Page 1 ES-4124 Intelligent Layer 3+ Switch User’s Guide Version 3.8 4/2007 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com...
Page 3: About This User's Guide
• Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. It is recommended you use the web configurator to configure the Switch. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product...
Page 4: Document Conventions
Syntax Conventions • The ES-4124 may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Server Telephone ES-4124 User’s Guide Computer Notebook computer DSLAM Firewall Switch Router...
Page 6: Safety Warnings
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings This product is recyclable. Dispose of it properly. ES-4124 User’s Guide...
Page 8 Safety Warnings ES-4124 User’s Guide...
Page 9: Table Of Contents
Introduction ... 35 Getting to Know Your Switch ... 37 Hardware Installation and Connection ... 41 Hardware Overview ... 45 Basic Configuration ... 51 The Web Configurator ... 53 Initial Setup Example ... 63 System Status and Port Statistics ... 69 Basic Setting ...
Page 10 Contents Overview IP Multicast ... 253 Differentiated Services ... 255 DHCP ... 263 VRRP ... 271 Management ... 281 Maintenance ... 283 Access Control ... 289 Diagnostic ... 307 Syslog ... 309 Cluster Management ... 313 MAC Table ... 319 IP Table ...
Page 11: Table Of Contents
2.1 Freestanding Installation ... 41 2.2 Mounting the Switch on a Rack ... 42 2.2.1 Rack-mounted Installation Requirements ... 42 2.2.2 Attaching the Mounting Brackets to the Switch ... 42 2.2.3 Mounting the Switch on a Rack ... 43 Chapter 3 Hardware Overview...
Page 12 4.3.1 Change Your Password 4.4 Saving Your Configuration ... 59 4.5 Switch Lockout ... 59 4.6 Resetting the Switch 4.6.1 Reload the Configuration File ... 60 4.7 Logging Out of the Web Configurator ... 61 4.8 Help ... 61 Chapter 5 Initial Setup Example...
Page 13 7.4 Introduction to VLANs ... 79 7.5 Switch Setup Screen 7.6 IP Setup ... 81 7.6.1 IP Interfaces ... 81 7.7 Port Setup ... 83 Part III: Advanced Setup... 87 Chapter 8 VLAN ... 89 8.1 Introduction to IEEE 802.1Q Tagged VLANs 8.1.1 Forwarding Tagged and Untagged Frames ...
Page 14 Table of Contents 11.1 STP/RSTP Overview 11.1.1 STP Terminology ... 109 11.1.2 How STP Works ...110 11.1.3 STP Port States ...111 11.1.4 Multiple RSTP 11.1.5 Multiple STP ...112 11.2 Spanning Tree Protocol Status Screen ...114 11.3 Spanning Tree Configuration ...115 11.4 Configure Rapid Spanning Tree Protocol 11.5 Rapid Spanning Tree Protocol Status 11.6 Configure Multiple Rapid Spanning Tree Protocol...
Page 15 16.1.2 MAC Authentication ... 144 16.2 Port Authentication Configuration ... 145 16.2.1 Activate IEEE 802.1x Security 16.2.2 Activate MAC Authentication ... 146 Chapter 17 Port Security... 149 17.1 About Port Security ... 149 17.2 Port Security Setup ... 149 Chapter 18 Classifier...
Page 16 Table of Contents Chapter 22 Multicast ... 175 22.1 Multicast Overview ... 175 22.1.1 IP Multicast Addresses ... 175 22.1.2 IGMP Filtering ... 175 22.1.3 IGMP Snooping ... 175 22.1.4 IGMP Snooping and VLANs ... 176 22.2 Multicast Status ... 176 22.3 Multicast Setting ...
Page 17 24.5.2 DHCP Snooping VLAN Configure ... 215 24.6 ARP Inspection Status ... 216 24.6.1 ARP Inspection VLAN Status ... 216 24.6.2 ARP Inspection Log Status ... 217 24.7 ARP Inspection Configure ... 219 24.7.1 ARP Inspection Port Configure ... 220 24.7.2 ARP Inspection VLAN Configure ...
Page 18 Table of Contents 29.1 IGMP Overview ... 245 29.1.1 How IGMP Works ... 246 29.2 Port-based IGMP ... 247 29.3 Configuring IGMP ... 247 Chapter 30 DVMRP ... 249 30.1 DVMRP Overview ... 249 30.2 How DVMRP Works ... 249 30.2.1 DVMRP Terminology ...
Page 19 33.5 Configuring DHCP VLAN Settings 33.5.1 Example: DHCP Relay for Two VLANs ... 270 Chapter 34 VRRP ... 271 34.1 VRRP Overview ... 271 34.2 VRRP Status ... 272 34.3 VRRP Configuration ... 273 34.3.1 IP Interface Setup ... 273 34.3.2 VRRP Parameters ...
Page 20 36.3.6 Setting Up Login Accounts 36.4 SSH Overview ... 299 36.5 How SSH works ... 299 36.6 SSH Implementation on the Switch ... 300 36.6.1 Requirements for Using SSH ... 300 36.7 Introduction to HTTPS ... 300 36.8 HTTPS Example ... 301 36.8.1 Internet Explorer Warning Messages ...
Page 21 45.9.1 List of Available Commands ... 336 45.10 Using Command History ... 337 45.11 Saving Your Configuration ... 337 45.11.1 Switch Configuration File ... 338 45.11.2 Logging Out ... 338 45.12 Command Summary ... 338 45.12.1 User Mode ... 338 45.12.2 Enable Mode ...
Page 22 Table of Contents Chapter 46 User and Enable Mode Commands... 385 46.1 Overview ... 385 46.2 show Commands ... 385 46.2.1 show system-information ... 385 46.2.2 show ip ... 386 46.2.3 show logging ... 386 46.2.4 show interface ... 386 46.2.5 show mac address-table ...
Page 23 48.2.6 mirror ... 407 48.2.7 gvrp ... 407 48.2.8 ingress-check ... 408 48.2.9 frame-type ... 408 48.2.10 weight ... 408 48.2.11 egress set ... 409 48.2.12 qos priority ... 409 48.2.13 name ... 410 48.2.14 speed-duplex ... 410 48.2.15 test ... 410 48.3 Interface no Command Examples ...411 48.3.1 no bandwidth-limit ...411 Chapter 49...
Page 24 Table of Contents 52.1 Problems Starting Up the Switch ... 425 52.2 Problems Accessing the Switch ... 425 52.2.1 Pop-up Windows, JavaScripts and Java Permissions ... 426 52.3 Problems with the Password ... 431 Part VII: Appendices and Index ... 433 Appendix A Product Specifications...
Page 25: List Of Figures
Figure 16 Web Configurator Home Screen (Status) ... 54 Figure 17 Change Administrator Login Password ... 59 Figure 18 Resetting the Switch: Via the Console Port ... 61 Figure 19 Web Configurator: Logout Screen ... 61 Figure 20 Initial Setup Network Example: IP Interface ... 63 Figure 21 Initial Setup Network Example: VLAN ...
Page 26 List of Figures Figure 39 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN ... 99 Figure 40 Protocol Based VLAN Configuration Example ... 101 Figure 41 Advanced Application > VLAN: Port Based VLAN Setup (All Connected) ... 102 Figure 42 Advanced Application >...
Page 27 Figure 111 ARP Inspection VLAN Configure ... 221 Figure 112 Loop Guard vs STP ... 223 Figure 113 Switch in Loop State ... 224 Figure 114 Loop Guard - Probe Packet ... 224 Figure 115 Loop Guard - Network Loop ... 224 Figure 116 Advanced Application >...
Page 28 Figure 163 VRRP Configuration Example: Two Virtual Router Network ... 278 Figure 164 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A ... 278 Figure 165 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B ... 279 Figure 166 VRRP Example 2: VRRP Status on Switch A ...
Page 29 Figure 192 Management > Cluster Management ... 314 Figure 193 Cluster Management: Cluster Member Web Configurator Screen ... 315 Figure 194 Example: Uploading Firmware to a Cluster Member Switch ... 316 Figure 195 Management > Clustering Management > Configuration ... 317 Figure 196 MAC Table Flowchart ...
Page 30 List of Figures Figure 211 Java (Sun) ... 431 Figure 212 Network Number and Host ID ... 442 Figure 213 Subnetting Example: Before Subnetting ... 444 Figure 214 Subnetting Example: After Subnetting ... 445 ES-4124 User’s Guide...
Page 31: List Of Tables
Table 8 Basic Setting > System Info ... 76 Table 9 Basic Setting > General Setup ... 78 Table 10 Basic Setting > Switch Setup ... 80 Table 11 Basic Setting > IP Setup ... 82 Table 12 Basic Setting > Port Setup ... 84 Table 13 IEEE 802.1Q VLAN Terminology ...
Page 32 List of Tables Table 39 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP ... 139 Table 40 Advanced Application > Port Authentication > 802.1x ... 146 Table 41 Advanced Application > Port Authentication > MAC Authentication ... 147 Table 42 Advanced Application >...
Page 33 Table 117 AAA Traps ... 293 Table 118 SNMP IP Traps ... 293 Table 119 SNMP Switch Traps ... 294 Table 120 Management > Access Control > SNMP ... 295 Table 121 Management > Access Control > SNMP > Trap Group ... 297 Table 122 Management >...
Page 34 Table 144 Command Summary: config-vlan Commands ... 382 Table 145 Command Summary: mvr Commands ... 383 Table 146 Troubleshooting the Start-Up of Your Switch ... 425 Table 147 Troubleshooting Accessing the Switch ... 425 Table 148 Troubleshooting the Password ... 431 Table 149 Hardware Specifications ...
Page 35: Introduction
Introduction Getting to Know Your Switch (37) Hardware Installation and Connection (41) Hardware Overview (45)
Page 37: Getting To Know Your Switch
Appendix A on page 435 1.1.1 Backbone Application The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the...
Page 38: Bridging Example
Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch.
Page 39: Ieee 802.1Q Vlan Application Examples
VLAN groups too. Figure 4 Shared Server Using VLAN Example 1.2 Ways to Manage the Switch Use any of the following methods to manage the Switch. ES-4124 User’s Guide Chapter 1 Getting to Know Your Switch...
Page 40: Good Habits For Managing The Switch
290. 1.3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Page 41: Hardware Installation And Connection
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking.
Page 42: Mounting The Switch On A Rack
2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch.
Page 43: Mounting The Switch On A Rack
2.2.3 Mounting the Switch on a Rack 1 Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack.
Page 44 Chapter 2 Hardware Installation and Connection ES-4124 User’s Guide...
Page 45: Hardware Overview
H A P T E R This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Panel Connections The figure below shows the front panel of the Switch.
Page 46: Console Port
• No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.
Page 47: Figure 9 Transceiver Installation Example
Gigabit ports. This means that if a mini-GBIC port and the corresponding Gigabit port are connected at the same time, the Gigabit port will be disabled. You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic connectors.
Page 48: Rear Panel
The following figures show the rear panels of the AC and DC power input model switches. The rear panel contains a connector for backup power supply (BPS) and the power receptacle. For the DC power input model, it also contains a power switch. Figure 13 Rear Panel - AC Model Figure 14 Rear Panel - DC Model 3.2.1 Power Connector...
Page 49: External Backup Power Supply Connector
The backup power supply constantly monitors the status of the internal power supply. The backup power supply automatically provides power to the Switch in the event of a power failure. Once the Switch receives power from the backup power supply, it will not automatically switch back to using the internal power supply even when the power is resumed.
Page 50 Chapter 3 Hardware Overview Table 2 LEDs (continued) COLOR Gigabit Ports LNK/ACT Green Amber Amber Mini-GBIC Slots Green Green MGMT Green Amber STATUS DESCRIPTION Blinking The system is transmitting/receiving to/from a 10/1000 Mbps Ethernet network. The link to a 10/1000 Mbps Ethernet network is up. Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network.
Page 51: Basic Configuration
Basic Configuration The Web Configurator (53) Initial Setup Example (63) System Status and Port Statistics (69) Basic Setting (75)
Page 53: The Web Configurator
4.2 System Login 1 Start your web browser. 2 Type “http://” and the IP address of the Switch (for example, the default is 192.168.1.1) in the Location or Address field. Press [ENTER]. 3 The login screen appears. The default username is admin and associated default password is 1234.
Page 54: The Status Screen
Chapter 4 The Web Configurator Figure 15 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 16 Web Configurator Home Screen (Status) A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.
Page 55: Table 3 Navigation Panel Sub-Links Overview
B - Click this link to save your configuration into the Switch’s nonvolatile memory. Nonvolatile memory is saved in the configuration file from which the Switch booted from and it stays the same even if the Switch’s power is turned off. See information on saving your settings to a specific configuration file.
Page 56: Table 4 Web Configurator Screen Sub-Links Details
The following table lists the various web configurator screens within the sub-links. Table 4 Web Configurator Screen Sub-links Details ADVANCED BASIC SETTING APPLICATION System Info VLAN General Setup Switch Setup IP Setup Port Setup Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control...
Page 57: Table 5 Navigation Panel Links
This link takes you to a screen where you can configure general identification information about the Switch. Switch Setup This link takes you to a screen where you can set up global Switch parameters such as VLAN type, MAC address learning, IGMP snooping, GARP and priority queues.
Page 58 This link takes you to a screen where you can configure the DVMRP (Distance Vector Multicast Routing Protocol) settings. IP Multicast This link takes you to a screen where you can configure the Switch to remove VLAN tags from IP multicast packets on an out-going port. DiffServ This link takes you to screens where you can enable DiffServ, configure marking rules and set DSCP-to-IEEE802.1p mappings.
Page 59: Change Your Password
4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory.
Page 60: Resetting The Switch
7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch.
Page 61: Logging Out Of The Web Configurator
393216 bytes received. Erasing.. ES-4124> atgo The Switch is now reinitialized with a default configuration file including the default password of “1234”. 4.7 Logging Out of the Web Configurator Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out.
Page 62 Chapter 4 The Web Configurator ES-4124 User’s Guide...
Page 63: Initial Setup Example
5.1.1 Configuring an IP Interface On a layer-3 switch, an IP interface (also known as an IP routing domain) is not bound to a physical port. The default IP address of the Switch is 192.168.1.1 with a subnet mask of 255.255.255.0.
Page 64: Configuring Dhcp Server Settings
5.1.2 Configuring DHCP Server Settings You can set the Switch to assign network information (such as the IP address, DNS server, etc.) to DHCP clients on the network. For the example network, configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks.
Page 65: Creating A Vlan
5.1.3 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 21 Initial Setup Network Example: VLAN 1 Click Advanced Application >...
Page 66: Setting Port Vid
The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to be a permanent member of the VLAN only.
Page 67: Enabling Rip
RIP-1 for the RIP packet format that is universally supported. 4 Click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. ES-4124 User’s Guide Chapter 5 Initial Setup Example...
Page 68 Chapter 5 Initial Setup Example ES-4124 User’s Guide...
Page 69: System Status And Port Statistics
H A P T E R System Status and Port This chapter describes the system status (web configurator home page) and port details screens. 6.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
Page 70: Status: Port Details
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Section 11.1.3 on page 111 for more information).
Page 71: Figure 24 Status: Port Details
Figure 24 Status: Port Details The following table describes the labels in this screen. Table 7 Status > Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. Name This field displays the name of the port. Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half duplex).
Page 72 Chapter 6 System Status and Port Statistics Table 7 Status > Port Details (continued) LABEL DESCRIPTION Up Time This field shows the total amount of time the connection has been up. Tx Packet The following fields display detailed information about packets transmitted. TX Packet This field shows the number of good packets (unicast, multicast and broadcast) transmitted.
Page 73 Table 7 Status > Port Details (continued) LABEL DESCRIPTION 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length. 1024- This field shows the number of packets (including bad packets) received that were 1518 between 1024 and 1518 octets in length.
Page 74 Chapter 6 System Status and Port Statistics ES-4124 User’s Guide...
Page 75: Basic Setting
Switch. The real time is then displayed in the Switch logs. The Switch Setup screen allows you to set up and configure global Switch features. The IP Setup screen allows you to configure a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes.
Page 76: Figure 25 Basic Setting > System Info
You may choose the temperature unit (Centigrade or Fahrenheit) in this field. Temperature MAC, CPU and PHY refer to the location of the temperature sensors on the Switch printed circuit board. Current This shows the current temperature at this sensor.
Page 77: General Setup
This field displays the maximum voltage measured at this point. This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point;...
Page 78: Table 9 Basic Setting > General Setup
Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. Contact Person's Enter the name of the person in charge of this Switch. You can use up to 32 Name printable ASCII characters; spaces are allowed.
Page 79: Introduction To Vlans
Chapter 8 on page 89 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.
Page 80: Figure 27 Basic Setting > Switch Setup
802.1Q VLAN type or Port Based VLAN type in this screen. Bridge Control Select Active to allow the Switch to handle bridging control protocols (STP for Protocol example). You also need to define how to treat a BPDU in the Port Setup screen.
Page 81: Ip Setup
Use the next two fields to configure the priority level-to-physical queue mapping. The Switch has eight physical queues that you can map to the 8 priority levels. On the Switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
Page 82: Figure 28 Basic Setting > Ip Setup
MGMT. This means that device(s) connected to the other port(s) do not receive these packets. Select In-Band to have the Switch send the packets to all ports except the management port (labelled MGMT) to which connected device(s) do not receive these packets.
Page 83: Port Setup
Cancel Click Cancel to clear the Delete check boxes. 7.7 Port Setup Use this screen to configure Switch port settings.Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. ES-4124 User’s Guide Chapter 7 Basic Setting...
Page 84: Figure 29 Basic Setting > Port Setup
Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer...
Page 85 Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The Switch uses IEEE 802.3x flow control in full duplex mode and backpressure flow control in half duplex mode.
Page 86 Chapter 7 Basic Setting ES-4124 User’s Guide...
Page 87: Advanced Setup
Advanced Setup VLAN (89) Static MAC Forward Setup (105) Filtering (107) Spanning Tree Protocol (109) Bandwidth Control (129) Broadcast Storm Control (131) Mirroring (133) Link Aggregation (135) Port Authentication (143) Port Security (149) Classifier (153) Policy Rule (159) Queuing Method (165) VLAN Stacking (169) Multicast (175) Authentication &...
Page 89: Vlan
H A P T E R The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLANs...
Page 90: Automatic Vlan Registration
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch. Please refer to the following table for common IEEE 802.1Q VLAN terminology.
Page 91: Port Vlan Trunking
C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).
Page 92: Static Vlan Status
VLAN was set up. Status This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR).
Page 93: Configure A Static Vlan
VLAN was set up. Status This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR).
Page 94: Configure Vlan Port Settings
Select TX Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 95: Figure 35 Advanced Application > Vlan > Vlan Port Setting
Note: Changes in this row are copied to all the ports as soon as you Ingress Check If this check box is selected for a port, the Switch discards incoming frames for VLANs that do not include this port in its member set.
Page 96: Subnet Based Vlans
Subnet based VLANs allow you to group traffic into logical VLANs based on the source IP subnet you specify. When a frame is received on a port, the Switch checks if a tag is added already and the IP subnet it came from. The untagged packets from the same IP subnet are then placed in the same subnet based VLAN.
Page 97: Configuring Subnet Based Vlan
DHCP VLAN. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 98: Protocol Based Vlans
When an upstream frame is received on a port (configured for a protocol based VLAN), the Switch checks if a tag is added already and its protocol. The untagged packets of the same protocol are then placed in the same protocol based VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol.
Page 99: Configuring Protocol Based Vlan
Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic, when they go through the uplink port to a backbone switch C. Figure 38 Protocol Based VLAN Application Example 8.9 Configuring Protocol Based VLAN...
Page 100: Create An Ip-Based Vlan Example
Advanced Applications, VLAN screens. Priority Select the priority level that the Switch will assign to frames belonging to this VLAN. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 101: Port-Based Vlan Setup
Port-based VLANs are specific only to the Switch on which they were created. When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it.
Page 102: Configure A Port-Based Vlan
Ethernet ports. 8.11.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the next screen. Figure 41 Advanced Application > VLAN: Port Based VLAN Setup (All Connected)
Page 103: Figure 42 Advanced Application > Vlan: Port Based Vlan Setup (Port Isolation)
Chapter 8 VLAN Figure 42 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) ES-4124 User’s Guide...
Page 104: Table 20 Advanced Application > Vlan: Port Based Vlan Setup
(its outgoing port). CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port.
Page 105: Static Mac Forward Setup
MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See on port security.
Page 106: Table 21 Advanced Application > Static Mac Forwarding
Enter the port where the MAC address entered in the previous field will be automatically forwarded. Click Add to save your rule to the Switch’s run-time memory. The Switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 107: Filtering
This chapter discusses MAC address port filtering. 10.1 Configure a Filtering Rule Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.
Page 108 MAC field). The Switch can still send frames to the MAC address. Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The Switch can still receive frames originating from the MAC address. Select Discard source and Discard destination to block traffic to/from the MAC address specified in the MAC field.
Page 109: Spanning Tree Protocol
• IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol • IEEE 802.1s Multiple Spanning Tree Protocol The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 11.1 STP/RSTP Overview (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers.
Page 110: How Stp Works
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this Switch with the lowest path cost to the root (the root path cost). If there is no root port, then this Switch has been accepted as the root bridge of the spanning tree network.
Page 111: Stp Port States
MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 112: Multiple Stp
Chapter 11 Spanning Tree Protocol 11.1.5 Multiple STP Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include the following features: • One Common and Internal Spanning Tree (CIST) that represents the entire network’s connectivity.
Page 113: Figure 47 Mstp Network Example
Figure 47 MSTP Network Example VLAN 1 11.1.5.2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network. Each MSTP-enabled device can only belong to one MST region.
Page 114: Spanning Tree Protocol Status Screen
Chapter 11 Spanning Tree Protocol Figure 48 MSTIs in Different Regions 11.1.5.4 Common and Internal Spanning Tree (CIST) A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST.
Page 115: Spanning Tree Configuration
This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch.
Page 116: Configure Rapid Spanning Tree Protocol
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. for more information Figure 53 on page 118).
Page 117 (provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 118: Rapid Spanning Tree Protocol Status
Switch. This Switch may also be the root bridge. This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch.
Page 119: Configure Multiple Rapid Spanning Tree Protocol
Table 27 Advanced Application > Spanning Tree Protocol > Status: RSTP (continued) LABEL DESCRIPTION Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change 11.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application >...
Page 120 (provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 121: Multiple Rapid Spanning Tree Protocol Status
Switch. This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. Hello Time...
Page 122: Configure Multiple Spanning Tree Protocol
Note: The listening state does not exist in RSTP. This is the path cost from the root port on this Switch to the root switch. This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree.
Page 123: Figure 56 Advanced Application > Spanning Tree Protocol > Mstp
Chapter 11 Spanning Tree Protocol Figure 56 Advanced Application > Spanning Tree Protocol > MSTP ES-4124 User’s Guide...
Page 124: Table 30 Advanced Application > Spanning Tree Protocol > Mstp
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 125: Multiple Spanning Tree Protocol Status
Priority decides which port should be disabled when more than one port forms a loop in the Switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128.
Page 126: Figure 57 Advanced Application > Spanning Tree Protocol > Status: Mstp
Switch. This Switch may also be the root bridge. This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch.
Page 127 Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. Internal Cost This is the path cost from the root port in this MST instance to the regional root switch.
Page 128 Chapter 11 Spanning Tree Protocol ES-4124 User’s Guide...
Page 129: Bandwidth Control
H A P T E R This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out- going traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Page 130: Figure 58 Advanced Application > Bandwidth Control
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 131: Broadcast Storm Control
13.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Page 132: Table 33 Advanced Application > Broadcast Storm Control
Table 33 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. Port This field displays a port number. Settings in this row apply to all ports.
Page 133: Mirroring
H A P T E R This chapter discusses port mirroring setup screens. 14.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application >...
Page 134: Table 34 Advanced Application > Mirroring
LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port without interfering with the traffic flow on the original port(s).
Page 135: Link Aggregation
Switch. Section 15.6 on page 140 15.2 Dynamic Link Aggregation The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking. The Switch supports the link aggregation IEEE802.3ad standard. This standard describes the Link Aggregate Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups.
Page 136: Link Aggregation Id
Chapter 15 Link Aggregation • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings.
Page 137: Link Aggregation Setting
Table 37 Advanced Application > Link Aggregation Status (continued) LABEL DESCRIPTION Synchronized These are the ports that are currently transmitting data as one logical link in this trunk Ports group. Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number.
Page 138: Link Aggregation Control Protocol
Select the trunk group to which a port belongs. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 139: Figure 63 Advanced Application > Link Aggregation > Link Aggregation Setting > Lacp
Select this checkbox to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535. The switch with the lowest Priority system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Page 140: Static Trunking Example
Select either 1 second or 30 seconds. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 141: Figure 65 Trunking Example - Configuration Screen
Chapter 15 Link Aggregation Figure 65 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. ES-4124 User’s Guide...
Page 142 Chapter 15 Link Aggregation ES-4124 User’s Guide...
Page 143: Port Authentication
This chapter describes the IEEE 802.1x and MAC authentication methods. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: •...
Page 144: Mac Authentication
MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch.
Page 145: Port Authentication Configuration
16.2 Port Authentication Configuration To enable port authentication, first activate the port authentication method(s) you want to use (both on the Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen.
Page 146: Activate Mac Authentication
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 147: Figure 70 Advanced Application > Port Authentication > Mac Authentication
If you leave this field blank, then only the MAC address of the client is forwarded to the RADIUS server. Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters.
Page 148 MAC authentication on the Switch before configuring it on each port. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 149: Port Security
Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
Page 150: Figure 71 Advanced Application > Port Security
MAC addresses aged out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “16384”. “0” means this feature is disabled.
Page 151 DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 152 Chapter 17 Port Security ES-4124 User’s Guide...
Page 153: Classifier
H A P T E R This chapter introduces and shows you how to configure the packet classifier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Page 154: Figure 72 Advanced Application > Classifier
Chapter 18 Classifier Figure 72 Advanced Application > Classifier The following table describes the labels in this screen. Table 43 Advanced Application > Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Packet Specify the format of the packet.
Page 155 Protocol Refer to Table 46 on page 157 You may select Establish Only for TCP protocol type. This means that the Switch will pick out the packets that are sent to establish TCP connections. Source Enter a source IP address in dotted decimal notation.
Page 156: Viewing And Editing Classifier Configuration
Chapter 18 Classifier 18.3 Viewing and Editing Classifier Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen. To change the settings of a rule, click a number in the Index field.
Page 157: Classifier Example
Some of the most common IP ports are: Table 46 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 18.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow.
Page 158: Figure 74 Classifier: Example
Chapter 18 Classifier Figure 74 Classifier: Example ES-4124 User’s Guide...
Page 159: Policy Rule
H A P T E R This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to 18 on page 153 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
Page 160: Configuring Policy Rules
Chapter 19 Policy Rule 19.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 75 Advanced Application > Policy Rule Section 18.2 on page ES-4124 User’s Guide...
Page 161: Table 47 Advanced Application > Policy Rule
Profile DSCP number for out-of-profile traffic. DSCP Action Specify the action(s) the Switch takes on the associated classified traffic flow. Forwarding Select No change to forward the packets. Select Discard the packet to drop the packets. Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before.
Page 162: Viewing And Editing Policy Configuration
Click Add to inset the entry to the summary table below and save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 163: Policy Example
19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page Figure 77 Policy Example ES-4124 User’s Guide Chapter 19 Policy Rule 157).
Page 164 Chapter 19 Policy Rule ES-4124 User’s Guide...
Page 165: Queuing Method
20.1.1 Strictly Priority Strictly Priority (SP) services queues based on priority only. As traffic comes into the Switch, traffic on the highest priority queue, Q7 is transmitted first. When that queue empties, traffic on the next highest-priority queue, Q6 is transmitted until Q6 empties, and then traffic is transmitted on Q5 and so on.
Page 166: Weighted Round Robin Scheduling (Wrr)
Chapter 20 Queuing Method 20.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port.
Page 167: Figure 78 Advanced Application > Queuing Method
FE Port This field is applicable only when you select WFQ or WRR. Select a queue (Q0 to Q7) to have the Switch use Strictly Priority to service the Enable subsequent queue(s) after and including the specified queue for the 10/100 Mbps Ethernet ports.
Page 168 GE Port This field is applicable only when you select WFQ or WRR. Select a queue (Q0 to Q7) to have the Switch use Strictly Priority to service the Enable subsequent queue(s) after and including the specified queue for the gigabit ports. For example, if you select Q5, the Switch services traffic on Q5, Q6 and Q7 using Strictly Priority.
Page 169: Vlan Stacking
H A P T E R This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 170: Vlan Stacking Port Roles
Chapter 21 VLAN Stacking Figure 79 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. •...
Page 171: Vlan Tag Format
TPID (Tag Protocol Identifier) is the customer IEEE 802.1Q tag. • If the VLAN stacking port role is Access Port, then the Switch adds the SP TPID tag to all incoming frames on the service provider's edge devices (1 and 2 in the VLAN stacking example figure).
Page 172: Configuring Vlan Stacking
LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the Switch. SP TPID SP TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information. Choose 0x8100 or 0x9100 from the drop-down list box or select Others and then enter a four-digit hexadecimal number from 0x0000 to 0xFFFF.
Page 173 VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the Switch add the SP TPID tag to all incoming frames received on this port. Select Access Port for ingress ports at the edge of the service provider's network.
Page 174 Chapter 21 VLAN Stacking ES-4124 User’s Guide...
Page 175: Multicast
This allows you to control the distribution of multicast services (such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port.
Page 176: Igmp Snooping And Vlans
Alternatively, you can specify the VLANs that IGMP snooping should be performed on. This is referred to as fixed mode. In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN.
Page 177: Figure 82 Advanced Application > Multicast > Multicast Setting
Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Host Timeout Specify the time (from 1 to 16,711,450) in seconds that elapses before the Switch removes an IGMP group membership entry if it does not receive report messages from the port.
Page 178: Igmp Snooping Vlan
(or server). The Switch forwards IGMP join or leave packets to an IGMP query port. Select Auto to have the Switch use the port as an IGMP query port if the port receives IGMP query packets. Select Fixed to have the Switch always use the port as an IGMP query port.
Page 179: Figure 83 Advanced Application > Multicast > Multicast Setting > Igmp Snooping Vlan
Select fixed to have the Switch only learn multicast group membership information of the VLAN(s) that you specify below. In either auto or fixed mode, the Switch can learn up to 16 VLANs (including up to three VLANs you configured in the MVR screen). For example, if you have configured one multicast VLAN in the MVR screen, you can only specify up to 15 VLANs in this screen.
Page 180: Igmp Filtering Profile
An IGMP filtering profile specifies a range of multicast groups that clients connected to the Switch are able to join. A profile contains a range of multicast IP addresses which you want clients to be able to join. Profiles are assigned to ports (in the Multicast Setting screen).
Page 181: Mvr Overview
Figure 85 MVR Network Example 22.6.1 Types of MVR Ports In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
Page 182: Mvr Modes
When the subscriber changes the channel or turns off the computer, an IGMP leave message is sent to the Switch to leave the multicast group. The Switch sends a query to VLAN 1 on the receiver port (in this case, an uplink port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic.
Page 183: Figure 87 Advanced Application > Multicast > Multicast Setting > Mvr
Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN. 802.1p Priority Select a priority level (0-7) with which the Switch replaces the priority in outgoing IGMP control packets (belonging to this multicast VLAN). Mode Specify the MVR mode on the Switch. Choices are Dynamic and Compatible.
Page 184: Mvr Group Configuration
Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 185: Mvr Configuration Example
Select Cancel to clear the checkbox(es) in the table. 22.8.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the Switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S.
Page 186: Figure 89 Mvr Configuration Example
Chapter 22 Multicast Figure 89 MVR Configuration Example To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 90 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen.
Page 187: Figure 91 Mvr Group Configuration Example
Chapter 22 Multicast Figure 91 MVR Group Configuration Example Figure 92 MVR Group Configuration Example ES-4124 User’s Guide...
Page 188 Chapter 22 Multicast ES-4124 User’s Guide...
Page 189: Authentication & Accounting
For example, user A may have the right to create new login accounts on the Switch but user B cannot. The Switch can authorize users based on user accounts configured on the Switch itself or it can use an external server to authorize a large number of users.
Page 190: Radius And Tacacs
Use this screen to configure your RADIUS server settings. See more information on RADIUS servers and utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown.
Page 191: Figure 95 Advanced Application > Auth And Acct > Radius Server Setup
RADIUS servers then the timeout value is divided between the two RADIUS servers. For example, if you set the timeout value to 30 seconds, then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server.
Page 192: Tacacs+ Server Setup
Use this section to configure your RADIUS accounting server settings. Server Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the RADIUS accounting server. Index This is a read-only number representing a RADIUS accounting server entry.
Page 193: Figure 96 Advanced Application > Auth And Acct > Tacacs+ Server Setup
TACACS+ servers then the timeout value is divided between the two TACACS+ servers. For example, if you set the timeout value to 30 seconds, then the Switch waits for a response from the first TACACS+ server for 15 seconds and then tries the second TACACS+ server.
Page 194: Authentication And Accounting Setup
Click Cancel to begin configuring this screen afresh. 23.2.3 Authentication and Accounting Setup Use this screen to configure authentication and accounting settings on the Switch. Click on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown.
Page 195: Figure 97 Advanced Application > Auth And Acct > Auth And Acct Setup
(first Method 1, then Method 2 and finally Method 3). You must configure the settings in the Method 1 field. If you want the Switch to check other sources for access privilege level specify them in Method 2 and Method 3 fields.
Page 196 Use this section to configure accounting settings on the Switch. Update Period This is the amount of time in minutes before the Switch sends an update to the accounting server. This is only valid if you select the start-stop option for the Exec or Dot1x entries.
Page 197: Vendor Specific Attribute
23.2.4 Vendor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device (for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to expand the functionality of a RADIUS server.
Page 198: Supported Radius Attributes
You can configure tunnel protocol attributes on the RADIUS server (refer to your RADIUS server documentation) to assign a port on the Switch to a VLAN based on IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This will also set the port’s VID.
Page 199: Attributes Used For Authentication
23.3.1 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 23.3.1.1 Attributes Used for Authenticating Privilege Access User-Name - the format of the User-Name attribute is $enab#$, where # is the privilege level...
Page 200: Table 66 Radius Attributes - Exec Events Via Console
Chapter 23 Authentication & Accounting 23.3.2.2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent (the difference between Console and Telnet/SSH Exec events is that the Telnet/SSH events utilize the Calling-Station-Id attribute): Table 66 RADIUS Attributes - Exec Events via Console ATTRIBUTE...
Page 201 Chapter 23 Authentication & Accounting Table 68 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords ES-4124 User’s Guide...
Page 202 Chapter 23 Authentication & Accounting ES-4124 User’s Guide...
Page 203: Ip Source Guard
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If there is not a binding, the Switch discards the packet.
Page 204: Figure 98 Dhcp Snooping Database File Format
• The rate at which DHCP packets arrive is too high. 24.1.1.2 DHCP Snooping Database The Switch stores the binding table in volatile memory. If the Switch restarts, it loads static bindings from permanent memory but loses the dynamic bindings, in which case the devices in the network have to send DHCP requests again.
Page 205: Arp Inspection Overview
24.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: • Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes) •...
Page 206 24.1.2.3 Syslog The Switch can send syslog messages to the specified syslog server when it forwards or discards ARP packets. The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient. 24.1.2.4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Switch.
Page 207: Ip Source Guard
Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
Page 208: Figure 101 Ip Source Guard Static Binding
This field displays the IP address assigned to the MAC address in the binding. This field displays how long the binding is valid. This field displays how the Switch learned the binding. static: This binding was learned from information provided manually by an administrator.
Page 209: Dhcp Snooping
24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 102 DHCP Snooping ES-4124 User’s Guide Chapter 24 IP Source Guard...
Page 210: Table 71 Dhcp Snooping
Switch successfully or unsuccessfully read or updated the DHCP snooping database. This field displays the number of times the Switch has tried to access the DHCP snooping database for any reason. This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database.
Page 211 Unsupported vlans ES-4124 User’s Guide DESCRIPTION This field displays the number of times the Switch updated the bindings in the DHCP snooping database successfully. This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database.
Page 212: Dhcp Snooping Configure
Chapter 24 IP Source Guard 24.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database. The DHCP snooping database stores the current bindings on a secure, external TFTP server so that they are still available after a restart.
Page 213: Dhcp Snooping Port Configure
Enter the location of a DHCP snooping database, and click Renew if you want the Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL.
Page 214: Figure 104 Dhcp Snooping Port Configure
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 215: Dhcp Snooping Vlan Configure
Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information requests that the Switch relays to a DHCP server for each VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN.
Page 216: Arp Inspection Status
Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Page 217: Arp Inspection Log Status
This field displays the total number of ARP Reply packets received from the VLAN since the Switch last restarted. This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted. This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted.
Page 218: Figure 108 Arp Inspection Log Status
An ARP packet was forwarded because it matched a static binding. In the ARP Inspection VLAN Configure screen, you can configure the Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See on page 221.
Page 219: Arp Inspection Configure
24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection >...
Page 220: Arp Inspection Port Configure
Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection >...
Page 221: Arp Inspection Vlan Configure
Cancel 24.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN.
Page 222: Table 80 Arp Inspection Vlan Configure
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 223: Loop Guard
Loop guard is designed to handle loop problems on the edge of your network. This can occur when a port is connected to a Switch that is in a loop state. Loop state occurs as a result of human error. It happens when two ports on a switch are connected with the same cable. When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re-broadcast again and again causing a broadcast storm.
Page 224: Figure 113 Switch In Loop State
The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B. Since switch B is in loop state, the probe packet P returns to port N on A. The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state.
Page 225: Loop Guard Setup
DESCRIPTION Active Select this option to enable loop guard on the Switch. The Switch generates syslog, internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature. Port This field displays a port number.
Page 226 Select this check box to enable the loop guard feature on this port. The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state. If the Switch that this port is connected is in loop state the Switch will shut down this port.
Page 227: Ip Application
IP Application Static Route (229) RIP (231) OSPF (233) IGMP (245) DVMRP (249) IP Multicast (253) Differentiated Services (255) DHCP (263) VRRP (271)
Page 229: Static Route
This chapter shows you how to configure static routes. 26.1 Configuring Static Routing Static routes tell the Switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application > Static Routing in the navigation panel to display the screen as shown.
Page 230 1 and 15. In practice, 2 or 3 is usually a good number. Click Add to insert a new static route to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 231: Rip
• Both - the Switch will broadcast its routing table periodically and incorporate the RIP information that it receives. • Incoming - the Switch will not send any RIP packets but will accept all RIP packets received. • Outgoing - the Switch will send out RIP packets but will not accept any RIP packets received.
Page 232: Figure 118 Ip Application > Rip
Select the RIP version from the drop-down list box. Choices are RIP-1, RIP-2B and RIP- Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 233: Ospf
H A P T E R This chapter describes the OSPF (Open Shortest Path First) routing protocol and shows you how to configure OSPF. 28.1 OSPF Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS).
Page 234: How Ospf Works
Chapter 28 OSPF The following figure depicts an OSPF network example. The backbone is area 0 with a backbone router. The internal routers are in area 1 and 2. The area border routers connect area 1 and 2 to the backbone. Figure 119 OSPF Network Example 28.1.2 How OSPF Works Layer 3 devices exchange routing information to build synchronized link state database within...
Page 235: Configuring Ospf
Use this screen to view current OSPF status. Click IP Application > OSPF in the navigation panel to display the screen as shown next. See on OSPF. ES-4124 User’s Guide Figure 120 on page 235 , do the following tasks Switch Section 28.1 on page 233 Chapter 28 OSPF you can assign for more information...
Page 236: Figure 121 Ip Application > Ospf Status
This field displays whether OSPF is activated (Running) or not (Down). Interface The text box displays the OSPF status of the interface(s) on the Switch. Neighbor The text box displays the status of the neighboring router participating in the OSPF network.
Page 237: Ospf Configuration
State This field displays the state of the Switch (backup or DR (designated router)). Priority This field displays the priority of the Switch. This number is used in the designated router election. Designated This field displays the router ID of the designated router.
Page 238: Figure 122 Ip Application > Ospf Configuration: Activating And General Settings
OSPF is disabled by default. Select this option to enable it. Router ID Router ID uniquely identifies the Switch in an OSPF. Enter a unique ID (that uses the format of an IP address in dotted decimal notation) for the Switch.
Page 239: Configure Ospf Areas
28.4 Configure OSPF Areas To ensure that the Switch receives only routing information from a trusted layer 3 devices, activate authentication. The OSPF supports three authentication methods: • None – no authentication is used. • Simple – authenticate link state updates using an 8 printable ASCII character password.
Page 240: View Ospf Area Information Table
OSPF domain. If you do not set a route cost, no default route is added. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 241: Figure 125 Ip Application > Ospf Configuration > Ospf Interface
In the OSPF Configuration screen, click Interface to display the OSPF Interface screen. Figure 125 IP Application > OSPF Configuration > OSPF Interface The following table describes the labels in this screen. Table 91 IP Application > OSPF Configuration > OSPF Interface LABEL DESCRIPTION Network...
Page 242: Ospf Virtual-Links
(BDR). You can assign a number between 0 and 255. A priority of 0 means that the router will not participate in router elections. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 243: Table 92 Ip Application > Ospf Configuration > Ospf Virtual Link
When you select MD5 in the Authentication field, enter a password 16-character long. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 244 Chapter 28 OSPF ES-4124 User’s Guide...
Page 245: Igmp
H A P T E R This chapter shows you how to configure the Switch as a multicast router. See also 22.4 on page 178 for information on IGMP snooping. 29.1 IGMP Overview IP multicast is an IETF standard for distributing data to multiple recipients. The following figure shows a multicast session and the relationship between a multicast server, multicast routers and multicast hosts.
Page 246: How Igmp Works
(IGMP-v3). Refer to RFC 1112, RFC 2236 and RFC 3376 for information on IGMP versions 1, 2 and 3 respectively. At start up, the Switch queries all directly connected networks to gather group membership. After that, the Switch periodically updates this information.
Page 247: Port-Based Igmp
Figure 130 IGMP Version 3 Example 29.2 Port-based IGMP The Switch sends IGMP Query packets to all ports. The Switch then listens for IGMP Report packets, and it records which port the messages came from. It then delivers multicast traffic to only those ports from which it received a request to join a multicast group.
Page 248: Figure 131 Ip Application > Igmp
Select an IGMP version from the drop-down list box. Choices are IGMP-v1, IGMP-v2, IGMP-v3 and None. Generally, if you want to enable IGMP on the Switch, you should choose IGMP-v3 as it is compatible with older versions. Choose an earlier version of IGMP (IGMP-v2 or IGMP-v1) if the multicast hosts on your network can not recognize IGMP version 3 or version 2 Query messages.
Page 249: Dvmrp
(AS). This DVMRP implementation is based on draft-ietf- idmr-dvmrp-v3-10. DVMRP provides multicast forwarding capability to a layer 3 switch that runs both the IPv4 protocol (with IP Multicast support) and the IGMP protocol. The DVMRP metric is a hop count of 32.
Page 250: Dvmrp Terminology
30.3 Configuring DVMRP Configure DVMRP on the Switch when you wish it to act as a multicast router (“mrouter”). Click IP Application > DVMRP in the navigation panel to display the screen as shown. Figure 133 IP Application > DVMRP The following table describes the labels in this screen.
Page 251: Dvmrp Configuration Error Messages
LABEL DESCRIPTION Active Select Active to enable DVMRP on the Switch. You should do this if you want the Switch to act as a multicast router. Threshold Threshold is the maximum time to live (TTL) value. TTL is used to limit the scope of multicasting.
Page 252: Default Dvmrp Timer Values
Chapter 30 DVMRP Figure 136 DVMRP: Duplicate VID Error Message 30.4 Default DVMRP Timer Values The following are some default DVMRP timer values. Table 95 DVMRP: Default Timer Values DVMRP FIELD Probe interval Report interval Route expiration time Prune lifetime Prune retransmission time Graft retransmission time DEFAULT VALUE...
Page 253: Ip Multicast
IP packets to a group of hosts on the network - not everybody. You can configure the Switch to untag (remove the VLAN tags from) IP multicast packets that the Switch forwards. This allows the Switch to send packets to Ethernet devices that are not VLAN-aware.
Page 254: Table 96 Ip Application > Ip Multicast
The Switch removes the VLAN tag from IP multicast packets belonging to the specified Multicast VLAN before transmission on this port. Egress Enter a VLAN group ID in this field. Enter 0 to set the Switch not to remove any VLAN tags Untag from the packets. Vlan ID Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 255: Differentiated Services
H A P T E R Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 32.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Page 256: Diffserv Network Example
Chapter 32 Differentiated Services 32.1.2 DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ-compliant network devices. The boundary node (A in network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules.
Page 257: Trtcm - Color-Blind Mode
• Green (low loss priority level) packets are forwarded. TRTCM operates in one of two modes: color-blind or color-aware. In color-blind mode, packets are marked based on evaluating against the PIR and CIR regardless of if they have previously been marked or not. In the color-aware mode, packets are marked based on both existing color and evaluation against the PIR and CIR.
Page 258: Activating Diffserv
Select Active to enable DiffServ on the port. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 259: Figure 143 Ip Application > Diffserv > 2-Rate 3 Color Marker
LABEL DESCRIPTION Active Select this to activate TRTCM (Two Rate Three Color Marker) on the Switch. The Switch evaluates and marks the packets based on the TRTCM settings. Note: You must also activate DiffServ on the Switch and the individual ports for the Switch to drop red (high loss priority) colored packets.
Page 260: Dscp-To-Ieee 802.1P Priority Settings
Click Cancel to begin configuring this screen afresh. 32.4 DSCP-to-IEEE 802.1p Priority Settings You can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE 802.1p mapping table.
Page 261: Table 100 Ip Application > Diffserv > Dscp Setting
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 262 Chapter 32 Differentiated Services ES-4124 User’s Guide...
Page 263: Dhcp
DNS server and default gateway information and distribute them to your LAN computers. • If there is already a DHCP server on your network, then you can configure the Switch as a DHCP relay agent. When the Switch receives a request from a computer on your network, it contacts the DHCP server for the necessary IP information, and then relays the assigned information back to the computer.
Page 264: Dhcp Status
This section displays configuration settings related to the Switch’s DHCP server mode. Index This is the index number. This field displays the VLAN ID for which the Switch is a DHCP server. Server Status This field displays the starting DHCP client IP address. IP Pool Size This field displays the number of IP addresses that can be assigned to clients.
Page 265: Dhcp Relay
This field displays the system name of the client. 33.4 DHCP Relay Configure DHCP relay on the Switch if the DHCP clients and the DHCP server are not in the same broadcast domain. During the initial IP address leasing, the Switch helps to relay network information (such as the IP address and subnet mask) between a DHCP client and a DHCP server.
Page 266: Configuring Dhcp Global Relay
Information This read-only field displays the system name you configure in the General Setup screen. Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server. DESCRIPTION (1 byte) This value is always 0 for stand-alone switches.
Page 267: Global Dhcp Relay Configuration Example
Click Cancel to begin configuring this screen afresh. 33.4.3 Global DHCP Relay Configuration Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains.
Page 268: Configuring Dhcp Vlan Settings
DHCP Status screen that displays. You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See information on how to do this. Figure 150 IP Application > DHCP > VLAN Section 7.6 on page 81...
Page 269: Table 105 Ip Application > Dhcp > Vlan
Specify the first of the contiguous addresses in the IP address pool. Pool Starting Address Size of Specify the size, or count of the IP address pool. The Switch can issue from 1 to 253 Client IP IP addresses to DHCP clients. Pool IP Subnet Enter the subnet mask for the client IP pool.
Page 270: Example: Dhcp Relay For Two Vlans
Chapter 33 DHCP 33.5.1 Example: DHCP Relay for Two VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.168.1.100.
Page 271: Vrrp
VR1 to ensure the link between the host X and the uplink gateway G. Host X is configured to use VR1 (192.168.1.20) as the default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router.
Page 272: Vrrp Status
Chapter 34 VRRP If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B. 34.2 VRRP Status Click IP Application > VRRP in the navigation panel to display the VRRP Status screen as shown next.
Page 273: Vrrp Configuration
34.3 VRRP Configuration The following sections describe the different parts of the VRRP Configuration screen. 34.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 7.6 on page 81 Click IP Application, VRRP and click the Configuration link to display the VRRP Configuration screen as shown next.
Page 274: Vrrp Parameters
ASCII character long) in this field. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 275: Configuring Vrrp Parameters
This field is ignored when you enter 0.0.0.0. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 276: Configuring Vrrp Parameters
Click Cancel to clear the Delete check boxes. 34.4 VRRP Configuration Examples The following sections show two VRRP configuration examples on the Switch. 34.4.1 One Subnet Network Example The figure below shows a simple VRRP network with only one virtual router VR1 (VRID =1) and two switches.
Page 277: Figure 158 Vrrp Configuration Example: One Virtual Router Network
172.21.1.100 172.21.1.10 You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 159 VRRP Example 1: VRRP Parameter Settings on Switch A...
Page 278: Two Subnets Example
VRRP. You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2. On the other hand, switch B is the master for VR2 and a backup for VR1.
Page 279: Figure 165 Vrrp Example 2: Vrrp Parameter Settings For Vr2 On Switch B
Chapter 34 VRRP Figure 165 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 166 VRRP Example 2: VRRP Status on Switch A Figure 167 VRRP Example 2: VRRP Status on Switch B ES-4124 User’s Guide...
Page 280 Chapter 34 VRRP ES-4124 User’s Guide...
Page 281: Management
Management Maintenance (283) Access Control (289) Diagnostic (307) Syslog (309) Cluster Management (313) MAC Table (319) IP Table (321) ARP Table (323) Routing Table (325) Configure Clone (327)
Page 283: Maintenance
Table 110 Management > Maintenance LABEL DESCRIPTION Current This field displays which configuration (Configuration 1 or Configuration 2) is currently operating on the Switch. Firmware Click Click Here to go to the Firmware Upgrade screen. Upgrade Restore Click Click Here to go to the Restore Configuration screen.
Page 284: Load Factory Default
3 In the web configurator, click the Save button to make the changes take effect. If you want to access the Switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1).
Page 285: Reboot System
Management > Maintenance > Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the Switch in the File Path text box or click Browse to locate it. Select the Rebooting checkbox if you want to reboot the Switch and apply the new firmware immediately.
Page 286: Restore A Configuration File
Back up your current Switch configuration to a computer using the Backup Configuration screen. Figure 173 Management > Maintenance > Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen. 1 Click Backup.
Page 287: Ftp Command Line
The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing.
Page 288: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the Telnet session immediately. transfers the firmware on your computer (firmware.bin) to the put config.cfg config...
Page 289: Access Control
H A P T E R This chapter describes how to control access to the Switch. 36.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
Page 290: About Snmp
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed Switch (the Switch). An agent translates the local management information from the managed Switch into a form compatible with SNMP.
Page 291: Snmp V3 And Security
RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP 36.3.3 SNMP Traps The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the SNMP traps by category. An OID (Object ID) that begins with “1.3.6.1.4.1.890.1.5.8.24” is defined in private MIBs.
Page 292: Table 116 Snmp Interfacetraps
1.3.6.1.4.1.890.1.5.8.24.31.2.2 This trap is sent when the voltage returns to the normal operating range. 1.3.6.1.4.1.890.1.5.8.24.31.2.1 This trap is sent when the Switch automatically resets. 1.3.6.1.4.1.890.1.5.8.24.31.2.1 This trap is sent when the Switch resets by an administrator through a management interface.
Page 293: Table 117 Aaa Traps
Table 116 SNMP InterfaceTraps (continued) OPTION OBJECT LABEL autonegotiation AutonegotiationFailedEventO AutonegotiationFailedEventCl Table 117 AAA Traps OPTION OBJECT LABEL authentication authenticationFailure AuthenticationFailureEventOn 1.3.6.1.4.1.890.1.5.8.24.31.2.1 This trap is sent when RADIUSNotReachableEvent RADIUSNotReachableEvent Clear accounting RADIUSNotReachableEvent RADIUSNotReachableEvent Clear Table 118 SNMP IP Traps OPTION OBJECT LABEL ping pingProbeFailed...
Page 294: Configuring Snmp
Chapter 36 Access Control Table 119 SNMP Switch Traps OPTION OBJECT LABEL STPNewRoot MRSTPNewRoot MSTPNewRoot STPTopologyChange MRSTPTopologyChange MSTPTopologyChange mactable MacTableFullEventOn MacTableFullEventClear rmon RmonRisingAlarm RmonFallingAlarm 36.3.4 Configuring SNMP From the Access Control screen, display the SNMP screen. You can click Access Control to go back to the Access Control screen.
Page 295: Figure 176 Management > Access Control > Snmp
Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch. The SNMP version on the Switch must match the version on the SNMP manager. Choose SNMP version 2c (v2c), SNMP version 3 (v3) or both (v3v2c).
Page 296: Configuring Snmp Trap Group
AES applies a 128-bit key to 128-bit blocks of data. Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 297: Setting Up Login Accounts
Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers. You must first configure a trap destination IP address in the SNMP Setting screen. Use the rest of the screen to select which traps the Switch sends to that SNMP manager. Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager.
Page 298: Figure 178 Management > Access Control > Logins
Set a user name (up to 32 ASCII characters long). Enter your new system password. Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 299: Ssh Overview
36.4 SSH Overview Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 179 SSH Communication Example 36.5 How SSH works The following table summarizes how a secure connection is established between two remote hosts.
Page 300: Ssh Implementation On The Switch
(you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the Switch is used so that you may securely access the Switch using the web configurator. The SSL protocol specifies that the SSL server (the Switch) must always...
Page 301: Https Example
HTTP connection attempts. 36.8 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https://Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access.
Page 302: Netscape Navigator Warning Messages
Chapter 36 Access Control 36.8.2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch.
Page 303: Service Port Access Control
Figure 185 Example: Lock Denoting a Secure Connection 36.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later).
Page 304: Remote Management
From the Access Control screen, display the Remote Management screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen.
Page 305 Table 124 Management > Access Control > Remote Management (continued) LABEL DESCRIPTION Telnet/FTP/ Select services that may be used for managing the Switch from the specified trusted HTTP/ICMP/ computers. SNMP/SSH/ HTTPS Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses...
Page 306 Chapter 36 Access Control ES-4124 User’s Guide...
Page 307: Diagnostic
Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test.
Page 308 Chapter 37 Diagnostic ES-4124 User’s Guide...
Page 309: Syslog
H A P T E R This chapter explains the syslog screens. 38.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.
Page 310: Syslog Server Setup
Refer to the documentation of your syslog program for more details. Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 311: Figure 190 Management > Syslog > Server Setup
The lower the number, the more critical the logs are. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 312 Chapter 38 Syslog ES-4124 User’s Guide...
Page 313: Cluster Management
Cluster Member Models Cluster Manager Cluster Members In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. ES-4124 User’s Guide Cluster Management Must be compatible with ZyXEL cluster management implementation.
Page 314: Cluster Management Status
Chapter 39 Cluster Management Figure 191 Clustering Application Example 39.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. A cluster can only have one manager. Figure 192 Management > Cluster Management ES-4124 User’s Guide...
Page 315: Cluster Member Switch Management
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
Page 316: Clustering Management Configuration
Chapter 39 Cluster Management 39.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example. Figure 194 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1...
Page 317: Figure 195 Management > Clustering Management > Configuration
Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 318 Cancel DESCRIPTION Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 319: Mac Table
2 The Switch checks to see if the frame's destination MAC address matches a source MAC address already learned in the MAC table. • If the Switch has already learned the port for this MAC address, then it forwards the frame to that port.
Page 320: Viewing The Mac Table
This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). ES-4124 User’s Guide...
Page 321: Ip Table
• If the Switch has already learned the port for this IP address, then it forwards the packet to that port. • If the Switch has not already learned the port for this IP address, then the packet is flooded to all ports. Too much port flooding leads to network congestion.
Page 322: Viewing The Ip Table
This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the Switch. Type This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). ES-4124 User’s Guide...
Page 323: Arp Table
LAN. The Switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the Switch puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address). The...
Page 324: Figure 200 Management > Arp Table
Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
Page 325: Routing Table
H A P T E R This chapter introduces the routing table. 43.1 Overview The routing table contains the route information to the network(s) that the Switch can reach. The Switch automatically updates the routing table with the RIP information received from other Ethernet devices.
Page 326 Chapter 43 Routing Table ES-4124 User’s Guide...
Page 327: Configure Clone
H A P T E R This chapter shows you how you can copy the settings of one port onto other ports. 44.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
Page 328: Table 137 Management > Configure Clone
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 329: Commands And Troubleshooting
Commands and Troubleshooting Introducing Commands (331) User and Enable Mode Commands (385) Configuration Mode Commands (391) Interface Commands (403) IEEE 802.1Q Tagged VLAN Commands (413) Multicast VLAN Registration Commands (421) Routing Domain Command Examples (423) Troubleshooting (425)
Page 331: Introducing Commands
This chapter introduces commands and gives a summary of commands available. 45.1 Overview In addition to the web configurator, you can use commands to configure the Switch. Use commands for advanced Switch diagnosis and troubleshooting. If you have problems with your Switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
Page 332: The Login Screen
1 For local management, connect your computer to the RJ-45 management port (labeled MGMT) on the Switch. 2 Make sure your computer IP address and the Switch IP address are on the same subnet. In Windows, click Start (usually in the bottom left corner), Run and then type 192.168.0.1...
Page 333: Changing The Password
Use the ip address command to create a new IP interface (one suitable for your network) for VLAN 1. After you create a new IP interface you can use this IP address for Switch management. The following example shows you how to create an IP interface for the IP address 172.23.0.1 with the subnet mask 255.255.255.0:...
Page 334: Privilege Levels
Chapter 45 Introducing Commands 45.7 Privilege Levels You can use a command whose privilege level is equal to or less than that of your login account. For example, if your login account has a privilege level of 12, you can use all commands with privilege levels from 0 to 12.
Page 335: Getting Help
Config Commands available in this mode allow you to configure settings that affect the Switch globally. Command modes that follow are sub-modes of the config mode and can only be accessed from within the config mode. Config-vlan...
Page 336: List Of Available Commands
Chapter 45 Introducing Commands 45.9.1 List of Available Commands Enter “ ” to display a list of available commands and the corresponding sub commands. help sysname> help Commands available: help logout exit history enable show ip <cr> show hardware-monitor <C|F> show system-information show alarm-status show cpu-utilization...
Page 337: Using Command History
45.10 Using Command History The Switch keeps a list of recently used commands available to you for reuse. You can use any commands in the history again by pressing the up ( ) or down ( ) arrow key to scroll through the previously used commands and press of commands.
Page 338: Switch Configuration File
Switch. You can perform the following with a configuration file: • Back up Switch configuration once the Switch is set up to work in your network. • Restore Switch configuration.
Page 339: Enable Mode
(Celsius C or Fahrenheit F). Displays general system information. Display which alarms are enabled on the Switch as well as the LED status of the alarms. Display statistics about the utilization of the CPU on the Switch.
Page 340 Delete all statistics records of statistics ARP packets going through the Switch. Delete statistics records of ARP statistics vlan packets going through the Switch <vlan-list> for the specified VLAN(s). Delete all statistics records of statistics DHCP requests going through the Switch.
Page 341 Flushes the ARP table entries. Specify the ARP inspection inspection filter record you want to delete from <mac-addr> vlan the Switch. The ARP inspection <vlan-id> record is identified by the MAC address and VLAN ID pair. Clears all statistics for the <port-number>...
Page 342 Loads dynamic bindings from the specified DHCP snooping database. Displays whether authentication authentication and privilege checking is enabled on the Switch and what methods are used for authentication. Displays the authentication authentication method(s) for checking privilege enable level of admnistrators.
Page 343 ES-4124 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Displays the log settings configured on the Switch. It also displays the log entries recorded on the Switch. Displays statistics regarding the statistics total number of ARP packets received on the Switch.
Page 344 Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND ethernet oam ethernet oam ethernet oam garp hardware-monitor https igmp-filtering igmp-snooping interfaces <port- number> interfaces config <port-list> DESCRIPTION Displays OAM configuration discovery <port- details and operational status of list>...
Page 345 Displays IGMP settings for each igmp interface IP interface. Displays details about known and igmp multicast unknown multicast frames passing through the Switch on the specified port(s). Displays IGMP counter and timer igmp timer settings for each IP interface. Displays the IP address table.
Page 346 <tree- index> DESCRIPTION Displays the static bindings source binding configured on the Switch based [<mac-addr>] on MAC address or VLAN ID of [...] the static binding. Displays help information for the source binding source binding command.
Page 347 ES-4124 User’s Guide Chapter 45 Introducing Commands DESCRIPTION Displays MSTP configuration for the Switch. Displays MSTP instance instance <0-16> configuration. Displays multicast status, including the port number, vlan ID and multicast group number of multicast group members on the Switch.
Page 348 Displays link aggregation information. Displays the firmware version running on the Switch. Displays the firmware version on flash the flash memory of the Switch. Displays the status of all VLANs. Displays the status of the <vlan-id> specified VLAN. Displays VLAN stacking settings.
Page 349: General Configuration Mode
Determines the path a packet takes to a device. Displays help information for this command. Saves current configuration to the configuration file the Switch is currently using. Saves current configuration to the <index> specified configuration file on the Switch.
Page 350 Sets the update period for update periodic accounting sessions. This is the <1-2147483647> time the Switch waits to send an update to an accounting server after a session starts. Enables authorization for enable executing commands on the <method1>...
Page 351 ARP packets and not sent to the syslog server. If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer.
Page 352 Enables clustering in the specified VLAN group. Sets the cluster member. Sets a descriptive name for the cluster. Logs into the CLI of the specified cluster member. Specifies through which traffic flow the Switch is to send packets. ES-4124 User’s Guide...
Page 353 Sets the IP addresses of up to 3 helper-address DHCP servers. <remote-dhcp- server1> [<remote-dhcp- server2>] [<remote-dhcp- server3>] Allows the Switch to add system information name to agent information. Allows the Switch to add DHCP option relay agent information. Enables DHCP Snooping on the Switch. PRIVILEGE...
Page 354 DHCP requests list> that it broadcasts to the DHCP information VLAN, if specified, or VLAN. Sets the Switch to add the slot vlan <vlan- number, port number and VLAN list> option ID to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.
Page 355 <auto|fixed> first 16 VLAN’s that send multicast traffic via the Switch (auto) or whether the Switch will only perform IGMP snooping on the VLANs configured on the Switch. Enables a port or a list of ports for configuration.
Page 356 Sets the password sent to the RADIUS server for clients using MAC authentication. Specifies the amount of time before the Switch allows a client MAC address that fails authentication to try and authenticate again. This settings is superseded by the mac-aging-time command.
Page 357 Assigns a specific STP treeIndex <1-4> configuration to the ports. Displays the detailed help for the mrstp command. Activates MSTP on the Switch. Sets a name for an MSTP region. Sets Hello Time, Maximum Age and Forward Delay. Specifies which MST instance you are configuring.
Page 358 Disables ARP inspection on the Switch. Resets how long (1-2147483647 filter-aging- seconds) the MAC address filter time remains in the Switch after the Switch identifies an unauthorized ARP packet to the default value ( 300 seconds). Resets the maximum number log-buffer...
Page 359 Switch. Specifies the VLAN IDs for vlan <vlan- VLANs you want to disable list> DHCP snooping on. Sets the Switch to not add the vlan <vlan- system name to DHCP requests list> that it broadcasts to the DHCP information VLAN, if specified, or VLAN.
Page 360 DESCRIPTION Sets the Switch to not add the vlan <vlan- slot number, port number and list> option VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.
Page 361 Disables login access to the specified name. Disables loopguard on the Switch. Disables MAC authentication on the Switch. Resets the MAC authentication timeout value on the Switch to “0”. Enables the specified MAC-filter name <name> mac rule. <mac-addr> vlan <vlan-id> drop <src|dst|both>...
Page 362 <telnet| ftp| selected remote management http| icmp| service. snmp| ssh| https> Disables DVMRP on the Switch. dvmrp Disables IGMP on the Switch. igmp Disables OSPF on the Switch. ospf Disable RIP on the Switch. Deletes VRRP settings.
Page 363 Switch. Disables secure web browser https access to the Switch. Disables ICMP access to the icmp Switch such as pinging and tracerouting. Disables SNMP management. snmp Disables SSH (Secure Shell) server access to the Switch. Disables telnet access to the telnet Switch.
Page 364 “temperature”, “voltage”, “reset”, “timesync”, “intrusionlock” or “loopguard”. Disables STP. Disables STP on listed ports. <port-list> Disables the secure shell server encryption key. Your Switch <rsa1|rsa|dsa> supports SSH versions 1 and 2 using RSA and DSA authentication. Removes the specified remote known-hosts hosts from the list of all known <host-ip>...
Page 365 <port-list> Disables LACP in the specified <T1|T2|T3|T4|T5 trunk group. |T6> lacp Deletes the static VLAN entry. <vlan-id> Disables GVRP on the Switch. gvrp Disables port isolation. port-isolation Disables VLAN stacking. Changes the password for the highest privilege level. Changes the password for the privilege <0-...
Page 366 A policy rule ensures that a traffic flow gets the requested treatment in the network. Enables 802.1x authentication on the Switch. Enables 802.1x authentication on the specified port(s). Sets a subscriber to periodically reauthenticate re-enter his or her username and password to stay connected to a specified port.
Page 367 <index- server selection. priority|round- robin> Specifies a group of trusted computer(s) from which an administrator may use a service to manage the Switch. Enables and enters the DVMRP configuration mode. Leaves the DVMRP exit configuration mode. Sets the DVMRP threshold threshold <ttl-...
Page 368 Table 141 Command Summary: Configuration Mode (continued) COMMAND ospf <router-id> DESCRIPTION Leaves the IGMP configuration exit mode. Sets the Switch to Non-Querier non-querier mode. (If a multicast router with a lower IP address, it will stop sending Query messages on that network.) Disables non-querier mode on...
Page 369 <area- area. id> virtual- link <router- id> Deletes the OSPF network. no network <ip- addr/bits> Sets the Switch not to learn RIP no redistribute routing information. Sets the Switch not to learn no redistribute static routing information. static PRIVILEGE...
Page 370 <1-7> uplink-gateway <ip> service- ftp <socket- control number> DESCRIPTION Sets the Switch to learn RIP redistribute routing information which will rip metric-type use the specified metric <1|2> metric <0- information. 65535> Sets the Switch to learn static...
Page 371 Allows Telnet access on the specified service port. Sets the geographic location and the name of the person in charge of this Switch. Sets the get community. Sets the set community. Sets the trap community. Sets the IP addresses of up to four stations to send your SNMP traps to.
Page 372 Sets the priority for a specified port. Sets Hello Time, Maximum Age and Forward Delay. Displays help information. Sets the bridge priority of the Switch. Sets the Switch to use Strict Priority Queuing (SPQ). PRIVILEGE ES-4124 User’s Guide...
Page 373 Enables broadcast storm control on the Switch. Enables subnet based VLAN on the Switch. Sets the Switch to force the DHCP clients to obtain their IP addresses through the DHCP VLAN. Specifies the name, IP address, subnet mask, VLAN ID of the...
Page 374 GMT) and your time zone. Sets the time server protocol. Sets the IP address of your time server. Enables Two Rate Three Color Marker on the Switch. Sets the mode for Two Rate Three Color Marker on the Switch. Activates a trunk group.
Page 375: Interface Port-Channel Commands
Enables a port or a list of ports for configuration. Sets the port to be a trusted port trust for arp inspection. The Switch does not discard ARP packets on trusted ports for any reason. Specifies the maximum rate (1- limit rate <pps>...
Page 376 Switch. Sets this port as a trusted DHCP snooping port. Trusted ports are connected to DHCP servers or other switches, and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high.
Page 377 Enables the IGMP immediate leave function. Sets the IGMP query mode for the port. Disables the specified port(s) on the Switch. Enables the device to discard incoming frames for VLANs that are not included in a port member set. Enables intrusion lock on the...
Page 378 (0). limit rate Disables DiffServ on the port(s). diffserv Disables destination lookup dlf-limit failure (DLF) on the Switch. Disables the egress port setting. egress-set <port- list> Disables Ethernet OAM on the ethernet oam port(s). Resets Ethernet OAM mode to...
Page 379 VLAN tags from outgoing untag-vlan <vlan- multicast frames when id> forwarding. Enables the port(s) on the inactive Switch. Disables ingress checking on the ingress-check port(s). Disables intrusion-lock on a port intrusion-lock so that a port can be connected again after you disconnected the cable.
Page 380: Interface Route-Domain Commands
(but not ports directly connected to end users) to allow frames belonging to unknown VLAN groups to pass through the Switch. A weight value of one to eight is given to each variable from wt 1 to wt 8.
Page 381: Table 143 Interface Route-Domain Commands
IGMP packets that the Switch should use. Sets the igmp robustness igmp robustness- variable on the Switch. This variable <2-255> variable specifies how susceptible the subnet is to lost packets. Sets the igmp query interval on igmp query-interval the Switch.
Page 382: Config-Vlan Commands
Sets the IP address of the <ip-address> <mask> Switch in the VLAN. Sets the IP address of the <ip-address> <mask> Switch in the VLAN and allow manageable remote management to this IP address. Sets the default gateway IP default gateway <ip- address in this VLAN.
Page 383: Mvr Commands
Table 144 Command Summary: config-vlan Commands (continued) COMMAND name <name-str> normal <port- list> untagged <port- list> 45.13 mvr Commands The following table lists the Table 145 Command Summary: mvr Commands COMMAND mvr <1- 4094> 8021p-priority <0-7> exit group <name-str> start-address <ip>...
Page 384 Chapter 45 Introducing Commands Table 145 Command Summary: mvr Commands (continued) COMMAND receiver-port <port-list> source-port <port-list> tagged <port- list> DESCRIPTION Disables the specified MVR group <name-str> group setting. Enables MVR. inactive Disables the receiver receiver-port port(s).An MVR receiver port <port-list> can only receive multicast traffic in a multicast VLAN.
Page 385: User And Enable Mode Commands
This chapter describes some commands which you can perform in the User and Enable modes. 46.1 Overview The following command examples show how you can use User and Enable modes to diagnose and manage your Switch. 46.2 show Commands These are the commonly used 46.2.1 show system-information...
Page 386: Show Ip
46.2.2 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all Switch interfaces. The following figure shows the default interface settings. sysname> show Management IP Address IP[192.168.0.1], Netmask[255.255.255.0], VID[0] IP Interface IP[192.168.1.1], Netmask[255.255.255.0], VID[1]...
Page 387: Show Mac Address-Table
<all <sort>|static> Where = Specifies the sorting criteria (MAC, VID or port). <sort> This command displays the MAC address(es) stored in the Switch. The following example shows the static MAC address table. sysname# show mac address-table static Port...
Page 388: Ping
Specifies the network interface or the VLAN ID to which the Ethernet device belongs. Specifies the Time To Live (TTL) period. Specifies the time period to wait. Specifies how many times the Switch performs the traceroute function. in-band reply from 192.168.1.100...
Page 389: Copy Port Attributes
This command displays information about the route to an Ethernet device. The following example displays route information to an Ethernet device with an IP address of 192.168.1.100 sysname> traceroute 192.168.1.100 traceroute to 192.168.1.100, 30 hops max, 40 byte packet 1:192.168.1.100 (10 ms) (10 ms) (0 ms) traceroute done: sysname>...
Page 390: Using A Different Configuration File
You can store up to two configuration files on the Switch. Only one configuration file is used at a time. By default the Switch uses the first configuration file (with an index number of 1). You can set the Switch to use a different configuration file. There are two ways in which you can set the Switch to use a different configuration file: restart the Switch (cold reboot) and restart the system (warm reboot).
Page 391: Configuration Mode Commands
H A P T E R Configuration Mode Commands This chapter describes how to enable and configure your Switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 47.1 Enabling IGMP Snooping To enable IGMP snooping on the Switch.
Page 392: Configure Igmp Filter
An example is shown next. • Enable IGMP snooping on the Switch. • Set the host-timeout • Set the Switch to drop packets from unknown multicast groups. sysname(config)# igmp-snooping sysname(config)# igmp-snooping host-timeout 30 sysname(config)# igmp-snooping leave-timeout 30 sysname(config)# igmp-snooping unknown-multicast-frame drop 47.2 Configure IGMP Filter...
Page 393: Enabling Stp
Specifies the bridge priority for the Switch. The lower the numeric value you assign, the higher the priority for this bridge. Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
Page 394: No Command Examples
• Set the bridge priority of the Switch to 0. • Set the Hello Time to 4, Maximum Age to 20 and Forward Delay to 15 on the Switch. • Enable STP on port 5 with a path cost of 150.
Page 395: Resetting Commands
Disables port mirroring on the Switch. 47.4.2 Resetting Commands Use the command to reset Switch settings to their default values. Syntax: no https timeout Resets the https session timeout to default. An example is shown next. The session timeout is reset to 300 seconds.
Page 396: Figure 203 No Port-Access-Authenticator Command Example
<port-list> reauthenticate <port-list> An example is shown next. • Disable authentication on the Switch. • Disable re-authentication on ports one, three, four and five. • Disable authentication on ports one, six and seven. Figure 203 no port-access-authenticator Command Example sysname(config)# no port-access-authenticator...
Page 397: Queuing Method Commands
172.165.1.9 ssh-rsa 47.5 Queuing Method Commands You can use the queuing method commands to configure queuing for outgoing traffic on the Switch. You can only select one queuing method for the Switch. Syntax: where An example is shown next.
Page 398: Static Route Commands
Chapter 47 Configuration Mode Commands 47.6 Static Route Commands You can create and configure static routes on the Switch by using the Syntax: ip route <ip> <mask> <next-hop-ip> ip route <ip> <mask> <next-hop-ip> [metric <metric>][name <name>] --> [inactive] where <ip>...
Page 399: Enabling Trunking
<T1|T2|T3|T4|T5|T6> <T1|T2|T3|T4|T5|T6> interface <port-list> <T1|T2|T3|T4|T5|T6> lacp An example is shown next. • Create trunk 1 on the Switch. • Place ports 5-8 in trunk 1. ES-4124 User’s Guide Chapter 47 Configuration Mode Commands Names the filtering rule. Specifies the MAC address you want to filter.
Page 400: Enabling Port Authentication
To enable a port authentication, you need to specify your RADIUS server details and select the ports which require external authentication. You can set up multiple RADIUS servers and specify how the Switch will process authentication requests. 47.9.1 RADIUS Server Settings...
Page 401: Port Authentication Settings
RADIUS server. If 2 RADIUS servers are configured, this is the total time the Switch will wait for a response from either server. Specifies the way the Switch will process requests from the clients to the RADIUS server. (Only applicable with multiple RADIUS servers configured.)
Page 402 Chapter 47 Configuration Mode Commands • Specify the timeout period of 30 seconds that the Switch will wait for a response from the RADIUS server. • Enable port authentication on ports 4 to 8. • Activate reauthentication on the ports.
Page 403: Interface Commands
These are some commonly used configuration commands that belong to the group of commands. 48.1 Overview The interface commands allow you to configure the Switch on a port by port basis. 48.2 Interface Command Examples This section provides examples of some frequently used interface commands.
Page 404 Chapter 48 Interface Commands The Switch supports the following IEEE 802.3ah features: • Discovery - this identifies the devices on each end of the Ethernet link and their OAM configuration. • Remote Loopback - this can initiate a loopback test between Ethernet devices.
Page 405: Bpdu-Control
• Perform a remote loopback test from port 7. sysname# show ethernet oam discovery 7 Port 7 Local client ------------ OAM configurations: Mode Unidirectional Remote loopback Link events Variable retrieval: Not supported Max. OAMPDU size Operational status: Link status Info. revision Parser state Discovery state Remote client...
Page 406: Broadcast-Limit
An example is shown next. , to forward BPDUs received on ports one, three, four tunnel Enables broadcast storm control limit on the Switch. Limits how many broadcast packet the interface receives per second. command enables bandwidth control on the Switch.
Page 407: Mirror
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local switch. An example is shown next.
Page 408: Ingress-Check
Chapter 48 Interface Commands • Enable the IEEE 802.1Q tagged VLAN command to configure tagged VLAN for the Switch. • Enable ports one, three, four and five for configuration. • Enable GVRP on the interface. sysname(config)# vlan1q gvrp sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# gvrp 48.2.8 ingress-check...
Page 409: Egress Set
<port-list> An example is shown next. • Enable port-based VLAN tagging on the Switch. • Enable ports one, three, four and five for configuration. • Set the outgoing traffic ports as the CPU (0), seven (7) and eight (8).
Page 410: Name
Chapter 48 Interface Commands • Set the IEEE 802.1p quality of service priority as four (4). sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# qos priority 4 48.2.13 name Syntax: name <port-name-string> where <port-name-string> An example is shown next. • Enable ports one, three, four and five for configuration. •...
Page 411: Interface No Command Examples
• Select ports 3-6 for internal loopback test. • Execute the test command. • View the results. sysname(config)# interface port-channel 3-6 sysname(config-interface)# test 3-6 Testing internal loopback on port 3 :Passed! Ethernet Port 3 Test ok. Testing internal loopback on port 4 :Passed! Ethernet Port 4 Test ok.
Page 412 Chapter 48 Interface Commands ES-4124 User’s Guide...
Page 413: Ieee 802.1Q Tagged Vlan Commands
(config-interface)# exit 2 Configure your management VLAN. • Use the vlan <vlan-id> managing the Switch, and the Switch will activate the new management VLAN. • Use the command to disable the new management VLAN. inactive sysname (config)# vlan 3 sysname (config-vlan)# inactive ES-4124 User’s Guide...
Page 414: Global Vlan1Q Tagged Vlan Configuration Commands
This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 49.2.1 GARP Status Syntax: show garp This command shows the Switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. sysname# show garp...
Page 415: Gvrp Timer
This command turns on GVRP in order to propagate VLAN information beyond the Switch. 49.2.5 Disable GVRP Syntax: no vlan1q gvrp This command turns off GVRP so that the Switch does not propagate VLAN information to other switches. 49.3 Port VLAN Commands You must configure the Switch port VLAN settings in config-interface mode.
Page 416: Set Acceptable Frame Type
Chapter 49 IEEE 802.1Q Tagged VLAN Commands The following example sets the default VID to 200 on ports 1 to 5. sysname (config)# interface port-channel 1-5 sysname (config-interface)# pvid 200 49.3.2 Set Acceptable Frame Type Syntax: frame-type <all|tagged|untagged> where <all|tagged| untagged>...
Page 417 The Switch also does not forward frames to “forbidden” ports. 4 If after looking at the SVLAN, the Switch does not have any ports to which it will send the frame, it won’t check the port filter.
Page 418: Delete Vlan Id
An example is shown next. • VID is the VLAN identification number. • Status shows whether the VLAN is static or active. • Elap-Time is the time since the VLAN was created on the Switch. The VLAN ID [1 – 4094]. ES-4124 User’s Guide...
Page 419 • The section of the last column shows which ports are tagged and which are TagCtl untagged. sysname# show vlan The Number of VLAN: Idx. VID Status ---- ---- -------- ------------ ------------------------ Static Static Static ES-4124 User’s Guide Chapter 49 IEEE 802.1Q Tagged VLAN Commands Elap-Time TagCtl 0:12:13...
Page 420 Chapter 49 IEEE 802.1Q Tagged VLAN Commands ES-4124 User’s Guide...
Page 421: Multicast Vlan Registration Commands
H A P T E R Multicast VLAN Registration This chapter shows you how to use Multicast VLAN Registration (mvr) commands. 50.1 Overview Use the mvr commands in the configuration mode to create and configure multicast VLANs. If you want to enable IGMP snooping see 50.2 Create Multicast VLAN Use the following commands in the config-mvr mode to configure a multicast VLAN group.
Page 422: Chapter 50 Multicast Vlan Registration Commands
Chapter 50 Multicast VLAN Registration Commands mode <dynamic|compati ble> group name <name-str> start-address <ip> end-address <ip> • Enter MVR mode. Create a multicast VLAN with the name multiVlan and the VLAN ID of 3. • Specify source ports 2, 3, 5 and receiver ports 6-8. •...
Page 423: Routing Domain Command Examples
Syntax: interface route-domain <ip-address>/<mask-bits> where = This is the IP address of the Switch in the routing domain. Specify the <ip-address> IP address is dotted decimal notation. For example, 192.168.1.1. = The number of bits in the subnet mask. Enter the subnet mask number <mask-bits>...
Page 424: Chapter 51 Routing Domain Command Examples
Chapter 51 Routing Domain Command Examples ES-4124 User’s Guide...
Page 425: Troubleshooting
IP address, your computer’s IP address must match it. Refer to the chapter on access control for details. Your computer’s and the Switch’s IP addresses must be on the same subnet. See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.
Page 426: Pop-Up Windows, Javascripts And Java Permissions
Chapter 52 Troubleshooting 52.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 427: Figure 205 Internet Options
Figure 205 Internet Options 3 Click Apply to save this setting. 52.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 428: Figure 206 Internet Options
Chapter 52 Troubleshooting Figure 206 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 207 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen.
Page 429: Figure 208 Internet Options
6 Click Apply to save this setting. 52.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 208 Internet Options 2 Click the Custom Level...
Page 430: Figure 209 Security Settings - Java Scripting
Chapter 52 Troubleshooting Figure 209 Security Settings - Java Scripting 52.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 431: Problems With The Password
CORRECTIVE ACTION Cannot access the The password field is case sensitive. Make sure that you enter the correct Switch. password using the proper casing. The administrator username is “admin”. The default administrator password is “1234”. The username and password are case-sensitive. Make sure that you enter the correct password and username using the proper casing.
Page 432 Chapter 52 Troubleshooting ES-4124 User’s Guide...
Page 433: Appendices And Index
Appendices and Index Product Specifications (355) IP Addresses and Subnetting (441) Legal Information (449) Customer Support (453) Index (457)
Page 435: Appendix A Product Specifications
P P E N D I X Product Specifications The following tables summarize the Switch’s hardware and firmware features. Table 149 Hardware Specifications SPECIFICATION Dimensions Weight Power Specification Interfaces LEDs Operating Environment Storage Environment Ground Wire Gauge Power Wire Gauge Fuse Specification ES-4124 User’s Guide...
Page 436: Table 150 Firmware Specifications
Authentication via RADIUS and TACACS+ also available. An IP interface (also known as an IP routing domain) is not bound to a physical port. Configure an IP routing domain to allow the Switch to route traffic between different networks. A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks.
Page 437 This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management. With IP multicast, the Switch delivers IP packets to a group of hosts on the network - not everybody. In addition, the Switch can send packets to Ethernet devices that are not VLAN-aware by untagging (removing the VLAN tags) IP multicast packets.
Page 438: Table 151 Switching Specifications
Switch. Note: Only upload firmware for your specific model! Make a copy of the Switch’s configuration and put it back on the Switch later if you decide you want to revert back to an earlier configuration. Cluster management (also known as iStacking) allows you to manage switches through one switch, called the cluster manager.
Page 439: Table 152 Standards Supported
DHCP Snooping Security IEEE 802.1x port-based authentication Static MAC address filtering Limiting number of dynamic addresses per port The following list, which is not exhaustive, illustrates the standards supported in the Switch. Table 152 Standards Supported STANDARD RFC 826 RFC 867...
Page 440 Appendix A Product Specifications Table 152 Standards Supported (continued) STANDARD RFC 3164 RFC 3376 RFC 3414 RFC 3580 IEEE 802.1x IEEE 802.1D IEEE 802.1p IEEE 802.1Q IEEE 802.1w IEEE 802.1s IEEE 802.3 IEEE 802.3ad IEEE 802.3ah IEEE 802.3x Safety DESCRIPTION Syslog Internet Group Management Protocol, Version 3 User-based Security Model (USM) for version 3 of the Simple Network...
Page 441: Appendix B Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 442: Figure 212 Network Number And Host Id
Appendix B IP Addresses and Subnetting Figure 212 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 443: Table 154 Subnet Masks
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 154 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Page 444: Figure 213 Subnetting Example: Before Subnetting
Appendix B IP Addresses and Subnetting Table 156 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 445: Figure 214 Subnetting Example: After Subnetting
Figure 214 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 446: Table 158 Subnet 2
Appendix B IP Addresses and Subnetting Table 158 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 159 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address:...
Page 447: Table 162 24-Bit Network Number Subnet Planning
Table 161 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 162 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Page 448: Configuring Ip Addresses
You must also enable Network Address Translation (NAT) on the Switch. Once you have decided on the network number, pick an IP address for your Switch that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 450 Appendix C Legal Information FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 451 condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 452 Appendix C Legal Information ES-4124 User’s Guide...
Page 453: Appendix D Customer Support
José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika ES-4124 User’s Guide Customer Support...
Page 454 • Support E-mail: support@zyxel.fi • Sales E-mail: sales@zyxel.fi • Telephone: +358-9-4780-8411 • Fax: +358-9-4780 8448 • Web Site: www.zyxel.fi • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 •...
Page 455 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 456 Appendix D Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 457: Index
Numerics 802.1P priority access control limitations login account remote management service port SNMP accounting setup accounts and modes address learning, MAC 97, 99 Address Resolution Protocol (ARP) administrator password aggregator ID 137, 138 aging time allowing pop-up windows alternative subnet mask notation applications backbone bridging...
Page 458 Index syntax conventions cloning a port See port cloning cluster management and switch passwords cluster manager 313, 317 cluster member 313, 318 cluster member firmware upgrade network example setup specification status switch models web configurator cluster manager cluster member command interface...
Page 459 service level what it does DSCP (DiffServ Code Point) DVMRP Autonomous System default timer setting error message graft how it works implementation probe prune report setup terminology threshold DVMRP (Distance Vector Multicast Routing Protocol) dynamic link aggregation egress port enable mode examples Ethernet broadcast address Ethernet port test...
Page 460 Index IEEE 802.1x activate 145, 146, 192, 194 reauthentication IEEE 802.1x, port authentication IGMP how it works overview port based setup version version 3 versions supported IGMP (Internet Group Management Protocol) IGMP filtering profile profiles IGMP snooping ingress port Installation Rack-mounting installation freestanding...
Page 461 firmware restoring configuration maintenance current configuration main screen management Management Information Base (MIB) management interface, See also CLI management port managing the device good habits using FTP. See FTP. using SNMP. See SNMP. using Telnet. See command interface. using the command interface. See command interface.
Page 462 Index interface 234, 236, 240 link state database 234, 236 network example priority redistribute route route cost router elections router ID router types status stub area 233, 240 virtual link virtual links vs RIP OSPF (Open Shortest Path First) password administrator problems PHB (Per-Hop Behavior)
Page 463 and authentication Network example server settings setup Rapid Spanning Tree Protocol, See RSTP. reboot load configuration reboot system redistribute route registration product related documentation remote management service trusted computers resetting 60, 284 to factory default settings restoring configuration 60, 286 Reverse Path Forwarding (RPF) Reverse Path Multicasting (RPM) RFC 3164...
Page 464 Time To Live (TTL) trademarks transceiver installation removal traps destination troubleshooting accessing the switch accessing the web configurator password problems start-up TRTCM and bandwidth control and DiffServ color-aware mode color-blind mode setup trunk group...
Page 465 Virtual Router status Virtual Router (VR) Virtual Router Redundancy Protocol (VRRP) VLAN 79, 89, 438 acceptable frame type automatic registration ingress filtering introduction number of VLANs port isolation port number port settings port-based VLAN port-based, all connected port-based, isolation port-based, wizard static VLAN status 92, 93...
Page 466 Index ES-4124 User’s Guide...

ZyXEL Communications ZyXEL Dimension ES-4124 User Manual

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forward Setup

Chapter 10 Filtering

Chapter 11

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ZyXEL Dimension ES-4124

Summary of Contents for ZyXEL Communications ZyXEL Dimension ES-4124