Page 1 ES-3148 Intelligent Layer 2+ Switch 48-port Fast Ethernet + 2 Gigabit Ethernet Ports 2 GbE Dual Personality Interfaces (Copper/SFP) User’s Guide Version 3.70 8/2006 Edition 1...
Page 3: Copyright
Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 4: Certifications
FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 5: Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 6 ES-3148 User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
Page 7: Zyxel Limited Warranty
ES-3148 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
Page 8: Customer Support
+36-1-3259100 +7-3272-590-698 www.zyxel.kz +7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Costa Rica Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica ZyXEL Communications Czech s.r.o.
Page 9 +380-44-494-49-32 +44-1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44-1344 303034 ftp.zyxel.co.uk ES-3148 User’s Guide REGULAR MAIL ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland ZyXEL Russia Ostrovityanova 37a Str.
Page 10 ES-3148 User’s Guide Customer Support...
Page 11: Table Of Contents
2.1 Freestanding Installation ...43 2.2 Mounting the Switch on a Rack ...44 2.2.1 Rack-mounted Installation Requirements ...44 2.2.1.1 Precautions ...44 2.2.2 Attaching the Mounting Brackets to the Switch ...44 2.2.3 Mounting the Switch on a Rack ...44 Table of Contents Table of Contents...
Page 12 Initial Setup Example ... 63 5.1 Overview ...63 5.1.1 Creating a VLAN ...63 5.1.2 Setting Port VID ...64 5.2 Configuring Switch Management IP Address ...65 Chapter 6 System Status and Port Statistics ... 67 6.1 Port Status Summary 6.1.1 Status: Port Details ...48...
Page 13 Chapter 7 Basic Setting ... 73 7.1 Overview ...73 7.2 System Information 7.3 General Setup 7.4 Introduction to VLANs ...77 7.5 Switch Setup Screen 7.6 IP Setup 7.6.1 Management IP Addresses ...80 7.7 Port Setup Chapter 8 VLAN ... 87 8.1 Introduction to IEEE 802.1Q Tagged VLAN...
Page 14 ES-3148 User’s Guide 11.1.1 STP Terminology ...107 11.1.2 How STP Works ...108 11.1.3 STP Port States ...108 11.1.4 Multiple RSTP ...109 11.2 Spanning Tree Protocol Main Screen ...109 11.3 Configure Rapid Spanning Tree Protocol 11.4 Rapid Spanning Tree Protocol Status 11.5 Configure Multiple Rapid Spanning Tree Protocol 11.6 Multiple Rapid Spanning Tree Protocol Status Chapter 12...
Page 15 Chapter 17 Port Security... 137 17.1 About Port Security ...137 17.2 Port Security Setup ...137 Chapter 18 Classifier ... 141 18.1 About the Classifier and QoS ...141 18.2 Configuring the Classifier ...141 18.3 Viewing and Editing Classifier Configuration ...144 18.4 Classifier Example ...145 Chapter 19 Policy Rule...
Page 16 ES-3148 User’s Guide 22.1.3 IGMP Snooping ...165 22.2 Multicast Status ...166 22.3 Multicast Setting ...166 22.4 IGMP Filtering Profile ...169 22.5 MVR Overview ...170 22.5.1 Types of MVR Ports ...170 22.5.2 MVR Modes ...171 22.5.3 How MVR Works ...171 22.6 General MVR Configuration ...171 22.7 MVR Group Configuration ...173 22.7.1 MVR Configuration Example ...175 Chapter 23...
Page 17 Cluster Management ... 215 30.1 Cluster Management Status Overview ...215 30.2 Cluster Management Status ...216 30.2.1 Cluster Member Switch Management ...217 30.2.1.1 Uploading Firmware to a Cluster Member Switch ...218 30.3 Clustering Management Configuration ...219 Chapter 31 MAC Table ... 223 31.1 MAC Table Overview ...223...
Page 18 34.8 Getting Help ...233 34.8.1 List of Available Commands ...234 34.9 Using Command History ...236 34.10 Saving Your Configuration ...236 34.10.1 Switch Configuration File ...236 34.10.2 Logging Out ...237 34.11 Command Summary ...237 34.11.1 User Mode ...237 34.11.2 Enable Mode ...238 34.11.3 General Configuration Mode ...243...
Page 19 35.2.5 show mac address-table ...265 35.3 ping ...266 35.4 traceroute ...266 35.5 Copy Port Attributes ...267 35.6 Configuration File Maintenance ...268 35.6.1 Using a Different Configuration File ...268 35.6.2 Resetting to the Factory Default ...269 Chapter 36 Configuration Mode Commands... 271 36.1 Enabling IGMP Snooping ...271 36.2 Configure IGMP Filter ...272 36.3 Enabling STP ...273...
Page 20 39.1 Overview ...301 39.2 Create Multicast VLAN ...301 Chapter 40 Troubleshooting ... 303 40.1 Problems Starting Up the Switch ...303 40.2 Problems Accessing the Switch ...303 40.2.1 Pop-up Windows, JavaScripts and Java Permissions ...304 40.2.1.1 Internet Explorer Pop-up Blockers ...304 40.2.1.2 JavaScripts ...307...
Page 21 ES-3148 User’s Guide Appendix A Product Specifications ... 313 Appendix B IP Addresses and Subnetting ... 317 Index... 325 Table of Contents...
Page 22 ES-3148 User’s Guide Table of Contents...
Page 23: List Of Figures
Figure 18 Example Xmodem Upload ... 61 Figure 19 Reload the Configuration file: Via Console Port ... 61 Figure 20 Resetting the Switch: Via the Console Port ... 62 Figure 21 Web Configurator: Logout Screen ... 62 Figure 22 Initial Setup Network Example: VLAN ... 63 Figure 23 Initial Setup Network Example: Port VID ...
Page 24 ES-3148 User’s Guide Figure 39 Protocol Based VLAN ... 96 Figure 40 Protocol Based VLAN Configuration Example ... 97 Figure 41 Port Based VLAN Setup (All Connected) ... 99 Figure 42 Port Based VLAN Setup (Port Isolation) ... 100 Figure 43 Static MAC Forwarding ... 103 Figure 44 Filtering ...
Page 25 Figure 108 Cluster Management: Status ... 217 Figure 109 Cluster Management: Cluster Member Web Configurator Screen ... 218 Figure 110 Example: Uploading Firmware to a Cluster Member Switch ... 219 Figure 111 Clustering Management Configuration ... 220 Figure 112 MAC Table Flowchart ... 223 Figure 113 MAC Table ...
Page 26 ES-3148 User’s Guide List of Figures...
Page 27: List Of Tables
Table 30 Bandwidth Control ... 118 Table 31 Broadcast Storm Control ... 122 Table 32 Mirroring ... 124 Table 33 Link Aggregation ID: Local Switch ... 126 Table 34 Link Aggregation ID: Peer Switch ... 126 Table 35 Link Aggregation Control Protocol Status ... 127 Table 36 Link Aggregation Control Protocol: Configuration ...
Page 28 ES-3148 User’s Guide Table 39 Port Authentication: RADIUS ... 133 Table 40 Port Authentication: 802.1x ... 134 Table 41 Port Security ... 138 Table 42 Classifier ... 142 Table 43 Classifier: Summary Table ... 144 Table 44 Common Ethernet Types and Protocol Number ... 144 Table 45 Common IP Ports ...
Page 29 Table 87 interface port-channel Commands ... 255 Table 88 Command Summary: config-vlan Commands ... 259 Table 89 mvr Commands ... 260 Table 90 Troubleshooting the Start-Up of Your Switch ... 303 Table 91 Troubleshooting Accessing the Switch ... 303 Table 92 Troubleshooting the Password ... 311 Table 93 General Product Specifications ...
Page 30 ES-3148 User’s Guide List of Tables...
Page 31: Preface
Settings and then click Control Panel. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • The ES-3148 may be referred to as “the ES-3148”, “the switch”, or “the device” in this User’s Guide.
Page 32: User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 33: Getting To Know Your Switch
Gigabit port and one slot for mini-GBIC transceiver (SFP module) with one port active at a time. With its built-in web configurator, managing and configuring the switch is easy. In addition, the switch can also be managed via Telnet, any terminal emulator program on the console port, or third-party SNMP management. 1.2 Software Features This section describes the general software features of the switch.
Page 34: Port Mirroring
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
Page 35 Maintenance and Management Features • Access Control You can specify the service(s) and computer IP address(es) to control access to the switch for management. • Cluster Management Cluster management (also known as iStacking) allows you to manage switches through one switch, called the cluster manager.
Page 36: System Monitoring
• The ES-3148 supports IGMP snooping enabling group multicast traffic to be only forwarded to ports that are members of that group; thus allowing you to significantly reduce multicast traffic passing through your switch. • Broadcast storm control Quality of Service •...
Page 37: Hardware Features
Connect a backup power supply device to this port to ensure uninterrupted network connection in the event of a power failure. Fans The fans cool the switch sufficiently to allow reliable operation of the switch in even poorly ventilated rooms or basements. Power The ES-3148 requires 100~240VAC/1.5A power.
Page 38: Backbone Application
ES-3148 User’s Guide 1.4.1 Backbone Application In this application, the switch is an ideal solution for small networks where rapid growth can be expected in the near future. The switch can be used standalone for a group of heavy traffic users. You can connect computers directly to the switch’s port or connect other switches to the switch.
Page 39: High Performance Switched Example
Figure 2 Bridging Application 1.4.3 High Performance Switched Example The switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance.
Page 40: Tag-Based Vlan Example
In this example, only ports that need access to the server need belong to VLAN 1. Ports can belong to other VLAN groups too. Chapter 8 on page Chapter 1 Getting to Know Your Switch...
Page 41: Figure 5 Shared Server Using Vlan Example
ES-3148 User’s Guide Figure 5 Shared Server Using VLAN Example Chapter 1 Getting to Know Your Switch...
Page 42 ES-3148 User’s Guide Chapter 1 Getting to Know Your Switch...
Page 43: Hardware Installation And Connection
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the switch. These rubber feet help protect the switch from shock or vibration and ensure space between devices when stacking.
Page 44: Mounting The Switch On A Rack
2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the switch, lining up the four screw holes on the bracket with the screw holes on the side of the switch.
Page 45: Figure 8 Mounting The Switch On A Rack
ES-3148 User’s Guide Figure 8 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack.
Page 46 ES-3148 User’s Guide Chapter 2 Hardware Installation and Connection...
Page 47: Chapter 3 Hardware Overview
This chapter describes the front panel and rear panel of the switch and shows you how to make the hardware connections. 3.1 Panel Connections The figure below shows the front panel of the switch. Figure 9 Front Panel The following table describes the ports on the panels.
Page 48: Default Ethernet Settings
These are slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA).
Page 49: Transceiver Removal
Figure 10 Transceiver Installation Example 2 Press the transceiver firmly until it clicks into place. 3 The switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly. Figure 11 Installed Transceiver 3.1.2.2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver (SFP module).
Page 50: Rear Panel
• No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console cable to the console port of the switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.
Page 51: External Backup Power Supply Connector
Make sure you are using the correct power source as shown on the panel. To connect the power to the switch, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to the power source.
Page 52 ES-3148 User’s Guide Table 3 LEDs (continued) COLOR LNK/ACT Green Amber Green Green Gigabit Port LNK/ACT Green Amber Amber MGMT Green Amber STATUS DESCRIPTION Blinking The system is transmitting/receiving to/from a 10 Mbps or a 1000 Mbps Ethernet network. The link to a 10 Mbps or a 1000 Mbps Ethernet network is up. Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network.
Page 53: The Web Configurator
4.2 System Login 1 Start your web browser. 2 Type “http://” and the IP address of the switch (for example, the default for the management port is 192.168.0.1 and for the switch port is 192.168.1.1) in the Location or Address field. Press 3 The login screen appears.
Page 54: The Status Screen
B - Click this link to save your configuration into the switch’s nonvolatile memory. Nonvolatile memory is the configuration of your switch that stays the same even if the switch’s power is turned off.
Page 55: Menu Overview
4.4 Menu Overview In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview BASIC SETTING Chapter 4 The Web Configurator ADVANCED ROUTING PROTOCOL MANAGEMENT APPLICATION ES-3148 User’s Guide...
Page 56: Table 5 Web Configurator Screen Sub-Links Details
ES-3148 User’s Guide The following table lists the various web configurator screens within the sub-links. Table 5 Web Configurator Screen Sub-links Details BASIC SETTING System Info General Setup Switch Setup IP Setup Port Setup ADVANCED ROUTING PROTOCOL MANAGEMENT APPLICATION VLAN...
Page 57: Table 6 Navigation Panel Links
This link takes you to a screen where you can configure general identification information about the switch. Switch Setup This link takes you to a screen where you can set up global switch parameters such as VLAN type, MAC address learning, GARP and priority queues. IP Setup...
Page 58: Change Your Password
Routing Protocol Static Routing This link takes you to screens where you can configure static routes. A static route defines how the switch should forward traffic by configuring the TCP/IP parameters manually. DiffServ This link takes you to screens where you can configure DiffServ and DSCP settings.
Page 59: Saving Your Configuration
Note: Use the Save link when you are done with a configuration session. 4.6 Switch Lockout You could block yourself (and all others) from accessing the switch through the web configurator if you do one of the following: 1 Deleting the management VLAN (default is VLAN 1).
Page 60: Resetting The Switch
IP address is 192.168.0.1. 4.7 Resetting the Switch If you lock yourself (and others) out of the switch, you can try using out-of-band management. If you still cannot correct the situation or forgot the password, you will need to reload the factory-default configuration file.
Page 61: Reset To The Factory Defaults
1 Connect to the console port using a computer with terminal emulation software. See the chapter on hardware connections for details. 2 Disconnect and reconnect the switch's power to begin a session. When you reconnect the switch's power, you will see the initial screen.
Page 62: Logging Out Of The Web Configurator
Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session both for security reasons and so as you don’t lock out other switch administrators. Figure 21 Web Configurator: Logout Screen 4.9 Help...
Page 63: Initial Setup Example
This chapter shows how to set up the switch for an example network. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID • Configure the switch IP management address 5.1.1 Creating a VLAN...
Page 64: Setting Port Vid
IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the switch, select Fixed to configure port 1 to be a permanent member of the VLAN only. 4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the switch to remove VLAN tags before sending.
Page 65: Configuring Switch Management Ip Address
Figure 24 Initial Setup Example: Management IP Address 1 Connect your computer to any Ethernet port on the switch. Make sure your computer is in the same subnet as the switch. 2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator.
Page 66 This is the same as the VLAN ID you configure in the Static VLAN screen. 6 Select the Manageable check box to allow the switch to be managed from the ports belonging to VLAN2 using this specified IP address.
Page 67: System Status And Port Statistics
System Status and Port This chapter describes the system status (web configurator home page) and port details screens. 6.1 Port Status Summary The home screen of the web configurator displays a port statistical summary table with links to each port showing statistical details. To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.
Page 68: Status: Port Details
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the switch. Section 11.1.3 on page 108 for more information).
Page 69: Figure 26 Status: Port Details
Figure 26 Status: Port Details The following table describes the labels in this screen. Table 8 Status: Port Details LABEL DESCRIPTION Port Info Name This field shows the name of the port. Link This field shows whether the Ethernet connection is down, and the speed/duplex mode.
Page 70 ES-3148 User’s Guide Table 8 Status: Port Details (continued) LABEL DESCRIPTION LACP This field shows if LACP is enabled on this port or not. TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port.
Page 71 Table 8 Status: Port Details (continued) LABEL DESCRIPTION This field shows the number of packets (including bad packets) received that were 64 octets in length. 65-127 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length.
Page 72 ES-3148 User’s Guide Chapter 6 System Status and Port Statistics...
Page 73: Chapter 7 Basic Setting
The real time is then displayed in the switch logs. The Switch Setup screen allows you to set up and configure global switch features. The IP Setup screen allows you to configure a switch IP address, subnet mask(s) and DNS (domain name server) for management purposes.
Page 74: Figure 27 System Info
You may choose the temperature unit (Centigrade or Fahrenheit) in this field. Temperature MAC, CPU and PHY refer to the location of the temperature sensors on the switch printed circuit board. Current This field displays the current temperature measured at this sensor.
Page 75: General Setup
This field displays the maximum voltage measured at this point. This field displays the minimum voltage measured at this point. Threshold This field displays the minimum voltage at which the switch should work. Status Normal indicates that the voltage is within an acceptable operating range at this point;...
Page 76: Figure 28 General Setup
Enter the geographic location of your switch. You can use up to 32 printable ASCII characters; spaces are not allowed. Contact Person's Enter the name of the person in charge of this switch. You can use up to 32 Name printable ASCII characters; spaces are not allowed.
Page 77: Introduction To Vlans
1970-1-1 0:0. Time Server IP Enter the IP address of your timeserver. The switch searches for the timeserver for Address up to 60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds.
Page 78: Switch Setup Screen
Chapter 8 on page 87 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.
Page 79 Use the next two fields to configure the priority level-to-physical queue mapping. The switch has eight physical queues that you can map to the 8 priority levels. On the switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
Page 80: Ip Setup
IP address. 7.6.1 Management IP Addresses The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address.
Page 81: Figure 30 Ip Setup
ES-3148 User’s Guide Figure 30 IP Setup Chapter 7 Basic Setting...
Page 82: Table 12 Ip Setup
In-band Management IP Address DHCP Client Select this option if you have a DHCP server that can assign the switch an IP address, subnet mask, a default gateway IP address and a domain name server IP address automatically. Static IP Select this option if you don’t have a DHCP server or if you wish to assign static IP...
Page 83: Port Setup
Select this option to allow the switch to be managed using this specified IP address. Click Add to save the new rule to the switch’s run-time memory. It then displays in the summary table at the bottom of the screen.
Page 84: Figure 31 Port Setup
When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode.
Page 85 Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 86 ES-3148 User’s Guide Chapter 7 Basic Setting...
Page 87: Chapter 8 Vlan
The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
Page 88: Automatic Vlan Registration
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLANs groups beyond the local switch. Please refer to the following table for common IEEE 802.1Q VLAN terminology.
Page 89: Port Vlan Trunking
C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).
Page 90: Static Vlan
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamic - using GVRP, static - added as a permanent entry or other - added using Multicast VLAN Registration (MVR).
Page 91: Static Vlan Details
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamic - using GVRP, static - added as a permanent entry or other - added using Multicast VLAN Registration (MVR).
Page 92: Figure 36 Vlan: Static Vlan
ES-3148 User’s Guide Figure 36 VLAN: Static VLAN The following table describes the related labels in this screen. Table 17 VLAN: Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. VLAN Group ID Enter the VLAN ID for this static entry;...
Page 93: Configure Vlan Port Settings
LABEL DESCRIPTION Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 94: Table 18 Vlan: Vlan Port Setting
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 95: Protocol Based Vlans
When an upstream frame is received on a port (configured for a protocol based VLAN), the switch checks if a tag is added already and its protocol. The untagged packets of the same protocol are then placed in the same protocol based VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol.
Page 96: Figure 39 Protocol Based Vlan
Advanced Applications, VLAN screens. Priority Select the priority level that the switch will assign to frames belonging to this VLAN. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 97: Create An Ip-Based Vlan Example
Table 19 Protocol Based VLAN Setup (continued) LABEL DESCRIPTION Name This field shows the name the protocol based VLAN. Ethernet Type This field shows which Ethernet protocol is part of this protocol based VLAN. This field shows the VLAN ID of the port. Priority This field shows the priority which is assigned to frames belonging to this protocol based VLAN.
Page 98: Port-Based Vlan Setup
Port-based VLANs are specific only to the switch on which they were created. Note: When you activate port-based VLAN, the switch uses a default VLAN ID of 1. You cannot change it.
Page 99: Figure 41 Port Based Vlan Setup (All Connected)
ES-3148 User’s Guide Figure 41 Port Based VLAN Setup (All Connected) Chapter 8 VLAN...
Page 100: Figure 42 Port Based Vlan Setup (Port Isolation)
ES-3148 User’s Guide Figure 42 Port Based VLAN Setup (Port Isolation) Chapter 8 VLAN...
Page 101: Table 20 Port Based Vlan Setup
(its outgoing port). CPU refers to the switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the switch cannot be managed from that port.
Page 102 ES-3148 User’s Guide Chapter 8 VLAN...
Page 103: Static Mac Forwarding
MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the switch. See on port security.
Page 104: Table 21 Static Mac Forwarding
Enter the port where the MAC address entered in the previous field will be automatically forwarded. Click Apply to save your rule to the switch’s run-time memory. The switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 105: Chapter 10 Filtering
This chapter discusses static IP and MAC address port filtering. 10.1 Configure a Filtering Rule Filtering means sifting traffic going through the switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application and Filtering in the navigation panel to display the screen as shown next.
Page 106 Type the VLAN group identification number. Click Add to save this rule to the switch’s run-time memory. The switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 107: Spanning Tree Protocol
• IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol The switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 11.1 STP/RSTP Overview (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers.
Page 108: How Stp Works
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network.
Page 109: Multiple Rstp
MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 110: Configure Rapid Spanning Tree Protocol
ES-3148 User’s Guide Figure 46 Spanning Tree Protocol RSTP and MRSTP The following table describes the labels in this screen. Table 25 Spanning Tree Protocol: Status LABEL DESCRIPTION RSTP This link takes you to the Rapid Spanning Tree Protocol configuration screen. See Section 11.3 on page MRSTP This link takes you to the Multiple Rapid Spanning Tree Protocol configuration...
Page 111: Figure 47 Rstp: Configuration
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
Page 112: Rapid Spanning Tree Protocol Status
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 113: Configure Multiple Rapid Spanning Tree Protocol
This switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch. Hello Time...
Page 114: Figure 49 Mrstp: Configuration
STP tree. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch.
Page 115: Multiple Rapid Spanning Tree Protocol Status
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 116: Figure 50 Mrstp: Status
This switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch. Hello Time...
Page 117: Chapter 12 Bandwidth Control
This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out- going traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Page 118: Figure 51 Bandwidth Control
Table 30 Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the switch. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 119 DESCRIPTION Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 120 ES-3148 User’s Guide Chapter 12 Bandwidth Control...
Page 121: Broadcast Storm Control
Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Page 122: Table 31 Broadcast Storm Control
Table 31 Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the switch. Clear this check box to disable this feature. Port This field displays a port number. Settings in this row apply to all ports.
Page 123: Chapter 14 Mirroring
This chapter discusses the Mirror setup screens. 14.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application, Mirroring in the navigation panel to display the Mirroring screen.
Page 124: Table 32 Mirroring
LABEL DESCRIPTION Active Select this check box to activate port mirroring on the switch. Clear this check box to disable the feature. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port without interfering with the traffic flow on the original port(s).
Page 125: Chapter 15 Link Aggregation
“standby” ports become operational without user intervention. Please note that: • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking.
Page 126: Link Aggregation Id
ES-3148 User’s Guide 15.2.1 Link Aggregation ID LACP aggregation ID consists of the following information Table 33 Link Aggregation ID: Local Switch SYSTEM PRIORITY MAC ADDRESS 0000 Table 34 Link Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS 0000 15.3 Link Aggregation Control Protocol Status Click Advanced Application, Link Aggregation in the navigation panel.
Page 127: Link Aggregation Setup
The following table describes the labels in this screen. Table 35 Link Aggregation Control Protocol Status LABEL DESCRIPTION Index This field displays the trunk ID to identify a trunk group, that is, one logical link containing multiple ports. Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number.
Page 128: Figure 55 Link Aggregation: Configuration
Select this checkbox to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535. The switch with the lowest Priority system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Page 129 Select either 1 second or 30 seconds. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 130 ES-3148 User’s Guide Chapter 15 Link Aggregation...
Page 131: Chapter 16 Port Authentication
This chapter describes the 802.1x authentication method and RADIUS server connection setup. See Section 36.9 on page 281 additional Radius server settings as well as multiple Radius server configuration. 16.1 Port Authentication Overview IEEE 802.1x is an extended authentication protocol Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server.
Page 132: Tunnel Protocol Attribute
16.1.1.2 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server to assign a port on the switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for more information.
Page 133: Configuring Radius Server Settings
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the switch.
Page 134: Activate Ieee 802.1X Security
Table 40 Port Authentication: 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the switch. Note: You must first enable 802.1x authentication on the switch Port This field displays a port number. before configuring it on each port.
Page 135 Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 136 ES-3148 User’s Guide Chapter 16 Port Authentication...
Page 137: Chapter 17 Port Security
Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch. The switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
Page 138: Figure 60 Port Security
MAC addresses aged out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “254”. “0” means this feature is disabled.
Page 139 DESCRIPTION Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 140 ES-3148 User’s Guide Chapter 17 Port Security...
Page 141: Chapter 18 Classifier
This chapter introduces and shows you how to configure the packet classifier on the switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Page 142: Figure 61 Classifier
ES-3148 User’s Guide Figure 61 Classifier The following table describes the labels in this screen. Table 42 Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Packet Specify the format of the packet.
Page 143 Protocol Refer to Table 45 on page 145 You may select Establish Only for TCP protocol type. This means that the switch will pick out the packets that are sent to establish TCP connections. Source Enter a source IP address in dotted decimal notation.
Page 144: Viewing And Editing Classifier Configuration
ES-3148 User’s Guide Table 42 Classifier (continued) LABEL DESCRIPTION Click Add to insert the entry in the summary table below. Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. 18.3 Viewing and Editing Classifier Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen.
Page 145: Classifier Example
Table 44 Common Ethernet Types and Protocol Number ETHERNET TYPE Chaosnet X.25 Level 3 XNS Compat Banyan Systems BBN Simnet IBM SNA AppleTalk AARP Some of the most common IP ports are: Table 45 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP...
Page 146: Figure 63 Classifier: Example
ES-3148 User’s Guide Figure 63 Classifier: Example Chapter 18 Classifier...
Page 147: Chapter 19 Policy Rule
This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to 18 on page 141 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
Page 148: Configuring Policy Rules
ES-3148 User’s Guide 19.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to for more information. Click Advanced Applications and then Policy Rule in the navigation panel to display the screen as shown. Section 18.2 on page Chapter 19 Policy Rule...
Page 149: Figure 64 Policy
ES-3148 User’s Guide Figure 64 Policy Chapter 19 Policy Rule...
Page 150: Table 46 Policy
Profile DSCP number for out-of-profile traffic. DSCP Action Specify the action(s) the switch takes on the associated classified traffic flow. Forwarding Select No change to forward the packets. Select Discard the packet to drop the packets. Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before.
Page 151: Viewing And Editing Policy Configuration
Table 46 Policy (continued) LABEL DESCRIPTION Diffserv Select No change to keep the TOS and/or DSCP fields in the packets. Select Set the packet’s TOS field to set the TOS field with the value you configure in the TOS field. Select Replace the IP TOS with the 802.1 priority value to replace the TOS field with the value you configure in the Priority field.
Page 152: Policy Example
ES-3148 User’s Guide The following table describes the labels in this screen. Table 47 Policy: Summary Table LABEL DESCRIPTION Index This field displays the policy index number. Click an index number to edit the policy. Active This field displays Yes when policy is activated and No when is it deactivated. Name This field displays the descriptive name for this policy.
Page 153: Figure 66 Policy Example
ES-3148 User’s Guide Figure 66 Policy Example Chapter 19 Policy Rule...
Page 154 ES-3148 User’s Guide Chapter 19 Policy Rule...
Page 155: Chapter 20 Queuing Method
20.1.1 Strictly Priority Strictly Priority (SP) services queues based on priority only. As traffic comes into the switch, traffic on the highest priority queue, Q7 is transmitted first. When that queue empties, traffic on the next highest-priority queue, Q6 is transmitted until Q6 empties, and then traffic is transmitted on Q5 and so on.
Page 156: Weighted Round Robin Scheduling (Wrr)
ES-3148 User’s Guide 20.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port.
Page 157: Figure 67 Queuing Method
Enable subsequent queue(s) after and including the specified queue for the 10/100 Mbps Ethernet ports. For example, if you select Q5, the switch services traffic on Q5, Q6 and Q7 using Strictly Priority. Select None to always use WFQ or WRR for the 10/100 Mbps Ethernet ports.
Page 158: Table 48 Queuing Method
GE Port This field is applicable only when you select WFQ or WRR. Select a queue (Q0 to Q7) to have the switch use Strictly Priority to service the Enable subsequent queue(s) after and including the specified queue for the gigabit ports. For example, if you select Q5, the switch services traffic on Q5, Q6 and Q7 using Strictly Priority.
Page 159: Chapter 21 Vlan Stacking
This chapter shows you how to configure VLAN stacking on your switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 160: Vlan Stacking Port Roles
ES-3148 User’s Guide Figure 68 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. •...
Page 161: Frame Format
TPID (Tag Protocol Identifier) is the customer IEEE 802.1Q tag. • If the VLAN stacking port role is Access Port, then the switch adds the SP TPID tag to all incoming frames on the service provider's edge devices (1 and 2 in the VLAN stacking example figure).
Page 162: Configuring Vlan Stacking
LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the switch. SP TPID SP TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information. Choose 0x8100 or 0x9100 from the drop-down list box or select Others and then enter a four-digit hexadecimal number from 0x0000 to 0xFFFF.
Page 163 VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the switch add the SP TPID tag to all incoming frames received on this port. Select Access Port for ingress ports at the edge of the service provider's network.
Page 164 ES-3148 User’s Guide Chapter 21 VLAN Stacking...
Page 165: Chapter 22 Multicast
This allows you to control the distribution of multicast services (such as content information distribution) based on service plans and types of subscription. You can set the switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port.
Page 166: Multicast Status
ES-3148 User’s Guide The switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch.
Page 167: Figure 71 Multicast Setting
Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Host Timeout Specify the time (from 1 to 16,711,450) in seconds that elapses before the switch removes an IGMP group membership entry if it does not receive report messages from the port.
Page 168 (or server). The switch forwards IGMP join or leave packets to an IGMP query port. Select Auto to have the switch use the port as an IGMP query port if the port receives IGMP query packets. Select Fixed to have the switch always use the port as an IGMP query port. Select this when you connect an IGMP multicast server to the port.
Page 169: Igmp Filtering Profile
If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. Click Add to save the settings to the switch. Clear Click Clear to clear the fields to the factory defaults.
Page 170: Mvr Overview
Figure 73 MVR Network Example 22.5.1 Types of MVR Ports In MVR, a source port is a port on the switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast data. Once configured, the switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
Page 171: Mvr Modes
When the subscriber changes the channel or turns off the computer, an IGMP leave message is sent to the switch to leave the multicast group. The switch sends a query to VLAN 1 on the receiver port (in this case, a DSL port on the switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic.
Page 172: Figure 75 Mvr
Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN. 802.1p Priority Select a priority level (0-7) with which the switch replaces the priority in outgoing IGMP control packets (belonging to this multicast VLAN). Chapter 22 Multicast...
Page 173: Mvr Group Configuration
Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 174: Figure 76 Mvr: Group Configuration
IP address for a multicast group. Refer to Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 175: Mvr Configuration Example
22.7.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic.
Page 176: Figure 78 Mvr Configuration Example
ES-3148 User’s Guide Figure 78 MVR Configuration Example To set the switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200.
Page 177: Figure 79 Mvr Group Configuration Example
ES-3148 User’s Guide Figure 79 MVR Group Configuration Example Figure 80 MVR Group Configuration Example Chapter 22 Multicast...
Page 178 ES-3148 User’s Guide Chapter 22 Multicast...
Page 179: Chapter 23 Dhcp Relay
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a DHCP server. You can configure the switch to relay client DHCP requests to a DHCP server and the server's responses back to the clients.
Page 180: Figure 81 Dhcp Relay
This read-only field displays the system name you configure in the General Setup screen. Select the check box for the switch to add the system name to the DHCP client DHCP requests that it relays to a DHCP server. Apply Click Apply to save your changes to the switch’s run-time memory.
Page 181: Chapter 24 Static Route
This chapter shows you how to configure static routes. 24.1 Configuring Static Route Static routes tell the switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application, Static Routing in the navigation panel to display the screen as shown.
Page 182 Gateway IP Enter the IP address of the gateway. The gateway is an immediate neighbor of your Address switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch. Metric The metric represents the “cost”...
Page 183: Chapter 25 Diffserv Code Point
This chapter shows you how to set up Diffserv Code Point (DSCP) on each port and how to convert DSCP values to IEEE 802.1p values. 25.1 DiffServ Overview DiffServ Code Point (DSCP) is a field used for packet classification on DiffServ networks. The higher the value, the higher the priority.
Page 184: Configure Dscp Setting
This allows you to activate DiffServ on a per port basis. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 185: Table 61 Static Routing
DSCP value. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 186 ES-3148 User’s Guide Chapter 25 DiffServ Code Point...
Page 187: Chapter 26 Maintenance
Table 62 Maintenance LABEL DESCRIPTION Current This field displays which configuration (Configuration 1 or Configuration 2) is currently operating on the switch. Firmware Click Click Here to go to the Firmware Upgrade screen. Upgrade Restore Click Click Here to go to the Restore Configuration screen.
Page 188: Load Factory Defaults
3 In the web configurator, click the Save button to make the changes take effect. If you want to access the switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default switch IP address (192.168.1.1).
Page 189: Reboot System
The following screen displays. Figure 87 Reboot System: Confirmation 2 Click OK again and then wait for the switch to restart. This takes up to two minutes. This does not affect the switch’s configuration. Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the switch.
Page 190: Restore A Configuration File
Figure 88 Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the switch in the File Path text box or click Browse to locate it. After you have specified the file, click Upgrade.
Page 191: Ftp Command Line
Back up your current switch configuration to a computer using the Backup Configuration screen. Figure 90 Backup Configuration Follow the steps below to back up the current switch configuration to your computer in this screen. 1 Click Backup. 2 Click Save to display the Save As screen.
Page 192: Example Ftp Commands
If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the switch only recognizes “config” and “ras”. Be sure you keep unaltered copies of both files for later use.
Page 193: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the switch will disconnect the Telnet session immediately. Chapter 26 Maintenance DESCRIPTION Enter the address of the host server.
Page 194 ES-3148 User’s Guide Chapter 26 Maintenance...
Page 195: Chapter 27 Access Control
This chapter describes how to control access to the switch. 27.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share four sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
Page 196: About Snmp
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (the switch). An agent translates the local management information from the managed switch into a form compatible with SNMP.
Page 197: Supported Mibs
RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP 27.3.2 SNMP Traps The switch sends traps to an SNMP manager when an event occurs. SNMP traps supported are outlined in the following table. Table 67 SNMP Traps...
Page 198: Configuring Snmp
Enter the IP addresses of up to four stations to send your SNMP traps to. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 199: Figure 94 Access Control: Logins
• A non-administrator (username is something other than admin) is someone who can view but not configure switch settings. Click Access Control from the navigation panel and then click Logins from this screen. Figure 94 Access Control: Logins The following table describes the labels in this screen.
Page 200: Ssh Overview
DESCRIPTION Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 201: Ssh Implementation On The Switch
Your switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time.
Page 202: Requirements For Using Ssh
(you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always...
Page 203: Https Example
27.8 HTTPS Example If you haven’t changed the default HTTPS port on the switch, then in your browser enter “https://switch IP Address/” as the web site address where “switch IP Address” is the IP address or domain name of the switch you wish to access.
Page 204: The Main Screen
Figure 100 Security Certificate 2 (Netscape) 27.8.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. A lock displayed in the bottom right of the browser status bar denotes a secure connection.
Page 205: Service Port Access Control
Figure 101 Example: Lock Denoting a Secure Connection 27.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later).
Page 206: Remote Management
From the Access Control screen, display the Remote Management screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the switch. Click Access Control to return to the Access Control screen.
Page 207: Figure 103 Access Control: Remote Management
Configure the IP address range of trusted computers from which you can manage this switch. End Address The switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The switch immediately disconnects the session if it does not match.
Page 208 ES-3148 User’s Guide Chapter 27 Access Control...
Page 209: Chapter 28 Diagnostic
IP Ping Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test.
Page 210 ES-3148 User’s Guide Chapter 28 Diagnostic...
Page 211: Chapter 29 Syslog
This chapter explains the syslog screens. 29.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164.
Page 212: Syslog Server Setup
Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 213: Figure 106 Syslog: Server Setup
The lower the number, the more critical the logs are. Click Add to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 214 ES-3148 User’s Guide Chapter 29 Syslog...
Page 215: Chapter 30 Cluster Management
Cluster Member Models Cluster Manager Cluster Members In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Chapter 30 Cluster Management H A P T E R...
Page 216: Cluster Management Status
ES-3148 User’s Guide Figure 107 Clustering Application Example 30.2 Cluster Management Status Click Management, Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Chapter 30 Cluster Management...
Page 217: Cluster Member Switch Management
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
Page 218: Uploading Firmware To A Cluster Member Switch
Figure 109 Cluster Management: Cluster Member Web Configurator Screen 30.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example.
Page 219: Clustering Management Configuration
User Password 360lt0.bin fw-00-a0-c5-01-23-46 config-00-a0-c5-01-23-46 This is the cluster member switch’s configuration file name as seen 30.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen to display the next screen. Chapter 30 Cluster Management...
Page 220: Figure 111 Clustering Management Configuration
Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). This is the VLAN ID and is only applicable if the switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 221 Chapter 30 Cluster Management DESCRIPTION Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 222 ES-3148 User’s Guide Chapter 30 Cluster Management...
Page 223: Chapter 31 Mac Table
(learned by the switch) or static (manually entered in the Static MAC Forwarding screen). The switch uses the MAC table to determine how to forward frames. See the following figure. 1 The switch examines a received frame and learns the port on which this source MAC address came.
Page 224: Viewing The Mac Table
Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen). Chapter 31 MAC Table...
Page 225: Chapter 32 Arp Table
If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the switch puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address).
Page 226: Figure 114 Arp Table
Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
Page 227: Chapter 33 Configure Clone
This chapter shows you how you can copy the settings of one port onto other ports. 33.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management, Configure Clone to open the following screen. Figure 115 Configure Clone Chapter 33 Configure Clone ES-3148 User’s Guide...
Page 228: Table 82 Configure Clone
Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 229: Chapter 34 Introducing Commands
This chapter introduces commands and gives a summary of commands available. 34.1 Overview In addition to the web configurator, you can use commands to configure the switch. Use commands for advanced switch diagnosis and troubleshooting. If you have problems with your switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
Page 230: Initial Screen
1 For local management, connect your computer to the RJ-45 management port (labeled MGMT) on the switch. 2 Make sure your computer IP address and the switch IP address are on the same subnet. In Windows, click Start (usually in the bottom left corner), Run and then type (the default management IP address) and click OK.
Page 231: Changing The Password
• Use the up or down arrow key to scroll through the command history list. • You may enter a unique part of a command and press [TAB] to have the switch automatically display the full command. For example, if you enter “...
Page 232: Command Modes
ES-3148 User’s Guide Use the following commands to specify privilege levels for login accounts. Syntax: logins username <username> password <password> logins username <username> privilege <0-14> where username <username> password <password> privilege <0-14> 34.7 Command Modes There are three command modes: User, Enable and Configure. The modes (and commands) available to you depend on what level of privilege your account has.
Page 233: Getting Help
Config Commands available in this mode allow you to configure settings that affect the switch globally. Command modes that follow are sub-modes of the config mode and can only be accessed from within the config mode. Config-vlan...
Page 234: List Of Available Commands
ES-3148 User’s Guide • List of available commands under a command group. • Detailed descriptions of the commands. 34.8.1 List of Available Commands Enter “ ” to display a list of available commands and the corresponding sub commands. help sysname> help Commands available: help logout...
Page 235 Enter “ ” to display a list of commands you can use. sysname# ? baudrate boot cable-diagnostics configure copy disable enable erase exit help history igmp-flush kick logout mac-flush ping reload show traceroute write Enter <command> help sysname> ping help Commands available: ping <ip|host-name>...
Page 236: Using Command History
34.9 Using Command History The switch keeps a list of recently used commands available to you for reuse. You can use any commands in the history again by pressing the up ( ) or down ( ) arrow key to scroll through the previously used commands and press of commands.
Page 237: Logging Out
34.11 Command Summary The following sections summarize the commands available in the switch together with a brief description of each command. Commands listed in the tables are in the same order as they are displayed in the CLI. See the related section in the User’s Guide for more background information.
Page 238: Enable Mode
ES-3148 User’s Guide Table 84 Command Summary: User Mode (continued) COMMAND help <1|2> <[user@]dest- ip> 34.11.2 Enable Mode The following table describes the commands available for Enable mode. Table 85 Command Summary: Enable Mode COMMAND help logout exit history enable disable configure stk-port-...
Page 239 Table 85 Command Summary: Enable Mode (continued) COMMAND spanning-tree mrstp <treeIndex> lacp trunk radius-server port-access- authenticator port-security snmp-server logins service-control remote- management classifier policy interface <port- list> interfaces config <port- list> Chapter 34 Introducing Commands DESCRIPTION Displays port isolation settings. port-isolation Displays Spanning Tree Protocol config...
Page 240 ES-3148 User’s Guide Table 85 Command Summary: Enable Mode (continued) COMMAND vlan running-config timesync time garp loginPrecedence logging vlan-stacking https DESCRIPTION Displays bandwidth control bandwidth- settings on the port(s). control Displays outgoing port information egress on the port(s). Displays broadcast storm control bstorm-control settings on the port(s).
Page 241 DIsplays all MVR (Multicast VLAN Registration) settings. DIsplays specified MVR <vlan-id> information. Displays DiffServ settings on the switch. Removes all IGMP information. Resets a TCP connection. Use the show ip tcp the Session ID. Clears the MAC address table. Removes all learned MAC address on the specified port(s).
Page 242 Restarts the system with the specified configuration file. Restarts the system and use the specified configuration file. Saves current configuration to the configuration file the switch is currently using. Saves current configuration to the <index> specified configuration file on the switch.
Page 243: General Configuration Mode
<mask> Enables a specified IP static route <ip> route. <mask> inactive Clears the IGMP filtering settings on the switch. Deletes the IGMP filtering profile. 13 profile <name> Deletes a rule in the IGMP profile <name> filtering profile. start-address <ip> end- address <ip>...
Page 244 <port-list> Disables Bridge Control Protocol (BCP) transparency. Disables broadcast storm control. 13 Disable bandwidth control on the switch. Disables GVRP on the switch. gvrp Disables port isolation. port-isolation Disables STP. Disables STP on listed ports. <port-list> Disables the specified STP <treeIndex>...
Page 245 Disables FTP access to the switch. Disables web browser control to http the switch. Disables SSH (Secure Shell) server access to the switch. Disables secure web browser https access to the switch. Disables ICMP access to the icmp switch such as pinging and tracerouting.
Page 246: Cluster Member
Disables another administrator from logging into Telnet. Disables cluster management on the switch. Removes the cluster member. <mac-address> Disables MVR on the switch. <vlan-id> Disables Strict Priority Queuing on the switch. Disables syslog logging. Disables syslog logging to the server <ip- specified syslog server.
Page 247 Sets the queuing method to WFQ (Weighted Fair Queuing). Sets the queuing method to WRR (Weighted Round Robin). Sets the switch to use SPQ to service the subsequent queue(s) after and including the specified queue for the 10/100 Mbps Ethernet ports.
Page 248 ES-3148 User’s Guide Table 86 Command Summary: Configuration Mode (continued) COMMAND name-server address default- gateway address mac- name <name> mac forward <mac-addr> vlan <vlan-id> interface <interface-id> mac-filter name <name> mac <mac-addr> vlan <vlan-id> drop <src/dst/both> mirror- port <port-num> lacp system-priority trunk <T1|T2|T3|T4|T5| T6>...
Page 249 <mask-bits>] ] [ destination- socket <socket- num> ] inactive ] > Chapter 34 Introducing Commands DESCRIPTION Sets the cluster member switch's hardware MAC address and password. Logs into a cluster member switch. Configures a classifier. A classifier groups traffic into data...
Page 250 ES-3148 User’s Guide Table 86 Command Summary: Configuration Mode (continued) COMMAND policy <name> classifier <classifier- list> < vlan<vlan-id> ] [ egress-port <port-num> ] [ priority <0-7> [ dscp <0- 63>] [ tos <0-7> ] bandwidth <bandwidth> ] [ outgoing- packet-format <tagged|untagged >...
Page 251 Note: All previously learned dynamic MAC addresses are saved to the static MAC address table. Enables GVRP. Enables port-isolation. Configures GARP time settings. Enables STP on the switch. Sets the bridge priority of the switch. ES-3148 User’s Guide PRIVILEGE...
Page 252 <1- configuration to the ports. 2> Displays the detailed help for the mrstp command. Sets the switch’s name for identification purposes. Sets the time in hour, minute and second format. Selects the time difference between UTC (formerly known as GMT) and your time zone.
Page 253 <index> management Chapter 34 Introducing Commands DESCRIPTION Enables broadcast storm control on the switch. Enables bandwidth control. Sets learned MAC aging time. Sets the get community. Sets the set community. Sets the trap community. Sets the IP addresses of up to four stations to send your SNMP traps to.
Page 254 Enables VLAN stacking on the switch. Sets the SP TPID (Service Provider Tag Protocol Identifier). Specifies through which traffic flow the switch is to send packets. Adds a remote host to which the switch can access using SSH service. Re-generates a certificate.
Page 255: Interface Port-Channel Commands
<number> Chapter 34 Introducing Commands DESCRIPTION Allows the switch to add DHCP relay agent information. Allows the switch to add system name to agent information. Enables DiffServ on the switch. Maps DSCP value with an 802.1p priority <0-7>...
Page 256 VLANs that are not included in a port member set. Enables this function to permit VLAN groups beyond the local switch. Choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port.
Page 257: Qos Priority
Sets the maximum bandwidth egress <Kbps> allowed for outgoing traffic on the port(s). Enables broadcast storm control limit on the switch. Sets how many broadcast packets <pkt/s> the interface receives per second. Enables the interface multicast limit.
Page 258 Disables multicast limit on the multicast-limit switch. Disables destination lookup failure dlf-limit (DLF) limit on the switch. Enables the port(s) on the switch. inactive Disables intrusion-lock on a port so intrusion-lock that a port can be connected again after you disconnected the cable.
Page 259: Config-Vlan Commands
Table 87 interface port-channel Commands (continued) COMMAND protocol-based- vlan name <name> ethernet-type <ethernet-type> vlan <vid> priority <0-7> 34.11.5 config-vlan Commands The following table lists the Table 88 Command Summary: config-vlan Commands COMMAND vlan <1- 4094> name <name-str> normal <port- list> fixed <port- list>...
Page 260: Mvr Commands
IP address in this inband-default VLAN. dhcp-bootp The switch will use the default IP address of 0.0.0.0 if you do not configure a static IP address. Deletes the IP address and subnet ip address <ip- mask from this VLAN.
Page 261 MVR. Exist from the MVR configuration mode. Sets a priority level (0-7) to which the switch changes the priority in outgoing IGMP control packets. Disables the source port(s). An MVR source port can send and receive multicast traffic in a multicast VLAN.
Page 262 ES-3148 User’s Guide Chapter 34 Introducing Commands...
Page 263: User And Enable Mode Commands
This chapter describes some commands which you can perform in the User and Enable modes. 35.1 Overview The following command examples show how you can use User and Enable modes to diagnose and manage your switch. 35.2 show Commands These are the commonly used 35.2.1 show system-information...
Page 264: Show Ip
35.2.2 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all switch interfaces. The following figure shows the default interface settings. sysname> show ip Out-of-band Management IP Address = 192.168.0.1 Management IP Address IP[192.168.0.1], Netmask[255.255.255.0], VID[0]...
Page 265: Show Mac Address-Table
This command displays statistics of a port. The following example shows that port 2 is up and the related information. sysname# show interface 2 Port Info Port NO. Link Status LACP TxPkts RxPkts Errors Tx KBs/s Rx KBs/s Up Time TX Packet Tx Packets Multicast...
Page 266: Ping
ES-3148 User’s Guide This command displays the MAC address(es) stored in the switch. The following example shows the static MAC address table. sysname# show mac address-table static Port VLAN ID sysname# 35.3 ping Syntax: ping <ip|host-name> < [in-band|out-of-band|vlan <vlan-id> ] [ size <0-1472>...
Page 267: Copy Port Attributes
Ethernet device belongs. Specifies the Time To Live (TTL) period. Specifies the time period to wait. Specifies how many tries the switch performs the traceroute function. command to copy attributes of one port to another port or ES-3148 User’s Guide...
Page 268: Configuration File Maintenance
You can store up to two configuration files on the switch. Only one configuration file is used at a time. By default the switch uses the first configuration file (with an index number of 1). You can set the switch to use a different configuration file. There are two ways in which you can set the switch to use a different configuration file: restart the switch (cold reboot) and restart the system (warm reboot).
Page 269: Resetting To The Factory Default
Note: When you use the file index number, the switch saves the changes to the configuration file the switch is currently using. 35.6.2 Resetting to the Factory Default Follow the steps below to reset the switch back to the factory defaults.
Page 270 ES-3148 User’s Guide Chapter 35 User and Enable Mode Commands...
Page 271: Configuration Mode Commands
Configuration Mode Commands This chapter describes how to enable and configure your switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 36.1 Enabling IGMP Snooping To enable IGMP snooping on the switch. Enter...
Page 272: Configure Igmp Filter
ES-3148 User’s Guide • Enable IGMP snooping on the switch. • Set the host-timeout • Set the switch to drop packets from unknown multicast groups. sysname(config)# igmp-snooping sysname(config)# igmp-snooping host-timeout 30 sysname(config)# igmp-snooping leave-timeout 30 sysname(config)# igmp-snooping unknown-multicast-frame drop 36.2 Configure IGMP Filter Use the following commands in the config mode to configure IGMP filtering profiles.
Page 273: Enabling Stp
Specifies the bridge priority for the switch. The lower the numeric value you assign, the higher the priority for this bridge. Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
Page 274 • Set the bridge priority of the switch to 0. • Set the Hello Time to 4, Maximum Age to 20 and Forward Delay to 15 on the switch. • Enable STP on port 5 with a path cost of 150.
Page 275: No Command Examples
Disables STP on the switch. Disables port mirroring on the switch. 36.4.2 Resetting Commands Use the command to reset switch settings to their default values. Syntax: no https timeout Resets the https session timeout to default. An example is shown next. The session timeout is reset to 300 seconds.
Page 276: Other Examples Of No Commands
ES-3148 User’s Guide where <ip> <mask> inactive An example is shown next. • Enable the IP route with the IP address of 192.168.11.1 and subnet mask of 255.255.255.0. This ip route must have already been created and made inactive prior to re-enable command being applied.
Page 277: No Port-Access-Authenticator
Disables port authentication on the switch. Disables the re-authentication mechanism on the listed port(s). Disables authentication on the listed ports. Disables the secure shell server encryption key. Your switch supports SSH versions 1 and 2 using RSA and DSA authentication.
Page 278: Queuing Method Commands
• Set the queueing method to SPQ. sysname(config)# spq 36.6 Static Route Commands You can create and configure static routes on the switch by using the Sets the queuing method to SPQ (Strictly Priority Queuing). Sets the queuing method to WFQ (Weighted Fair Queuing).
Page 279: Enabling Mac Filtering
Specifies the subnet mask of this destination. Specifies the IP address of the gateway. The gateway is an immediate neighbor of your switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch.
Page 280: Enabling Trunking
ES-3148 User’s Guide where name <name> mac <mac-addr> vlan <vlan-id> drop <src/dst/both> An example is shown next. • Create a filtering rule called “filter1”. • Drop packets coming from and going to MAC address 00:12:00:12:00:12 on VLAN. sysname(config)# mac-filter name filter 1 sysname(config)# mac-filter name filter 1 mac 00:12:00:12:00:12 vlan 1 drop both 36.8 Enabling Trunking...
Page 281: Enabling Port Authentication
To enable a port authentication, you need to specify your RADIUS server details and select the ports which require external authentication. You can set up multiple RADIUS servers and specify how the switch will process authentication requests. 36.9.1 RADIUS Server Settings Configuring multiple RADIUS servers is only available via the command interpreter mode.
Page 282: Port Authentication Settings
RADIUS server. If 2 RADIUS servers are configured, this is the total time the switch will wait for a response from either server. Specifies the way the switch will process requests from the clients to the RADIUS server. (Only applicable with multiple RADIUS servers configured.)
Page 283 • Specify RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password. See commands. • Specify the timeout period of 30 seconds that the switch will wait for a response from the RADIUS server. • Enable port authentication on ports 4 to 8.
Page 284 ES-3148 User’s Guide Chapter 36 Configuration Mode Commands...
Page 285: Chapter 37 Interface Commands
These are some commonly used configuration commands that belong to the group of commands. 37.1 Overview The interface commands allow you to configure the switch on a port by port basis. 37.2 Interface Command Examples This section provides examples of some frequently used interface commands.
Page 286: Broadcast-Limit
BPDU. , to forward BPDUs received on ports one, three, four tunnel Enables broadcast storm control limit on the switch. Limits how many broadcast packet the interface receives per second. command enables bandwidth control on the switch.
Page 287: Mirror
Sets the maximum bandwidth allowed for incoming traffic. Sets the guaranteed bandwidth allowed for incoming traffic. Sets the maximum bandwidth allowed for outgoing traffic (egress) on the switch. = Enables port mirroring for incoming, outgoing or both incoming and outgoing traffic.
Page 288: Gvrp
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local switch. An example is shown next.
Page 289: Frame-Type
<wt1> <wt2> ... <wt8> An example is shown next. • Enable WFQ queuing on the switch. • Enable port 2 and ports 6 to 8 for configuration. Chapter 37 Interface Commands Choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port.
Page 290: Egress Set
<port-list> An example is shown next. • Enable port-based VLAN tagging on the switch. • Enable ports one, three, four and five for configuration. • Set the outgoing traffic ports as the CPU (0), seven (7), and eight (8).
Page 291: Name
37.2.12 name Syntax: name <port-name-string> where <port-name-string> An example is shown next. • Enable ports one, three, four and five for configuration. • Set a name for the ports. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# name Test 37.2.13 speed-duplex Syntax: speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full> where <auto|10-half|10- full|100-half|100-...
Page 292: Interface No Command Examples
ES-3148 User’s Guide An example is shown next. • Select ports 3-6 for internal loopback test. • Execute the test command. • View the results. sysname(config)# interface port-channel 3-6 sysname(config-interface)# test 3-6 Testing internal loopback on port 3 :Passed! Ethernet Port 3 Test ok. Testing internal loopback on port 4 :Passed! Ethernet Port 4 Test ok.
Page 293: Ieee 802.1Q Tagged Vlan Commands
(config-interface)# pvid 2000 sysname (config-interface)# exit 2 Configure your management VLAN. • Use the vlan <vlan-id> managing the switch, and the switch will activate the new management VLAN. • Use the inactive sysname (config)# vlan 3 sysname (config-vlan)# inactive Chapter 38 IEEE 802.1Q Tagged VLAN Commands...
Page 294: Global Vlan1Q Tagged Vlan Configuration Commands
This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 38.2.1 GARP Status Syntax: show garp This command shows the switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. sysname # show garp...
Page 295: Gvrp Timer
This command turns on GVRP in order to propagate VLAN information beyond the switch. 38.2.5 Disable GVRP Syntax: no vlan1q gvrp This command turns off GVRP so that the switch does not propagate VLAN information to other switches. 38.3 Port VLAN Commands You must configure the switch port VLAN settings in config-interface mode.
Page 296: Set Port Vid
ES-3148 User’s Guide 38.3.1 Set Port VID Syntax: pvid <VID> where Specifies the VLAN number between 1 and 4094. <VID> This command sets the default VLAN ID on the port(s). The following example sets the default VID to 200 on ports 1 to 5. sysname (config)# interface port-channel 1-5 sysname (config-interface)# pvid 200 38.3.2 Set Acceptable Frame Type...
Page 297: Modify Static Vlan
38.3.4.2 Forwarding Process Example 38.3.4.2.1 Tagged Frames 1 First the switch checks the VLAN ID (VID) of tagged frames or assigns temporary VIDs to untagged frames. 2 The switch then checks the VID in a frame’s tag against the SVLAN table.
Page 298: Delete Vlan Id
The switch also does not forward frames to “forbidden” ports. 4 If after looking at the SVLAN, the switch does not have any ports to which it will send the frame, it won’t check the port filter.
Page 299: Disable Vlan
• VID is the VLAN identification number. • Status shows whether the VLAN is static or active. • Elap-Time is the time since the VLAN was created on the switch. • The section of the last column shows which ports are tagged and which are TagCtl untagged.
Page 300 ES-3148 User’s Guide Chapter 38 IEEE 802.1Q Tagged VLAN Commands...
Page 301: Multicast Vlan Registration Commands
Multicast VLAN Registration This chapter shows you how to use Multicast VLAN Registration (mvr) commands. 39.1 Overview Use the mvr commands in the configuration mode to create and configure multicast VLANs. Note: If you want to enable IGMP snooping see 39.2 Create Multicast VLAN Use the following commands in the config-mvr mode to configure a multicast VLAN group.
Page 302 ES-3148 User’s Guide group name <name-str> start-address <ip> end-address <ip> • Enter MVR mode. Create a multicast VLAN with the name multiVlan and the VLAN ID of 3. • Specify source ports 2, 3, and 5 and receiver ports 6-8. •...
Page 303: Chapter 40 Troubleshooting
IP address, your computer’s IP address must match it. Refer to the chapter on access control for details. Your computer’s and the switch’s IP addresses must be on the same subnet. See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.
Page 304: Pop-Up Windows, Javascripts And Java Permissions
ES-3148 User’s Guide 40.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 305: Figure 118 Internet Options
Figure 118 Internet Options 3 Click Apply to save this setting. 40.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 306: Figure 119 Internet Options
ES-3148 User’s Guide Figure 119 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 40 Troubleshooting...
Page 307: Javascripts
Figure 120 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 40.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 308: Figure 121 Internet Options
ES-3148 User’s Guide Figure 121 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 309: Java Permissions
Figure 122 Security Settings - Java Scripting 40.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 310: Figure 123 Security Settings - Java
ES-3148 User’s Guide Figure 123 Security Settings - Java 40.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 40 Troubleshooting...
Page 311: Problems With The Password
Figure 124 Java (Sun) 40.3 Problems with the Password Table 92 Troubleshooting the Password PROBLEM Cannot access the switch. Chapter 40 Troubleshooting CORRECTIVE ACTION The password field is case sensitive. Make sure that you enter the correct password using the proper casing.
Page 312 ES-3148 User’s Guide Chapter 40 Troubleshooting...
Page 313: Table 93 General Product Specifications
These are the switch product specifications. Table 93 General Product Specifications Ethernet 48 10/100 Base-TX interfaces Interface Auto-negotiation Auto-MDI/MDIX Compliant with IEEE 802.3/3u Back pressure flow control for half duplex Flow control for full duplex (IEEE 802.3x) RJ-45 Ethernet cable connector...
Page 314: Table 94 Management Specifications
RFC2013 UDP MIB RFC2674 Bridge MIB extension (for IEEE 802.1Q) Table 95 Physical and Environmental Specifications LEDs Per switch: PWR, SYS, ALM, BPS Per Ethernet port: LNK/ACT, FDX Dimension 438 mm (W) x 270 mm (D) x 44.45 mm (H) Standard 19”...
Page 315 Table 95 Physical and Environmental Specifications (continued) Safety ANS/UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) Appendix A ES-3148 User’s Guide...
Page 316 ES-3148 User’s Guide...
Page 317: Introduction To Ip Addresses
IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
Page 318: Table 96 Classes Of Ip Addresses
ES-3148 User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 96 Classes of IP Addresses IP ADDRESS OCTET 1 Class A Network number Class B Network number Class C Network number An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
Page 319: Table 98 "Natural" Masks
Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number.
Page 320: Table 100 Two Subnets Example
ES-3148 User’s Guide Table 99 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.240 255.255.255.248 255.255.255.252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C”...
Page 321: Table 101 Subnet 1
Table 101 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.127 Table 102 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.255 Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 –...
Page 322: Table 104 Subnet 2
ES-3148 User’s Guide Table 103 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 Table 104 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 105 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary)
Page 323: Table 107 Eight Subnets
The following table shows class C IP address last octet values for each subnet. Table 107 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS The following table is a summary for class “C” subnet planning. Table 108 Class C Subnet Planning NO.
Page 324: Table 109 Class B Subnet Planning
ES-3148 User’s Guide The following table is a summary for class “B” subnet planning. Table 109 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS 255.255.128.0 (/17) 255.255.192.0 (/18) 255.255.224.0 (/19) 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25)
Page 325: Index
CFI (Canonical Format Indicator) changing password accessing syntax conventions cloning a port. See port cloning. cluster management and switch passwords cluster manager cluster member cluster member firmware upgrade network example setup specification status switch models web configurator...
Page 326 ES-3148 User’s Guide change running config saving 59, 236 configuration file 60, 236 and commands backup restore 60, 190 connections hardware console port 37, 47 commands settings 50, 229 contact information copying port settings. See port cloning. copyright CPU management port CRC (Cyclic Redundant Check) current date current time...
Page 327 hardware connections front panel installation installation precautions mounting brackets overview rack-mounting rubber feet transceivers 48, 49 help in command interpreter web configurator history in command interpreter HTTPS certificates implementation public keys, private keys IEEE 802.1p, priority IEEE 802.1x activate reauthentication IGMP version IGMP filtering...
Page 328 ES-3148 User’s Guide transceiver installation transceiver removal mirroring ports modes and accounts in command interpreter mounting brackets MSA (MultiSource Agreement) MTU (Multi-Tenant Unit) multicast multicast group multicast settings multicast VLAN multicasting 802.1 priority addresses setup Multiple Spanning Tree Protocol configuration configuration example group configuration how it works...
Page 329 112, 115 port state root port status 112, 115 terminology subnet subnet mask subnetting switch lockout switch reset switch setup sys commands examples 263, 275 sys log disp sys sw mac list syslog protocol server setup settings ES-3148 User’s Guide...
Page 330 ES-3148 User’s Guide setup severity levels system information system log system login system reboot tagged VLAN Telnet commands logging in management time current time server time zone Time (RFC-868) time server time service protocol time format time zone trademarks transceiver installation removal traps...

ZyXEL Communications ZyXEL Dimension ES-3148 User Manual

Table of Contents

List of Figures

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forwarding

Chapter 10 Filtering

Chapter 11 Spanning Tree Protocol

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Chapter 22 Multicast

Chapter 23 DHCP Relay

Chapter 24 Static Route

Chapter 25 Diffserv Code Point

Chapter 26 Maintenance

Chapter 27 Access Control

Chapter 28 Diagnostic

Chapter 29 Syslog

Chapter 30 Cluster Management

Chapter 31 MAC Table

Chapter 32 ARP Table

Chapter 33 Configure Clone

Chapter 34 Introducing Commands

Chapter 35 User and Enable Mode Commands

Chapter 36 Configuration Mode Commands

Chapter 37 Interface Commands

Chapter 38 IEEE 802.1Q Tagged VLAN Commands

Chapter 39 Multicast VLAN Registration Commands

Chapter 40 Troubleshooting

Appendix A

Appendix B

Quick Links

Chapters

Troubleshooting

Related Manuals for ZyXEL Communications ZyXEL Dimension ES-3148

Summary of Contents for ZyXEL Communications ZyXEL Dimension ES-3148