) settings. DIsplays specified MVR <vlan-id> information. Displays DiffServ settings on the switch. Removes all IGMP information. Resets a TCP connection. Use the show ip tcp the Session ID. Clears the MAC address table. Removes all learned MAC address on the specified port(s).
Page 242
Restarts the system with the specified configuration file. Restarts the system and use the specified configuration file. Saves current configuration to the configuration file the switch is currently using. Saves current configuration to the <index> specified configuration file on the switch.
<mask> Enables a specified IP static route <ip> route. <mask> inactive Clears the IGMP filtering settings on the switch. Deletes the IGMP filtering profile. 13 profile <name> Deletes a rule in the IGMP profile <name> filtering profile. start-address <ip> end- address <ip>...
Page 244
<port-list> Disables Bridge Control Protocol (BCP) transparency. Disables broadcast storm control. 13 Disable bandwidth control on the switch. Disables GVRP on the switch. gvrp Disables port isolation. port-isolation Disables STP. Disables STP on listed ports. <port-list> Disables the specified STP <treeIndex>...
Page 245
Disables FTP access to the switch. Disables web browser control to http the switch. Disables SSH (Secure Shell) server access to the switch. Disables secure web browser https access to the switch. Disables ICMP access to the icmp switch such as pinging and tracerouting.
Disables another administrator from logging into Telnet. Disables cluster management on the switch. Removes the cluster member. <mac-address> Disables MVR on the switch. <vlan-id> Disables Strict Priority Queuing on the switch. Disables syslog logging. Disables syslog logging to the server <ip- specified syslog server.
Page 247
Sets the queuing method to WFQ (Weighted Fair Queuing). Sets the queuing method to WRR (Weighted Round Robin). Sets the switch to use SPQ to service the subsequent queue(s) after and including the specified queue for the 10/100 Mbps Ethernet ports.
Page 248
ES-3148 User’s Guide Table 86 Command Summary: Configuration Mode (continued) COMMAND name-server address default- gateway address mac- name <name> mac forward <mac-addr> vlan <vlan-id> interface <interface-id> mac-filter name <name> mac <mac-addr> vlan <vlan-id> drop <src/dst/both> mirror- port <port-num> lacp system-priority trunk <T1|T2|T3|T4|T5| T6>...
Page 249
<mask-bits>] ] [ destination- socket <socket- num> ] inactive ] > Chapter 34 Introducing Commands DESCRIPTION Sets the cluster member switch's hardware MAC address and password. Logs into a cluster member switch. Configures a classifier. A classifier groups traffic into data...
Page 251
Note: All previously learned dynamic MAC addresses are saved to the static MAC address table. Enables GVRP. Enables port-isolation. Configures GARP time settings. Enables STP on the switch. Sets the bridge priority of the switch. ES-3148 User’s Guide PRIVILEGE...
Page 252
<1- configuration to the ports. 2> Displays the detailed help for the mrstp command. Sets the switch’s name for identification purposes. Sets the time in hour, minute and second format. Selects the time difference between UTC (formerly known as GMT) and your time zone.
Page 253
<index> management Chapter 34 Introducing Commands DESCRIPTION Enables broadcast storm control on the switch. Enables bandwidth control. Sets learned MAC aging time. Sets the get community. Sets the set community. Sets the trap community. Sets the IP addresses of up to four stations to send your SNMP traps to.
Page 254
Enables VLAN stacking on the switch. Sets the SP TPID (Service Provider Tag Protocol Identifier). Specifies through which traffic flow the switch is to send packets. Adds a remote host to which the switch can access using SSH service. Re-generates a certificate.
<number> Chapter 34 Introducing Commands DESCRIPTION Allows the switch to add DHCP relay agent information. Allows the switch to add system name to agent information. Enables DiffServ on the switch. Maps DSCP value with an 802.1p priority <0-7>...
Page 256
VLANs that are not included in a port member set. Enables this function to permit VLAN groups beyond the local switch. Choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port.
Sets the maximum bandwidth egress <Kbps> allowed for outgoing traffic on the port(s). Enables broadcast storm control limit on the switch. Sets how many broadcast packets <pkt/s> the interface receives per second. Enables the interface multicast limit.
Page 258
Disables multicast limit on the multicast-limit switch. Disables destination lookup failure dlf-limit (DLF) limit on the switch. Enables the port(s) on the switch. inactive Disables intrusion-lock on a port so intrusion-lock that a port can be connected again after you disconnected the cable.
IP address in this inband-default VLAN. dhcp-bootp The switch will use the default IP address of 0.0.0.0 if you do not configure a static IP address. Deletes the IP address and subnet ip address <ip- mask from this VLAN.
Page 261
MVR. Exist from the MVR configuration mode. Sets a priority level (0-7) to which the switch changes the priority in outgoing IGMP control packets. Disables the source port(s). An MVR source port can send and receive multicast traffic in a multicast VLAN.
This chapter describes some commands which you can perform in the User and Enable modes. 35.1 Overview The following command examples show how you can use User and Enable modes to diagnose and manage your switch. 35.2 show Commands These are the commonly used 35.2.1 show system-information...
35.2.2 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all switch interfaces. The following figure shows the default interface settings. sysname> show ip Out-of-band Management IP Address = 192.168.0.1 Management IP Address IP[192.168.0.1], Netmask[255.255.255.0], VID[0]...
This command displays statistics of a port. The following example shows that port 2 is up and the related information. sysname# show interface 2 Port Info Port NO. Link Status LACP TxPkts RxPkts Errors Tx KBs/s Rx KBs/s Up Time TX Packet Tx Packets Multicast...
ES-3148 User’s Guide This command displays the MAC address(es) stored in the switch. The following example shows the static MAC address table. sysname# show mac address-table static Port VLAN ID sysname# 35.3 ping Syntax: ping <ip|host-name> < [in-band|out-of-band|vlan <vlan-id> ] [ size <0-1472>...
Ethernet device belongs. Specifies the Time To Live (TTL) period. Specifies the time period to wait. Specifies how many tries the switch performs the traceroute function. command to copy attributes of one port to another port or ES-3148 User’s Guide...
You can store up to two configuration files on the switch. Only one configuration file is used at a time. By default the switch uses the first configuration file (with an index number of 1). You can set the switch to use a different configuration file. There are two ways in which you can set the switch to use a different configuration file: restart the switch (cold reboot) and restart the system (warm reboot).
Note: When you use the file index number, the switch saves the changes to the configuration file the switch is currently using. 35.6.2 Resetting to the Factory Default Follow the steps below to reset the switch back to the factory defaults.
Page 270
ES-3148 User’s Guide Chapter 35 User and Enable Mode Commands...
Configuration Mode Commands This chapter describes how to enable and configure your switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 36.1 Enabling IGMP Snooping To enable IGMP snooping on the switch. Enter...
ES-3148 User’s Guide • Enable IGMP snooping on the switch. • Set the host-timeout • Set the switch to drop packets from unknown multicast groups. sysname(config)# igmp-snooping sysname(config)# igmp-snooping host-timeout 30 sysname(config)# igmp-snooping leave-timeout 30 sysname(config)# igmp-snooping unknown-multicast-frame drop 36.2 Configure IGMP Filter Use the following commands in the config mode to configure IGMP filtering profiles.
Specifies the bridge priority for the switch. The lower the numeric value you assign, the higher the priority for this bridge. Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
Page 274
• Set the bridge priority of the switch to 0. • Set the Hello Time to 4, Maximum Age to 20 and Forward Delay to 15 on the switch. • Enable STP on port 5 with a path cost of 150.
Disables STP on the switch. Disables port mirroring on the switch. 36.4.2 Resetting Commands Use the command to reset switch settings to their default values. Syntax: no https timeout Resets the https session timeout to default. An example is shown next. The session timeout is reset to 300 seconds.
ES-3148 User’s Guide where <ip> <mask> inactive An example is shown next. • Enable the IP route with the IP address of 192.168.11.1 and subnet mask of 255.255.255.0. This ip route must have already been created and made inactive prior to re-enable command being applied.
Disables port authentication on the switch. Disables the re-authentication mechanism on the listed port(s). Disables authentication on the listed ports. Disables the secure shell server encryption key. Your switch supports SSH versions 1 and 2 using RSA and DSA authentication.
• Set the queueing method to SPQ. sysname(config)# spq 36.6 Static Route Commands You can create and configure static routes on the switch by using the Sets the queuing method to SPQ (Strictly Priority Queuing). Sets the queuing method to WFQ (Weighted Fair Queuing).
Specifies the subnet mask of this destination. Specifies the IP address of the gateway. The gateway is an immediate neighbor of your switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch.
ES-3148 User’s Guide where name <name> mac <mac-addr> vlan <vlan-id> drop <src/dst/both> An example is shown next. • Create a filtering rule called “filter1”. • Drop packets coming from and going to MAC address 00:12:00:12:00:12 on VLAN. sysname(config)# mac-filter name filter 1 sysname(config)# mac-filter name filter 1 mac 00:12:00:12:00:12 vlan 1 drop both 36.8 Enabling Trunking...
To enable a port authentication, you need to specify your RADIUS server details and select the ports which require external authentication. You can set up multiple RADIUS servers and specify how the switch will process authentication requests. 36.9.1 RADIUS Server Settings Configuring multiple RADIUS servers is only available via the command interpreter mode.
RADIUS server. If 2 RADIUS servers are configured, this is the total time the switch will wait for a response from either server. Specifies the way the switch will process requests from the clients to the RADIUS server. (Only applicable with multiple RADIUS servers configured.)
Page 283
• Specify RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password. See commands. • Specify the timeout period of 30 seconds that the switch will wait for a response from the RADIUS server. • Enable port authentication on ports 4 to 8.
These are some commonly used configuration commands that belong to the group of commands. 37.1 Overview The interface commands allow you to configure the switch on a port by port basis. 37.2 Interface Command Examples This section provides examples of some frequently used interface commands.
BPDU. , to forward BPDUs received on ports one, three, four tunnel Enables broadcast storm control limit on the switch. Limits how many broadcast packet the interface receives per second. command enables bandwidth control on the switch.
Sets the maximum bandwidth allowed for incoming traffic. Sets the guaranteed bandwidth allowed for incoming traffic. Sets the maximum bandwidth allowed for outgoing traffic (egress) on the switch. = Enables port mirroring for incoming, outgoing or both incoming and outgoing traffic.
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local switch. An example is shown next.
<wt1> <wt2> ... <wt8> An example is shown next. • Enable WFQ queuing on the switch. • Enable port 2 and ports 6 to 8 for configuration. Chapter 37 Interface Commands Choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port.
<port-list> An example is shown next. • Enable port-based VLAN tagging on the switch. • Enable ports one, three, four and five for configuration. • Set the outgoing traffic ports as the CPU (0), seven (7), and eight (8).
37.2.12 name Syntax: name <port-name-string> where <port-name-string> An example is shown next. • Enable ports one, three, four and five for configuration. • Set a name for the ports. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# name Test 37.2.13 speed-duplex Syntax: speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full> where <auto|10-half|10- full|100-half|100-...
ES-3148 User’s Guide An example is shown next. • Select ports 3-6 for internal loopback test. • Execute the test command. • View the results. sysname(config)# interface port-channel 3-6 sysname(config-interface)# test 3-6 Testing internal loopback on port 3 :Passed! Ethernet Port 3 Test ok. Testing internal loopback on port 4 :Passed! Ethernet Port 4 Test ok.
(config-interface)# pvid 2000 sysname (config-interface)# exit 2 Configure your management VLAN. • Use the vlan <vlan-id> managing the switch, and the switch will activate the new management VLAN. • Use the inactive sysname (config)# vlan 3 sysname (config-vlan)# inactive Chapter 38 IEEE 802.1Q Tagged VLAN Commands...
This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 38.2.1 GARP Status Syntax: show garp This command shows the switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. sysname # show garp...
This command turns on GVRP in order to propagate VLAN information beyond the switch. 38.2.5 Disable GVRP Syntax: no vlan1q gvrp This command turns off GVRP so that the switch does not propagate VLAN information to other switches. 38.3 Port VLAN Commands You must configure the switch port VLAN settings in config-interface mode.
ES-3148 User’s Guide 38.3.1 Set Port VID Syntax: pvid <VID> where Specifies the VLAN number between 1 and 4094. <VID> This command sets the default VLAN ID on the port(s). The following example sets the default VID to 200 on ports 1 to 5. sysname (config)# interface port-channel 1-5 sysname (config-interface)# pvid 200 38.3.2 Set Acceptable Frame Type...
38.3.4.2 Forwarding Process Example 38.3.4.2.1 Tagged Frames 1 First the switch checks the VLAN ID (VID) of tagged frames or assigns temporary VIDs to untagged frames. 2 The switch then checks the VID in a frame’s tag against the SVLAN table.
The switch also does not forward frames to “forbidden” ports. 4 If after looking at the SVLAN, the switch does not have any ports to which it will send the frame, it won’t check the port filter.
• VID is the VLAN identification number. • Status shows whether the VLAN is static or active. • Elap-Time is the time since the VLAN was created on the switch. • The section of the last column shows which ports are tagged and which are TagCtl untagged.
Multicast VLAN Registration This chapter shows you how to use Multicast VLAN Registration (mvr) commands. 39.1 Overview Use the mvr commands in the configuration mode to create and configure multicast VLANs. Note: If you want to enable IGMP snooping see 39.2 Create Multicast VLAN Use the following commands in the config-mvr mode to configure a multicast VLAN group.
Page 302
ES-3148 User’s Guide group name <name-str> start-address <ip> end-address <ip> • Enter MVR mode. Create a multicast VLAN with the name multiVlan and the VLAN ID of 3. • Specify source ports 2, 3, and 5 and receiver ports 6-8. •...
IP address, your computer’s IP address must match it. Refer to the chapter on access control for details. Your computer’s and the switch’s IP addresses must be on the same subnet. See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.
ES-3148 User’s Guide 40.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Figure 118 Internet Options 3 Click Apply to save this setting. 40.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
ES-3148 User’s Guide Figure 119 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 40 Troubleshooting...
Figure 120 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 40.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
ES-3148 User’s Guide Figure 121 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Figure 122 Security Settings - Java Scripting 40.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
ES-3148 User’s Guide Figure 123 Security Settings - Java 40.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 40 Troubleshooting...
Figure 124 Java (Sun) 40.3 Problems with the Password Table 92 Troubleshooting the Password PROBLEM Cannot access the switch. Chapter 40 Troubleshooting CORRECTIVE ACTION The password field is case sensitive. Make sure that you enter the correct password using the proper casing.
These are the switch product specifications. Table 93 General Product Specifications Ethernet 48 10/100 Base-TX interfaces Interface Auto-negotiation Auto-MDI/MDIX Compliant with IEEE 802.3/3u Back pressure flow control for half duplex Flow control for full duplex (IEEE 802.3x) RJ-45 Ethernet cable connector...
RFC2013 UDP MIB RFC2674 Bridge MIB extension (for IEEE 802.1Q) Table 95 Physical and Environmental Specifications LEDs Per switch: PWR, SYS, ALM, BPS Per Ethernet port: LNK/ACT, FDX Dimension 438 mm (W) x 270 mm (D) x 44.45 mm (H) Standard 19”...
Page 315
Table 95 Physical and Environmental Specifications (continued) Safety ANS/UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) Appendix A ES-3148 User’s Guide...
IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
ES-3148 User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 96 Classes of IP Addresses IP ADDRESS OCTET 1 Class A Network number Class B Network number Class C Network number An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number.
ES-3148 User’s Guide Table 99 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.240 255.255.255.248 255.255.255.252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C”...
Table 101 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.127 Table 102 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.255 Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 –...
The following table shows class C IP address last octet values for each subnet. Table 107 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS The following table is a summary for class “C” subnet planning. Table 108 Class C Subnet Planning NO.
CFI (Canonical Format Indicator) changing password accessing syntax conventions cloning a port. See port cloning. cluster management and switch passwords cluster manager cluster member cluster member firmware upgrade network example setup specification status switch models web configurator...
Page 326
ES-3148 User’s Guide change running config saving 59, 236 configuration file 60, 236 and commands backup restore 60, 190 connections hardware console port 37, 47 commands settings 50, 229 contact information copying port settings. See port cloning. copyright CPU management port CRC (Cyclic Redundant Check) current date current time...
Page 327
hardware connections front panel installation installation precautions mounting brackets overview rack-mounting rubber feet transceivers 48, 49 help in command interpreter web configurator history in command interpreter HTTPS certificates implementation public keys, private keys IEEE 802.1p, priority IEEE 802.1x activate reauthentication IGMP version IGMP filtering...
Page 328
ES-3148 User’s Guide transceiver installation transceiver removal mirroring ports modes and accounts in command interpreter mounting brackets MSA (MultiSource Agreement) MTU (Multi-Tenant Unit) multicast multicast group multicast settings multicast VLAN multicasting 802.1 priority addresses setup Multiple Spanning Tree Protocol configuration configuration example group configuration how it works...
Page 329
112, 115 port state root port status 112, 115 terminology subnet subnet mask subnetting switch lockout switch reset switch setup sys commands examples 263, 275 sys log disp sys sw mac list syslog protocol server setup settings ES-3148 User’s Guide...
Page 330
ES-3148 User’s Guide setup severity levels system information system log system login system reboot tagged VLAN Telnet commands logging in management time current time server time zone Time (RFC-868) time server time service protocol time format time zone trademarks transceiver installation removal traps...