Page 1 GS-2750 Intelligent Layer 3+ Switch User’s Guide Version 3.80 11/2007 Edition 1 DEFAULT LOGIN In-band IP Address http://192.168.1.1 Out-of-band IP Address http://192.168.0.1 User Name admin Password 1234 www.zyxel.com...
Page 3: About This User's Guide
• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
Syntax Conventions • The GS-2750 may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router GS-2750 User’s Guide...
Page 6: Safety Warnings
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. • Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. GS-2750 User’s Guide...
Page 7 Safety Warnings This product is recyclable. Dispose of it properly. GS-2750 User’s Guide...
Page 8 Safety Warnings GS-2750 User’s Guide...
Page 9: Table Of Contents
Multicast ..........................167 Authentication & Accounting ....................181 IP Source Guard ........................195 Loop Guard ..........................215 IP Application ........................219 Static Routing .......................... 221 RIP ............................223 Differentiated Services ......................225 DHCP ............................233 VRRP ............................243 GS-2750 User’s Guide...
Page 10 Cluster Management ....................... 285 MAC Table ..........................291 IP Table ............................ 293 ARP Table ..........................295 Routing Table ........................... 297 Configure Clone ........................299 Product Specifications ......................301 Product Specifications ......................303 Appendices and Index ......................309 GS-2750 User’s Guide...
Page 11: Table Of Contents
2.2.2 Attaching the Mounting Brackets to the Switch ............38 2.2.3 Mounting the Switch on a Rack .................. 39 Chapter 3 Hardware Overview......................... 41 3.1 Front Panel Connections ....................41 3.1.1 1000Base-T Ports ...................... 42 3.1.2 Dual Personality Interfaces ..................42 GS-2750 User’s Guide...
Page 12 System Status and Port Statistics ..................65 6.1 Overview ..........................65 6.2 Port Status Summary ...................... 65 6.2.1 Status: Port Details ....................66 Chapter 7 Basic Setting .......................... 71 7.1 Overview ..........................71 7.2 System Information ......................71 GS-2750 User’s Guide...
Page 13 8.11.1 Configure a Port-based VLAN ................. 98 Chapter 9 Static MAC Forward Setup ....................101 9.1 Overview ..........................101 9.2 Configuring Static MAC Forwarding ................101 Chapter 10 Filtering..........................103 10.1 Configure a Filtering Rule ..................... 103 Chapter 11 Spanning Tree Protocol......................105 GS-2750 User’s Guide...
Page 14 15.6 Static Trunking Example ....................132 Chapter 16 Port Authentication....................... 135 16.1 Port Authentication Overview ..................135 16.1.1 IEEE 802.1x Authentication ................... 135 16.1.2 MAC Authentication ....................136 16.2 Port Authentication Configuration ..................137 16.2.1 Activate IEEE 802.1x Security ................137 GS-2750 User’s Guide...
Page 15 21.1.1 VLAN Stacking Example ..................161 21.2 VLAN Stacking Port Roles ....................162 21.3 VLAN Tag Format ......................163 21.3.1 Frame Format ......................163 21.4 Configuring VLAN Stacking ..................... 164 Chapter 22 Multicast ..........................167 22.1 Multicast Overview ......................167 GS-2750 User’s Guide...
Page 16 24.3 IP Source Guard Static Binding ..................199 24.4 DHCP Snooping ......................201 24.5 DHCP Snooping Configure ....................204 24.5.1 DHCP Snooping Port Configure ................205 24.5.2 DHCP Snooping VLAN Configure ................207 24.6 ARP Inspection Status ..................... 208 GS-2750 User’s Guide...
Page 17 28.4 DSCP-to-IEEE 802.1p Priority Settings ..............230 28.4.1 Configuring DSCP Settings ..................230 Chapter 29 DHCP............................233 29.1 DHCP Overview ......................233 29.1.1 DHCP Modes ......................233 29.1.2 DHCP Configuration Options ................. 233 29.2 DHCP Status ........................234 GS-2750 User’s Guide...
Page 18 31.8 FTP Command Line ......................258 31.8.1 Filename Conventions ..................259 31.8.2 FTP Command Line Procedure ................259 31.8.3 GUI-based FTP Clients ..................260 31.8.4 FTP Restrictions ....................260 Chapter 32 Access Control........................261 32.1 Access Control Overview .................... 261 GS-2750 User’s Guide...
Page 19 35.2.1 Cluster Member Switch Management ..............287 35.3 Clustering Management Configuration ................288 Chapter 36 MAC Table..........................291 36.1 MAC Table Overview ...................... 291 36.2 Viewing the MAC Table ....................292 Chapter 37 IP Table ..........................293 GS-2750 User’s Guide...
Page 20 Part VI: Product Specifications ............301 Chapter 41 Product Specifications ......................303 Part VII: Appendices and Index ............309 Appendix A IP Addresses and Subnetting ................311 Appendix B Legal Information ....................319 Appendix C Customer Support..................... 323 Index............................329 GS-2750 User’s Guide...
Page 21: List Of Figures
Figure 36 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN ......93 Figure 37 Protocol Based VLAN Application Example ................95 Figure 38 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN ...... 95 GS-2750 User’s Guide...
Page 22 Figure 79 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN ....171 Figure 80 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile ....172 Figure 81 MVR Network Example ....................... 174 GS-2750 User’s Guide...
Page 23 Figure 121 IP Application > DiffServ > DSCP Setting ................. 230 Figure 122 IP Application > DHCP Status ................... 234 Figure 123 IP Application > DHCP > DHCP Server Status Detail ............235 Figure 124 IP Application > DHCP > Global ..................236 GS-2750 User’s Guide...
Page 24 Figure 163 Management > Access Control > Service Access Control ..........275 Figure 164 Management > Access Control > Remote Management ..........276 Figure 165 Management > Diagnostic ....................279 Figure 166 Management > Syslog ....................... 282 Figure 167 Management > Syslog > Server Setup ................283 GS-2750 User’s Guide...
Page 25 Figure 178 Management > Routing Table ..................297 Figure 179 Management > Configure Clone ..................299 Figure 180 Network Number and Host ID .................... 312 Figure 181 Subnetting Example: Before Subnetting ................314 Figure 182 Subnetting Example: After Subnetting ................315 GS-2750 User’s Guide...
Page 26 List of Figures GS-2750 User’s Guide...
Page 27: List Of Tables
Table 36 Advanced Application > Link Aggregation Status ..............128 Table 37 Advanced Application > Link Aggregation > Link Aggregation Setting ......... 130 Table 38 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP ....131 GS-2750 User’s Guide...
Page 28 Table 77 ARP Inspection Log Status ....................210 Table 78 ARP Inspection Configure ......................211 Table 79 ARP Inspection Port Configure ..................... 213 Table 80 ARP Inspection VLAN Configure ..................214 Table 81 Advanced Application > Loop Guard ..................217 GS-2750 User’s Guide...
Page 29 Table 114 Management > Syslog ......................282 Table 115 Management > Syslog > Server Setup ................283 Table 116 ZyXEL Clustering Management Specifications ..............285 Table 117 Management > Cluster Management .................. 287 Table 118 FTP Upload to Cluster Member Example ................288 Table 119 Management >...
Page 30 Table 134 Subnet 2 ..........................316 Table 135 Subnet 3 ..........................316 Table 136 Subnet 4 ..........................316 Table 137 Eight Subnets ........................316 Table 138 24-bit Network Number Subnet Planning ................317 Table 139 16-bit Network Number Subnet Planning ................317 GS-2750 User’s Guide...
Page 31: Introduction
Introduction Getting to Know Your Switch (33) Hardware Installation and Connection (37) Hardware Overview (41)
Page 33: Getting To Know Your Switch
Switch. 1.1 Introduction The GS-2750 is a stand-alone layer 3 Gigabit Ethernet (GbE) switch. It comes with 44 10/100/ 1000 Mbps Ethernet ports, 4 Dual Personality interfaces (each consisting of one RJ-45 Gigabit port and one slot for a mini-GBIC transceiver (SFP module) with one port active at a time) and two mini-GBIC transceivers for fiber-optic uplink connections.
Page 34: High Performance Switching Example
Within the headquarters network, a company can use trunking to group several physical ports into one logical higher-capacity link. Trunking can be used with copper cabling over relatively shorter distances than fiber-optic connections. Figure 2 High Performance Switching 1 Gbps Trunk Branch GS-2750 User’s Guide...
Page 35: Gigabit Ethernet To The Desktop
Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too. GS-2750 User’s Guide...
Page 36: Ways To Manage The Switch
If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. GS-2750 User’s Guide...
Page 37: Hardware Installation And Connection
5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. Figure 5 Attaching Rubber Feet Do NOT block the ventilation holes. Leave space between devices when stacking. GS-2750 User’s Guide...
Page 38: Mounting The Switch On A Rack
Switch. Figure 6 Attaching the Mounting Brackets 2 Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. GS-2750 User’s Guide...
Page 39: Mounting The Switch On A Rack
Figure 7 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack. GS-2750 User’s Guide...
Page 40 Chapter 2 Hardware Installation and Connection GS-2750 User’s Guide...
Page 41: Hardware Overview
Connect these ports to high-bandwidth backbone network Ethernet switches using Mbps RJ- 1000Base-T compatible Category 5/5e/6 copper cables. 45 Ports 4 Mini- Use mini-GBIC transceivers in these slots for fiber-optic connections to backbone GBIC Slots Ethernet switches. GS-2750 User’s Guide...
Page 42: 1000Base-T Ports
Ethernet switches with different types of fiber-optic connectors. • Type: SFP connection interface • Connection speed: 1 Gigabit per second (Gbps) To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors. GS-2750 User’s Guide...
Page 43: Figure 9 Transceiver Installation Example
3.1.3.2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver (SFP module). 1 Open the transceiver’s latch (latch styles vary). Figure 11 Opening the Transceiver’s Latch Example 2 Pull the transceiver out of the slot. GS-2750 User’s Guide...
Page 44: Rear Panel
Switch using the command line interface (CLI) via the console port. Management Connect to a computer using an RJ-45 Ethernet cable for local configuration of the Port Switch. 3.2.1 Power Connector Make sure you are using the correct power source as shown on the panel. GS-2750 User’s Guide...
Page 45: External Backup Power Supply Connector
The system is rebooting and performing self-diagnostic tests. The system is on and functioning properly. The power is off or the system is not ready/malfunctioning. There is a hardware failure. The system is functioning normally. 10/100/1000 Mbps RJ-45 Ethernet Ports GS-2750 User’s Guide...
Page 46 The link to a 100 Mbps Ethernet network is up. The link to an Ethernet network is down. Mini-GBIC Slot Green The port has a successful connection. No Ethernet device is connected to this port. Green Blinking The port is receiving or transmitting data. GS-2750 User’s Guide...
Page 47: Basic Configuration
Basic Configuration The Web Configurator (49) Initial Setup Example (59) System Status and Port Statistics (65) Basic Setting (71)
Page 49: The Web Configurator
3 The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. GS-2750 User’s Guide...
Page 50: The Status Screen
The following figure shows the navigating components of a web configurator screen. Figure 15 Web Configurator Home Screen (Status) A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. GS-2750 User’s Guide...
Page 51: Table 4 Navigation Panel Sub-Links Overview
In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION The following table lists the various web configurator screens within the sub-links. GS-2750 User’s Guide...
Page 52: Table 5 Web Configurator Screen Sub-Links Details
-- DHCP Snooping Port Configure -- DHCP Snooping VLAN Configure ARP Inspection Status - ARP Inspection VLAN Status - ARP Inspection Log Status - ARP Inspection Configure -- ARP Inspection Port Configure -- ARP Inspection VLAN Configure Loop Guard GS-2750 User’s Guide...
Page 53: Table 6 Navigation Panel Links
VLAN Stacking This link takes you to a screen where you can activate and configure VLAN stacking. Multicast This link takes you to screen where you can configure various multicast features and create multicast VLANs. GS-2750 User’s Guide...
Page 54: Change Your Password
This link takes you to a screen where you can copy attributes of one port to (an)other port(s). 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. GS-2750 User’s Guide...
Page 55: Saving Your Configuration
3 Filter all traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. GS-2750 User’s Guide...
Page 56: Resetting The Switch
“ ” message. atlc Enter Debug Mode 5 Wait for the “ ” message before activating XMODEM Starting XMODEM upload upload on your terminal. 6 After a configuration file upload, type to restart the Switch. atgo GS-2750 User’s Guide...
Page 57: Logging Out Of The Web Configurator
Figure 18 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. GS-2750 User’s Guide...
Page 58 Chapter 4 The Web Configurator GS-2750 User’s Guide...
Page 59: Initial Setup Example
Switch to route traffic between the RD and Sales networks. Figure 19 Initial Setup Network Example: IP Interface 1 Connect your computer to the MGMT port that is used only for management. Make sure your computer is in the same subnet as the MGMT port. GS-2750 User’s Guide...
Page 60: Configuring Dhcp Server Settings
IP address pool, subnet mask, default gateway address and the DNS server address(es). 3 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost example when the Switch’s power is turned off. GS-2750 User’s Guide...
Page 61: Creating A Vlan
1 Click Advanced Application > VLAN in the navigation panel and click the Static VLAN link. 2 In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. example GS-2750 User’s Guide...
Page 62: Setting Port Vid
2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run- time memory. Settings in the run-time memory are lost when example the Switch’s power is turned off. GS-2750 User’s Guide...
Page 63: Enabling Rip
RIP-1 for the RIP packet format that is universally supported. example 4 Click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS-2750 User’s Guide...
Page 64 Chapter 5 Initial Setup Example GS-2750 User’s Guide...
Page 65: System Status And Port Statistics
The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 6.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 22 Status GS-2750 User’s Guide...
Page 66: Status: Port Details
6.2.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. GS-2750 User’s Guide...
Page 67: Figure 23 Status: Port Details
This field shows the number of received frames on this port Errors This field shows the number of received errors on this port. Tx KB/s This field shows the transmission speed of data sent on this port in kilobytes per second. GS-2750 User’s Guide...
Page 68 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128 to 255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. GS-2750 User’s Guide...
Page 69 This field shows the number of packets (including bad packets) received that were 1518 between 1024 and 1518 octets in length. Giant This field shows the number of packets dropped because they were bigger than the maximum frame size. GS-2750 User’s Guide...
Page 70 Chapter 6 System Status and Port Statistics GS-2750 User’s Guide...
Page 71: Basic Setting
7.2 System Information In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen. GS-2750 User’s Guide...
Page 72: Figure 24 Basic Setting > System Info
(RPM) ventilated, cool operating environment) in order for the device to stay within the temperature threshold. Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown. GS-2750 User’s Guide...
Page 73: General Setup
(BPS_12V), if the backup power supply is not in use. 7.3 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting and General Setup in the navigation panel to display the screen as shown. GS-2750 User’s Guide...
Page 74: Figure 25 Basic Setting > General Setup
New Time Enter the new time in hour, minute and second format. The new time then appears (hh:min:ss) in the Current Time field after you click Apply. Current Date This field displays the date you open this menu. GS-2750 User’s Guide...
Page 75: Introduction To Vlans
When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user on the same network. GS-2750 User’s Guide...
Page 76: Switch Setup Screen
You also need to define how to treat a BPDU in the Port Setup screen. Transparency MAC Address MAC address learning reduces outgoing traffic broadcasts. For MAC address Learning learning to occur on a port, the port must be active. GS-2750 User’s Guide...
Page 77 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 78: Ip Setup
To change the IP address of the Switch in a routing domain, simply add a new routing domain entry with a different IP address in the same subnet. Figure 27 Basic Setting > IP Setup GS-2750 User’s Guide...
Page 79: Table 12 Basic Setting > Ip Setup
This field displays IP address of the Switch in the IP domain. IP Subnet This field displays the subnet mask of the Switch in the IP domain. Mask This field displays the VLAN identification number of the IP domain on the Switch. GS-2750 User’s Guide...
Page 80: Port Setup
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this check box to enable a port. The factory default for all ports is enabled. A port must be enabled for data transmission to occur. GS-2750 User’s Guide...
Page 81 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 82 Chapter 7 Basic Setting GS-2750 User’s Guide...
Page 83: Advanced Setup
Advanced Setup VLAN (85) Static MAC Forward Setup (101) Filtering (103) Spanning Tree Protocol (105) Bandwidth Control (121) Broadcast Storm Control (123) Mirroring (125) Link Aggregation (127) Port Authentication (135) Port Security (141) Classifier (145) Policy Rule (151) Queuing Method (157) VLAN Stacking (161) Multicast (167) Authentication &...
Page 85: Vlan
A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain. GS-2750 User’s Guide...
Page 86: Automatic Vlan Registration
You may choose to accept both tagged and untagged Type incoming frames, just tagged incoming frames or just untagged incoming frames on a port. Ingress filtering If set, the Switch discards incoming frames for VLANs that do not have this port as a member. GS-2750 User’s Guide...
Page 87: Port Vlan Trunking
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. GS-2750 User’s Guide...
Page 88: Static Vlan Status
Use this screen to view detailed port settings and status of the VLAN group. See Section 8.1 on page 85 for more information on static VLAN. Click on an index number in the VLAN Status screen to display VLAN details. Figure 32 Advanced Application > VLAN > VLAN Detail GS-2750 User’s Guide...
Page 89: Configure A Static Vlan
8.1 on page 85 for more information on static VLAN. To configure a static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next. Figure 33 Advanced Application > VLAN > Static VLAN GS-2750 User’s Guide...
Page 90: Configure Vlan Port Settings
Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 8.1 on page 85 for more information on static VLAN. Click the VLAN Port Setting link in the VLAN Status screen. GS-2750 User’s Guide...
Page 91: Figure 34 Advanced Application > Vlan > Vlan Port Setting
Select All from the drop-down list box to accept both untagged or tagged frames on this port. This is the default setting. Select Tag Only to accept only tagged frames on this port. All untagged frames will be dropped. Select Untag Only to accept only untagged frames on this port. GS-2750 User’s Guide...
Page 92: Subnet Based Vlans
IP subnet and prioritized accordingly. That is, video services receive the highest priority and data the lowest. Figure 35 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 GS-2750 User’s Guide...
Page 93: Configuring Subnet Based Vlan
Check this box to activate the IP subnet VLAN you are creating or editing. Name Enter up to 32 alphanumeric characters to identify this subnet based VLAN. Enter the IP address of the subnet for which you want to configure this subnet based VLAN. GS-2750 User’s Guide...
Page 94: Protocol Based Vlans
VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol. Protocol based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. GS-2750 User’s Guide...
Page 95: Configuring Protocol Based Vlan
Figure 37 Protocol Based VLAN Application Example 8.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Figure 38 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN GS-2750 User’s Guide...
Page 96: Create An Ip-Based Vlan Example
3 Give this protocol-based VLAN a descriptive name. Type IP-VLAN. 4 Select the protocol. Leave the default value IP. 5 Type the VLAN ID of an existing VLAN. In our example we already created a static VLAN with an ID of 5. Type 5. GS-2750 User’s Guide...
Page 97: Port-Based Vlan Setup
When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it. In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. GS-2750 User’s Guide...
Page 98: Configure A Port-Based Vlan
Select Port Isolated if you want to restrict users from communicating directly. Click Apply to save your settings. The following screen shows users on a port-based, all-connected VLAN configuration. Figure 40 Advanced Application > VLAN > Port Based VLAN Setup (All Connected) GS-2750 User’s Guide...
Page 99: Figure 41 Advanced Application > Vlan: Port Based Vlan Setup (Port Isolation)
Chapter 8 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration. Figure 41 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) GS-2750 User’s Guide...
Page 100: Table 21 Advanced Application > Vlan: Port Based Vlan Setup
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 101: Static Mac Forward Setup
Chapter 17 on page 141 for more information on port security. Click Advanced Applications > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. Figure 42 Advanced Application > Static MAC Forwarding GS-2750 User’s Guide...
Page 102: Table 22 Advanced Application > Static Mac Forwarding
This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS-2750 User’s Guide...
Page 103: Filtering
Make sure to select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by deselecting this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for identification only. GS-2750 User’s Guide...
Page 104 Discard destination will be displayed. If both have been activated then Discard both will be displayed. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. GS-2750 User’s Guide...
Page 105: Spanning Tree Protocol
In RSTP, the port states are Discarding, Learning, and Forwarding. In this user’s guide, “STP” refers to both STP and RSTP. 11.1.1 STP Terminology The root bridge is the base of the spanning tree. GS-2750 User’s Guide...
Page 106: How Stp Works
STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops. Table 25 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. GS-2750 User’s Guide...
Page 107: Multiple Stp
If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link. Figure 44 STP/RSTP Network Example VLAN 1 VLAN 2 GS-2750 User’s Guide...
Page 108: Figure 45 Mstp Network Example
MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Thus an MSTI does not span across MST regions. The following figure shows an example where there are two MST regions. Regions 1 and 2 have 2 spanning tree instances. GS-2750 User’s Guide...
Page 109: Spanning Tree Protocol Status Screen
11.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. GS-2750 User’s Guide...
Page 110: Spanning Tree Configuration
Click Cancel to begin configuring this screen afresh. 11.4 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see Section 11.1 on page 105 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. GS-2750 User’s Guide...
Page 111: Figure 50 Advanced Application > Spanning Tree Protocol > Rstp
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. GS-2750 User’s Guide...
Page 112 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 113: Rapid Spanning Tree Protocol Status
This is the path cost from the root port on this Switch to the root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. GS-2750 User’s Guide...
Page 114: Configure Multiple Spanning Tree Protocol
This is the time since the spanning tree was last reconfigured. Change 11.6 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1.4 on page 107 for more information on MSTP. GS-2750 User’s Guide...
Page 115: Figure 52 Advanced Application > Spanning Tree Protocol > Mstp
Chapter 11 Spanning Tree Protocol Figure 52 Advanced Application > Spanning Tree Protocol > MSTP GS-2750 User’s Guide...
Page 116: Table 29 Advanced Application > Spanning Tree Protocol > Mstp
Switch will be chosen as the root bridge within the spanning tree instance. Enter priority values between 0 and 61440 in increments of 4096 (thus valid values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 and 61440). GS-2750 User’s Guide...
Page 117: Multiple Spanning Tree Protocol Status
Click Cancel to begin configuring this screen afresh. 11.7 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1.4 on page 107 for more information on MSTP. GS-2750 User’s Guide...
Page 118: Figure 53 Advanced Application > Spanning Tree Protocol > Status: Mstp
This is the time interval (in seconds) at which the root switch transmits a (second) configuration message. Max Age (second) This is the maximum time (in seconds) a switch can wait without receiving a configuration message before attempting to reconfigure. GS-2750 User’s Guide...
Page 119 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. GS-2750 User’s Guide...
Page 120 Chapter 11 Spanning Tree Protocol GS-2750 User’s Guide...
Page 121: Bandwidth Control
The CIR should be less than the PIR. The sum of CIRs cannot be greater than or equal to the uplink bandwidth. 12.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. GS-2750 User’s Guide...
Page 122: Figure 54 Advanced Application > Bandwidth Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 123: Broadcast Storm Control
DLF packets in your network. You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 55 Advanced Application > Broadcast Storm Control GS-2750 User’s Guide...
Page 124: Table 32 Advanced Application > Broadcast Storm Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 125: Mirroring
Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 56 Advanced Application > Mirroring GS-2750 User’s Guide...
Page 126: Table 33 Advanced Application > Mirroring
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 127: Link Aggregation
“standby” ports become operational without user intervention. Please note that: • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. GS-2750 User’s Guide...
Page 128: Link Aggregation Id
These are the ports that are currently transmitting data as one logical link in this trunk Ports group. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. GS-2750 User’s Guide...
Page 129: Link Aggregation Setting
Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 15.1 on page 127 for more information on link aggregation. Figure 58 Advanced Application > Link Aggregation > Link Aggregation Setting GS-2750 User’s Guide...
Page 130: Link Aggregation Control Protocol
15.5 Link Aggregation Control Protocol Click in the Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 15.2 on page 127 for more information on dynamic link aggregation. GS-2750 User’s Guide...
Page 131: Figure 59 Advanced Application > Link Aggregation > Link Aggregation Setting > Lacp
(LACP). The smaller the number, the higher the priority level. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number. GS-2750 User’s Guide...
Page 132: Static Trunking Example
2 Configure static trunking - Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunking group T1 and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. GS-2750 User’s Guide...
Page 133: Figure 61 Trunking Example - Configuration Screen
Chapter 15 Link Aggregation Figure 61 Trunking Example - Configuration Screen example Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. GS-2750 User’s Guide...
Page 134 Chapter 15 Link Aggregation GS-2750 User’s Guide...
Page 135: Port Authentication
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. GS-2750 User’s Guide...
Page 136: Mac Authentication
MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 63 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied GS-2750 User’s Guide...
Page 137: Port Authentication Configuration
Figure 64 Advanced Application > Port Authentication 16.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. Figure 65 Advanced Application > Port Authentication > 802.1x GS-2750 User’s Guide...
Page 138: Activate Mac Authentication
Cancel Click Cancel to begin configuring this screen afresh. 16.2.2 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. GS-2750 User’s Guide...
Page 139: Figure 66 Advanced Application > Port Authentication > Mac Authentication
0 for the timeout value, then this entry will not be deleted from the MAC address table. Note: If the Aging Time in the Switch Setup screen is set to a lower value, then it supersedes this setting. See Section 7.5 on page 81. Port This field displays a port number. GS-2750 User’s Guide...
Page 140 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 141: Port Security
MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. 17.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. GS-2750 User’s Guide...
Page 142: Figure 67 Advanced Application > Port Security
MAC addresses ages out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “8192”. “0” means this feature is disabled. GS-2750 User’s Guide...
Page 143 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 144 Chapter 17 Port Security GS-2750 User’s Guide...
Page 145: Classifier
(or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 19 on page 151. Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. GS-2750 User’s Guide...
Page 146: Figure 68 Advanced Application > Classifier
Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided. Priority Select Any to classify traffic from any priority level or select the second option and specify a priority level in the field provided. GS-2750 User’s Guide...
Page 147 Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. GS-2750 User’s Guide...
Page 148: Viewing And Editing Classifier Configuration
The following table shows some other common Ethernet types and the corresponding protocol number. Table 44 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.25 Level 3 0805 GS-2750 User’s Guide...
Page 149: Classifier Example
Table 46 Common TCP and UDP Port Numbers PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 18.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. GS-2750 User’s Guide...
Page 150: Figure 70 Classifier: Example
Figure 70 Classifier: Example example After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 19 on page 151 for information on configuring a policy rule. GS-2750 User’s Guide...
Page 151: Policy Rule
DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. GS-2750 User’s Guide...
Page 152: Configuring Policy Rules
You must first configure a classifier in the Classifier screen. Refer to Section 18.2 on page for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 71 Advanced Application > Policy Rule GS-2750 User’s Guide...
Page 153: Table 47 Advanced Application > Policy Rule
Select Send the packet to the egress port to send the packet to the egress port. Metering Select Enable to activate bandwidth limitation on the traffic flow(s) then set the actions to be taken on out-of-profile packets. GS-2750 User’s Guide...
Page 154: Viewing And Editing Policy Configuration
19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page 149). GS-2750 User’s Guide...
Page 155: Figure 73 Policy Example
Chapter 19 Policy Rule Figure 73 Policy Example example GS-2750 User’s Guide...
Page 156 Chapter 19 Policy Rule GS-2750 User’s Guide...
Page 157: Queuing Method
Guaranteed bandwidth is calculated as follows: Queue Weight x Port Speed Total Queue Weight For example, using the default setting, Q0 on Port 1 gets a guaranteed bandwidth of: x 100 Mbps = 3 Mbps 1+2+3+4+5+6+7+8 GS-2750 User’s Guide...
Page 158: Weighted Round Robin Scheduling (Wrr)
20.2 Configuring Queuing Click Advanced Application > Queuing Method in the navigation panel. Figure 74 Advanced Application > Queuing Method GS-2750 User’s Guide...
Page 159: Table 49 Advanced Application > Queuing Method
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 160 Chapter 20 Queuing Method GS-2750 User’s Guide...
Page 161: Vlan Stacking
VLANs within its network by adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. GS-2750 User’s Guide...
Page 162: Vlan Stacking Port Roles
VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by the Service Provider’s (SP) VLAN ID (VID)). Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. GS-2750 User’s Guide...
Page 163: Vlan Tag Format
Etype customer tagged frame DA SA SPTPID Priority VID TPID Priority VID Len/ Data FCS Double-tagged Etype frame Table 52 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/ Length and type of Ethernet frame Etype GS-2750 User’s Guide...
Page 164: Configuring Vlan Stacking
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS-2750 User’s Guide...
Page 165 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 166 Chapter 21 VLAN Stacking GS-2750 User’s Guide...
Page 167: Multicast
IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them. GS-2750 User’s Guide...
Page 168: Igmp Snooping And Vlans
Multicast Group This field displays IP multicast group addresses. 22.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 22.1 on page 167 for more information on multicasting. GS-2750 User’s Guide...
Page 169: Figure 78 Advanced Application > Multicast > Multicast Setting
Select Active to enable IGMP filtering to control which IGMP groups a subscriber on a port can join. Note: If you enable IGMP filtering, you must create and assign IGMP filtering profiles for the ports that you want to allow to join multicast groups. GS-2750 User’s Guide...
Page 170 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 171: Igmp Snooping Vlan
Click Cancel to begin configuring this screen afresh. VLAN Use this section of the screen to add VLANs upon which the Switch is to perform IGMP snooping. Name Enter the descriptive name of the VLAN for identification purposes. GS-2750 User’s Guide...
Page 172: Igmp Filtering Profile
Each port can be assigned a single profile. A profile can be assigned to multiple ports. Click Advanced Applications > Multicast > Multicast Setting > IGMP Filtering Profile link to display the screen as shown. Figure 80 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile GS-2750 User’s Guide...
Page 173: Mvr Overview
The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. GS-2750 User’s Guide...
Page 174: Types Of Mvr Ports
(in this case, an uplink port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. GS-2750 User’s Guide...
Page 175: General Mvr Configuration
You can create up to three multicast VLANs and up to 256 multicast rules on the Switch. Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. GS-2750 User’s Guide...
Page 176: Figure 83 Advanced Application > Multicast > Multicast Setting > Mvr
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS-2750 User’s Guide...
Page 177: Mvr Group Configuration
Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. GS-2750 User’s Guide...
Page 178: Mvr Configuration Example
VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN 1 are able to receive the traffic. GS-2750 User’s Guide...
Page 179: Figure 85 Mvr Configuration Example
To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. GS-2750 User’s Guide...
Page 180: Figure 87 Mvr Group Configuration Example
Chapter 22 Multicast Figure 87 MVR Group Configuration Example example Figure 88 MVR Group Configuration Example example GS-2750 User’s Guide...
Page 181: Authentication & Accounting
By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Chapter 32 on page 261). GS-2750 User’s Guide...
Page 182: Radius And Tacacs
Use this screen to configure your RADIUS server settings. See Section 23.1.2 on page 182 more information on RADIUS servers. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown. GS-2750 User’s Guide...
Page 183: Figure 91 Advanced Application > Auth And Acct > Radius Server Setup
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch. GS-2750 User’s Guide...
Page 184: Tacacs+ Server Setup
Use this screen to configure your TACACS+ server settings. See Section 23.1.2 on page 182 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. GS-2750 User’s Guide...
Page 185: Figure 92 Advanced Application > Auth And Acct > Tacacs+ Server Setup
Enter the IP address of an external TACACS+ server in dotted decimal notation. TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. GS-2750 User’s Guide...
Page 186: Authentication And Accounting Setup
23.2.3 Authentication and Accounting Setup Use this screen to configure authentication and accounting settings on the Switch. Click on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown. GS-2750 User’s Guide...
Page 187: Figure 93 Advanced Application > Auth And Acct > Auth And Acct Setup
Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. GS-2750 User’s Guide...
Page 188 This field is only configurable for Commands type of event. Select the threshold command privilege level for which the Switch should send accounting information. The Switch will send accounting information when commands at the level you specify and higher are executed on the Switch. GS-2750 User’s Guide...
Page 189: Vendor Specific Attribute
The VSAs are composed of the following: • Vendor-ID: An identification number assigned to the company by the IANA (Internet Assigned Numbers Authority). ZyXEL’s vendor ID is 890. • Vendor-Type: A vendor specified attribute, identifying the setting you want to modify.
Page 190: Tunnel Protocol Attribute
Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified. GS-2750 User’s Guide...
Page 191: Attributes Used For Authentication
The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 23.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time GS-2750 User’s Guide...
Page 192: Table 66 Radius Attributes - Exec Events Via Console
23.3.2.3 Attributes Used for Accounting IEEE 802.1x Events The attributes are listed in the following table along with the time of the session they are sent: Table 68 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-IP-Address NAS-Port Class Called-Station-Id GS-2750 User’s Guide...
Page 193 Chapter 23 Authentication & Accounting Table 68 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords GS-2750 User’s Guide...
Page 194 Chapter 23 Authentication & Accounting GS-2750 User’s Guide...
Page 195: Ip Source Guard
Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. GS-2750 User’s Guide...
Page 196: Figure 94 Dhcp Snooping Database File Format
Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the file, that binding and all others after it are ignored. GS-2750 User’s Guide...
Page 197: Arp Inspection Overview
• It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them. GS-2750 User’s Guide...
Page 198 ARP inspection so that the Switch has enough time to build the binding table. 2 Enable ARP inspection on each VLAN. 3 Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. GS-2750 User’s Guide...
Page 199: Ip Source Guard
VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. GS-2750 User’s Guide...
Page 200: Figure 97 Ip Source Guard Static Binding
This field displays the port number in the binding. If this field is blank, the binding applies to all ports. Delete Select this, and click Delete to remove the specified entry. Cancel Click this to clear the Delete check boxes above. GS-2750 User’s Guide...
Page 201: Dhcp Snooping
Chapter 24 IP Source Guard 24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 98 DHCP Snooping GS-2750 User’s Guide...
Page 202: Table 71 Dhcp Snooping
This field displays the number of times the Switch read bindings from the DHCP snooping database successfully. Failed reads This field displays the number of times the Switch was unable to read bindings from the DHCP snooping database. GS-2750 User’s Guide...
Page 203 This field displays the number of bindings the Switch has ignored because the lease time had already expired. Unsupported vlans This field displays the number of bindings the Switch has ignored because the VLAN ID does not exist anymore. GS-2750 User’s Guide...
Page 204: Dhcp Snooping Configure
You can enable Option82 in the DHCP Snooping VLAN Configure screen (Section 24.5.2 on page 207) to help the DHCP servers distinguish between DHCP requests from different VLAN. Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN. GS-2750 User’s Guide...
Page 205: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. GS-2750 User’s Guide...
Page 206: Figure 100 Dhcp Snooping Port Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS-2750 User’s Guide...
Page 207: Dhcp Snooping Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS-2750 User’s Guide...
Page 208: Arp Inspection Status
Click this to clear the Delete check boxes above. 24.6.1 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status. GS-2750 User’s Guide...
Page 209: Arp Inspection Log Status
Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status. GS-2750 User’s Guide...
Page 210: Figure 104 Arp Inspection Log Status
Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See Section 24.7.2 on page 213. Time This field displays when the log message was generated. GS-2750 User’s Guide...
Page 211: Arp Inspection Configure
Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer. Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 24.6.2 on page 209. GS-2750 User’s Guide...
Page 212: Arp Inspection Port Configure
Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. GS-2750 User’s Guide...
Page 213: Arp Inspection Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS-2750 User’s Guide...
Page 214: Figure 107 Arp Inspection Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS-2750 User’s Guide...
Page 215: Loop Guard
• It will receive broadcast messages sent out from the switch in loop state. • It will receive its own broadcast messages that it sends out as they loop back. It will then re-broadcast those messages again. GS-2750 User’s Guide...
Page 216: Figure 109 Switch In Loop State
In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 111 Loop Guard - Network Loop GS-2750 User’s Guide...
Page 217: Loop Guard Setup
Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS-2750 User’s Guide...
Page 218 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 219: Ip Application
IP Application Static Routing (221) RIP (223) Differentiated Services (225) DHCP (233) VRRP (243)
Page 221: Static Routing
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Address Switch that will forward the packet to the destination. The gateway must be a router on the same segment as your Switch. GS-2750 User’s Guide...
Page 222 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS-2750 User’s Guide...
Page 223: Rip
Click IP Application > RIP in the navigation panel to display the screen as shown. You cannot manually configure a new entry. Each entry in the table is automatically created when you configure a new IP domain in the IP Setup screen (refer to Section 7.6 on page 78). GS-2750 User’s Guide...
Page 224: Figure 114 Ip Application > Rip
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 225: Differentiated Services
The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded across the DiffServ network. Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. GS-2750 User’s Guide...
Page 226: Diffserv Network Example
DiffServ is enabled the following actions are performed on the colored packets: • Red (high loss priority level) packets are dropped. • Yellow (medium loss priority level) packets are dropped if there is congestion on the network. GS-2750 User’s Guide...
Page 227: Trtcm - Color-Blind Mode
PIR and then if they don’t exceed the PIR level are they evaluated against the CIR. Figure 118 TRTCM - Color-aware Mode Exceed Exceed Low Packet Red? Yellow? CIR? Loss PIR? Medium Packet High Packet High Packet Medium Packet Loss Loss Loss Loss GS-2750 User’s Guide...
Page 228: Activating Diffserv
Click Cancel to begin configuring this screen afresh. 28.3.1 Configuring 2-Rate 3 Color Marker Settings Use this screen to configure TRTCM settings. Click the 2-rate 3 Color Marker link in the DiffServ screen to display the screen as shown next. GS-2750 User’s Guide...
Page 229: Figure 120 Ip Application > Diffserv > 2-Rate 3 Color Marker
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this to activate TRTCM on the port. Commit Specify the Commit Information Rate (CIR) for this port. Rate GS-2750 User’s Guide...
Page 230: Dscp-To-Ieee 802.1P Priority Settings
IEEE 802.1p 28.4.1 Configuring DSCP Settings To change the DSCP-IEEE 802.1p mapping, click the DSCP Setting link in the DiffServ screen to display the screen as shown next. Figure 121 IP Application > DiffServ > DSCP Setting GS-2750 User’s Guide...
Page 231: Table 87 Ip Application > Diffserv > Dscp Setting
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 232 Chapter 28 Differentiated Services GS-2750 User’s Guide...
Page 233: Dhcp
• VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured as a DHCP server for one VLAN and at the same time the Switch can be configured to relay DHCP requests for clients in another VLAN. GS-2750 User’s Guide...
Page 234: Dhcp Status
Click IP Application > DHCP in the navigation panel and then click an existing index number of a DHCP server configuration to view the screen as shown. Use this screen to view details regarding DHCP server settings configured on the Switch. GS-2750 User’s Guide...
Page 235: Dhcp Relay
(such as the IP address and subnet mask) between a DHCP client and a DHCP server. Once the DHCP client obtains an IP address and can connect to the network, network information renewal is done between the DHCP client and the DHCP server without the help of the Switch. GS-2750 User’s Guide...
Page 236: Dhcp Relay Agent Information
Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 124 IP Application > DHCP > Global GS-2750 User’s Guide...
Page 237: Global Dhcp Relay Configuration Example
Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. GS-2750 User’s Guide...
Page 238: Configuring Dhcp Vlan Settings
DHCP Status screen that displays. You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See Section 7.6 on page 78 information on how to do this. GS-2750 User’s Guide...
Page 239: Figure 127 Ip Application > Dhcp > Vlan
Specify the size, or count of the IP address pool. The Switch can issue from 1 to 253 Client IP IP addresses to DHCP clients. Pool IP Subnet Enter the subnet mask for the client IP pool. Mask Default Enter the IP address of the default gateway device. Gateway GS-2750 User’s Guide...
Page 240: Example: Dhcp Relay For Two Vlans
(VLAN 1) to the DHCP server with an IP address of 192.168.1.100. Requests from the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. GS-2750 User’s Guide...
Page 241: Figure 128 Dhcp Relay For Two Vlans
Chapter 29 DHCP Figure 128 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 129 DHCP Relay for Two VLANs Configuration Example example GS-2750 User’s Guide...
Page 242 Chapter 29 DHCP GS-2750 User’s Guide...
Page 243: Vrrp
G. Host X is configured to use VR1 (192.168.1.20) as the default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router. Figure 130 VRRP: Example 1 172.16.1.1 172.16.1.10 172.16.1.10 GS-2750 User’s Guide...
Page 244: Vrrp Status
The following sections describe the different parts of the VRRP Configuration screen. 30.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 7.6 on page 78 for more information). GS-2750 User’s Guide...
Page 245: Figure 132 Ip Application > Vrrp Configuration > Ip Interface
This field displays the IP address and number of subnet mask bit of an IP domain. Authentication Select None to disable authentication. This is the default setting. Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface. GS-2750 User’s Guide...
Page 246: Vrrp Parameters
By default, a layer 3 device with the same IP address as the virtual router will become the master router regardless of the preempt mode. 30.3.3 Configuring VRRP Parameters After you set up an IP interface, configure the VRRP parameters in the VRRP Configuration screen. GS-2750 User’s Guide...
Page 247: Configuring Vrrp Parameters
Click Cancel to discard all changes made in this table. Clear Click Clear to set the above fields back to the factory defaults. 30.3.4 Configuring VRRP Parameters View the VRRP configuration summary at the bottom of the screen. GS-2750 User’s Guide...
Page 248: Vrrp Configuration Examples
The network is connected to the WAN via an uplink gateway G (172.21.1.100). The host computer X is set to use VR1 as the default gateway. Figure 135 VRRP Configuration Example: One Virtual Router Network 172.21.1.1 172.21.1.100 172.21.1.10 GS-2750 User’s Guide...
Page 249: Two Subnets Example
You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2. On the other hand, switch B is the master for VR2 and a backup for VR1. GS-2750 User’s Guide...
Page 250: Figure 140 Vrrp Configuration Example: Two Virtual Router Network
Figure 141 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A example Figure 142 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B example After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. GS-2750 User’s Guide...
Page 251: Figure 143 Vrrp Example 2: Vrrp Status On Switch A
Chapter 30 VRRP Figure 143 VRRP Example 2: VRRP Status on Switch A example Figure 144 VRRP Example 2: VRRP Status on Switch B example GS-2750 User’s Guide...
Page 252 Chapter 30 VRRP GS-2750 User’s Guide...
Page 253: Management
Management Maintenance (255) Access Control (261) Diagnostic (279) Syslog (281) Cluster Management (285) MAC Table (291) IP Table (293) ARP Table (295) Routing Table (297) Configure Clone (299)
Page 255: Maintenance
Click Click Here to go to the Restore Configuration screen. Configuration Backup Click Click Here to go to the Backup Configuration screen. Configuration Load Factory Click Click Here to reset the configuration to the factory default settings. Default GS-2750 User’s Guide...
Page 256: Load Factory Default
Alternatively, click Save on the top right-hand corner in any screen to save the configuration changes to the current configuration. Clicking the Apply or Add button does NOT save the changes permanently. All unsaved changes are erased after you reboot the Switch. GS-2750 User’s Guide...
Page 257: Reboot System
Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. After the firmware upgrade process is complete, see the System Info screen to verify your current firmware version number. GS-2750 User’s Guide...
Page 258: Restore A Configuration File
File name list box. Click Save to save the configuration file to your computer. 31.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. GS-2750 User’s Guide...
Page 259: Filename Conventions
Switch’s settings, they can be saved back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System, sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension.
Page 260: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disallow the FTP session. GS-2750 User’s Guide...
Page 261: Access Control
See the Command Reference guide for more information on disabling multi-login. 32.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 151 Management > Access Control GS-2750 User’s Guide...
Page 262: About Snmp
Get operation, followed by a series of GetNext operations. Allows the manager to set values for object variables within an agent. Trap Used by the agent to inform the manager of some events. GS-2750 User’s Guide...
Page 263: Snmp V3 And Security
This trap is sent when the Switch restarts. fanspeed FanSpeedEventOn 1.3.6.1.4.1.890.1.5.8.44.37.2.1 This trap is sent when the fan speed goes above or below the normal operating range. FanSpeedEventClear 1.3.6.1.4.1.890.1.5.8.44.37.2.2 This trap is sent when the fan speed returns to the normal operating range. GS-2750 User’s Guide...
Page 264: Table 103 Snmp Interfacetraps
LinkDownEventClear 1.3.6.1.4.1.890.1.5.8.44.37.2.2 This trap is sent when the Ethernet link is up. linkdown linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. LinkDownEventOn 1.3.6.1.4.1.890.1.5.8.44.37.2.1 This trap is sent when the Ethernet link is down. GS-2750 User’s Guide...
Page 265: Table 104 Aaa Traps
(consisting of a series of ping probes) fails. pingTestCompleted 1.3.6.1.2.1.80.0.3 This trap is sent when a ping test is completed. traceroute traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 This trap is sent when a traceroute test is completed. GS-2750 User’s Guide...
Page 266: Configuring Snmp
This trap is sent when the variable falls below the RMON "falling" threshold. 32.3.4 Configuring SNMP From the Access Control screen, display the SNMP screen. You can click Access Control to go back to the Access Control screen. GS-2750 User’s Guide...
Page 267: Figure 153 Management > Access Control > Snmp
Version Specify the version of the SNMP trap messages. Enter the IP addresses of up to four managers to send your SNMP traps to. Port Enter the port number upon which the manager listens for SNMP traps. GS-2750 User’s Guide...
Page 268: Configuring Snmp Trap Group
32.3.5 Configuring SNMP Trap Group From the SNMP screen, click Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP traps that should be sent to each SNMP manager. GS-2750 User’s Guide...
Page 269: Setting Up Login Accounts
• An administrator is someone who can both view and configure Switch changes. The username for the Administrator is always admin. The default administrator password is 1234. It is highly recommended that you change the default administrator password (1234). GS-2750 User’s Guide...
Page 270: Figure 155 Management > Access Control > Logins
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 271: Ssh Overview
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. GS-2750 User’s Guide...
Page 272: Ssh Implementation On The Switch
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch’s WS (web server). 2 HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s WS (web server). GS-2750 User’s Guide...
Page 273: Https Example
You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked. Figure 159 Security Alert Dialog Box (Internet Explorer) GS-2750 User’s Guide...
Page 274: Netscape Navigator Warning Messages
32.8.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection. GS-2750 User’s Guide...
Page 275: Service Port Access Control
You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen. Figure 163 Management > Access Control > Service Access Control GS-2750 User’s Guide...
Page 276: Remote Management
Configure the IP address range of trusted computers from which you can manage this Switch. End Address The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match. GS-2750 User’s Guide...
Page 277 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 278 Chapter 32 Access Control GS-2750 User’s Guide...
Page 279: Diagnostic
Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test. GS-2750 User’s Guide...
Page 280 Chapter 33 Diagnostic GS-2750 User’s Guide...
Page 281: Syslog
Debug: The message is intended for debug-level purposes. 34.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. GS-2750 User’s Guide...
Page 282: Syslog Server Setup
Cancel Click Cancel to begin configuring this screen afresh. 34.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to open the following screen. Use this screen to configure a list of external syslog servers. GS-2750 User’s Guide...
Page 283: Figure 167 Management > Syslog > Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 284 Chapter 34 Syslog GS-2750 User’s Guide...
Page 285: Cluster Management
Table 116 ZyXEL Clustering Management Specifications Maximum number of cluster members Cluster Member Models Cluster member models must be compatible with ZyXEL cluster management implementation. Cluster Manager The cluster manager is the Switch through which you manage the cluster member switches.
Page 286: Cluster Management Status
Chapter 35 Cluster Management Figure 168 Clustering Application Example 35.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. A cluster can only have one manager. Figure 169 Management > Cluster Management GS-2750 User’s Guide...
Page 287: Cluster Member Switch Management
Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. Figure 170 Cluster Management: Cluster Member Web Configurator Screen GS-2750 User’s Guide...
Page 288: Clustering Management Configuration
This is the cluster member switch’s configuration file name as seen in the cluster manager switch. 35.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen to display the next screen. GS-2750 User’s Guide...
Page 289: Figure 172 Management > Clustering Management > Configuration
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. GS-2750 User’s Guide...
Page 290 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 291: Mac Table
Too much port flooding leads to network congestion. • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. GS-2750 User’s Guide...
Page 292: Viewing The Mac Table
This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). GS-2750 User’s Guide...
Page 293: Ip Table
• If the Switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it filters the packet. Figure 175 IP Table Flowchart GS-2750 User’s Guide...
Page 294: Viewing The Ip Table
This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the Switch. Type This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). GS-2750 User’s Guide...
Page 295: Arp Table
ARP Table for future reference and then sends the packet to the MAC address that replied. 38.2 Viewing the ARP Table Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s). GS-2750 User’s Guide...
Page 296: Figure 177 Management > Arp Table
This is the MAC address of the device with the corresponding IP address above. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). GS-2750 User’s Guide...
Page 297: Routing Table
This field displays the IP address of the Interface. Metric This field displays the cost of the route. Type This field displays the method used to learn the route; RIP - learned from incoming RIP packets or STATIC - added as a static entry. GS-2750 User’s Guide...
Page 298 Chapter 39 Routing Table GS-2750 User’s Guide...
Page 299: Configure Clone
40.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 179 Management > Configure Clone GS-2750 User’s Guide...
Page 300: Table 124 Management > Configure Clone
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS-2750 User’s Guide...
Page 301: Product Specifications
Product Specifications Product Specifications (303)
Page 303: Product Specifications
Temperature: 0º C ~ 45º C (32º F ~ 113º F) Humidity: 10 ~ 90% (non-condensing) Storage Environment Temperature: -25º C ~ 70º C (-13º F ~ 158º F) Humidity: 10 ~ 90% (non-condensing) Ground Wire Gauge 18 AWG or larger GS-2750 User’s Guide...
Page 304: Table 126 Firmware Specifications
Three scheduling services are supported: Strict Priority Queuing (SPQ), Weighted Round Robin (WRR) and Weighted Fair Queuing (WFQ). This allows the Switch to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth. GS-2750 User’s Guide...
Page 305 The Switch can generate syslog messages and send it to a syslog server. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the Switch.
Page 306: Table 127 Switching Specifications
Supports IEEE 802.3ad; static and dynamic (LACP) port trunking Aggregation Six groups (up to 8 ports each) Port mirroring All ports support port mirroring Support port mirroring per IP/TCP/UDP Bandwidth Supports rate limiting at 64K increment control GS-2750 User’s Guide...
Page 307: Table 128 Standards Supported
Internet Group Management Protocol, Version 2. RFC 2338 Virtual Router Redundancy Protocol (VRRP) RFC 2698 Two Rate Three Color Marker (TRTCM) RFC 2865 RADIUS - Vendor Specific Attribute RFC 2674 P-BRIDGE-MIB, Q-BRIDGE-MIB RFC 3046 DHCP Relay RFC 3164 Syslog GS-2750 User’s Guide...
Page 308 Rapid Spanning Tree Protocol (RSTP) IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation IEEE 802.3ah Ethernet OAM (Operations, Administration and Maintenance) IEEE 802.3x Flow Control IEEE 802.3z 1000BASE-X For optical fiber link 1000BASE-SX/LX. GS-2750 User’s Guide...
Page 309: Appendices And Index
Appendices and Index IP Addresses and Subnetting (311) Legal Information (319) Customer Support (323) Index (329)
Page 311: Appendix A Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. GS-2750 User’s Guide...
Page 312: Figure 180 Network Number And Host Id
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. GS-2750 User’s Guide...
Page 313: Table 130 Subnet Masks
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 132 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 GS-2750 User’s Guide...
Page 314: Figure 181 Subnetting Example: Before Subnetting
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. GS-2750 User’s Guide...
Page 315: Figure 182 Subnetting Example: After Subnetting
Table 133 Subnet 1 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 GS-2750 User’s Guide...
Page 316: Table 134 Subnet 2
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 137 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS GS-2750 User’s Guide...
Page 317: Table 138 24-Bit Network Number Subnet Planning
SUBNET 255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 GS-2750 User’s Guide...
Page 318: Configuring Ip Addresses
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. GS-2750 User’s Guide...
Page 319: Appendix B Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 320: Zyxel Limited Warranty
3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 321 Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 322 Appendix B Legal Information GS-2750 User’s Guide...
Page 323: Appendix C Customer Support
• Sales E-mail: sales@zyxel.co.cr • Telephone: +506-2017878 • Fax: +506-2015098 • Web: www.zyxel.co.cr • FTP: ftp.zyxel.co.cr • Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 •...
Page 324 • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-6909-69 •...
Page 325 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 326 Appendix C Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
Page 327 • Support E-mail: support@zyxel.co.th • Sales E-mail: sales@zyxel.co.th • Telephone: +662-831-5315 • Fax: +662-831-5395 • Web: http://www.zyxel.co.th • Regular Mail: ZyXEL Thailand Co., Ltd., 1/1 Moo 2, Ratchaphruk Road, Bangrak-Noi, Muang, Nonthaburi 11000, Thailand. Ukraine • Support E-mail: support@ua.zyxel.com • Sales E-mail: sales@ua.zyxel.com •...
Page 328 Appendix C Customer Support GS-2750 User’s Guide...
Page 329: Index
285, 289 trusted ports cluster member 285, 290 authentication cluster member firmware upgrade and RADIUS network example setup setup authorization specification privilege levels status automatic VLAN registration switch models web configurator cluster manager cluster member command interface GS-2750 User’s Guide...
Page 330 IEEE802.3x Ethernet port test forwarding ping delay system log frames Differentiated Service (DiffServ) tagged DiffServ untagged activate front panel and TRTCM DS field 36, 258 DSCP file transfer procedure DSCP-to-IEEE802.1p mapping restrictions over WAN network example GS-2750 User’s Guide...
Page 331 IGMP (Internet Group Management Protocol) number of IGMP filtering login password profile loop guard profiles how it works IGMP snooping port shut down probe packet ingress port loop guard, vs STP Installation GS-2750 User’s Guide...
Page 332 PHB (Per-Hop Behavior) MST Instance, See MSTI ping, test connection MST region policy 153, 154 and classifier MSTI and DiffServ MST ID configuration MSTI (Multiple Spanning Tree Instance) example MSTP 105, 107 overview bridge ID 118, 119 GS-2750 User’s Guide...
Page 333 Round Robin Scheduling protocol based VLAN routing domain 78, 244 and IEEE 802.1Q tagging example routing protocols hexadecimal notation for protocols 93, 96 routing table isolate traffic RSTP priority 93, 96 rubber feet PVID 85, 91 PVID (Priority Frame) GS-2750 User’s Guide...
Page 334 Static VLAN TACACS+ static VLAN setup control tagging TACACS+ (Terminal Access Controller Access- Control System Plus) status 50, 65 tagged VLAN link aggregation temperature port temperature indicator port details time power current 113, 117 time zone VLAN GS-2750 User’s Guide...
Page 335 VIDs priority frame VID (VLAN Identifier) Virtual Router status Virtual Router (VR) warranty Virtual Router Redundancy Protocol (VRRP) note VLAN 75, 85, 306 web configurator 36, 49 acceptable frame type getting help automatic registration GS-2750 User’s Guide...
Page 336 Index home login logout navigation panel screen summary weight, queuing Weighted Round Robin Scheduling (WRR) WFQ (Weighted Fair Queuing) WRR (Weighted Round Robin Scheduling ZyNOS (ZyXEL Network Operating System) GS-2750 User’s Guide...

ZyXEL Communications GS-2750 User Manual

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forward Setup

Chapter 10 Filtering

Chapter 11

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Quick Links

Related Manuals for ZyXEL Communications GS-2750

Summary of Contents for ZyXEL Communications GS-2750