Page 1 GS-4012F/4024 Ethernet Switch User’s Guide Version 3.60 1/2006...
Page 2: Copyright
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 3: Interference Statements And Warnings
FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 4: Safety Warnings
Certifications 1 Go to www.zyxel.com 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. Registration Register your product online for free future product updates and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Page 5: Zyxel Limited Warranty
GS-4012F/4024 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
Page 6: Customer Support
1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com +47-22-80-61-80 www.zyxel.no +47-22-80-61-81 GS-4012F/4024 User’s Guide REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika ZyXEL Communications A/S...
Page 7 Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia ZyXEL Communications Alejandro Villegas 33 1º, 28043 Madrid Spain ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden ZyXEL Ukraine 13, Pimonenko Str. Kiev, 04050 Ukraine ZyXEL Communications UK Ltd.,11 The Courtyard,...
Page 8: Table Of Contents
2.2 Mounting the Switch on a Rack ... 40 2.2.1 Rack-mounted Installation Requirements ... 40 2.2.1.1 Precautions ... 40 2.2.2 Attaching the Mounting Brackets to the Switch ... 40 2.2.3 Mounting the Switch on a Rack ... 40 Chapter 3 Hardware Overview...
Page 9 ... 49 4.3 The Status Screen 4.3.1 Change Your Password 4.4 Switch Lockout ... 55 4.5 Resetting the Switch 4.5.1 Reload the Configuration File ... 56 4.6 Logging Out of the Web Configurator ... 56 4.7 Help ... 57 Chapter 5 Initial Setup Example...
Page 10 7.4 Introduction to VLANs ... 75 7.5 IGMP Snooping ... 76 7.6 Switch Setup Screen ... 76 7.7 IP Setup ... 78 7.7.1 IP Interfaces ... 78 7.8 Port Setup ... 80 Chapter 8 VLAN ... 83 8.1 Introduction to IEEE 802.1Q Tagged VLANs 8.1.1 Forwarding Tagged and Untagged Frames ...
Page 11 GS-4012F/4024 User’s Guide Chapter 12 Bandwidth Control... 103 12.1 Introduction to Bandwidth Control ... 103 12.1.1 CIR and PIR ... 103 12.2 Bandwidth Control Setup ... 103 Chapter 13 Broadcast Storm Control ... 105 13.1 Overview ... 105 13.2 Broadcast Storm Control Setup ... 105 Chapter 14 Mirroring ...
Page 12 Chapter 19 Policy Rule... 127 19.1 Overview ... 127 19.1.1 DiffServ ... 127 19.1.2 DSCP and Per-Hop Behavior ... 127 19.2 Configuring Policy Rules ... 127 19.3 Viewing and Editing Policy Configuration ... 130 19.4 Policy Example ... 131 Chapter 20 Queuing Method...
Page 13 GS-4012F/4024 User’s Guide Chapter 24 RIP ... 157 24.1 Overview ... 157 24.2 Configuring ... 157 Chapter 25 OSPF ... 159 25.1 Overview ... 159 25.1.1 OSPF Autonomous Systems and Areas ... 159 25.1.2 How OSPF Works ... 160 25.1.3 Interfaces and Virtual Links ... 160 25.1.4 Configuring OSPF ...
Page 14 29.2 Activating DiffServ ... 180 29.3 DSCP-to-IEEE802.1p Priority Mapping 29.3.1 Configuring DSCP Settings ... 181 Chapter 30 DHCP... 183 30.1 Overview ... 183 30.1.1 DHCP modes ... 183 30.2 DHCP Server Status ... 183 30.3 Configuring DHCP Server ... 184 30.3.1 DHCP Server Configuration Example ...
Page 15 33.3.4 Setting Up Login Accounts ... 208 33.4 SSH Overview ... 210 33.5 How SSH works ... 210 33.6 SSH Implementation on the Switch ... 211 33.6.1 Requirements for Using SSH ... 211 33.7 Introduction to HTTPS ... 211 33.8 HTTPS Example ... 212 33.8.1 Internet Explorer Warning Messages ...
Page 16 39.2 Viewing the Routing Table ... 233 Chapter 40 Introducing the Commands ... 235 40.1 Overview ... 235 40.1.1 Switch Configuration File ... 235 40.2 Accessing the CLI ... 235 40.2.1 Access Priority ... 236 40.2.2 The Console Port ... 236 40.2.2.1 Initial Screen ...
Page 17 GS-4012F/4024 User’s Guide Chapter 41 Command Examples... 267 41.1 Overview ... 267 41.2 show Commands ... 267 41.2.1 show system-information ... 267 41.2.2 show hardware-monitor ... 268 41.2.3 show ip ... 268 41.2.4 show logging ... 269 41.2.5 show interface ... 269 41.2.6 show mac address-table ...
Page 18 42.8 Show VLAN Setting ... 294 Chapter 43 Troubleshooting... 297 43.1 Problems Starting Up the Switch ... 297 43.2 Problems Accessing the Switch ... 297 43.2.1 Pop-up Windows, JavaScripts and Java Permissions ... 298 43.2.1.1 Internet Explorer Pop-up Blockers ... 298 43.2.1.2 JavaScripts ...
Page 19 GS-4012F/4024 User’s Guide Table of Contents...
Page 20: List Of Figures
Figure 18 Web Configurator Home Screen (Status) ... 50 Figure 19 Change Administrator Login Password ... 55 Figure 20 Resetting the Switch: Via the Console Port ... 56 Figure 21 Web Configurator: Logout Screen ... 57 Figure 22 Initial Setup Network Example: IP Interface ... 59 Figure 23 Initial Setup Network Example: VLAN ...
Page 21 GS-4012F/4024 User’s Guide Figure 39 Static MAC Forwarding ... 93 Figure 40 Filtering ... 95 Figure 41 Spanning Tree Protocol: Status ... 99 Figure 42 Spanning Tree Protocol: Configuration ... 100 Figure 43 Bandwidth Control ... 104 Figure 44 Broadcast Storm Control ... 105 Figure 45 Mirroring ...
Page 22 Figure 110 VRRP Configuration Example: Two Virtual Router Network ... 196 Figure 111 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A ... 197 Figure 112 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B ... 197 Figure 113 VRRP Example 2: VRRP Status on Switch A ...
Page 23 Figure 140 Cluster Management: Status ... 222 Figure 141 Cluster Management: Cluster Member Web Configurator Screen ... 223 Figure 142 Example: Uploading Firmware to a Cluster Member Switch ... 224 Figure 143 Clustering Management Configuration ... 225 Figure 144 MAC Table Flowchart ... 227 Figure 145 MAC Table ...
Page 24 GS-4012F/4024 User’s Guide Figure 168 CLI: Restore Configuration Example ... 274 Figure 169 CLI: boot config Command Example ... 274 Figure 170 CLI: reload config Command Example ... 274 Figure 171 CLI: Reset to the Factory Default Example ... 275 Figure 172 no mirror-port Command Example ...
Page 25 GS-4012F/4024 User’s Guide List of Figures...
Page 26: List Of Tables
Table 24 Bandwidth Control ... 104 Table 25 Broadcast Storm Control ... 106 Table 26 Mirroring ... 108 Table 27 Link Aggregation ID: Local Switch ... 110 Table 28 Link Aggregation ID: Peer Switch ... 110 Table 29 Link Aggregation Control Protocol: Status ... 111 Table 30 Link Aggregation Control Protocol: Configuration ...
Page 27 GS-4012F/4024 User’s Guide Table 39 Policy: Summary Table ... 130 Table 40 Physical Queue Priority ... 133 Table 41 Queuing Method ... 135 Table 42 VLAN Tag Format ... 138 Table 43 Single and Double Tagged 802.11Q Frame Format ... 139 Table 44 802.1Q Frame ...
Page 28 Table 98 Command Summary: config-vlan Commands ... 264 Table 99 Command Summary: mvr Commands ... 265 Table 100 Troubleshooting the Start-Up of Your Switch ... 297 Table 101 Troubleshooting Accessing the Switch ... 297 Table 102 Troubleshooting the Password ... 305 Table 103 General Product Specifications ...
Page 29 GS-4012F/4024 User’s Guide List of Tables...
Page 30: Preface
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The GS-4012F/4024 Ethernet Switch may be referred to as “the switch” in this User’s Guide.
Page 31: User Guide Feedback
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 32: Getting To Know Your Switch
TCP/IP configuration at start-up from a server. You can configure the switch as a DHCP server or disable it. When configured as a server, the switch provides the TCP/IP configuration for the clients. If you disable the DHCP service, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 33: Port Mirroring
(the port you copy the traffic to) without interference. Static Route Static routes tell the switch how to forward IP traffic when you configure the TCP/IP parameters manually. Chapter 1 Getting to Know Your Switch...
Page 34: Igmp Snooping
IP Multicast With IP multicast, the switch delivers IP packets to a group of hosts on the network - not everybody. In addition, the switch can send packets to Ethernet devices that are not VLAN- aware by untagging (removing the VLAN tags) IP multicast packets.
Page 35: Hardware Features
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
Page 36: Applications
Gigabit Ethernet Ports The ports allow the switch to connect to another WAN switch or daisy-chain to other switches. Management Port Connect a computer to this port for management purposes. You cannot access the network through this port. Console Port Use the console port for local management of the switch.
Page 37: Bridging Example
Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the switch.
Page 38: Ieee 802.1Q Vlan Application Examples
Ethernet cables and adapter cards, restructuring your network and complex maintenance. The switch can provide the same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches.
Page 39: Vlan Shared Server Example
In this example, only ports that need access to the server need belong to VLAN 1. Ports can belong to other VLAN groups too. Figure 5 Shared Server Using VLAN Example Chapter 1 Getting to Know Your Switch...
Page 40: Hardware Installation And Connection
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the switch. These rubber feet help protect the switch from shock or vibration and ensure space between devices when stacking.
Page 41: Mounting The Switch On A Rack
2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the switch, lining up the four screw holes on the bracket with the screw holes on the side of the switch.
Page 42: Figure 8 Mounting The Switch On A Rack
GS-4012F/4024 User’s Guide Figure 8 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack.
Page 43 GS-4012F/4024 User’s Guide Chapter 2 Hardware Installation and Connection...
Page 44: Chapter 3 Hardware Overview
This chapter describes the front panel and rear panel of the switch and shows you how to make the hardware connections. 3.1 Front Panel Connection The figure below shows the front panel of the switch. Figure 9 Front Panel: GS-4024 Figure 10 Front Panel: GS-4012F The following table describes the port labels on the front panel.
Page 45: Console Port
• No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console cable to the console port of the switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.
Page 46: Transceiver Installation
1 Insert the transceiver into the slot with the exposed section of PCB board facing down. Figure 11 Transceiver Installation Example 2 Press the transceiver firmly until it clicks into place. 3 The switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly. Figure 12 Installed Transceiver 3.1.3.2 Transceiver Removal...
Page 47: Rear Panel
Figure 14 Transceiver Removal Example 3.2 Rear Panel The following figure shows the rear panel of the switch. The rear panel contains the ventilation holes, a connector for external backup power supply (BPS), the power receptacle and the power switch (for DC model).
Page 48: Power Connector
The GS-4012F DC unit requires DC power supply input of –48 VDC or -60 VDC, 1.2A Max. To connect the power to the switch, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to a power outlet.
Page 49 GS-4012F/4024 User’s Guide Table 2 Front Panel LEDs (continued) COLOR Gigabit Ethernet Ports 1000 Green Amber Mini-GBIC (SFP) Slots Green Green MGMT Port Green Amber STATUS DESCRIPTION There is a hardware failure. The system is functioning normally. Blinking The port is sending/receiving data. The link to a 1000 Mbps Ethernet network is up.
Page 50: The Web Configurator
4.2 System Login 1 Start your web browser. 2 Type “http://” and the IP address of the switch (for example, the default is 192.168.1.1) in the Location or Address field. Press [ENTER]. 3 The login screen appears. The default username is admin and associated default password is 1234.
Page 51: The Status Screen
GS-4012F/4024 User’s Guide Figure 17 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 18 Web Configurator Home Screen (Status) Chapter 4 The Web Configurator...
Page 52: Table 3 Navigation Panel Sub-Links Overview
In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING APPLICATION Chapter 4 The Web Configurator GS-4012F/4024 User’s Guide IP APPLICATION MANAGEMENT...
Page 53: Table 4 Web Configurator Screen Sub-Links Details
This link takes you to a screen where you can configure general identification information about the switch. Switch Setup This link takes you to a screen where you can set up global switch parameters such as VLAN type, MAC address learning, IGMP snooping, GARP and priority queues. IP APPLICATION...
Page 54 This link takes you to a screen where you can activate MAC address learning and set the maximum number of MAC addresses to learn on a port. Classifier This link takes you to a screen where you can configure the switch to group packets based on the specified criteria. Policy Rule This link takes you to a screen where you can configure the switch to perform special treatment on the grouped packets.
Page 55: Change Your Password
This link takes you to a screen where you can configure the DVMRP (Distance Vector Multicast Routing Protocol) settings. IP Multicast This link takes you to a screen where you can configure the switch to remove VLAN tags from IP multicast packets on an out-going port. DiffServ This link takes you to screens where you can enable DiffServ, configure marking rules and set DSCP-to-IEEE802.1p mappings.
Page 56: Switch Lockout
4.5 Resetting the Switch If you lock yourself (and others) from the switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the switch back to the factory defaults. Chapter 4 The Web Configurator...
Page 57: Reload The Configuration File
1 Connect to the console port using a computer with terminal emulation software. See Section 3.1.1 on page 44 2 Disconnect and reconnect the switch’s power to begin a session. When you reconnect the switch’s power, you will see the initial screen.
Page 58: Help
Figure 21 Web Configurator: Logout Screen 4.7 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. Chapter 4 The Web Configurator GS-4012F/4024 User’s Guide...
Page 59 GS-4012F/4024 User’s Guide Chapter 4 The Web Configurator...
Page 60: Initial Setup Example
5.1.1 Configuring an IP Interface On a layer-3 switch, an IP interface (also known as an IP routing domain) is not bound to a physical port. The default IP address of the switch is 192.168.1.1 with a subnet mask of 255.255.255.0.
Page 61: Configuring Dhcp Server Settings
6 Click Add. 5.1.2 Configuring DHCP Server Settings You can set the switch to assign network information (such as the IP address, DNS server, etc.) to DHCP clients on the network. For the example network, configure two DHCP client pools on the switch for the DHCP clients in the RD and Sales networks.
Page 62: Creating A Vlan
5.1.3 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 10 as a member of VLAN 2. Figure 23 Initial Setup Network Example: VLAN 1 Click Advanced Application and VLAN in...
Page 63: Setting Port Vid
4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the switch to remove VLAN tags before sending. 5 Click Add to save the settings. 5.1.4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.
Page 64: Enabling Rip
RIP (Routing Information Protocol) in the RIP screen. 1 Click IP Application and RIP in the navigation panel. 2 Select Both in the Direction field to set the switch to broadcast and receive routing information. 3 In the Version field, select RIP-1 for the RIP packet format that is universally supported.
Page 65 GS-4012F/4024 User’s Guide Chapter 5 Initial Setup Example...
Page 66: System Status And Port Statistics
System Status and Port This chapter describes the system status (web configurator home page) and port details screens. 6.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 6.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.
Page 67: Port Details
6.2.1 Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the switch. Figure 26 on page 67).
Page 68: Figure 26 Status: Port Details
Figure 26 Status: Port Details The following table describes the labels in this screen. Table 7 Status: Port Details LABEL DESCRIPTION Port Info Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber).
Page 69 GS-4012F/4024 User’s Guide Table 7 Status: Port Details (continued) LABEL DESCRIPTION Up Time This field shows the total amount of time the connection has been up. Tx Packet The following fields display detailed information about packets transmitted. TX Packet This field shows the number of good packets (unicast, multicast and broadcast) transmitted.
Page 70 Table 7 Status: Port Details (continued) LABEL DESCRIPTION 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length.
Page 71 GS-4012F/4024 User’s Guide Chapter 6 System Status and Port Statistics...
Page 72: Chapter 7 Basic Setting
The real time is then displayed in the switch logs. The Switch Setup screen allows you to set up and configure global switch features. The IP Setup screen allows you to configure a switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes.
Page 73: Figure 27 System Info
You may choose the temperature unit (Centigrade or Fahrenheit) in this field. Temperature MAC, CPU and PHY refer to the location of the temperature sensors on the switch printed circuit board. Current This shows the current temperature in degrees centigrade at this sensor.
Page 74: General Setup
This field displays the maximum voltage measured at this point. This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point;...
Page 75: Figure 28 General Setup
Location Enter the geographic location (up to 30 characters) of your switch. Contact Person's Enter the name (up to 30 characters) of the person in charge of this switch. Name Login Use this drop-down list box to select which database the switch should use (first) to Precedence authenticate an administrator (user for switch management).
Page 76: Introduction To Vlans
LABEL DESCRIPTION Use Time Server Enter the time service protocol that a timeserver sends when you turn on the switch. when Bootup Not all time servers support all protocols, so you may have to use trial and error to find a protocol that works. The main differences between them are the time format.
Page 77: Igmp Snooping
7.6 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen.
Page 78: Table 10 Switch Setup
Use the next two fields to configure the priority level-to-physical queue mapping. The switch has eight physical queues that you can map to the 8 priority levels. On the switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
Page 79: Ip Setup
The factory default subnet mask is 255.255.255.0. On the switch, as a layer-3 device, an IP address is not bound to any physical ports. Since each IP address on the switch must be in a separate subnet, the configured IP address is also known as IP interface (or routing domain).
Page 80: Figure 30 Ip Setup
MGMT. This means that device(s) connected to the other port(s) do not receive these packets. Select In-Band to have the switch send the packets to all ports except the management port (labelled MGMT) to which connected device(s) do not receive these packets.
Page 81: Port Setup
Mask example, 255.255.255.0. Enter the VLAN identification number to which an IP routing domain belongs. Click Add to save the new rule to the switch. It then displays in the summary table at the bottom of the screen. Cancel Click Cancel to reset the fields to your previous configuration.
Page 82: Figure 31 Port Setup
When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode.
Page 83 BPDU Control Configure the way to treat BPDUs received on this port. You must activate bridging control protocol transparency in the Switch Setup screen first. Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Select Tunnel to forward BPDUs received on this port.
Page 84: Chapter 8 Vlan
The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
Page 85: Automatic Vlan Registration
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLANs groups beyond the local switch. Please refer to the following table for common IEEE 802.1Q VLAN terminology.
Page 86: Port Vlan Trunking
C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).
Page 87: Static Vlan
GS-4012F/4024 User’s Guide Figure 33 Switch Setup: Select VLAN Type 8.5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be • sent to a VLAN group as normal depends on its VLAN tag.
Page 88: Configure A Static Vlan
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamically using GVRP or statically, that is, added as a permanent entry. Poll Interval(s) The text box displays how often (in seconds) this screen refreshes.
Page 89: Figure 35 Vlan: Static Vlan
GS-4012F/4024 User’s Guide Figure 35 VLAN: Static VLAN The following table describes the related labels in this screen. Table 15 VLAN: Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name (up to 12 printable ASCII characters) for the VLAN group for identification purposes.
Page 90: Configure Vlan Port Settings
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Select this check box to permit VLAN groups beyond the local switch. Port Isolation Port Isolation allows each port to communicate only with the CPU management port but not communicate with each other.
Page 91: Port-Based Vlans
The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 8.6.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the next screen. Chapter 8 VLAN...
Page 92: Figure 37 Port Based Vlan Setup (All Connected)
GS-4012F/4024 User’s Guide Figure 37 Port Based VLAN Setup (All Connected) Figure 38 Port Based VLAN Setup (Port Isolation) The following table describes the labels in this screen. Chapter 8 VLAN...
Page 93: Table 17 Port Based Vlan Setup
(its outgoing port). CPU refers to the switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the switch cannot be managed from that port.
Page 94: Static Mac Forward Setup
MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the switch. See on port security.
Page 95: Table 18 Static Mac Forwarding
GS-4012F/4024 User’s Guide Table 18 Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes for this rule.
Page 96: Chapter 10 Filtering
This chapter discusses static MAC address filtering. 10.1 Overview Filtering means sifting traffic going through the switch based on the source and/or destination MAC addresses and VLAN group (ID). 10.2 Configure a Filtering Rule Click Advanced Application, Filtering in the navigation panel to display the screen as shown next.
Page 97 Type a MAC address in valid MAC address format, that is, six hexadecimal character pairs. Type the VLAN group identification number. Click Add to save the new rule to the switch. It then displays in the summary table at the bottom of the screen. Cancel Click Cancel to reset the fields to your previous configuration.
Page 98: Chapter 11 Spanning Tree Protocol
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
Page 99: How Stp Works
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network.
Page 100: Figure 41 Spanning Tree Protocol: Status
This switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch. Hello Time...
Page 101: Configure Stp
GS-4012F/4024 User’s Guide Table 22 Spanning Tree Protocol: Status (continued) LABEL DESCRIPTION Poll Interval(s) The text box displays how often (in seconds) this screen refreshes. You may change the refresh interval by typing a new number in the text box and then clicking Set Interval.
Page 102 (provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds.
Page 103 GS-4012F/4024 User’s Guide Chapter 11 Spanning Tree Protocol...
Page 104: Chapter 12 Bandwidth Control
This chapter shows you how you can cap the maximum bandwidth allowed from specific source(s) to specified destination(s) using the Bandwidth Control screen. 12.1 Introduction to Bandwidth Control Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out- going traffic flows on a port.
Page 105: Figure 43 Bandwidth Control
Table 24 Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the switch. Port This field displays the port number. Active Make sure to select this check box to activate bandwidth control on a port.
Page 106: Broadcast Storm Control
Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Page 107: Table 25 Broadcast Storm Control
Table 25 Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable broadcast storm control on the switch. Port This field displays a port number. Broadcast (pkt/s) Select this option and specify how many broadcast packets the port receives per second.
Page 108: Chapter 14 Mirroring
This chapter shows you how to configure mirroring on the switch. 14.1 Overview Port mirroring allows you to copy traffic going from one or all ports to another or all ports in order that you can examine the traffic from the mirror port (the port you copy the traffic to) without interference.
Page 109: Table 26 Mirroring
Table 26 Mirroring LABEL DESCRIPTION Active Clear this check box to deactivate port mirroring on the switch. Monitor The monitor port is the port you copy the traffic to in order to examine it in more detail Port without interfering with the traffic flow on the original port(s). Select this port from this drop-down list box.
Page 110: Chapter 15 Link Aggregation
“standby” ports become operational without user intervention. Please note that: • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking.
Page 111: Link Aggregation Id
GS-4012F/4024 User’s Guide 15.1.2 Link Aggregation ID LACP aggregation ID consists of the following information Table 27 Link Aggregation ID: Local Switch SYSTEM PRIORITY MAC ADDRESS 0000 Table 28 Link Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS 0000 15.2 Link Aggregation Status Click Advanced Application, Link Aggregation in the navigation panel.
Page 112: Link Aggregation Setup
Table 29 Link Aggregation Control Protocol: Status LABEL DESCRIPTION Index This field displays the trunk ID to identify a trunk group, that is, one logical link containing multiple ports. Aggregator ID Refer to Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group.
Page 113: Figure 47 Link Aggregation Control Protocol: Configuration
Select this checkbox to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535. The switch with the lowest Priority system priority (and lowest port number if system priority is the same) becomes the LACP “server”.
Page 114 Select either 1 second or 30 seconds. Apply Click Apply to save your changes back to the switch. Cancel Click Cancel to begin configuring this screen afresh. Chapter 15 Link Aggregation...
Page 115 GS-4012F/4024 User’s Guide Chapter 15 Link Aggregation...
Page 116: Chapter 16 Port Authentication
Figure 48 RADIUS Server 16.2 Configuring Port Authentication For network security, enable port authentication to check the identity of the user before access to the network is allowed. The switch authenticates users against the remote RADIUS server you specify. To enable port authentication: •...
Page 117: Activating Ieee 802.1X Security
Active Select this checkbox to permit 802.1x authentication on this port. You must first allow 802.1x authentication on the switch before configuring it on each port. Reauthentication Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port.
Page 118: Configuring Radius Server Settings
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the switch.
Page 119 GS-4012F/4024 User’s Guide Chapter 16 Port Authentication...
Page 120: Chapter 17 Port Security
17.1 Overview Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch. For maximum port security, enable this feature, disable MAC address learning and configure static MAC address(es) for a port. It is not recommended you disable Port Security together with MAC address learning as this will result in many broadcasts.
Page 121: Table 33 Port Security
MAC addresses aged out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from 0 to 16K. “0” means this feature is disabled, so the switch will learn MAC addresses up to the global limit of 16K.
Page 122: Chapter 18 Classifier
This chapter introduces and shows you how to configure the packet classifier on the switch. 18.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Page 123: Figure 53 Classifier
GS-4012F/4024 User’s Guide Figure 53 Classifier The following table describes the related labels in this screen. Table 34 Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for identification purpose only.
Page 124 Select an IP protocol type or select Other and enter the protocol number in decimal value. Refer to You may select Establish Only for TCP protocol type. This means that the switch will pick out the packets that are sent to establish TCP connections.
Page 125: Viewing And Editing Classifier Configuration
GS-4012F/4024 User’s Guide Table 34 Classifier (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. 18.3 Viewing and Editing Classifier Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen.
Page 126: Classifier Example
Table 36 Common Ethernet Types and Protocol Number (continued) ETHERNET TYPE XNS Compat Banyan Systems BBN Simnet IBM SNA AppleTalk AARP Some of the most common IP ports are: Table 37 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 18.4 Classifier Example...
Page 127: Figure 55 Classifier: Example
GS-4012F/4024 User’s Guide Figure 55 Classifier: Example Chapter 18 Classifier...
Page 128: Chapter 19 Policy Rule
This chapter shows you how to configure policy rules. 19.1 Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to 18 on page 121 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
Page 129: Figure 56 Policy
GS-4012F/4024 User’s Guide Click Advanced Applications and then Policy Rule in the navigation panel to display the screen as shown. Figure 56 Policy The following table describes the labels in this screen. Chapter 19 Policy Rule...
Page 130: Table 38 Policy
Select an outgoing port. Outgoing Select Tag to add the specified VID to packets on the specified outgoing port. packet format Otherwise, select Untag. The switch removes the VLAN tag from the packets. for Egress Port Priority Specify a priority level.
Page 131: Viewing And Editing Policy Configuration
GS-4012F/4024 User’s Guide Table 38 Policy (continued) LABEL DESCRIPTION DiffServ Select No change to keep the TOS and/or DSCP fields in the packets. Select Set the packet’s TOS field to set the TOS field with the value you configure in the TOS field.
Page 132: Policy Example
Table 39 Policy: Summary Table (continued) LABEL DESCRIPTION Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. Classifier(s) This field displays the name(s) of the classifier to which this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes.
Page 133: Figure 58 Policy Example
GS-4012F/4024 User’s Guide Figure 58 Policy Example Chapter 19 Policy Rule...
Page 134: Queuing Method
Queuing algorithms allow switches to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth. The switch has eight physical queues, Q0 to Q7. Q7 has the highest priority and Q0 has the lowest.
Page 135: Weighted Round Robin Scheduling (Wrr)
GS-4012F/4024 User’s Guide 20.1.2 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port.
Page 136 Queues with larger weights get more service than queues with smaller weights. Apply Click Apply to save your changes back to the switch. Cancel Click Cancel to begin configuring this screen afresh. Calculate Click Calculate to make sure the WFQ queuing weights total to 100%;...
Page 137: Table 41 Queuing Method
GS-4012F/4024 User’s Guide Chapter 20 Queuing Method...
Page 138: Chapter 21 Vlan Stacking
This chapter shows you how to configure VLAN stacking on your switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 Introduction A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 139: Vlan Stacking Port Roles
GS-4012F/4024 User’s Guide Figure 60 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. •...
Page 140: Frame Format
TPID (Tag Protocol Identifier) is the customer IEEE 802.1Q tag. • If the VLAN stacking port role is Access Port, then the switch adds the SP TPID tag to all incoming frames on the service provider's edge devices (1 and 2 in the VLAN stacking example figure).
Page 141: Configuring Vlan Stacking
VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the switch add the SP TPID tag to all incoming frames received on this port. Select Access Port for ingress ports at the edge of the service provider's network.
Page 142 Note: Configure the priority level of the inner IEEE 802.1Q tag in the Port Setup screen. Apply Click Apply to save your changes back to the switch. Cancel Click Cancel to begin configuring this screen afresh. Chapter 21 VLAN Stacking...
Page 143 GS-4012F/4024 User’s Guide Chapter 21 VLAN Stacking...
Page 144: Chapter 22 Multicast
(such as content information distribution) based on service plans and types of subscription. You can set the switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port.
Page 145: Multicast Status
The switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping) to ports that are members of that group. The switch discards multicast traffic destined for multicast groups that it does not know. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch.
Page 146: Figure 63 Multicast: Setting
This field displays the port number. Immed. Leave Select this option to set the switch to remove this port from the multicast tree when an IGMP version 2 leave message is received on this port. Select this option if there is only one host connected to this port.
Page 147: Igmp Filtering Profile
Select Auto to have the switch dynamically change to using the port as an IGMP query port after it receives IGMP query packets. Select Fixed to have the switch always use the port as an IGMP query port. Select this when you connect an IGMP multicast server to the port.
Page 148: Table 48 Multicast: Setting: Igmp Filtering Profile
If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. Click Add to save the settings to the switch. Clear Click Clear to clear the fields to the factory defaults.
Page 149: Types Of Mvr Ports
Figure 65 MVR Network Example 22.3.1 Types of MVR Ports In MVR, a source port is a port on the switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the switch maintains a forwarding table that matches the multicast stream to the associated multicast group.
Page 150: General Mvr Configuration
Note: You can create up to three multicast VLANs and up to 256 multicast rules on the switch. Your switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 67 Multicast: Setting: MVR Chapter 22 Multicast GS-4012F/4024 User’s Guide...
Page 151: Table 49 Multicast: Setting: Mvr
Multicast VLAN Enter the VLAN ID (1 to 4094) of the multicast VLAN. Mode Specify the MVR mode on the switch. Choices are Dynamic and Compatible. Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN.
Page 152: Figure 68 Mvr: Group Configuration
Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. Figure 68 MVR: Group Configuration The following table describes the labels in this screen. Table 50 Multicast: Setting: MVR: Group Configuration LABEL DESCRIPTION Multicast...
Page 153: Mvr Configuration Example
GS-4012F/4024 User’s Guide 22.5.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S.
Page 154: Figure 71 Mvr Group Configuration Example
GS-4012F/4024 User’s Guide Figure 71 MVR Group Configuration Example Figure 72 MVR Group Configuration Example Chapter 22 Multicast...
Page 155 GS-4012F/4024 User’s Guide Chapter 22 Multicast...
Page 156: Chapter 23 Static Route
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Address switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch. Chapter 23 Static Route GS-4012F/4024 User’s Guide...
Page 157 Gateway This field displays the IP address of the gateway. The gateway is an immediate Address neighbor of your switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table.
Page 158: Chapter 24 Rip
• Both - the switch will broadcast its routing table periodically and incorporate the RIP information that it receives. • Incoming - the switch will not send any RIP packets but will accept all RIP packets received. • Outgoing - the switch will send out RIP packets but will not accept any RIP packets received.
Page 159 The following table describes the labels in this screen. Table 52 RIP LABEL DESCRIPTION Active Select this check box to enable RIP on the switch. Index This field displays the index number of an IP interface. Network This field displays the IP interface configured on the switch.
Page 160: Chapter 25 Ospf
This chapter describes the OSPF (Open Shortest Path First) routing protocol and shows you how to configure OSPF. 25.1 Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS). An autonomous system is a collection of networks using a common routing protocol to exchange routing information.
Page 161: How Ospf Works
The virtual ink must be configured on both layer 3 devices in the non- backbone area and the backbone. 25.1.4 Configuring OSPF To configure OSPF on the switch, do the following tasks 1 Enable OSPF 2 Create OSPF areas 3 Create and associate interface(s) to an area 4 Create virtual links to maintain backbone connectivity.
Page 162: Ospf Status
This field displays whether OSPF is activated (Running) or not (Down). Interface The text box displays the OSPF status of the interface(s) on the switch. Neighbor The text box displays the status of the neighboring router participating in the OSPF network.
Page 163: Enabling Ospf And General Settings
State This field displays the state of the switch (backup or DR (designated router)). Priority This field displays the priority of the switch. This number is used in the designated router election. Designated This field displays the router ID of the designated router.
Page 164: Figure 77 Ospf Configuration: Activating And General Settings
OSPF is disabled by default. Select this option to enable it. Router ID Router ID uniquely identifies the switch in an OSPF. Enter a unique ID (that uses the format of an IP address in dotted decimal notation) for the switch.
Page 165: Configuring Ospf Areas
GS-4012F/4024 User’s Guide 25.4 Configuring OSPF Areas To ensure that the switch receives only routing information from a trusted layer 3 devices, activate authentication. The OSPF supports three authentication methods: • None – no authentication is used. • Simple – authenticate link state updates using an 8 printable ASCII character password.
Page 166: Viewing Ospf Area Information Table
If you enter 0.0.0.0 in the Area ID field, the settings in the Stub Area fields are ignored. No Summary Select this option to set the switch to not send/receive LSAs. Default Route Specify a cost (between 0 and 16777214) used to add a default route into a stub area Cost for routes which are external to an OSPF domain.
Page 167: Configuring Ospf Interfaces
GS-4012F/4024 User’s Guide 25.5 Configuring OSPF Interfaces To configure an OSPF interface, first create an IP routing domain in the IP Setup screen (see Section 7.7 on page 78 interface entry is automatically created. In the OSPF Configuration screen, click Interface to display the OSPF Interface screen. Figure 80 OSPF Interface The following table describes the labels in this screen.
Page 168: Ospf Virtual Links
Table 60 OSPF Interface (continued) LABEL DESCRIPTION When you select Simple in the Authentication field, enter a password eight-character long. Characters after the eighth character will be ignored. When you select MD5 in the Authentication field, enter a password 16-character long. Cost The interface cost is used for calculating the routing table.
Page 169: Figure 81 Ospf Virtual Link
GS-4012F/4024 User’s Guide Figure 81 OSPF Virtual Link The following table describes the related labels in this screen. Table 61 OSPF Virtual Link LABEL DESCRIPTION Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area.
Page 170 Table 61 OSPF Virtual Link (continued) LABEL DESCRIPTION Name This field displays a descriptive name of a virtual link. Peer Router ID This field displays the ID (that uses the format of an IP address in dotted decimal notation) of a peer border router. Authentication This field displays the authentication method used (Same-as-Area, None, Simple or MD5).
Page 171 GS-4012F/4024 User’s Guide Chapter 25 OSPF...
Page 172: Chapter 26 Igmp
- it is not used to carry user data. Refer to RFC 1112 and RFC 2236 for information on IGMP versions 1 and 2 respectively. The switch supports both IGMP version 1 (IGMP-v1) and version 2 (IGMP-v2). At start up, the switch queries all directly connected networks to gather group membership. After that, the switch periodically updates this information.
Page 173: Table 62 Igmp
GS-4012F/4024 User’s Guide Table 62 IGMP (continued) LABEL DESCRIPTION Network This field displays the IP domain configured on the switch. Refer to Section 7.7 on page 78 Version Select an IGMP version from the drop-down list box. Choices are IGMP-v1, IGMP-v2 and None.
Page 174: Chapter 27 Dvmrp
(AS). This DVMRP implementation is based on draft-ietf- idmr-dvmrp-v3-10. DVMRP provides multicast forwarding capability to a layer 3 switch that runs both the IPv4 protocol (with IP Multicast support) and the IGMP protocol. The DVMRP metric is a hop count of 32.
Page 175: Dvmrp Terminology
27.3 Configuring DVMRP Configure DVMRP on the switch when you wish it to act as a multicast router (“mrouter”). Click IP Application, DVMRP in the navigation panel to display the screen as shown. Figure 84 DVMRP The following table describes the labels in this screen.
Page 176: Dvmrp Configuration Error Messages
LABEL DESCRIPTION Active Select Active to enable DVMRP on the switch. You should do this if you want the switch to act as a multicast router. Threshold Threshold is the maximum time to live (TTL) value. TTL is used to limit the scope of multicasting.
Page 177: Default Dvmrp Timer Values
GS-4012F/4024 User’s Guide Figure 87 DVMRP: Duplicate VID Error Message 27.4 Default DVMRP Timer Values The following are some default DVMRP timer values. These may be changed using line commands. Please see the commands chapter later in this User's Guide. Table 64 DVMRP: Default Timer Values DVMRP FIELD Probe interval...
Page 178: Chapter 28 Ip Multicast
IP packets to a group of hosts on the network - not everybody. You can configure the switch to untag (remove the VLAN tags from) IP multicast packets that the switch forwards. This allows the switch to send packets to Ethernet devices that are not VLAN-aware.
Page 179: Table 65 Ip Multicast
The switch removes the VLAN tag from IP multicast packets belonging to the specified Multicast VLAN before transmission on this port. Egress Enter a VLAN group ID in this field. Enter 0 to set the switch not to remove any VLAN tags Untag from the packets. Vlan ID Apply Click Apply to save the settings.
Page 180: Differentiated Services
Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the switch. 29.1 Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Page 181: Activating Diffserv
GS-4012F/4024 User’s Guide Figure 90 DiffServ Network Example Switch A marks traffic flowing into the network based on the configured marking rules. Intermediary network devices 1 and 2 allocate network resources (such as bandwidth) by mapping the DSCP values and the associated policies.
Page 182: Dscp-To-Ieee802.1P Priority Mapping
Click Cancel to start configuring this screen again. 29.3 DSCP-to-IEEE802.1p Priority Mapping You can configure the DSCP to IEEE802.1p mapping to allow the switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE802.1p mapping table.
Page 183: Table 68 Diffserv: Dscp Setting
GS-4012F/4024 User’s Guide Table 68 DiffServ: DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save the changes. Cancel Click Cancel to discard all changes and start configuring the screen again.
Page 184: Chapter 30 Dhcp
30.1.1 DHCP modes The switch can be configured as a DHCP server or DHCP relay agent. • If you configure the switch as a DHCP server, it will maintain the pool of addresses and distribute them to your LAN computers.
Page 185: Configuring Dhcp Server
GS-4012F/4024 User’s Guide Figure 93 DHCP: DHCP Server Status The following table describes the labels in this screen. Table 69 DHCP: DHCP Server Status LABEL DESCRIPTION Index This is the index number. This field displays the ID number of the VLAN group to which this DHCP settings apply.
Page 186: Figure 94 Dhcp: Server
Figure 94 DHCP: Server The following table describes the labels in this screen. Table 70 DHCP: Server LABEL DESCRIPTION Enter the ID number of the VLAN group to which this DHCP settings apply. Client IP Pool Specify the first of the contiguous addresses in the IP address pool. Starting Address Size of Client IP...
Page 187: Dhcp Server Configuration Example
Figure 96 DHCP Server Configuration Example 30.4 DHCP Relay Configure DHCP relay on the switch if the DHCP clients and the DHCP server are not in the same subnet. During the initial IP address leasing, the switch helps to relay network information (such as the IP address and subnet mask) between a DHCP client and a DHCP server.
Page 188: Dhcp Relay Agent Information
You can also specify additional information for the switch to add to the client DHCP requests that it relays to the DHCP server. Please refer to RFC 3046 for more details.
Page 189: Dhcp Relay Configuration Example
Click Cancel to discard all changes and start configuring the screen again. 30.4.3 DHCP Relay Configuration Example The follow figure shows a network example where the switch is used to relay DHCP requests for the RD and Sales network. There is only one DHCP server that services the DHCP clients in both networks.
Page 190: Chapter 31 Vrrp
VR1 to ensure the link between the host X and the uplink gateway G. Host X is configured to use VR1 (192.168.1.20) as the default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router.
Page 191: Viewing Vrrp Status
Uplink Status This field displays the status of the link between this switch and the uplink gateway. This field is Alive indicating that the link between this switch and the uplink gateway is up. Otherwise, this field is Dead. This field displays Probe when this switch is check for the link state.
Page 192: Configuring Vrrp
31.3 Configuring VRRP Follow the instructions in the follow sections to configure VRRP on the switch. 31.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 7.7 on page 78 Click IP Application, VRRP and click the Configuration link to display the VRRP Configuration screen as shown next.
Page 193: Vrrp Parameters
GS-4012F/4024 User’s Guide Table 73 VRRP Configuration: IP Interface LABEL DESCRIPTION Index This field displays the index number of an entry. Network This field displays the IP address and number of subnet mask bit of an IP domain. Authentication Select None to disable authentication. This is the default setting. Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface.
Page 194: Configuring Vrrp Parameters
This field is 100 by default. Enter the IP address of the uplink gateway in dotted decimal notation. The switch checks the link to the uplink gateway. Enter the IP address of the primary virtual router in dotted decimal notation.
Page 195: Vrrp Configuration Summary
GS-4012F/4024 User’s Guide 31.4 VRRP Configuration Summary To view a summary of all VRRP configurations on the switch, scroll down to the bottom of the VRRP Configuration screen. Figure 104 VRRP Configuration: Summary The following table describes the labels in this screen.
Page 196: Figure 105 Vrrp Configuration Example: One Virtual Router Network
172.21.1.100 172.21.1.10 You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 106 VRRP Example 1: VRRP Parameter Settings on Switch A...
Page 197: Two Subnets Example
VRRP. You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2. On the other hand, switch B is the master for VR2 and a backup for VR1.
Page 198: Figure 111 Vrrp Example 2: Vrrp Parameter Settings For Vr2 On Switch A
GS-4012F/4024 User’s Guide Figure 111 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A Figure 112 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next.
Page 199 GS-4012F/4024 User’s Guide Chapter 31 VRRP...
Page 200: Chapter 32 Maintenance
Figure 116 Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the switch in the File Path text box or click Browse to locate it. After you have specified the file, click Upgrade.
Page 201: Restore A Configuration File
Back up your current switch configuration to a computer using the Backup Configuration screen. Figure 118 Backup Configuration Follow the steps below to back up the current switch configuration to your computer in this screen. 1 Click Backup. 2 Click Save to display the Save As screen.
Page 202: Load Factory Defaults
3 Click OK to begin resetting all switch configurations to the factory defaults and then wait for the switch to restart. This takes up to two minutes. If you want to access the switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default switch IP address (192.168.1.1).
Page 203: Ftp Command Line
GS-4012F/4024 User’s Guide Figure 122 Reboot System: Start 3 Click OK again and then wait for the switch to restart. This takes up to two minutes. This does not affect the switch’s configuration. 32.7 FTP Command Line This section shows some examples of uploading to or downloading files from the switch using FTP commands.
Page 204: Ftp Command Line Procedure
If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the switch only recognizes “config” and “ras”. Be sure you keep unaltered copies of both files for later use.
Page 205: Ftp Restrictions
• FTP service is disabled in the Access Control screen. • The IP address(es) in the Secured Client Set in the Remote Management screen does not match the client IP address. If it does not match, the switch will disconnect the Telnet session immediately.
Page 206: Chapter 33 Access Control
• A console port access control session and Telnet access control session cannot coexist. The console port has higher priority. If you telnet to the switch and someone is already logged in from the console port, then you will see the following message.
Page 207: About Snmp
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (this switch). An agent translates the local management information from the managed switch into a form compatible with SNMP.
Page 208: Supported Mibs
RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP 33.3.2 SNMP Traps The switch sends traps to an SNMP manager when an event occurs. SNMP traps supported are outlined in the following table. Table 79 SNMP Traps...
Page 209: Configuring Snmp
Click Apply to save your changes back to the switch. Cancel Click Cancel to begin configuring this screen afresh. 33.3.4 Setting Up Login Accounts Up to five people (one administrator and four non-administrators) may access the switch via web configurator at any one time. OBJECT ID DESCRIPTION 1.3.6.1.6.3.1.1.5.5 This trap is sent when an SNMP request comes from...
Page 210: Figure 127 Access Control: Logins
• An administrator is someone who can both view and configure switch changes. The username for the Administrator is always admin. The default administrator password is 1234. Note: It is highly recommended that you change the default administrator password (1234).
Page 211: Ssh Overview
GS-4012F/4024 User’s Guide 33.4 SSH Overview Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 128 SSH Communication Example 33.5 How SSH works The following table summarizes how a secure connection is established between two remote...
Page 212: Ssh Implementation On The Switch
(you know if data has been changed). It relies upon certificates, public keys, and private keys. HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always...
Page 213: Https Example
GS-4012F/4024 User’s Guide 2 HTTP connection requests from a web browser go to port 80 (by default) on the switch’s WS (web server). Figure 130 HTTPS Implementation Note: If you disable HTTP in the Service Access Control screen, then the switch blocks all HTTP connection attempts.
Page 214: Netscape Navigator Warning Messages
Figure 131 Security Alert Dialog Box (Internet Explorer) 33.8.2 Netscape Navigator Warning Messages When you attempt to access the switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the switch.
Page 215: The Main Screen
Figure 133 Security Certificate 2 (Netscape) 33.8.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection.
Page 216: Figure 134 Login Screen (Internet Explorer)
GS-4012F/4024 User’s Guide Figure 134 Login Screen (Internet Explorer) Figure 135 Login Screen (Netscape) Chapter 33 Access Control...
Page 217: Service Port Access Control
GS-4012F/4024 User’s Guide 33.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen.
Page 218: Figure 137 Access Control: Remote Management
Configure the IP address range of trusted computers from which you can manage this switch. End Address The switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The switch immediately disconnects the session if it does not match.
Page 219 GS-4012F/4024 User’s Guide Chapter 33 Access Control...
Page 220: Chapter 34 Diagnostic
IP Ping Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the switch ping the IP address (in the field to the left). Ethernet Port Test From the Port drop-down list box, select a port number and click Port Test to perform internal loopback test.
Page 221 GS-4012F/4024 User’s Guide Chapter 34 Diagnostic...
Page 222: Chapter 35 Cluster Management
Cluster Member Models Cluster Manager Cluster Members In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 139 Clustering Application Example Chapter 35 Cluster Management...
Page 223: Cluster Management Status
This field displays the role of this switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager This field displays the cluster manager switch’s hardware MAC address.
Page 224: Cluster Member Switch Management
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
Page 225: Configuring Cluster Management
User Password 350du1.bin fw-00-a0-c5-d4-88-bf config-00-a0-c5-d4-88-bf This is the cluster member switch’s configuration file name as seen 35.3 Configuring Cluster Management Click Configuration from the Cluster Management screen to display the next screen. 1 00:47:52 1970 3209434 Jul 01 12:00 ras...
Page 226: Figure 143 Clustering Management Configuration
Type a name to identify the Clustering Manager. You may use up to 20 printable characters (no spaces are allowed). This is the VLAN ID and is only applicable if the switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 227 If multiple devices have the same password then hold [SHIFT] and click those switches to select them. Then enter their common web configurator password. Click Add to save this part of the screen to the switch. Click Cancel to begin configuring this part of the screen afresh.
Page 228: Chapter 36 Mac Table
(learned by the switch) or static (manually entered in the Static MAC Forwarding screen). The switch uses the MAC table to determine how to forward frames. See the following figure. 1 The switch examines a received frame and learns the port on which this source MAC address came.
Page 229: Viewing The Mac Table
Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen). Chapter 36 MAC Table...
Page 230: Chapter 37 Ip Table
This chapter introduces the IP table. 37.1 Overview The IP Table screen shows how packets are forwarded or filtered across the switch’s ports. It shows what device IP address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the IP address is dynamic (learned by the switch) or static (belonging to the switch).
Page 231: Viewing The Ip Table
This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the switch. Type This shows whether the IP address is dynamic (learned by the switch) or static (belonging to the switch). Chapter 37 IP Table...
Page 232: Chapter 38 Arp Table
If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the switch puts all ones in the target MAC field (FF.FF.FF.FF.FF.FF is the Ethernet broadcast address).
Page 233: Figure 148 Arp Table
Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
Page 234: Chapter 39 Routing Table
This chapter introduces the routing table. 39.1 Overview The routing table contains the route information to the network(s) that the switch can reach. The switch automatically updates the routing table with the RIP information received from other Ethernet devices. 39.2 Viewing the Routing Table Click Management, Routing Table in the navigation panel to display the screen as shown.
Page 235 GS-4012F/4024 User’s Guide Chapter 39 Routing Table...
Page 236: Introducing The Commands
This chapter introduces the commands and gives a summary of commands available. 40.1 Overview In addition to the web configurator, you can use line commands to configure the switch. Use line commands for advanced switch diagnosis and troubleshooting. If you have problems with your switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
Page 237: Access Priority
1 For local management, connect your computer to the RJ-45 management port (labeled MGMT) on the switch. 2 Make sure your computer IP address and the switch IP address are on the same subnet. In Windows, click Start (usually in the bottom left corner), Run and then type (the default management IP address) and click OK.
Page 238: The Login Screen
For example, if you enter “ automatically displays. • Each interface refers to an Ethernet port on the switch. Commands configured after the interface command correspond to those ports. • Type multiple ports or port ranges separated by a comma. Ranges of port numbers are typed separated by a dash.
Page 239: Getting Help
GS-4012F/4024 User’s Guide 40.5 Getting Help The system includes a help facility to provide you with the following information about the commands: • List of available commands under a command group. • Detailed descriptions of the commands. 40.5.1 List of Available Commands Enter “...
Page 240: Detailed Command Information
Figure 153 CLI Help: List of Commands: Example 2 ras> ? enable exit help history logout ping show traceroute ras> 40.5.2 Detailed Command Information Enter <command> help Enter <command> ? parameters. Figure 154 CLI Help: Detailed Command Information: Example 1 ras>...
Page 241: Using Command History
40.7 Using Command History The switch keeps a list of up to 256 commands you have entered for the current CLI session. You can use any commands in the history again by pressing the up ( ) or down ( ) arrow key to scroll through the previously used commands and press to display the list of commands.
Page 242: Logging Out
In User mode, enter the 40.9 Command Summary The following sections summarize the commands available in the switch together with a brief description of each command. Commands listed in the tables are in the same order as they are displayed in the CLI. See the related section in the User’s Guide for more background information.
Page 243: Enable Mode
GS-4012F/4024 User’s Guide Table 93 Command Summary: User Mode (continued) COMMAND traceroute <ip|host-name> [in-band|out-of-band|vlan <vlan-id>] [ttl <1-255>] [wait <1-60>] [queries <1-10>] help 40.9.2 Enable Mode The following table describes the commands available for Enable mode. Table 94 Command Summary: Enable Mode COMMAND baudrate <1|2|3|4|5...
Page 244: Show Classifier
Table 94 Command Summary: Enable Mode (continued) COMMAND <port-num> logging ping <IP|host- name> [vlan <vlan-id>][..] reload config <index> show classifier cluster dhcp diffserv garp hardware-monitor https igmp-filtering igmp-snooping interface <port- number> interfaces config <port-list> Chapter 40 Introducing the Commands GS-4012F/4024 User’s Guide DESCRIPTION Removes all learned MAC address on the specified port(s).
Page 245: Ospf Interface
GS-4012F/4024 User’s Guide Table 94 Command Summary: Enable Mode (continued) COMMAND lacp logging loginPrecedence logins DESCRIPTION Displays bandwidth control settings. bandwidth- control Displays broadcast storm control settings. bstorm-control Displays outgoing port information. egress Displays IGMP filtering settings. igmp-filtering Displays the IGMP group limit. igmp-group- limited Displays the IGMP Immidiate Leave...
Page 246: Ospf Area
Table 94 Command Summary: Enable Mode (continued) COMMAND mac-aging-time mac-count multicast multi-login policy port-access- authenticator port-security radius-server remote-management router running-config service-control snmp-server spanning-tree Chapter 40 Introducing the Commands GS-4012F/4024 User’s Guide DESCRIPTION Displays MAC learning aging time. Displays the count of MAC addresses learnt.
Page 247: General Configuration Mode
Determines the path a packet takes to a device. Displays help information for this command. Saves current configuration to the configuration file the switch is currently using. Saves current configuration to the <index> specified configuration file on the switch. DESCRIPTION Changes the administrator password.
Page 248 Enables clustering in the specified VLAN group. Sets the cluster memeber. Sets a descriptive name for the cluster. Logs into the CLI of the specified cluster member. Specifies through which traffic flow the switch is to send packets.
Page 249 Sets the IP addresses of up to 3 helper-address DHCP servers. <remote-dhcp- server1> <remote- dhcp-server2> <remote-dhcp- server3> Allows the switch to add system information name to agent information. Allows the switch to add DHCP option relay agent information. starting-address <ip-addr>...
Page 250 Control Protocol (LACP). Sets the priority of an active port <1-65535> using LACP. Select which database the switch should use (first) to authenticate a user. Configures up to four read-only login accounts. Exits from the CLI. Sets learned MAC aging time.
Page 251 If you disable a classifier you cannot use policy rule related information. Enables a classifier. <name> inactive Disables cluster management on the switch. Removes the cluster member. member <mac- address> Disables DHCP relay. information Disables the relay agent information option 82.
Page 252 Disables port mirroring on the switch. Disables another administrator from logging into Telnet or the CLI. Displays MVR on the switch. Deletes the policy. A policy sets actions for the classified traffic. Enables a policy. inactive Disables port authentication on the switch.
Page 253 <index> service entry number from using the <telnet| ftp| selected remote management http| icmp| snmp| service. ssh| https> Disables DVMRP on the switch. dvmrp Disables IGMP on the switch. igmp Disables OSPF on the switch. ospf Disable RIP on the switch.
Page 254 6> interface <port-list> Disables LACP in the specified <T1|T2|T3|T4|T5|T trunk group. 6> lacp Deletes the static VLAN entry. <vlan-id> Disables GVRP on the switch. gvrp port-isolation Disables port isolation. Disables VLAN stacking. Change the password for Enable mode.
Page 255 A policy rule ensures that a traffic flow gets the requested treatment in the network. Enables 802.1x authentication on the switch. Enables 802.1x authentication on the specified port(s). Sets a subscriber to periodically reauthenticate re-enter his or her username and password to stay connected to a specified port.
Page 256 Sets the IP address of the external RADIUS server, UDP port and shared key. Specifies a group of trusted computer(s) from which an administrator may use a service to manage the switch. Enables and enters the DVMRP configuration mode. Leaves the DVMRP exit configuration mode.
Page 257 GS-4012F/4024 User’s Guide Table 95 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION Enables simple authentication area <area-id> and sets the authentication key virtual-link for the specified virtual link in <router-id> the area. authentication- key <key> Sets the virtual link to use the area <area-id>...
Page 258 <router-id> Deletes the OSPF network. no network <ip- addr/bits> no redistribute Sets the switch not to learn RIP routing information. Sets the switch not to learn no redistribute static routing information. static Sets the switch to learn RIP...
Page 259 Sets the set community. Sets the trap community. Sets the IP addresses of up to four stations to send your SNMP traps to. Enables STP on the switch. Enables STP on a specified port. Sets the STP path cost for a specified port.
Page 260 GS-4012F/4024 User’s Guide DESCRIPTION Sets the bridge priority of the switch. Adds a remote host to which the switch can access using SSH service. Enables broadcast storm control on the switch. Sets the time in hour, minute and second format.
Page 261: Interface Port-Channel Commands
Sets how Bridge Protocol Data Units (BPDUs) are used in STP port states. Enables broadcast storm control limit on the switch. Enables DiffServ on the port(s). Sets how many broadcast packets the interface receives per second. Enables the Destination Lookup Failure (DLF) limit.
Page 262 Enables the IGMP immidiate leave function. Sets the IGMP query mode for the port. Disables the specified port(s) on the switch. Enables the device to discard incoming frames for VLANs that are not included in a port member set. Enables intrusion lock on the...
Page 263 Disables broadcast storm broadcast-limit control limit on the port(s). Disables DiffServ on the port(s). diffserv Disables destination lookup dlf-limit failure (DLF) on the switch. Disables the egress port setting. egress-set <port- list> Disables flow control on the flow-control port(s). Disable GVRP on the port(s).
Page 264: Interface Route-Domain Commands
Enables a routing domain for configuration. Exits from the interface routing-domain command mode. Enables this function to permit VLAN groups dvmrp beyond the local switch. Enables IGMP in this routing domain. igmp <v1|v2> Enables OSPF authentication in this routing ospf authentication- domain.
Page 265: Config-Vlan Commands
VLAN group. Displays a list of available VLAN commands. Disables the specified VLAN. Sets the IP address of the switch in the VLAN. Sets the IP address of the switch in the VLAN and allow remote management to this IP address.
Page 266: Mvr Commands
Table 98 Command Summary: config-vlan Commands (continued) COMMAND normal <port- list> untagged <port- list> 40.10 mvr Commands The following table lists the Table 99 Command Summary: mvr Commands COMMAND mvr <1-4094> exit group <name-str> start-address <ip> end-address <ip> inactive mode <dynamic| compatible>...
Page 267 GS-4012F/4024 User’s Guide Table 99 Command Summary: mvr Commands (continued) COMMAND receiver-port <port-list> source-port <port-list> tagged <port- list> DESCRIPTION Disables the source port(s).An MVR source-port <port- source port can send and receive list> multicast traffic in a multicast VLAN. Sets the port(s) to untag VLAN tags. tagged <port-list>...
Page 268: Chapter 41 Command Examples
This chapter describes some commands in more detail. 41.1 Overview These are commands that you may use frequently in maintaining your switch. 41.2 show Commands These are the commonly used 41.2.1 show system-information Syntax: show system-information This command shows the general system information (such as the firmware version and system up time).
Page 269: Show Hardware-Monitor
1.25 1.248 ras> 41.2.3 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all switch interfaces. The following figure shows the default interface settings. Threshold 34.0 32.0 65.0 32.0 31.0...
Page 270: Show Logging
Figure 160 show ip Command Example ras> show Management IP Address IP[192.168.0.1], Netmask[255.255.255.0], VID[0] IP Interface IP[192.168.1.1], Netmask[255.255.255.0], VID[1] ras> 41.2.4 show logging Note: This command is not available in User mode. Syntax: show logging This command displays the system logs. The following figure shows an example. Figure 161 show logging Command Example ras# show logging 0 Thu Jan...
Page 271: Show Mac Address-Table
Syntax: show mac address-table <all <sort>|static> Where = Specifies the sorting criteria (MAC, VID or port). <sort> This command displays the MAC address(es) stored in the switch. The following example shows the static MAC address table. :100M/F :FORWARDING :Disabled :2778 :2043 :0.0...
Page 272: Ping
Specifies the network interface or the VLAN ID to which the Ethernet device belongs. refers the management port while out-of-band means the other ports on the switch. Specifies the packet size to send. Sends Ping packets to the Ethernet device indefinitely. Click to terminate the Ping process.
Page 273: Traceroute
Specifies the network interface or the VLAN ID to which the Ethernet device belongs. Specifies the Time To Live (TTL) period. Specifies the time period to wait. Specifies how many tries the switch performs the traceroute function. followed by the port number and press spanning-tree...
Page 274: Configuration File Maintenance
Figure 166 Enable RSTP Command Example ras(config)# spanning-tree 10 ras# 41.6 Configuration File Maintenance This section shows you how to backup or restore the configuration file on the switch using TFTP. 41.6.1 Configuration Backup Syntax: copy running-config tftp <ip> <remote-file>...
Page 275: Using A Different Configuration File
By default the switch uses the first configuration file (with an index number of 1). You can set the switch to use a different configuration file. There are two ways in which you can set the switch to use a different configuration file: restart the switch (cold reboot) and restart the system (warm reboot).
Page 276: No Command Examples
These are the commonly used command examples that belong to the 41.7.1 no mirror-port Syntax: no mirror-port Disables port mirroring on the switch. An example is shown next. Figure 172 no mirror-port Command Example ras(config)# no mirror-port 41.7.2 no https timeout...
Page 277: No Trunk
Disables LACP in the trunk group. Removes ports from the trunk group. <port-list> = Disables port authentication on the switch. = Disables the re-authentication mechanism on the listed port(s). = Disables authentication on the listed ports. Chapter 41 Command Examples...
Page 278: No Ssh
These are some commonly used commands that belong to the commands. Chapter 41 Command Examples Disables the secure shell server encryption key. Your switch supports SSH versions 1 and 2 using RSA and DSA authentication. Remove specific remote hosts from the list of all known hosts.
Page 279: Interface Port-Channel
41.8.2 interface route-domain Syntax: interface route-domain <ip-address>/<mask-bits> where = This is the IP address of the switch in the routing domain. Specify the IP <ip-address> = The number of bits in the subnet mask. Enter the subnet mask number <mask-bits>...
Page 280: Bpdu-Control
Figure 178 interface Command Example ras# config ras(config)# interface route-domain 192.168.1.1/24 cmd interface route domain 192.168.1.1 255.255.255.0 ras(config-if)# 41.8.3 bpdu-control Syntax: bpdu-control <peer|tunnel|discard|network> where peer|tunnel|discard|network> An example is shown next. • Enable ports one, three, four and five for configuration. •...
Page 281: Bandwidth-Limit
GS-4012F/4024 User’s Guide where Enables broadcast storm control limit on the switch. Sets how many broadcast packets the interface receives per second. <pkt/s> An example is shown next. • Enable port one for configuration. • Enable broadcast control. • Set the number of broadband packets the interface receives per second.
Page 282: Mirror
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLANs groups beyond the local switch. An example is shown next.
Page 283: Ingress-Check
GS-4012F/4024 User’s Guide • Enable the IEEE 802.1Q tagged VLAN command to configure tagged VLAN for the switch. • Enable ports one, three, four and five for configuration. • Enable GVRP on the interface. Figure 183 gvrp Command Example ras(config)# vlan1q gvrp...
Page 284: Spq
• Set the queue weights from Q0 to Q7. Chapter 41 Command Examples Enables WRR (Weighted Round Robin) queuing method on the switch. Sets the interface to use WRR queuing. A weight value of one to eight is given to each variable from...
Page 285: Egress Set
<port-list> An example is shown next. • Enable port-based VLAN tagging on the switch. • Enable ports one, three, four and five for configuration. • Set the outgoing traffic ports as the CPU (0), seven (7), eight (8) and nine (9).
Page 286: Name
Figure 189 qos priority Command Example ras(config)# interface port-channel 1,3-5 ras(config-interface)# qos priority 4 41.8.14 name Syntax: name <port-name-string> where <port-name-string> An example is shown next. • Enable ports one, three, four and five for configuration. • Set a name for the ports. Figure 190 name Command Example ras(config)# interface port-channel 1,3-5 ras(config-interface)# name Test...
Page 287 GS-4012F/4024 User’s Guide Chapter 41 Command Examples...
Page 288: Ieee 802.1Q Tagged Vlan Commands
42.2 VLAN Databases A VLAN database stores and organizes VLAN registration information useful for switching frames to and from a switch. A VLAN database consists of a static entries (Static VLAN or SVLAN table) and dynamic entries (Dynamic VLAN or DVLAN table).
Page 289: Dynamic Entries (Dvlan Table)
GS-4012F/4024 User’s Guide 42.2.2 Dynamic Entries (DVLAN Table) Dynamic entries are learned by the switch and cannot be created or updated by administrators. The switch learns this information by observing what port, source address and VLAN ID (or VID) is associated with a frame. Entries are added and deleted using GARP VLAN Registration Protocol (GVRP), where GARP is the Generic Attribute Registration Protocol.
Page 290: Global Vlan1Q Tagged Vlan Configuration Commands
This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 42.4.1 GARP Status Syntax: show garp This command shows the switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. Figure 194 GARP STATUS Command Example...
Page 291: Gvrp Timer
<msec> leaveall <msec> This command sets the switch’s GARP timer settings, including the join, leave and leave all timers. Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations.
Page 292: Disable Gvrp
This command turns on GVRP in order to propagate VLAN information beyond the switch. 42.4.5 Disable GVRP Syntax: no vlan1q gvrp This command turns off GVRP so that the switch does not propagate VLAN information to other switches. 42.5 Port VLAN Commands You must configure the switch port VLAN settings in config-interface mode.
Page 293: Enable Or Disable Port Gvrp
<port-list> where The VLAN ID [1 – 4094]. <vlan-id> A name to identify the SVLAN entry. <name-str> This is the switch port list. <port-list> = • Enter to register the fixed • Enter to confirm registration of the normal <vlan-id>...
Page 294: Modify A Static Vlan Table Example
The switch also does not forward frames to “forbidden” ports. 4 If after looking at the SVLAN, the switch does not have any ports to which it will send the frame, it won’t check the port filter.
Page 295: Enable Vlan
GS-4012F/4024 User’s Guide where The VLAN ID [1 – 4094]. <vlan-id> This command deletes the specified VLAN ID entry from the static VLAN table. The following example deletes entry 2 in the static VLAN table. Figure 201 no vlan Command Example ras (config)# no vlan 2 42.6 Enable VLAN Syntax:...
Page 296: Figure 202 Show Vlan Command Example
Figure 202 show vlan Command Example ras# show vlan 802.1Q VLAN Static Entry: idx. Name ---- ------------ ---- -------- ------------------------ ras# Chapter 42 IEEE 802.1Q Tagged VLAN Commands Active AdCtl / TagCtl active FFFFFFFFFFFFFFFFFFFFFFFF UUUUUUUUUUUUUUUUUUUUUUUU active ------------------------ TTTTTTTTTTTTTTTTTTTTTTTT GS-4012F/4024 User’s Guide...
Page 297 GS-4012F/4024 User’s Guide Chapter 42 IEEE 802.1Q Tagged VLAN Commands...
Page 298: Chapter 43 Troubleshooting
IP address, your computer’s IP address must match it. Refer to the chapter on access control for details. Your computer’s and the switch’s IP addresses must be on the same subnet. See the following section to check that pop-up windows, JavaScripts and Java permissions are allowed.
Page 299: Pop-Up Windows, Javascripts And Java Permissions
GS-4012F/4024 User’s Guide 43.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 300: Figure 204 Internet Options
Figure 204 Internet Options 3 Click Apply to save this setting. 43.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 301: Figure 205 Internet Options
GS-4012F/4024 User’s Guide Figure 205 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 43 Troubleshooting...
Page 302: Javascripts
Figure 206 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 43.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 303: Figure 207 Internet Options
GS-4012F/4024 User’s Guide Figure 207 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 304: Java Permissions
Figure 208 Security Settings - Java Scripting 43.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 305: Figure 209 Security Settings - Java
GS-4012F/4024 User’s Guide Figure 209 Security Settings - Java 43.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 43 Troubleshooting...
Page 306: Problems With The Password
Figure 210 Java (Sun) 43.3 Problems with the Password Table 102 Troubleshooting the Password PROBLEM Cannot access the switch. Chapter 43 Troubleshooting CORRECTIVE ACTION The password field is case sensitive. Make sure that you enter the correct password using the proper casing.
Page 307 GS-4012F/4024 User’s Guide Chapter 43 Troubleshooting...
Page 308: Product Specifications
Product Specifications The following table lists the product specifications. Table 103 General Product Specifications Interface Layer 2 Bridging Features Switching Security VLAN Link aggregation Port mirroring Bandwidth control Product Specifications P P E N D I X GS-4012F: 12 mini-GBIC (SFP) slots GS-4024: 24 10/100/1000 Base-Tx ports 4 Gigabit/mini-GBIC ports One local management Ethernet port...
Page 309: Table 104 Management Specifications
GS-4012F/4024 User’s Guide Table 103 General Product Specifications (continued) Layer 3 IP forwarding Features Routing protocols IP services Layer 4 TCP/UDP port-based filtering Features Bandwidth management Table 104 Management Specifications System Control Alarm/Status surveillance LED indication for alarm and system status Performance monitoring Line speed Four RMON groups (history, statistics, alarms, and events)
Page 310: Table 105 Physical And Environmental Specifications
Table 105 Physical and Environmental Specifications LEDs Per switch: BPS, PWR, SYS, ALM Per Gigabit Ethernet/mini-GBIC port: 100, 1000/LNK, ACT Per mini-GBIC port: LNK, ACT Per Management port: 10, 100 Dimension Standard 19” rack mountable GS-4012F: 438 mm (W) x 225 mm (D) x 44.45 mm (H) GS-4024: 438 mm (W) x 300 mm (D) x 44.45 mm (H)
Page 311 GS-4012F/4024 User’s Guide Product Specifications...
Page 312: Appendix Bip Subnetting
IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.
Page 313: Table 107 Allowed Ip Address Range By Class
GS-4012F/4024 User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...
Page 314: Table 109 Alternative Subnet Mask Notation
Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...
Page 315: Table 111 Subnet 1
GS-4012F/4024 User’s Guide Note: In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.
Page 316: Table 113 Subnet 1
Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
Page 317: Table 116 Subnet 4
GS-4012F/4024 User’s Guide Table 116 Subnet 4 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet. Table 117 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS...
Page 318: Table 119 Class B Subnet Planning
Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see The following table is a summary for class “B”...
Page 319 GS-4012F/4024 User’s Guide IP Subnetting...
Page 320: Index
CLI Command Configure tagged VLAN example Static VLAN Table example Cluster management 34, 221 Cluster manager 221, 225 Cluster member 221, 225 Cluster member firmware upgrade Network example Setup Specification Status Switch models Web configurator Cluster manager Cluster member Index...
Page 321: Figure 138 Diagnostic
GS-4012F/4024 User’s Guide Command Forwarding Process Example Summary Syntax conventions Command Line Interface Accessing Introduction Components Condition Configuration file Backup Restore 56, 200 Configure QoS Connecting Cables Console port Settings Copyright Corrosive Liquids Covers CPU management port CRC (Cyclic Redundant Check) Current date Current time Customer Support...
Page 322 Failure Fan speed Compliance Feature Hardware File Transfer using FTP command example Filename convention Filtering Filtering database Finland, Contact Information Firmware Upgrade 199, 223 Flow control Back pressure IEEE802.3x France, Contact Information Front panel File transfer procedure Restrictions over WAN Functionally Equivalent GARP 84, 288...
Page 323 GS-4012F/4024 User’s Guide Labor LACP System priority Timeout LEDs Lightning Limit MAC address learning Link Aggregate Control Protocol (LACP) Link aggregation 34, 109 Dynamic ID information Setup Status Link state database 160, 161 Liquids, Corrosive Lockout Login Password Login account Administrator Non-administrator Number of...
Page 324 Parts Password 54, 226 PHB (Per-Hop Behavior) 127, 179 Physical queue Ping Pipes Policy Actions Example Metering View summary Policy Rules Pool POP3 Port authentication IEEE802.1x RADIUS server Port Based VLAN Type Port details Port isolation 89, 92 Port Mirroring 261, 281 Port mirroring 32, 107...
Page 325 Stub area 159, 165 Subnet Masks Subnetting Supply Voltage Support E-mail SVLAN Table Sweden, Contact Information Swimming Pool Switch lockout Switch reset Switch setup Syntax Conventions sys Commands examples 267, 275, 277 sys log disp 269, 275, 278 sys sw mac list...
Page 326 Time service protocol Time format Time To Live (TTL) Time zone Timeserver Transceiver Installation Removal Trap Destination Traps Trunk group Trunking 34, 109 Type of Service (ToS) UTC (Universal Time Coordinated) Value Vendor Ventilation Ventilation holes Ventilation Slots 80, 83, 87, 139 Number of possible VIDs Priority frame VID (VLAN Identifier)
Page 327 GS-4012F/4024 User’s Guide Web configurator Getting help Home Login Logout Navigation panel Web Site Weighted Fair Queuing (WFQ) Weight Weighted Round Robin Scheduling (WRR) Wet Basement Workmanship Worldwide Contact Information ZyNOS (ZyXEL Network Operating System) ZyXEL Limited Warranty Note Index...

This manual is also suitable for:

Gs-4024f

ZyXEL Communications ZyXEL Dimension GS-4012F User Manual

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forward Setup

Chapter 10 Filtering

Chapter 11 Spanning Tree Protocol

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Chapter 22 Multicast

Chapter 23 Static Route

Chapter 24 RIP

Chapter 25 OSPF

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ZyXEL Dimension GS-4012F

Summary of Contents for ZyXEL Communications ZyXEL Dimension GS-4012F