Page 1 MES-3728 Layer 2+ Managed Ethernet Switch User’s Guide Version 3.80 2/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com...
Page 3: About This User's Guide
• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
Syntax Conventions • The MES-3728 may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router MES-3728 User’s Guide...
Page 6: Safety Warnings
• Fuse Warning! Replace a fuse only with a fuse of the same type and rating. • The length of exposed (bare) power wire should not exceed 7 mm. This product is recyclable. Dispose of it properly. MES-3728 User’s Guide...
Page 7 Safety Warnings MES-3728 User’s Guide...
Page 8 Safety Warnings MES-3728 User’s Guide...
Page 9: Table Of Contents
Queuing Method ........................165 VLAN Stacking ......................... 169 Multicast ..........................175 Authentication & Accounting ....................189 IP Source Guard ........................203 Loop Guard ..........................223 IP Application ........................227 Static Route ..........................229 Differentiated Services ......................233 DHCP ............................241 MES-3728 User’s Guide...
Page 10 Syslog ............................277 Cluster Management ....................... 281 MAC Table ..........................287 ARP Table ..........................289 Configure Clone ........................291 Troubleshooting & Product Specifications ............... 293 Troubleshooting ........................295 Product Specifications ......................299 Appendices and Index ......................305 MES-3728 User’s Guide...
Page 11: Table Of Contents
2.3 Mounting the Switch on a Rack ..................40 2.3.1 Rack-mounted Installation Requirements ..............40 2.3.2 Attaching the Mounting Brackets to the Switch ............40 2.3.3 Mounting the Switch on a Rack .................. 41 Chapter 3 Hardware Overview......................... 43 3.1 Front Panel ......................... 43 MES-3728 User’s Guide...
Page 12 5.2 Configuring Switch Management IP Address ..............67 Chapter 6 System Status and Port Statistics ..................69 6.1 Overview ..........................69 6.2 Port Status Summary ...................... 69 6.2.1 Status: Port Details ....................70 Chapter 7 Basic Setting .......................... 75 7.1 Overview ..........................75 MES-3728 User’s Guide...
Page 13 8.11.1 Configure a Port-based VLAN ................102 Chapter 9 Static MAC Forward Setup ....................107 9.1 Overview ..........................107 9.2 Configuring Static MAC Forwarding ................107 Chapter 10 Filtering..........................109 10.1 Configure a Filtering Rule ..................... 109 MES-3728 User’s Guide...
Page 14 15.2 Dynamic Link Aggregation ....................135 15.2.1 Link Aggregation ID ....................136 15.3 Link Aggregation Status ....................136 15.4 Link Aggregation Setting ....................137 15.5 Link Aggregation Control Protocol ................138 15.6 Static Trunking Example ....................140 Chapter 16 Port Authentication....................... 143 MES-3728 User’s Guide...
Page 15 20.2 Configuring Queuing ......................166 Chapter 21 VLAN Stacking ........................169 21.1 VLAN Stacking Overview ....................169 21.1.1 VLAN Stacking Example ..................169 21.2 VLAN Stacking Port Roles ....................170 21.3 VLAN Tag Format ......................171 21.3.1 Frame Format ......................171 MES-3728 User’s Guide...
Page 16 24.1 IP Source Guard Overview ....................203 24.1.1 DHCP Snooping Overview ..................203 24.1.2 ARP Inspection Overview ..................205 24.2 IP Source Guard ......................207 24.3 IP Source Guard Static Binding ..................207 24.4 DHCP Snooping ......................209 MES-3728 User’s Guide...
Page 17 27.4 DSCP-to-IEEE 802.1p Priority Settings ..............238 27.4.1 Configuring DSCP Settings ..................238 Chapter 28 DHCP............................241 28.1 DHCP Overview ......................241 28.1.1 DHCP Modes ......................241 28.1.2 DHCP Configuration Options ................. 241 28.2 DHCP Status ........................241 MES-3728 User’s Guide...
Page 18 30.4 SSH Overview ......................... 267 30.5 How SSH works ....................... 267 30.6 SSH Implementation on the Switch ................. 268 30.6.1 Requirements for Using SSH ................. 268 30.7 Introduction to HTTPS ..................... 268 30.8 HTTPS Example ......................269 MES-3728 User’s Guide...
Page 19 35.1 ARP Table Overview ....................... 289 35.1.1 How ARP Works ....................289 35.2 Viewing the ARP Table ....................289 Chapter 36 Configure Clone ........................291 36.1 Configure Clone ......................291 Part VI: Troubleshooting & Product Specifications......293 Chapter 37 Troubleshooting........................295 MES-3728 User’s Guide...
Page 20 Chapter 38 Product Specifications ......................299 Part VII: Appendices and Index ............305 Appendix A Changing a Fuse ....................307 Appendix B Common Services..................... 309 Appendix C Legal Information ....................313 Appendix D Customer Support..................... 317 Index............................323 MES-3728 User’s Guide...
Page 21: List Of Figures
Figure 34 Basic Setting > IP Setup ......................81 Figure 35 Basic Setting > Port Setup ....................83 Figure 36 Port VLAN Trunking ....................... 91 Figure 37 Switch Setup > Select VLAN Type ..................91 Figure 38 Advanced Application > VLAN: VLAN Status ................. 92 MES-3728 User’s Guide...
Page 22 Figure 77 Advanced Application > Port Security ................. 150 Figure 78 Advanced Application > Classifier ..................154 Figure 79 Advanced Application > Classifier: Summary Table ............156 Figure 80 Classifier: Example ......................158 Figure 81 Advanced Application > Policy Rule ..................160 MES-3728 User’s Guide...
Page 23 Figure 120 Loop Guard - Probe Packet ....................224 Figure 121 Loop Guard - Network Loop ....................224 Figure 122 Advanced Application > Loop Guard .................. 225 Figure 123 Static Routing Overview ....................229 Figure 124 IP Application > Static Routing ..................230 MES-3728 User’s Guide...
Page 24 Figure 164 Cluster Management: Cluster Member Web Configurator Screen ........283 Figure 165 Example: Uploading Firmware to a Cluster Member Switch ..........284 Figure 166 Management > Cluster Management > Configuration ............285 Figure 167 MAC Table Flowchart ......................287 MES-3728 User’s Guide...
Page 25 List of Figures Figure 168 Management > MAC Table ....................288 Figure 169 Management > ARP Table ....................290 Figure 170 Management > Configure Clone ..................291 MES-3728 User’s Guide...
Page 26 List of Figures MES-3728 User’s Guide...
Page 27: List Of Tables
Table 35 Link Aggregation ID: Local Switch ..................136 Table 36 Link Aggregation ID: Peer Switch ..................136 Table 37 Advanced Application > Link Aggregation Status ..............136 Table 38 Advanced Application > Link Aggregation > Link Aggregation Setting ......... 138 MES-3728 User’s Guide...
Page 28 Table 77 ARP Inspection VLAN Status ....................217 Table 78 ARP Inspection Log Status ....................218 Table 79 ARP Inspection Configure ..................... 219 Table 80 ARP Inspection Port Configure ..................... 221 Table 81 ARP Inspection VLAN Configure ..................222 MES-3728 User’s Guide...
Page 29 Table 108 Management > Syslog ......................278 Table 109 Management > Syslog > Syslog Server Setup ..............279 Table 110 ZyXEL Clustering Management Specifications ..............281 Table 111 Management > Cluster Management: Status ..............283 Table 112 FTP Upload to Cluster Member Example ................284 Table 113 Management >...
Page 30 List of Tables MES-3728 User’s Guide...
Page 31: Introduction And Hardware
Introduction and Hardware Getting to Know Your Switch (33) Hardware Installation and Connection (39) Hardware Overview (43)
Page 33: Getting To Know Your Switch
Switch’s port or connect other switches to the Switch. In this example, all computers can share high-speed applications on the server. To expand the network, simply add more networking devices such as switches, routers, computers, print servers etc. MES-3728 User’s Guide...
Page 34: Bridging Example
Figure 2 Bridging Application 1.1.3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. MES-3728 User’s Guide...
Page 35: Ieee 802.1Q Vlan Application Examples
Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too. MES-3728 User’s Guide...
Page 36: Metro Ethernet
The Switch is connected to the backbone and the metropolitan servers over an optical network that provides higher bandwidth than copper. Figure 5 Metro Ethernet MES-3728 User’s Guide...
Page 37: Ways To Manage The Switch
If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. MES-3728 User’s Guide...
Page 38 Chapter 1 Getting to Know Your Switch MES-3728 User’s Guide...
Page 39: Hardware Installation And Connection
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. MES-3728 User’s Guide...
Page 40: Mounting The Switch On A Rack
2.3.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch. MES-3728 User’s Guide...
Page 41: Mounting The Switch On A Rack
Figure 8 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack. MES-3728 User’s Guide...
Page 42 Chapter 2 Hardware Installation and Connection MES-3728 User’s Guide...
Page 43: Hardware Overview
Mini-GBIC slots Console Port LEDs Management Port ALARM slot Ethernet Ports Power Connection Dual Personality Interfaces Figure 10 Front Panel: AC Model Mini-GBIC slots Console Port LEDs Management Port ALARM slot Ethernet Ports Power Connection Dual Personality Interfaces MES-3728 User’s Guide...
Page 44: Console Port
For local management, you can use a computer with terminal emulation software configured to the following parameters: • VT100 • Terminal emulation • 9600 bps • No parity, 8 data bits, 1 stop bit • No flow control MES-3728 User’s Guide...
Page 45: Gigabit Ethernet Ports
The Switch does not come with transceivers. You must use transceivers that comply with the Small Form-factor Pluggable (SFP) Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details. MES-3728 User’s Guide...
Page 46: Figure 12 Transceiver Installation Example
3.1.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). 1 Remove the fiber optic cables from the transceiver. 2 Open the transceiver’s latch (latch styles vary). 3 Pull the transceiver out of the slot. MES-3728 User’s Guide...
Page 47: Management Port
-36 VDC ~ -72 VDC, 0.66 A Max. The AC/DC version can be used with either power specifications. Chapter 38 on page 299 for information on the Switch’s power supply requirements. MES-3728 User’s Guide...
Page 48: Alarm Slot
The ALARM slot (fitted with the alarm connector) allows you to connect devices to the Switch, such as smoke or movement detectors, sensors, or even other ZyXEL switches which support the external alarm feature. This feature is in addition to the system alarm, which detects abnormal temperatures, voltage levels and fan speeds on the Switch.
Page 49: Figure 18 Connecting A Sensor To The Alarm Slot
(1,2) or (2,3) on the ALARM connector. You can also daisy-chain the external alarm to another ZyXEL Switch which supports the external alarm feature. If daisy-chaining to a ZyXEL switch that is a different model, check your switch’s documentation for the correct pin assignments.
Page 50: Rear Panel
The link to a 10 Mbps Ethernet network is up. Amber Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network. The link to a 100 Mbps Ethernet network is up. The link to an Ethernet network is down. Mini-GBIC Slots MES-3728 User’s Guide...
Page 51 The port is not connected at 10 Mbps or to an Ethernet device. Amber Blinking The system is transmitting/receiving to/from an Ethernet device. The port is connected at 100 Mbps. The port is not connected at 100 Mbps or to an Ethernet device. MES-3728 User’s Guide...
Page 52 Chapter 3 Hardware Overview MES-3728 User’s Guide...
Page 53: Basic Configuration
Basic Configuration The Web Configurator (55) Initial Setup Example (65) System Status and Port Statistics (69) Basic Setting (75)
Page 55: The Web Configurator
3 The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. MES-3728 User’s Guide...
Page 56: The Status Screen
The following figure shows the navigating components of a web configurator screen. Figure 22 Web Configurator Home Screen (Status) B C D E A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. MES-3728 User’s Guide...
Page 57: Table 3 Navigation Panel Sub-Links Overview
E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION MES-3728 User’s Guide...
Page 58: Table 4 Web Configurator Screen Sub-Links Details
Port Security Classifier Policy Rule Queuing Method VLAN Stacking Multicast Multicast Setting - IGMP Snooping VLAN - IGMP Filtering Profile - MVR - Group Configuration Authentication and Accounting RADIUS Server Setup TACACS+ Server Setup Auth and Acct Setup MES-3728 User’s Guide...
Page 59: Table 5 Navigation Panel Links
Protocol prevent network loops. Bandwidth This link takes you to a screen where you can configure bandwidth limits on the Control Switch. Broadcast Storm This link takes you to a screen to set up broadcast filters. Control MES-3728 User’s Guide...
Page 60 This link takes you to screens where you can configure clustering management and Management view its status. MAC Table This link takes you to a screen where you can view the MAC addresses (and types) of devices attached to what ports and VLAN IDs. MES-3728 User’s Guide...
Page 61: Change Your Password
Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory. Nonvolatile memory refers to the Switch’s storage that remains even if the Switch’s power is turned off. MES-3728 User’s Guide...
Page 62: Switch Lockout
To upload the configuration file, do the following: 1 Connect to the console port using a computer with terminal emulation software. 2 Disconnect and reconnect the Switch’s power to begin a session. When you reconnect the Switch’s power, you will see the initial screen. MES-3728 User’s Guide...
Page 63: Logging Out Of The Web Configurator
This is recommended after you finish a management session for security reasons. Figure 25 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. MES-3728 User’s Guide...
Page 64 Chapter 4 The Web Configurator Click the Help link from a web configurator screen to view an online help description of that screen. MES-3728 User’s Guide...
Page 65: Initial Setup Example
VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 26 Initial Setup Network Example: VLAN MES-3728 User’s Guide...
Page 66: Setting Port Vid
Switch’s power is turned off. 5.1.2 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. MES-3728 User’s Guide...
Page 67: Configuring Switch Management Ip Address
5.2 Configuring Switch Management IP Address The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. MES-3728 User’s Guide...
Page 68: Figure 28 Initial Setup Example: Management Ip Address
VLAN ID you configure in the Static VLAN screen. 7 Click Add to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MES-3728 User’s Guide...
Page 69: System Status And Port Statistics
This identifies the Ethernet port. Click a port number to display the Port Details screen (refer to Figure 30 on page 71). Name This is the name you assigned to this port in the Basic Setting > Port Setup screen. MES-3728 User’s Guide...
Page 70: Status: Port Details
6.2.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. MES-3728 User’s Guide...
Page 71: Figure 30 Status > Port Details
This field shows the number of received errors on this port. Tx KB/s This field shows the number kilobytes per second transmitted on this port. Rx KB/s This field shows the number of kilobytes per second received on this port. MES-3728 User’s Guide...
Page 72 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. MES-3728 User’s Guide...
Page 73 This field shows the number of packets (including bad packets) received that were 1518 between 1024 and 1518 octets in length. Giant This field shows the number of packets dropped because they were bigger than the maximum frame size. MES-3728 User’s Guide...
Page 74 Chapter 6 System Status and Port Statistics MES-3728 User’s Guide...
Page 75: Basic Setting
In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen. Figure 31 Basic Setting > System Info MES-3728 User’s Guide...
Page 76: General Setup
Error is displayed. 7.3 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. MES-3728 User’s Guide...
Page 77: Figure 32 Basic Setting > General Setup
This field displays the date you open this menu. New Date (yyyy- Enter the new date in year, month and day format. The new date then appears in mm-dd) the Current Date field after you click Apply. MES-3728 User’s Guide...
Page 78: Introduction To Vlans
When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building. MES-3728 User’s Guide...
Page 79: Switch Setup Screen
You also need to define how to treat a BPDU in the Port Setup screen. Transparency MAC Address MAC address learning reduces outgoing traffic broadcasts. For MAC address Learning learning to occur on a port, the port must be active. MES-3728 User’s Guide...
Page 80 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3728 User’s Guide...
Page 81: Ip Setup
You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). You must configure a VLAN first. Figure 34 Basic Setting > IP Setup MES-3728 User’s Guide...
Page 82: Table 11 Basic Setting > Ip Setup
Click Cancel to begin configuring the fields again. In-band IP Addresses You can create up to 64 IP addresses, which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). You must configure a VLAN first. MES-3728 User’s Guide...
Page 83: Port Setup
Click Cancel to clear the selected check boxes in the Delete column. 7.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. Figure 35 Basic Setting > Port Setup MES-3728 User’s Guide...
Page 84: Table 12 Basic Setting > Port Setup
Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Select Tunnel to forward BPDUs received on this port. Select Discard to drop any BPDU received on this port. Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU. MES-3728 User’s Guide...
Page 85 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 86 Chapter 7 Basic Setting MES-3728 User’s Guide...
Page 87: Advanced
Advanced VLAN (89) Static MAC Forward Setup (107) Filtering (109) Spanning Tree Protocol (111) Bandwidth Control (129) Broadcast Storm Control (131) Mirroring (133) Link Aggregation (135) Port Authentication (143) Port Security (149) Classifier (153) Policy Rule (159) Queuing Method (165) VLAN Stacking (169) Multicast (175) Authentication &...
Page 89: Vlan
A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain. MES-3728 User’s Guide...
Page 90: Automatic Vlan Registration
You may choose to accept both tagged and untagged Type incoming frames, just tagged incoming frames or just untagged incoming frames on a port. Ingress filtering If set, the Switch discards incoming frames for VLANs that do not have this port as a member MES-3728 User’s Guide...
Page 91: Port Vlan Trunking
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. MES-3728 User’s Guide...
Page 92: Static Vlan Status
Use this screen to view detailed port settings and status of the VLAN group. See Section 8.1 on page 89 for more information on static VLAN. Click on an index number in the VLAN Status screen to display VLAN details. Figure 39 Advanced Application > VLAN > VLAN Detail MES-3728 User’s Guide...
Page 93: Configure A Static Vlan
8.1 on page 89 for more information on static VLAN. To configure a static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next. Figure 40 Advanced Application > VLAN > Static VLAN MES-3728 User’s Guide...
Page 94: Configure Vlan Port Settings
Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 8.1 on page 89 for more information on static VLAN. Click the VLAN Port Setting link in the VLAN Status screen. MES-3728 User’s Guide...
Page 95: Figure 41 Advanced Application > Vlan > Vlan Port Setting
Select Tag Only to accept only tagged frames on this port. All untagged frames will be dropped. VLAN Trunking Enable VLAN Trunking on ports connected to other switches or routers (but not ports directly connected to end users) to allow frames belonging to unknown VLAN groups to pass through the Switch. MES-3728 User’s Guide...
Page 96: Subnet Based Vlans
IP subnet and prioritized accordingly. That is video services receive the highest priority and data the lowest. Figure 42 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 MES-3728 User’s Guide...
Page 97: Configuring Subnet Based Vlan
Check this box to activate the IP subnet VLAN you are creating or editing. Name Enter up to 32 alpha numeric characters to identify this subnet based VLAN. Enter the IP address of the subnet for which you want to configure this subnet based VLAN. MES-3728 User’s Guide...
Page 98: Protocol Based Vlans
VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol. Protocol based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. MES-3728 User’s Guide...
Page 99: Configuring Protocol Based Vlan
8.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. MES-3728 User’s Guide...
Page 100: Figure 45 Advanced Application > Vlan > Vlan Port Setting > Protocol Based Vlan
Port This field shows which port belongs to this protocol based VLAN. Name This field shows the name the protocol based VLAN. Ethernet Type This field shows which Ethernet protocol is part of this protocol based VLAN. MES-3728 User’s Guide...
Page 101: Create An Ip-Based Vlan Example
To add more ports to this protocol based VLAN. 1 Click the index number of the protocol based VLAN entry. Click 1 2 Change the value in the Port field to the next port you want to add. 3 Click Add. MES-3728 User’s Guide...
Page 102: Port-Based Vlan Setup
Ethernet ports. 8.11.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. MES-3728 User’s Guide...
Page 103: Figure 47 Port Based Vlan Setup (All Connected)
Chapter 8 VLAN Figure 47 Port Based VLAN Setup (All Connected) MES-3728 User’s Guide...
Page 104: Figure 48 Port Based Vlan Setup (Port Isolation)
Chapter 8 VLAN Figure 48 Port Based VLAN Setup (Port Isolation) MES-3728 User’s Guide...
Page 105: Table 20 Port Based Vlan Setup
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 106 Chapter 8 VLAN MES-3728 User’s Guide...
Page 107: Static Mac Forward Setup
Chapter 17 on page 149 for more information on port security. Click Advanced Applications > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. Figure 49 Advanced Application > Static MAC Forwarding MES-3728 User’s Guide...
Page 108: Table 21 Advanced Application > Static Mac Forwarding
This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3728 User’s Guide...
Page 109: Filtering
Make sure to select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by deselecting this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for identification only. MES-3728 User’s Guide...
Page 110 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MES-3728 User’s Guide...
Page 111: Spanning Tree Protocol
Both RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. In this user’s guide, “STP” refers to both STP and RSTP. 11.1.1 STP Terminology The root bridge is the base of the spanning tree. MES-3728 User’s Guide...
Page 112: How Stp Works
BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. MES-3728 User’s Guide...
Page 113: Stp Port States
11.1.4 Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 114: Multiple Stp
VLAN 1 VLAN 2 With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP. MES-3728 User’s Guide...
Page 115: Figure 53 Mstp Network Example
MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Thus an MSTI does not span across MST regions. The following figure shows an example where there are two MST regions. Regions 1 and 2 have 2 spanning tree instances. MES-3728 User’s Guide...
Page 116: Spanning Tree Protocol Status Screen
11.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. MES-3728 User’s Guide...
Page 117: Spanning Tree Configuration
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 118: Configure Rapid Spanning Tree Protocol
Select a value from the drop-down list box. The lower the numeric value you assign, the higher the priority for this bridge. Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. MES-3728 User’s Guide...
Page 119: Rapid Spanning Tree Protocol Status
Click Cancel to begin configuring this screen afresh. 11.5 Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 111 for more information on RSTP. MES-3728 User’s Guide...
Page 120: Figure 59 Advanced Application > Spanning Tree Protocol > Status: Rstp
Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MES-3728 User’s Guide...
Page 121: Configure Multiple Rapid Spanning Tree Protocol
Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. MES-3728 User’s Guide...
Page 122: Multiple Rapid Spanning Tree Protocol Status
11.7 Multiple Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 111 for more information on MRSTP. MES-3728 User’s Guide...
Page 123: Figure 61 Advanced Application > Spanning Tree Protocol > Status: Mrstp
Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MES-3728 User’s Guide...
Page 124: Configure Multiple Spanning Tree Protocol
11.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1.5 on page 114 for more information on MSTP. Figure 62 Advanced Application > Spanning Tree Protocol > MSTP MES-3728 User’s Guide...
Page 125: Table 30 Advanced Application > Spanning Tree Protocol > Mstp
Switch will be chosen as the root bridge within the spanning tree instance. Enter priority values between 0 and 61440 in increments of 4096 (thus valid values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 and 61440). MES-3728 User’s Guide...
Page 126: Multiple Spanning Tree Protocol Status
Click Cancel to begin configuring this screen afresh. 11.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1.5 on page 114 for more information on MSTP. MES-3728 User’s Guide...
Page 127: Figure 63 Advanced Application > Spanning Tree Protocol > Status: Mstp
This is the time interval (in seconds) at which the root switch transmits a (second) configuration message. Max Age (second) This is the maximum time (in seconds) the Switch can wait without receiving a configuration message before attempting to reconfigure. MES-3728 User’s Guide...
Page 128 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. MES-3728 User’s Guide...
Page 129: Bandwidth Control
The CIR should be less than the PIR. The sum of CIRs cannot be greater than or equal to the uplink bandwidth. 12.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. MES-3728 User’s Guide...
Page 130: Figure 64 Advanced Application > Bandwidth Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3728 User’s Guide...
Page 131: Broadcast Storm Control
DLF packets in your network. You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 65 Advanced Application > Broadcast Storm Control MES-3728 User’s Guide...
Page 132: Table 33 Advanced Application > Broadcast Storm Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3728 User’s Guide...
Page 133: Mirroring
Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 66 Advanced Application > Mirroring MES-3728 User’s Guide...
Page 134: Table 34 Advanced Application > Mirroring
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3728 User’s Guide...
Page 135: Link Aggregation
LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports become operational without user intervention. Please note that: MES-3728 User’s Guide...
Page 136: Link Aggregation Id
These are the ports you have configured in the Link Aggregation screen to be in the trunk group. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MES-3728 User’s Guide...
Page 137: Link Aggregation Setting
Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 15.1 on page 135 for more information on link aggregation. Figure 68 Advanced Application > Link Aggregation > Link Aggregation Setting MES-3728 User’s Guide...
Page 138: Link Aggregation Control Protocol
Click Cancel to begin configuring this screen afresh. 15.5 Link Aggregation Control Protocol Click Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 15.2 on page 135 for more information on dynamic link aggregation. MES-3728 User’s Guide...
Page 139: Figure 69 Advanced Application > Link Aggregation > Link Aggregation Setting > Lacp
(LACP). The smaller the number, the higher the priority level. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number. MES-3728 User’s Guide...
Page 140: Static Trunking Example
2 Configure static trunking-Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunking group T1 and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. MES-3728 User’s Guide...
Page 141: Figure 71 Trunking Example - Configuration Screen
Chapter 15 Link Aggregation Figure 71 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. MES-3728 User’s Guide...
Page 142 Chapter 15 Link Aggregation MES-3728 User’s Guide...
Page 143: Port Authentication
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MES-3728 User’s Guide...
Page 144: Mac Authentication
MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 73 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied MES-3728 User’s Guide...
Page 145: Port Authentication Configuration
Figure 74 Advanced Application > Port Authentication 16.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the click Port Authentication screen 802.1x to display the configuration screen as shown. Figure 75 Advanced Application > Port Authentication > 802.1x MES-3728 User’s Guide...
Page 146: Activate Mac Authentication
Cancel Click Cancel to begin configuring this screen afresh. 16.2.2 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. MES-3728 User’s Guide...
Page 147: Figure 76 Advanced Application > Port Authentication > Mac Authentication
0 for the timeout value, then this entry will not be deleted from the MAC address table. Note: If the Aging Time in the Switch Setup screen is set to a lower value, then it supersedes this setting. See Section 7.5 on page Port This field displays the port number. MES-3728 User’s Guide...
Page 148 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 149: Port Security
MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. 17.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. MES-3728 User’s Guide...
Page 150: Figure 77 Advanced Application > Port Security
MAC addresses aged out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “16384”. “0” means this feature is disabled. MES-3728 User’s Guide...
Page 151 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 152 Chapter 17 Port Security MES-3728 User’s Guide...
Page 153: Classifier
(or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 19 on page 159. Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. MES-3728 User’s Guide...
Page 154: Figure 78 Advanced Application > Classifier
A value of 802.3 indicates that the packets are formatted according to the IEEE 802.3 standards. A value of Ethernet II indicates that the packets are formatted according to RFC 894, Ethernet II encapsulation. Layer 2 Specify the fields below to configure a layer 2 classifier. MES-3728 User’s Guide...
Page 155 Select Any to apply the rule to all TCP/UDP protocol port numbers or select the second option and enter a TCP/UDP protocol port number. Refer to Table 47 on page 157 more information. MES-3728 User’s Guide...
Page 156: Viewing And Editing Classifier Configuration
The following table shows some other common Ethernet types and the corresponding protocol number. Table 45 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 MES-3728 User’s Guide...
Page 157: Classifier Example
The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. MES-3728 User’s Guide...
Page 158: Figure 80 Classifier: Example
Chapter 18 Classifier Figure 80 Classifier: Example MES-3728 User’s Guide...
Page 159: Policy Rule
DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. MES-3728 User’s Guide...
Page 160: Configuring Policy Rules
You must first configure a classifier in the Classifier screen. Refer to Section 18.2 on page for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 81 Advanced Application > Policy Rule MES-3728 User’s Guide...
Page 161: Table 48 Advanced Application > Policy Rule
Select Send the packet to the egress port to send the packet to the egress port. Metering Select Enable to activate bandwidth limitation on the traffic flow(s) then set the actions to be taken on out-of-profile packets. MES-3728 User’s Guide...
Page 162: Viewing And Editing Policy Configuration
19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page 157). MES-3728 User’s Guide...
Page 163: Figure 83 Policy Example
Chapter 19 Policy Rule Figure 83 Policy Example MES-3728 User’s Guide...
Page 164 Chapter 19 Policy Rule MES-3728 User’s Guide...
Page 165: Queuing Method
This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues. By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. Guaranteed quantum is calculated as Queue Weight x 2048 bytes. MES-3728 User’s Guide...
Page 166: Weighted Round Robin Scheduling (Wrr)
20.2 Configuring Queuing Click Advanced Application > Queuing Method in the navigation panel. Figure 84 Advanced Application > Queuing Method MES-3728 User’s Guide...
Page 167: Table 50 Advanced Application > Queuing Method
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 168 Chapter 20 Queuing Method MES-3728 User’s Guide...
Page 169: Vlan Stacking
VLANs within its network by adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. MES-3728 User’s Guide...
Page 170: Vlan Stacking Port Roles
All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by SP VID). Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. MES-3728 User’s Guide...
Page 171: Vlan Tag Format
Etype customer tagged frame DA SA SPTPID Priority VID TPID Priority VID Len/ Data FCS Double-tagged Etype frame Table 53 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/ Length and type of Ethernet frame Etype MES-3728 User’s Guide...
Page 172: Configuring Vlan Stacking
Others and then enter a four-digit hexadecimal number from 0x0000 to 0xFFFF. 0x denotes a hexadecimal number. It does not have to be typed in the Others text field. Port The port number identifies the port you are configuring. MES-3728 User’s Guide...
Page 173 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 174 Chapter 21 VLAN Stacking MES-3728 User’s Guide...
Page 175: Multicast
IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them. MES-3728 User’s Guide...
Page 176: Igmp Snooping And Vlans
Multicast Group This field displays IP multicast group addresses. 22.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 22.1 on page 175 for more information on multicasting. MES-3728 User’s Guide...
Page 177: Figure 88 Advanced Application > Multicast > Multicast Setting
IGMP filtering profiles for the ports that you want to allow to join multicast groups. Unknown Specify the action to perform when the Switch receives an unknown multicast Multicast Frame frame. Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports. MES-3728 User’s Guide...
Page 178: Igmp Snooping Vlan
Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 22.1.4 on page 176 for more information on IGMP Snooping VLAN. MES-3728 User’s Guide...
Page 179: Figure 89 Advanced Application > Multicast > Multicast Setting > Igmp Snooping Vlan
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. Clear Click this to clear the fields. MES-3728 User’s Guide...
Page 180: Igmp Filtering Profile
Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile. If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. MES-3728 User’s Guide...
Page 181: Mvr Overview
In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group. MES-3728 User’s Guide...
Page 182: Mvr Modes
VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to display the screen as shown next. You can create up to three multicast VLANs and up to 256 multicast rules on the Switch. MES-3728 User’s Guide...
Page 183: Figure 93 Advanced Application > Multicast > Multicast Setting > Mvr
Specify the MVR mode on the Switch. Choices are Dynamic and Compatible. Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports. Port This field displays the port number on the Switch. MES-3728 User’s Guide...
Page 184: Mvr Group Configuration
Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. MES-3728 User’s Guide...
Page 185: Mvr Configuration Example
VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic. MES-3728 User’s Guide...
Page 186: Figure 95 Mvr Configuration Example
To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 97 MVR Group Configuration Example MES-3728 User’s Guide...
Page 187: Figure 98 Mvr Group Configuration Example
Chapter 22 Multicast Figure 98 MVR Group Configuration Example MES-3728 User’s Guide...
Page 188 Chapter 22 Multicast MES-3728 User’s Guide...
Page 189: Authentication & Accounting
By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Chapter 29 on page 251). MES-3728 User’s Guide...
Page 190: Radius And Tacacs
Section 23.3 on page 198 for RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown. MES-3728 User’s Guide...
Page 191: Figure 101 Advanced Application > Auth And Acct > Radius Server Setup
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch. MES-3728 User’s Guide...
Page 192: Tacacs+ Server Setup
Use this screen to configure your TACACS+ server settings. See Section 23.1.2 on page 190 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. MES-3728 User’s Guide...
Page 193: Figure 102 Advanced Application > Auth And Acct > Tacacs+ Server Setup
Enter the IP address of an external TACACS+ server in dotted decimal notation. TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. MES-3728 User’s Guide...
Page 194: Authentication And Accounting Setup
23.2.3 Authentication and Accounting Setup Use this screen to configure authentication and accounting settings on the Switch. Click on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown. MES-3728 User’s Guide...
Page 195: Figure 103 Advanced Application > Auth And Acct > Auth And Acct Setup
Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. MES-3728 User’s Guide...
Page 196 This field is only configurable for Commands type of event. Select the threshold command privilege level for which the Switch should send accounting information. The Switch will send accounting information when commands at the level you specify and higher are executed on the Switch. MES-3728 User’s Guide...
Page 197: Vendor Specific Attribute
The VSAs are composed of the following: • Vendor-ID: An identification number assigned to the company by the IANA (Internet Assigned Numbers Authority). ZyXEL’s vendor ID is 890. • Vendor-Type: A vendor specified attribute, identifying the setting you want to modify.
Page 198: Supported Radius Attributes
Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified. MES-3728 User’s Guide...
Page 199: Attributes Used For Authentication
The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 23.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time MES-3728 User’s Guide...
Page 200: Table 67 Radius Attributes - Exec Events Via Console
23.3.2.3 Attributes Used for Accounting IEEE 802.1x Events The attributes are listed in the following table along with the time of the session they are sent: Table 69 RADIUS Attributes-Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-IP-Address NAS-Port Class Called-Station-Id Calling-Station-Id NAS-Identifier MES-3728 User’s Guide...
Page 201 Chapter 23 Authentication & Accounting Table 69 RADIUS Attributes-Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords MES-3728 User’s Guide...
Page 202 Chapter 23 Authentication & Accounting MES-3728 User’s Guide...
Page 203: Ip Source Guard
Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. MES-3728 User’s Guide...
Page 204: Figure 104 Dhcp Snooping Database File Format
Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the file, that binding and all others after it are ignored. MES-3728 User’s Guide...
Page 205: Arp Inspection Overview
• It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them. MES-3728 User’s Guide...
Page 206 ARP inspection so that the Switch has enough time to build the binding table. 2 Enable ARP inspection on each VLAN. 3 Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. MES-3728 User’s Guide...
Page 207: Ip Source Guard
VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. MES-3728 User’s Guide...
Page 208: Figure 107 Ip Source Guard Static Binding
This field displays the port number in the binding. If this field is blank, the binding applies to all ports. Delete Select this, and click Delete to remove the specified entry. Cancel Click this to clear the Delete check boxes above. MES-3728 User’s Guide...
Page 209: Dhcp Snooping
Chapter 24 IP Source Guard 24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 108 DHCP Snooping MES-3728 User’s Guide...
Page 210: Table 72 Dhcp Snooping
This field displays the number of times the Switch read bindings from the DHCP snooping database successfully. Failed reads This field displays the number of times the Switch was unable to read bindings from the DHCP snooping database. MES-3728 User’s Guide...
Page 211 This field displays the number of bindings the Switch has ignored because the lease time had already expired. Unsupported vlans This field displays the number of bindings the Switch has ignored because the VLAN ID does not exist anymore. MES-3728 User’s Guide...
Page 212: Dhcp Snooping Configure
You can enable Option82 in the DHCP Snooping VLAN Configure screen (Section 24.5.2 on page 215) to help the DHCP servers distinguish between DHCP requests from different VLAN. Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN. MES-3728 User’s Guide...
Page 213: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. MES-3728 User’s Guide...
Page 214: Figure 110 Dhcp Snooping Port Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MES-3728 User’s Guide...
Page 215: Dhcp Snooping Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MES-3728 User’s Guide...
Page 216: Arp Inspection Status
Click this to clear the Delete check boxes above. 24.6.1 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status. MES-3728 User’s Guide...
Page 217: Arp Inspection Log Status
Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status. MES-3728 User’s Guide...
Page 218: Figure 114 Arp Inspection Log Status
Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See Section 24.7.2 on page 221. Time This field displays when the log message was generated. MES-3728 User’s Guide...
Page 219: Arp Inspection Configure
Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer. Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 24.6.2 on page 217. MES-3728 User’s Guide...
Page 220: Arp Inspection Port Configure
Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 116 ARP Inspection Port Configure MES-3728 User’s Guide...
Page 221: Arp Inspection Vlan Configure
Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN. Figure 117 ARP Inspection VLAN Configure MES-3728 User’s Guide...
Page 222: Table 81 Arp Inspection Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MES-3728 User’s Guide...
Page 223: Loop Guard
• It will receive broadcast messages sent out from the switch in loop state. • It will receive its own broadcast messages that it sends out as they loop back. It will then re-broadcast those messages again. MES-3728 User’s Guide...
Page 224: Figure 119 Switch In Loop State
In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 121 Loop Guard - Network Loop MES-3728 User’s Guide...
Page 225: Loop Guard Setup
Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MES-3728 User’s Guide...
Page 226 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 227: Ip Application
IP Application Static Route (229) Differentiated Services (233) DHCP (241)
Page 229: Static Route
R2 to send traffic to an SNMP trap server on network N2. Figure 123 Static Routing Overview SNMP Telnet 26.2 Configuring Static Routing Click IP Application > Static Routing in the navigation panel to display the screen as shown. MES-3728 User’s Guide...
Page 230: Figure 124 Ip Application > Static Routing
This field displays the descriptive name for this route. This is for identification purposes only. Destination This field displays the IP network address of the final destination. Address Subnet Mask This field displays the subnet mask for this destination. MES-3728 User’s Guide...
Page 231 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3728 User’s Guide...
Page 232 Chapter 26 Static Route MES-3728 User’s Guide...
Page 233: Differentiated Services
The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded across the DiffServ network. Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. MES-3728 User’s Guide...
Page 234: Diffserv Network Example
DiffServ is enabled the following actions are performed on the colored packets: • Red (high loss priority level) packets are dropped. • Yellow (medium loss priority level) packets are dropped if there is congestion on the network. MES-3728 User’s Guide...
Page 235: Trtcm-Color-Blind Mode
PIR and then if they don’t exceed the PIR level are they evaluated against the CIR. Figure 128 TRTCM-Color-aware Mode Exceed Exceed Low Packet Red? Yellow? CIR? Loss PIR? Medium Packet High Packet High Packet Medium Packet Loss Loss Loss Loss MES-3728 User’s Guide...
Page 236: Activating Diffserv
Click Cancel to begin configuring this screen afresh. 27.3.1 Configuring 2-Rate 3 Color Marker Settings Use this screen to configure TRTCM settings. Click the 2-rate 3 Color Marker link in the DiffServ screen to display the screen as shown next. MES-3728 User’s Guide...
Page 237: Figure 130 Ip Application > Diffserv > 2-Rate 3 Color Marker
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this to activate TRTCM on the port. Commit Specify the Commit Information Rate (CIR) for this port. Rate Peak Specify the Peak Information Rate (PIR) for this port. Rate MES-3728 User’s Guide...
Page 238: Dscp-To-Ieee 802.1P Priority Settings
IEEE 802.1p 27.4.1 Configuring DSCP Settings To change the DSCP-IEEE 802.1p mapping click the DSCP Setting link in the DiffServ screen to display the screen as shown next. Figure 131 IP Application > DiffServ > DSCP Setting MES-3728 User’s Guide...
Page 239: Table 87 Ip Application > Diffserv > Dscp Setting
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 240 Chapter 27 Differentiated Services MES-3728 User’s Guide...
Page 241: Dhcp
• VLAN: The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. 28.2 DHCP Status Click IP Application > DHCP in the navigation panel. The DHCP Status screen displays. MES-3728 User’s Guide...
Page 242: Dhcp Relay
The following describes the DHCP relay information that the Switch sends to the DHCP server: Table 89 Relay Agent Information FIELD LABELS DESCRIPTION Slot ID (1 byte) This value is always 0 for stand-alone switches. Port ID (1 byte) This is the port that the DHCP client is connected to. MES-3728 User’s Guide...
Page 243: Configuring Dhcp Global Relay
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 244: Global Dhcp Relay Configuration Example
Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. Figure 135 DHCP Relay Configuration Example MES-3728 User’s Guide...
Page 245: Configuring Dhcp Vlan Settings
Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. MES-3728 User’s Guide...
Page 246: Example: Dhcp Relay For Two Vlans
192.168.1.100. Requests from the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 137 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. MES-3728 User’s Guide...
Page 247: Figure 138 Dhcp Relay For Two Vlans Configuration Example
Chapter 28 DHCP Figure 138 DHCP Relay for Two VLANs Configuration Example MES-3728 User’s Guide...
Page 248 Chapter 28 DHCP MES-3728 User’s Guide...
Page 249: Management
Management Maintenance (251) Access Control (257) Diagnostic (275) Syslog (277) Cluster Management (281) MAC Table (287) ARP Table (289) Configure Clone (291)
Page 251: Maintenance
Click Click Here to go to the Restore Configuration screen. Configuration Backup Click Click Here to go to the Backup Configuration screen. Configuration Load Factory Click Click Here to reset the configuration to the factory default settings. Default MES-3728 User’s Guide...
Page 252: Load Factory Default
Alternatively, click Save on the top right-hand corner in any screen to save the configuration changes to the current configuration. Clicking the Apply or Add button does NOT save the changes permanently. All unsaved changes are erased after you reboot the Switch. MES-3728 User’s Guide...
Page 253: Reboot System
Path text box or click Browse to locate it. Select the Rebooting check box if you want to reboot the Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. MES-3728 User’s Guide...
Page 254: Restore A Configuration File
3 Choose a location to save the file on your computer from the Save in drop-down list box and type a descriptive name for it in the File name list box. Click Save to save the configuration file to your computer. MES-3728 User’s Guide...
Page 255: Ftp Command Line
Switch’s settings, they can be saved back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension.
Page 256: Ftp Command Line Procedure
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MES-3728 User’s Guide...
Page 257: Access Control
See the CLI Reference Guide for more information on disabling multi- login. 30.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 145 Management > Access Control MES-3728 User’s Guide...
Page 258: About Snmp
Get operation, followed by a series of GetNext operations. Allows the manager to set values for object variables within an agent. Trap Used by the agent to inform the manager of some events. MES-3728 User’s Guide...
Page 259: Snmp V3 And Security
TemperatureEventOn 1.3.6.1.4.1.890.1.5.8.45.27.2.1 This trap is sent when the temperature goes above or below the normal operating range. TemperatureEventClear 1.3.6.1.4.1.890.1.5.8.45.27.2.2 This trap is sent when the temperature returns to the normal operating range. MES-3728 User’s Guide...
Page 260: Table 97 Snmp Interface Traps
AutonegotiationFailedEventO 1.3.6.1.4.1.890.1.5.8.45.27.2.1 This trap is sent when an Ethernet interface fails to auto- negotiate with the peer Ethernet interface. AutonegotiationFailedEventC 1.3.6.1.4.1.890.1.5.8.45.27.2.2 This trap is sent when an lear Ethernet interface auto- negotiates with the peer Ethernet interface. MES-3728 User’s Guide...
Page 261: Table 98 Aaa Traps
1.3.6.1.2.1.81.0.1 This trap is sent when a path to a target changes. traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 This trap is sent when a traceroute test is completed. MES-3728 User’s Guide...
Page 262: Configuring Snmp
This trap is sent when the variable falls below the RMON "falling" threshold. 30.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. MES-3728 User’s Guide...
Page 263: Figure 147 Management > Access Control > Snmp
Use this section to configure where to send SNMP traps from the Switch. Version Specify the version of the SNMP trap messages. Enter the IP addresses of up to four managers to send your SNMP traps to. MES-3728 User’s Guide...
Page 264: Configuring Snmp Trap Group
30.3.5 Configuring SNMP Trap Group Click Management > Access Control > SNMP > Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP traps that should be sent to each SNMP manager. MES-3728 User’s Guide...
Page 265: Setting Up Login Accounts
• An administrator is someone who can both view and configure Switch changes. The username for the Administrator is always admin. The default administrator password is 1234. It is highly recommended that you change the default administrator password (1234). MES-3728 User’s Guide...
Page 266: Figure 149 Management > Access Control > Logins
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 267: Ssh Overview
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. MES-3728 User’s Guide...
Page 268: Ssh Implementation On The Switch
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch’s WS (web server). 2 HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s WS (web server). MES-3728 User’s Guide...
Page 269: Https Example
You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked. Figure 153 Security Alert Dialog Box (Internet Explorer) example MES-3728 User’s Guide...
Page 270: Netscape Navigator Warning Messages
30.8.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection. MES-3728 User’s Guide...
Page 271: Service Port Access Control
You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Management > Access Control > Service Access Control to view the screen as shown. Figure 157 Management > Access Control > Service Access Control MES-3728 User’s Guide...
Page 272: Remote Management
Switch. Active Select this check box to activate this secured client set. Clear the check box if you wish to temporarily disable the set without deleting it. MES-3728 User’s Guide...
Page 273 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 274 Chapter 30 Access Control MES-3728 User’s Guide...
Page 275: Diagnostic
Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test. MES-3728 User’s Guide...
Page 276 Chapter 31 Diagnostic MES-3728 User’s Guide...
Page 277: Syslog
Debug: The message is intended for debug-level purposes. 32.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. MES-3728 User’s Guide...
Page 278: Syslog Server Setup
Click Cancel to begin configuring this screen afresh. 32.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to view the screen as shown next. Use this screen to configure a list of external syslog servers. MES-3728 User’s Guide...
Page 279: Figure 161 Management > Syslog > Syslog Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 280 Chapter 32 Syslog MES-3728 User’s Guide...
Page 281: Cluster Management
Table 110 ZyXEL Clustering Management Specifications Maximum number of cluster members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches.
Page 282: Cluster Management Status
Figure 162 Clustering Application Example 33.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. A cluster can only have one manager. Figure 163 Management > Cluster Management: Status MES-3728 User’s Guide...
Page 283: Cluster Member Switch Management
Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. Figure 164 Cluster Management: Cluster Member Web Configurator Screen MES-3728 User’s Guide...
Page 284: Clustering Management Configuration
This is the cluster member switch’s configuration file name as seen in the cluster manager switch. 33.3 Clustering Management Configuration Use this screen to configure clustering management. Click Management > Cluster Management > Configuration to display the next screen. MES-3728 User’s Guide...
Page 285: Figure 166 Management > Cluster Management > Configuration
All switches must be directly connected and in the same VLAN group to belong to the same cluster. Switches that are not in the same VLAN group are not visible in the Clustering Candidates list. This field is ignored if the Clustering Manager is using Port-based VLAN. MES-3728 User’s Guide...
Page 286 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 287: Mac Table
• If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 167 MAC Table Flowchart MES-3728 User’s Guide...
Page 288: Viewing The Mac Table
This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). MES-3728 User’s Guide...
Page 289: Arp Table
ARP Table for future reference and then sends the packet to the MAC address that replied. 35.2 Viewing the ARP Table Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s). MES-3728 User’s Guide...
Page 290: Table 115 Management > Arp Table
This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above. Type This shows whether the MAC address is dynamic (learned by the Switch) or static. MES-3728 User’s Guide...
Page 291: Configure Clone
36.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 170 Management > Configure Clone MES-3728 User’s Guide...
Page 292: Table 116 Management > Configure Clone
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3728 User’s Guide...
Page 293: Troubleshooting & Product Specifications
Troubleshooting & Product Specifications Troubleshooting (295) Product Specifications (299)
Page 295: Troubleshooting
1 Turn the Switch off and on (in DC models or if the DC power supply is connected in AC/ DC models). 2 Disconnect and re-connect the power adaptor or cord to the Switch (in AC models or if the AC power supply is connected in AC/DC models). 3 If the problem continues, contact the vendor. MES-3728 User’s Guide...
Page 296: Switch Access And Login
• The default IP address is 192.168.1.1. • If you changed the IP address, use the new IP address. • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the Switch. MES-3728 User’s Guide...
Page 297 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). MES-3728 User’s Guide...
Page 298 Chapter 37 Troubleshooting MES-3728 User’s Guide...
Page 299: Product Specifications
Storage Environment Temperature: -10º C ~ 70º C (14º F ~ 158º F) Humidity: 10 ~ 90% (non-condensing) Ground Wire Gauge 18 AWG or larger Power Wire Gauge 18 AWG or larger Fuse Specification 250 VAC, T2A MES-3728 User’s Guide...
Page 300: Table 118 Firmware Specifications
Strict Priority Queuing (SPQ) Weighted Round Robin (WRR), and Weighted Fair Queuing (WFQ). This allows the Switch to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth. MES-3728 User’s Guide...
Page 301 The Switch can generate syslog messages and send it to a syslog server. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the Switch.
Page 302: Table 119 Feature Specifications
IP subnet based VLAN Port IEEE 802.3ad LACP Aggregation Six groups (up to eight ports each) Port mirroring Rule-based port mirroring Port-based mirroring Support port mirroring per IP/TCP/UDP Bandwidth Supports rate limiting at 64 Kb increments control TRTCM MES-3728 User’s Guide...
Page 303: Table 120 Standards Supported
RFC 868 Time Protocol RFC 894 Ethernet II Encapsulation RFC 1112 IGMP v1 RFC 1155 RFC 1157 SNMPv1: Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II RFC 1305 Network Time Protocol (NTP version 3) MES-3728 User’s Guide...
Page 304 IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation IEEE 802.3ah Ethernet OAM (Operations, Administration and Maintenance) IEEE 802.3x Flow Control Safety UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) MES-3728 User’s Guide...
Page 305: Appendices And Index
Appendices and Index Changing a Fuse (307) Common Services (309) Legal Information (313) Customer Support (317) Index (323)
Page 307: Appendix A Changing A Fuse
2 Push the replacement fuse into the fuse housing until you hear a click. 3 Push the fuse housing back into the Switch until you hear a click. 4 Plug the power cord back into the unit. MES-3728 User’s Guide...
Page 308 Appendix A Changing a Fuse MES-3728 User’s Guide...
Page 309: Appendix B Common Services
7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 310 This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web. REXEC Remote Execution Daemon. RLOGIN Remote Login. MES-3728 User’s Guide...
Page 311 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. MES-3728 User’s Guide...
Page 312 Appendix B Common Services MES-3728 User’s Guide...
Page 313: Appendix C Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 314: Zyxel Limited Warranty
3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 315 Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 316 Appendix C Legal Information MES-3728 User’s Guide...
Page 317: Appendix D Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 318 • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France [Document Title]...
Page 319 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 320 • Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 321 • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Page 322 • Support E-mail: support@zyxel.co.uk • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 0845 122 0301 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) [Document Title]...
Page 323: Index
153, 155, 156 authentication viewing setup cloning a port See port cloning Authentication, Authorization and Accounting, see cluster management and switch passwords authorization cluster manager 281, 285 privilege levels cluster member 281, 286 MES-3728 User’s Guide...
Page 324 DHCP relay option 82 firmware DHCP snooping upgrade 253, 284 configuring flow control DHCP relay option 82 back pressure trusted ports IEEE802.3x untrusted ports forwarding DHCP snooping database delay diagnostics frames Ethernet port test tagged ping untagged system log MES-3728 User’s Guide...
Page 325 Link Aggregate Control Protocol (LACP) link aggregation IEEE 802.1p, priority dynamic IEEE 802.1x ID information activate 145, 146, 192, 194 setup 137, 138 port authentication status reauthentication lockout IGMP version login IGMP (Internet Group Management Protocol) password MES-3728 User’s Guide...
Page 326 FTP. See FTP. using Telnet. See command interface. using the command interface. See command interface. man-in-the-middle attacks network applications network management system (NMS) hops NTP (RFC-1305) MDIX (Media Dependent Interface Crossover) MGMT port and SNMP MES-3728 User’s Guide...
Page 327 “standby” registration diagnostics product mirroring related documentation speed/duplex remote management power connector service power consumption trusted computers power specification removing fuses power status resetting 62, 252 MES-3728 User’s Guide...
Page 328 SSH (Secure Shell) Secure Shell, See SSH system information SSL (Secure Socket Layer) system log standby ports system reboot static bindings static link aggregation example static MAC address MES-3728 User’s Guide...
Page 329 VLAN, protocol based, See protocol based VLAN Two Rate Three Color Marker (TRTCM) Type of Service (ToS) VT100 untrusted ports warranty ARP inspection note DHCP snooping web configurator user profiles getting help home login logout navigation panel screen summary MES-3728 User’s Guide...
Page 330 Index weight, queuing Weighted Round Robin Scheduling (WRR) WRR (Weighted Round Robin Scheduling) ZyNOS (ZyXEL Network Operating System) MES-3728 User’s Guide...

ZyXEL Communications MES-3728 User Manual

Contents Overview

List of Tables

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forward Setup

Chapter 10 Filtering

Chapter 11 Spanning Tree Protocol

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Chapter 22 Multicast

Chapter 23 Authentication & Accounting

Chapter 24 IP Source Guard

Chapter 25 Loop Guard

Chapter 26 Static Route

Chapter 27 Differentiated Services

Chapter 28 DHCP

Chapter 29 Maintenance

Chapter 30 Access Control

Chapter 31 Diagnostic

Chapter 32 Syslog

Chapter 33 Cluster Management

Chapter 34 MAC Table

Chapter 35 ARP Table

Chapter 36 Configure Clone

Chapter 37

Chapter 38

Appendix A Changing a Fuse

Appendix B Common Services

Appendix C Legal Information

Appendix D Customer Support

Quick Links

Chapters

Troubleshooting

Related Manuals for ZyXEL Communications MES-3728

Summary of Contents for ZyXEL Communications MES-3728