Page 1 MGS-3712/3712F MetroGigabit Switch User’s Guide Version 3.80 2/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com...
Page 3: About This User's Guide
• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
Syntax Conventions • The MGS-3712 and MGS-3712F models may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router MGS-3712/MGS-3012F User’s Guide...
Page 6: Safety Warnings
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. • The length of exposed (bare) power wire should not exceed 7mm. This product is recyclable. Dispose of it properly. MGS-3712/MGS-3012F User’s Guide...
Page 7 Safety Warnings MGS-3712/MGS-3012F User’s Guide...
Page 8 Safety Warnings MGS-3712/MGS-3012F User’s Guide...
Page 9: Table Of Contents
Authentication & Accounting ....................171 IP Source Guard ........................185 Loop Guard ..........................205 Two Rate Three Color Marker ....................209 IP Application ........................215 Static Route ..........................217 DHCP ............................221 Management ......................... 229 Maintenance ..........................231 MGS-3712/MGS-3012F User’s Guide...
Page 10 Syslog ............................257 Cluster Management ....................... 261 MAC Table ..........................267 ARP Table ..........................269 Configure Clone ........................271 Troubleshooting & Product Specifications ............... 273 Troubleshooting ........................275 Product Specifications ......................279 Appendices and Index ......................285 MGS-3712/MGS-3012F User’s Guide...
Page 11: Table Of Contents
2.3.1 Rack-mounted Installation Requirements ..............36 2.3.2 Attaching the Mounting Brackets to the Switch ............36 2.3.3 Mounting the Switch on a Rack .................. 37 Chapter 3 Hardware Overview......................... 39 3.1 Front Panel .......................... 39 3.1.1 Console Port ......................41 MGS-3712/MGS-3012F User’s Guide...
Page 12 System Status and Port Statistics ..................65 6.1 Overview ..........................65 6.2 Port Status Summary ...................... 65 6.2.1 Status: Port Details ....................66 Chapter 7 Basic Setting .......................... 71 7.1 Overview ..........................71 7.2 System Information ......................71 MGS-3712/MGS-3012F User’s Guide...
Page 13 9.1 Overview ..........................97 9.2 Configuring Static MAC Forwarding ................97 Chapter 10 Filtering............................ 99 10.1 Configure a Filtering Rule ....................99 Chapter 11 Spanning Tree Protocol......................101 11.1 STP/RSTP Overview ....................... 101 11.1.1 STP Terminology ....................101 MGS-3712/MGS-3012F User’s Guide...
Page 14 15.5 Link Aggregation Control Protocol ................128 15.6 Static Trunking Example ....................130 Chapter 16 Port Authentication....................... 133 16.1 Port Authentication Overview ..................133 16.1.1 IEEE 802.1x Authentication ................... 133 16.1.2 MAC Authentication ....................134 16.2 Port Authentication Configuration ..................135 MGS-3712/MGS-3012F User’s Guide...
Page 15 21.1.3 IGMP Snooping ...................... 157 21.1.4 IGMP Snooping and VLANs ................... 158 21.2 Multicast Status ....................... 158 21.3 Multicast Setting ......................158 21.4 IGMP Snooping VLAN ..................... 160 21.5 IGMP Filtering Profile ...................... 162 21.6 MVR Overview ......................... 163 MGS-3712/MGS-3012F User’s Guide...
Page 16 23.7 ARP Inspection Configure ....................201 23.7.1 ARP Inspection Port Configure ................202 23.7.2 ARP Inspection VLAN Configure ................203 Chapter 24 Loop Guard..........................205 24.1 Loop Guard Overview ...................... 205 24.2 Loop Guard Setup ......................207 MGS-3712/MGS-3012F User’s Guide...
Page 17 27.4.1 Example: DHCP Relay for Two VLANs ..............226 Part V: Management................229 Chapter 28 Maintenance .......................... 231 28.1 The Maintenance Screen ....................231 28.2 Load Factory Default ....................... 232 28.3 Save Configuration ......................232 28.4 Reboot System ........................ 233 28.5 Firmware Upgrade ......................233 MGS-3712/MGS-3012F User’s Guide...
Page 18 29.10 Remote Management ....................253 Chapter 30 Diagnostic..........................255 30.1 Diagnostic ........................255 Chapter 31 Syslog ............................ 257 31.1 Syslog Overview ......................257 31.2 Syslog Setup ........................257 31.3 Syslog Server Setup ......................258 Chapter 32 Cluster Management......................261 MGS-3712/MGS-3012F User’s Guide...
Page 19 36.2 Switch Access and Login ....................276 Chapter 37 Product Specifications ......................279 Part VII: Appendices and Index ............285 Appendix A Common Services....................287 Appendix B Legal Information ....................291 Appendix C Customer Support....................295 Index............................301 MGS-3712/MGS-3012F User’s Guide...
Page 20 Table of Contents MGS-3712/MGS-3012F User’s Guide...
Page 21: List Of Figures
Figure 6 Attaching the Mounting Brackets ....................37 Figure 7 Mounting the Switch on a Rack ....................37 Figure 8 Front Panel: MGS-3712 AC/DC version ................... 39 Figure 9 Front Panel: MGS-3712 AC version ..................39 Figure 10 Front Panel: MGS-3712 DC version ..................40 Figure 11 Front Panel: MGS-3712F AC/DC version ................
Page 22 Figure 77 Advanced Application > Port Security .................. 140 Figure 78 Advanced Application > Classifier ..................144 Figure 79 Advanced Application > Classifier: Summary Table ............. 146 Figure 80 Classifier: Example ....................... 148 Figure 81 Advanced Application > Policy Rule ..................150 MGS-3712/MGS-3012F User’s Guide...
Page 23 Figure 120 Advanced Application > Loop Guard .................. 207 Figure 121 DiffServ: Differentiated Service Field .................. 209 Figure 122 DiffServ Network ....................... 210 Figure 123 trTCM - Color-blind Mode ....................211 Figure 124 trTCM - Color-aware Mode ....................211 MGS-3712/MGS-3012F User’s Guide...
Page 24 Figure 162 Management > Cluster Management > Configuration ............265 Figure 163 MAC Table Flowchart ......................267 Figure 164 Management > MAC Table ....................268 Figure 165 Management > ARP Table ....................270 Figure 166 Management > Configure Clone ..................271 MGS-3712/MGS-3012F User’s Guide...
Page 25: List Of Tables
Table 36 Advanced Application > Link Aggregation Status ..............126 Table 37 Advanced Application > Link Aggregation > Link Aggregation Setting ........128 Table 38 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP ..... 129 MGS-3712/MGS-3012F User’s Guide...
Page 26 Table 77 Advanced Application > Loop Guard ..................207 Table 78 Advanced Application > trTCM ....................212 Table 79 IP Application > Static Routing ....................218 Table 80 IP Application > DHCP ......................222 Table 81 Relay Agent Information ......................222 MGS-3712/MGS-3012F User’s Guide...
Page 27 Table 100 Management > Syslog ......................258 Table 101 Management > Syslog > Syslog Server Setup ..............259 Table 102 ZyXEL Clustering Management Specifications ..............261 Table 103 Management > Cluster Management: Status ............... 263 Table 104 FTP Upload to Cluster Member Example ................264 Table 105 Management >...
Page 28 List of Tables MGS-3712/MGS-3012F User’s Guide...
Page 29: Introduction And Hardware
Introduction and Hardware Getting to Know Your Switch (31) Hardware Installation and Connection (35) Hardware Overview (39)
Page 31: Getting To Know Your Switch
The MGS-3712 and MGS-3712F are layer 2 stand-alone Gigabit Ethernet (GbE) switches. The MGS-3712 has four GbE dual personality interfaces with each interface comprising one mini-GBIC slot and one 100/1000 Mbps RJ-45 port, with either port or slot active at a time. In addition, the MGS-3712 has 8 100/1000 Mbps RJ-45 ports.
Page 32: Bridging Example
Figure 2 Bridging Application 1.1.3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. MGS-3712/MGS-3712F User’s Guide...
Page 33: Ieee 802.1Q Vlan Application Examples
Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too. MGS-3712/MGS-3712F User’s Guide...
Page 34: Ways To Manage The Switch
If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. MGS-3712/MGS-3712F User’s Guide...
Page 35: Hardware Installation And Connection
4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. MGS-3712/MGS-3012F User’s Guide...
Page 36: Mounting The Switch On A Rack
2.3.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 37: Mounting The Switch On A Rack
Figure 7 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps to attach the second mounting bracket on the other side of the rack. MGS-3712/MGS-3012F User’s Guide...
Page 38 Chapter 2 Hardware Installation and Connection MGS-3712/MGS-3012F User’s Guide...
Page 39: Hardware Overview
3.1 Front Panel MGS-3712 The following figure shows the front panel of the MGS-3712’s AC/DC, AC and DC versions. The front panel contains the Switch LEDs, 8 RJ-45 Gigabit Ethernet (GbE) ports, four dual personality interfaces each consisting of a mini-GBIC slot and an RJ-45 GbE port, one console and one management port for local management, and a slot for alarm management.
Page 40: Figure 10 Front Panel: Mgs-3712 Dc Version
Dual Personality Interfaces MGS-3712F The following figure shows the front panel of the MGS-3712F of the MGS-3712’s AC/DC, AC and DC versions. The front panel contains the Switch LEDs, 8 slots for mini-GBIC (Gigabit Interface Converter) transceivers, also known as SFP (Single form-factor Pluggable)
Page 41: Console Port
• No flow control Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. MGS-3712/MGS-3012F User’s Guide...
Page 42: Gigabit Ethernet Ports
(SFP) Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details. You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors. MGS-3712/MGS-3012F User’s Guide...
Page 43: Figure 14 Transceiver Installation Example
Use the following steps to remove a mini-GBIC transceiver (SFP module). 1 Remove the fiber optic cables from the transceiver. 2 Open the transceiver’s latch (latch styles vary). 3 Pull the transceiver out of the slot. Figure 16 Removing the Fiber Optic Cables MGS-3712/MGS-3012F User’s Guide...
Page 44: Management Port
The MGS-3712 AC version requires a power supply of 100-240 VAC 50/60 Hz, 0.6 A Max. The DC version requires a power supply of -36 VDC -~ -72 VDC, 0.8 A Max. The AC/DC version can be used with either power specifications.
Page 45: Alarm Slot
The ALARM slot (fitted with the alarm connector) allows you to connect devices to the Switch, such as smoke or movement detectors, sensors, or even other ZyXEL switches which support the external alarm feature. This feature is in addition to the system alarm, which detects abnormal temperatures, voltage levels and fan speeds on the Switch.
Page 46: Figure 20 Connecting A Sensor To The Alarm Slot
4 To connect an output device such as an alarm bell, repeat the previous steps but this time connect to either pins (1,2) or (2,3) on the ALARM connector. You can also daisy-chain the external alarm to another ZyXEL Switch which supports the external alarm feature. If daisy-chaining to a ZyXEL switch different from the MGS-3712(F), check your switch’s documentation for the correct pin assignments.
Page 47: Rear Panel
Chapter 3 Hardware Overview 3.2 Rear Panel The following figures show the rear panels of the MGS-3712 and MGS-3712F models. The rear panel contains a connector for external backup power supply. Figure 22 Rear Panel: MGS-3712 Figure 23 Rear Panel: MGS-3712F 3.3 LEDs...
Page 48: Configuring The Switch
You can access the command line interface using a terminal emulation program on a computer connected to the Switch console port (see Section 3.1.1 on page 41) or access the Switch using Telnet. The next part of this guide discusses configuring the Switch using the web configurator. MGS-3712/MGS-3012F User’s Guide...
Page 49: Basic Configuration
Basic Configuration The Web Configurator (51) Initial Setup Example (61) System Status and Port Statistics (65) Basic Setting (71)
Page 51: The Web Configurator
3 The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. MGS-3712/MGS-3012F User’s Guide...
Page 52: The Status Screen
B - Click this link to save your configuration into the Switch’s nonvolatile memory. Nonvolatile memory is the configuration of your Switch that stays the same even if the Switch’s power is turned off. C - Click this link to go to the status page of the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 53: Table 3 Navigation Panel Sub-Links Overview
E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION MGS-3712/MGS-3012F User’s Guide...
Page 54 Chapter 4 The Web Configurator The following table lists the various web configurator screens within the sub-links. MGS-3712/MGS-3012F User’s Guide...
Page 55: Table 4 Web Configurator Screen Sub-Links Details
IP Source Guard IP Source Guard Static Binding DHCP Snooping DHCP Snooping Configure DHCP Snooping Configure Port DHCP Snooping Configure VLAN ARP Inspection Status ARP Inspection VLAN Status ARP Inspection Log Status ARP Inspection Configure Loop Guard trTCM MGS-3712/MGS-3012F User’s Guide...
Page 56: Table 5 Navigation Panel Links
This link takes you to a screen where you can configure authentication and accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access-Control System Plus). MGS-3712/MGS-3012F User’s Guide...
Page 57: Change Your Password
This link takes you to a screen where you can copy attributes of one port to other ports. 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. MGS-3712/MGS-3012F User’s Guide...
Page 58: Saving Your Configuration
3 Filter all traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. MGS-3712/MGS-3012F User’s Guide...
Page 59: Resetting The Switch
“ ” message. atlc Enter Debug Mode 5 Wait for the “ ” message before activating XMODEM Starting XMODEM upload upload on your terminal. 6 After a configuration file upload, type to restart the Switch. atgo MGS-3712/MGS-3012F User’s Guide...
Page 60: Logging Out Of The Web Configurator
Figure 28 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. MGS-3712/MGS-3012F User’s Guide...
Page 61: Initial Setup Example
VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 29 Initial Setup Network Example: VLAN MGS-3712/MGS-3012F User’s Guide...
Page 62: Setting Port Vid
VLAN group that the tag defines. In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2. MGS-3712/MGS-3012F User’s Guide...
Page 63: Configuring Switch Management Ip Address
The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. Figure 31 Initial Setup Example: Management IP Address MGS-3712/MGS-3012F User’s Guide...
Page 64 VLAN ID you configure in the Static VLAN screen. 7 Click Add to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS-3712/MGS-3012F User’s Guide...
Page 65: System Status And Port Statistics
This identifies the Ethernet port. Click a port number to display the Port Details screen (refer to Figure 33 on page 67). Name This is the name you assigned to this port in the Basic Setting > Port Setup screen. MGS-3712/MGS-3012F User’s Guide...
Page 66: Status: Port Details
6.2.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 67: Figure 33 Status > Port Details
This field shows the number of received errors on this port. Tx KB/s This field shows the number kilobytes per second transmitted on this port. Rx KB/s This field shows the number of kilobytes per second received on this port. MGS-3712/MGS-3012F User’s Guide...
Page 68 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. MGS-3712/MGS-3012F User’s Guide...
Page 69 This field shows the number of packets (including bad packets) received that were 1518 between 1024 and 1518 octets in length. Giant This field shows the number of packets dropped because they were bigger than the maximum frame size. MGS-3712/MGS-3012F User’s Guide...
Page 70 Chapter 6 System Status and Port Statistics MGS-3712/MGS-3012F User’s Guide...
Page 71: Basic Setting
In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen. Figure 34 Basic Setting > System Info MGS-3712/MGS-3012F User’s Guide...
Page 72: General Setup
Error is displayed. 7.3 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 73: Figure 35 Basic Setting > General Setup
This field displays the date you open this menu. New Date (yyyy- Enter the new date in year, month and day format. The new date then appears in mm-dd) the Current Date field after you click Apply. MGS-3712/MGS-3012F User’s Guide...
Page 74: Introduction To Vlans
When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building. MGS-3712/MGS-3012F User’s Guide...
Page 75: Switch Setup Screen
You also need to define how to treat a BPDU in the Port Setup screen. Transparency MAC Address MAC address learning reduces outgoing traffic broadcasts. For MAC address Learning learning to occur on a port, the port must be active. MGS-3712/MGS-3012F User’s Guide...
Page 76 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3012F User’s Guide...
Page 77: Ip Setup
You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). You must configure a VLAN first. Figure 37 Basic Setting > IP Setup MGS-3712/MGS-3012F User’s Guide...
Page 78: Table 11 Basic Setting > Ip Setup
Click Cancel to begin configuring the fields again. In-band IP Addresses You can create up to 64 IP addresses, which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). You must configure a VLAN first. MGS-3712/MGS-3012F User’s Guide...
Page 79: Port Setup
Click Cancel to clear the selected checkboxes in the Delete column. 7.7 Port Setup Use this screen to configure Switch port settings.Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. Figure 38 Basic Setting > Port Setup MGS-3712/MGS-3012F User’s Guide...
Page 80: Table 12 Basic Setting > Port Setup
Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Select Tunnel to forward BPDUs received on this port. Select Discard to drop any BPDU received on this port. Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU. MGS-3712/MGS-3012F User’s Guide...
Page 81 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 82 Chapter 7 Basic Setting MGS-3712/MGS-3012F User’s Guide...
Page 83: Advanced
Advanced VLAN (85) Static MAC Forward Setup (97) Filtering (99) Spanning Tree Protocol (101) Bandwidth Control (119) Broadcast Storm Control (121) Mirroring (123) Link Aggregation (125) Port Authentication (133) Port Security (139) Classifier (143) Policy Rule (149) Queuing Method (155) Multicast (157) Authentication &...
Page 85: Vlan
A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain. MGS-3712/MGS-3012F User’s Guide...
Page 86: Automatic Vlan Registration
You may choose to accept both tagged and untagged Type incoming frames, just tagged incoming frames or just untagged incoming frames on a port. Ingress filtering If set, the Switch discards incoming frames for VLANs that do not have this port as a member MGS-3712/MGS-3012F User’s Guide...
Page 87: Port Vlan Trunking
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. MGS-3712/MGS-3012F User’s Guide...
Page 88: Static Vlan Status
Use this screen to view detailed port settings and status of the VLAN group. See Section 8.1 on page 85 for more information on static VLAN. Click on an index number in the VLAN Status screen to display VLAN details. Figure 42 Advanced Application > VLAN > VLAN Detail MGS-3712/MGS-3012F User’s Guide...
Page 89: Configure A Static Vlan
8.1 on page 85 for more information on static VLAN. To configure a static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next. Figure 43 Advanced Application > VLAN > Static VLAN MGS-3712/MGS-3012F User’s Guide...
Page 90: Configure Vlan Port Settings
Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 8.1 on page 85 for more information on static VLAN. Click the VLAN Port Setting link in the VLAN Status screen. MGS-3712/MGS-3012F User’s Guide...
Page 91: Figure 44 Advanced Application > Vlan > Vlan Port Setting
VLAN Trunking Enable VLAN Trunking on ports connected to other switches or routers (but not ports directly connected to end users) to allow frames belonging to unknown VLAN groups to pass through the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 92: Subnet Based Vlans
IP subnet and prioritized accordingly. That is video services receive the highest priority and data the lowest. Figure 45 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 MGS-3712/MGS-3012F User’s Guide...
Page 93: Configuring Subnet Based Vlan
Check this box to activate the IP subnet VLAN you are creating or editing. Name Enter up to 32 alpha numeric characters to identify this subnet based VLAN. Enter the IP address of the subnet for which you want to configure this subnet based VLAN. MGS-3712/MGS-3012F User’s Guide...
Page 94: Port-Based Vlan Setup
Port-based VLANs are specific only to the Switch on which they were created. When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it. MGS-3712/MGS-3012F User’s Guide...
Page 95: Configure A Port-Based Vlan
Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 47 Port Based VLAN Setup (All Connected) MGS-3712/MGS-3012F User’s Guide...
Page 96: Figure 48 Port Based Vlan Setup (Port Isolation)
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 97: Static Mac Forward Setup
Chapter 17 on page 139 for more information on port security. Click Advanced Applications > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. Figure 49 Advanced Application > Static MAC Forwarding MGS-3712/MGS-3012F User’s Guide...
Page 98: Table 20 Advanced Application > Static Mac Forwarding
This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3012F User’s Guide...
Page 99: Filtering
Make sure to select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by deselecting this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for identification only. MGS-3712/MGS-3012F User’s Guide...
Page 100 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MGS-3712/MGS-3012F User’s Guide...
Page 101: Spanning Tree Protocol
Both RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. In this user’s guide, “STP” refers to both STP and RSTP. 11.1.1 STP Terminology The root bridge is the base of the spanning tree. MGS-3712/MGS-3012F User’s Guide...
Page 102: How Stp Works
BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. MGS-3712/MGS-3012F User’s Guide...
Page 103: Stp Port States
11.1.4 Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 104: Multiple Stp
VLAN 1 VLAN 2 With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP. MGS-3712/MGS-3012F User’s Guide...
Page 105: Figure 53 Mstp Network Example
MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Thus an MSTI does not span across MST regions. The following figure shows an example where there are two MST regions. Regions 1 and 2 have 2 spanning tree instances. MGS-3712/MGS-3012F User’s Guide...
Page 106: Spanning Tree Protocol Status Screen
11.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 107: Spanning Tree Configuration
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 108: Configure Rapid Spanning Tree Protocol
Select a value from the drop-down list box. The lower the numeric value you assign, the higher the priority for this bridge. Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. MGS-3712/MGS-3012F User’s Guide...
Page 109: Rapid Spanning Tree Protocol Status
Click Cancel to begin configuring this screen afresh. 11.5 Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 101 for more information on RSTP. MGS-3712/MGS-3012F User’s Guide...
Page 110: Figure 59 Advanced Application > Spanning Tree Protocol > Status: Rstp
Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MGS-3712/MGS-3012F User’s Guide...
Page 111: Configure Multiple Rapid Spanning Tree Protocol
Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. MGS-3712/MGS-3012F User’s Guide...
Page 112: Multiple Rapid Spanning Tree Protocol Status
11.7 Multiple Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 101 for more information on MRSTP. MGS-3712/MGS-3012F User’s Guide...
Page 113: Figure 61 Advanced Application > Spanning Tree Protocol > Status: Mrstp
Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MGS-3712/MGS-3012F User’s Guide...
Page 114: Configure Multiple Spanning Tree Protocol
11.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1.5 on page 104 for more information on MSTP. Figure 62 Advanced Application > Spanning Tree Protocol > MSTP MGS-3712/MGS-3012F User’s Guide...
Page 115: Table 29 Advanced Application > Spanning Tree Protocol > Mstp
Switch will be chosen as the root bridge within the spanning tree instance. Enter priority values between 0 and 61440 in increments of 4096 (thus valid values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 and 61440). MGS-3712/MGS-3012F User’s Guide...
Page 116: Multiple Spanning Tree Protocol Status
Click Cancel to begin configuring this screen afresh. 11.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1.5 on page 104 for more information on MSTP. MGS-3712/MGS-3012F User’s Guide...
Page 117: Figure 63 Advanced Application > Spanning Tree Protocol > Status: Mstp
This is the time interval (in seconds) at which the root switch transmits a (second) configuration message. Max Age (second) This is the maximum time (in seconds) the Switch can wait without receiving a configuration message before attempting to reconfigure. MGS-3712/MGS-3012F User’s Guide...
Page 118 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. MGS-3712/MGS-3012F User’s Guide...
Page 119: Bandwidth Control
The CIR should be less than the PIR. The sum of CIRs cannot be greater than or equal to the uplink bandwidth. 12.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. MGS-3712/MGS-3012F User’s Guide...
Page 120: Figure 64 Advanced Application > Bandwidth Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3012F User’s Guide...
Page 121: Broadcast Storm Control
DLF packets in your network. You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 65 Advanced Application > Broadcast Storm Control MGS-3712/MGS-3012F User’s Guide...
Page 122: Table 32 Advanced Application > Broadcast Storm Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3012F User’s Guide...
Page 123: Mirroring
Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 66 Advanced Application > Mirroring MGS-3712/MGS-3012F User’s Guide...
Page 124: Table 33 Advanced Application > Mirroring
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS-3712/MGS-3012F User’s Guide...
Page 125: Link Aggregation
LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports become operational without user intervention. Please note that: MGS-3712/MGS-3012F User’s Guide...
Page 126: Link Aggregation Id
These are the ports you have configured in the Link Aggregation screen to be in the trunk group. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MGS-3712/MGS-3012F User’s Guide...
Page 127: Link Aggregation Setting
Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 15.1 on page 125 for more information on link aggregation. Figure 68 Advanced Application > Link Aggregation > Link Aggregation Setting MGS-3712/MGS-3012F User’s Guide...
Page 128: Link Aggregation Control Protocol
Click Cancel to begin configuring this screen afresh. 15.5 Link Aggregation Control Protocol Click Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 15.2 on page 125 for more information on dynamic link aggregation. MGS-3712/MGS-3012F User’s Guide...
Page 129: Figure 69 Advanced Application > Link Aggregation > Link Aggregation Setting > Lacp
(LACP). The smaller the number, the higher the priority level. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number. MGS-3712/MGS-3012F User’s Guide...
Page 130: Static Trunking Example
2 Configure static trunking - Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunking group T1 and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. MGS-3712/MGS-3012F User’s Guide...
Page 131: Figure 71 Trunking Example - Configuration Screen
Chapter 15 Link Aggregation Figure 71 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. MGS-3712/MGS-3012F User’s Guide...
Page 132 Chapter 15 Link Aggregation MGS-3712/MGS-3012F User’s Guide...
Page 133: Port Authentication
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MGS-3712/MGS-3012F User’s Guide...
Page 134: Mac Authentication
MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 73 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied MGS-3712/MGS-3012F User’s Guide...
Page 135: Port Authentication Configuration
Figure 74 Advanced Application > Port Authentication 16.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the click Port Authentication screen 802.1x to display the configuration screen as shown. Figure 75 Advanced Application > Port Authentication > 802.1x MGS-3712/MGS-3012F User’s Guide...
Page 136: Activate Mac Authentication
Cancel Click Cancel to begin configuring this screen afresh. 16.2.2 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 137: Figure 76 Advanced Application > Port Authentication > Mac Authentication
0 for the timeout value, then this entry will not be deleted from the MAC address table. Note: If the Aging Time in the Switch Setup screen is set to a lower value, then it supersedes this setting. See Section 7.5 on page Port This field displays the port number. MGS-3712/MGS-3012F User’s Guide...
Page 138 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 139: Port Security
MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. 17.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 140: Figure 77 Advanced Application > Port Security
MAC addresses aged out. MAC address aging out time can be set in the Switch Setup screen. The valid range is from “0” to “16384”. “0” means this feature is disabled. MGS-3712/MGS-3012F User’s Guide...
Page 141 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 142 Chapter 17 Port Security MGS-3712/MGS-3012F User’s Guide...
Page 143: Classifier
(or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 19 on page 149. Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 144: Figure 78 Advanced Application > Classifier
Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided. Priority Select Any to classify traffic from any priority level or select the second option and specify a priority level in the field provided. MGS-3712/MGS-3012F User’s Guide...
Page 145 Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. MGS-3712/MGS-3012F User’s Guide...
Page 146: Viewing And Editing Classifier Configuration
The following table shows some other common Ethernet types and the corresponding protocol number. Table 44 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.25 Level 3 0805 MGS-3712/MGS-3012F User’s Guide...
Page 147: Classifier Example
The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. MGS-3712/MGS-3012F User’s Guide...
Page 148: Figure 80 Classifier: Example
Chapter 18 Classifier Figure 80 Classifier: Example MGS-3712/MGS-3012F User’s Guide...
Page 149: Policy Rule
DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. MGS-3712/MGS-3012F User’s Guide...
Page 150: Configuring Policy Rules
You must first configure a classifier in the Classifier screen. Refer to Section 18.2 on page for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 81 Advanced Application > Policy Rule MGS-3712/MGS-3012F User’s Guide...
Page 151: Table 47 Advanced Application > Policy Rule
Select Set the packet’s VLAN ID to set the VLAN ID of the packet with the value you configure in the VLAN ID field. Metering Select Enable to activate bandwidth limitation on the traffic flow(s) then set the actions to be taken on out-of-profile packets. MGS-3712/MGS-3012F User’s Guide...
Page 152: Viewing And Editing Policy Configuration
19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page 147). MGS-3712/MGS-3012F User’s Guide...
Page 153: Figure 83 Policy Example
Chapter 19 Policy Rule Figure 83 Policy Example MGS-3712/MGS-3012F User’s Guide...
Page 154 Chapter 19 Policy Rule MGS-3712/MGS-3012F User’s Guide...
Page 155: Queuing Method
Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. MGS-3712/MGS-3012F User’s Guide...
Page 156: Configuring Queuing
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 157: Multicast
IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them. MGS-3712/MGS-3012F User’s Guide...
Page 158: Igmp Snooping And Vlans
Multicast Group This field displays IP multicast group addresses. 21.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 21.1 on page 157 for more information on multicasting. MGS-3712/MGS-3012F User’s Guide...
Page 159: Figure 86 Advanced Application > Multicast > Multicast Setting
IGMP filtering profiles for the ports that you want to allow to join multicast groups. Unknown Specify the action to perform when the Switch receives an unknown multicast Multicast Frame frame. Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports. MGS-3712/MGS-3012F User’s Guide...
Page 160: Igmp Snooping Vlan
Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 21.1.4 on page 158 for more information on IGMP Snooping VLAN. MGS-3712/MGS-3012F User’s Guide...
Page 161: Figure 87 Advanced Application > Multicast > Multicast Setting > Igmp Snooping Vlan
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. Clear Click this to clear the fields. MGS-3712/MGS-3012F User’s Guide...
Page 162: Igmp Filtering Profile
Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile. If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. MGS-3712/MGS-3012F User’s Guide...
Page 163: Mvr Overview
In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group. MGS-3712/MGS-3012F User’s Guide...
Page 164: Mvr Modes
VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to display the screen as shown next. You can create up to three multicast VLANs and up to 256 multicast rules on the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 165: Figure 91 Advanced Application > Multicast > Multicast Setting > Mvr
Specify the MVR mode on the Switch. Choices are Dynamic and Compatible. Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports. Port This field displays the port number on the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 166: Mvr Group Configuration
Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. MGS-3712/MGS-3012F User’s Guide...
Page 167: Mvr Configuration Example
VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic. MGS-3712/MGS-3012F User’s Guide...
Page 168: Figure 93 Mvr Configuration Example
To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 95 MVR Group Configuration Example MGS-3712/MGS-3012F User’s Guide...
Page 169: Figure 96 Mvr Group Configuration Example
Chapter 21 Multicast Figure 96 MVR Group Configuration Example MGS-3712/MGS-3012F User’s Guide...
Page 170 Chapter 21 Multicast MGS-3712/MGS-3012F User’s Guide...
Page 171: Authentication & Accounting
By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Chapter 28 on page 231). MGS-3712/MGS-3012F User’s Guide...
Page 172: Radius And Tacacs
Section 22.3 on page 180 for RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 173: Figure 99 Advanced Application > Auth And Acct > Radius Server Setup
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 174: Tacacs+ Server Setup
Use this screen to configure your TACACS+ server settings. See Section 22.1.2 on page 172 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 175: Figure 100 Advanced Application > Auth And Acct > Tacacs+ Server Setup
Enter the IP address of an external TACACS+ server in dotted decimal notation. TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. MGS-3712/MGS-3012F User’s Guide...
Page 176: Authentication And Accounting Setup
22.2.3 Authentication and Accounting Setup Use this screen to configure authentication and accounting settings on the Switch. Click on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 177: Figure 101 Advanced Application > Auth And Acct > Auth And Acct Setup
Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. MGS-3712/MGS-3012F User’s Guide...
Page 178 This field is only configurable for Commands type of event. Select the threshold command privilege level for which the Switch should send accounting information. The Switch will send accounting information when commands at the level you specify and higher are executed on the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 179: Vendor Specific Attribute
The VSAs are composed of the following: • Vendor-ID: An identification number assigned to the company by the IANA (Internet Assigned Numbers Authority). ZyXEL’s vendor ID is 890. • Vendor-Type: A vendor specified attribute, identifying the setting you want to modify.
Page 180: Supported Radius Attributes
Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified. MGS-3712/MGS-3012F User’s Guide...
Page 181: Attributes Used For Authentication
The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 22.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time MGS-3712/MGS-3012F User’s Guide...
Page 182: Table 62 Radius Attributes - Exec Events Via Console
The attributes are listed in the following table along with the time of the session they are sent: Table 64 RADIUS Attributes - Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-IP-Address NAS-Port Class Called-Station-Id Calling-Station-Id NAS-Identifier MGS-3712/MGS-3012F User’s Guide...
Page 183 Chapter 22 Authentication & Accounting Table 64 RADIUS Attributes - Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords MGS-3712/MGS-3012F User’s Guide...
Page 184 Chapter 22 Authentication & Accounting MGS-3712/MGS-3012F User’s Guide...
Page 185: Ip Source Guard
Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. MGS-3712/MGS-3012F User’s Guide...
Page 186: Figure 102 Dhcp Snooping Database File Format
Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the file, that binding and all others after it are ignored. MGS-3712/MGS-3012F User’s Guide...
Page 187: Arp Inspection Overview
• It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them. MGS-3712/MGS-3012F User’s Guide...
Page 188 ARP inspection so that the Switch has enough time to build the binding table. 2 Enable ARP inspection on each VLAN. 3 Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. MGS-3712/MGS-3012F User’s Guide...
Page 189: Ip Source Guard
VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. MGS-3712/MGS-3012F User’s Guide...
Page 190: Figure 105 Ip Source Guard Static Binding
This field displays the port number in the binding. If this field is blank, the binding applies to all ports. Delete Select this, and click Delete to remove the specified entry. Cancel Click this to clear the Delete check boxes above. MGS-3712/MGS-3012F User’s Guide...
Page 191: Dhcp Snooping
Chapter 23 IP Source Guard 23.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 106 DHCP Snooping MGS-3712/MGS-3012F User’s Guide...
Page 192: Table 67 Dhcp Snooping
This field displays the number of times the Switch read bindings from the DHCP snooping database successfully. Failed reads This field displays the number of times the Switch was unable to read bindings from the DHCP snooping database. MGS-3712/MGS-3012F User’s Guide...
Page 193 This field displays the number of bindings the Switch has ignored because the lease time had already expired. Unsupported vlans This field displays the number of bindings the Switch has ignored because the VLAN ID does not exist anymore. MGS-3712/MGS-3012F User’s Guide...
Page 194: Dhcp Snooping Configure
You can enable Option82 in the DHCP Snooping VLAN Configure screen (Section 23.5.2 on page 197) to help the DHCP servers distinguish between DHCP requests from different VLAN. Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN. MGS-3712/MGS-3012F User’s Guide...
Page 195: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. MGS-3712/MGS-3012F User’s Guide...
Page 196: Figure 108 Dhcp Snooping Port Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MGS-3712/MGS-3012F User’s Guide...
Page 197: Dhcp Snooping Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MGS-3712/MGS-3012F User’s Guide...
Page 198: Arp Inspection Status
Click this to clear the Delete check boxes above. 23.6.1 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status. MGS-3712/MGS-3012F User’s Guide...
Page 199: Arp Inspection Log Status
Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status. MGS-3712/MGS-3012F User’s Guide...
Page 200: Figure 112 Arp Inspection Log Status
Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See Section 23.7.2 on page 203. Time This field displays when the log message was generated. MGS-3712/MGS-3012F User’s Guide...
Page 201: Arp Inspection Configure
Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer. Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 23.6.2 on page 199. MGS-3712/MGS-3012F User’s Guide...
Page 202: Arp Inspection Port Configure
Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 114 ARP Inspection Port Configure MGS-3712/MGS-3012F User’s Guide...
Page 203: Arp Inspection Vlan Configure
Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN. Figure 115 ARP Inspection VLAN Configure MGS-3712/MGS-3012F User’s Guide...
Page 204: Table 76 Arp Inspection Vlan Configure
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MGS-3712/MGS-3012F User’s Guide...
Page 205: Loop Guard
• It will receive broadcast messages sent out from the switch in loop state. • It will receive its own broadcast messages that it sends out as they loop back. It will then re-broadcast those messages again. MGS-3712/MGS-3012F User’s Guide...
Page 206: Figure 117 Switch In Loop State
In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 119 Loop Guard - Network Loop MGS-3712/MGS-3012F User’s Guide...
Page 207: Loop Guard Setup
Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MGS-3712/MGS-3012F User’s Guide...
Page 208 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 209: Two Rate Three Color Marker
The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded across the DiffServ network. Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. MGS-3712/MGS-3012F User’s Guide...
Page 210: Diffserv Network Example
DiffServ compliant devices on your network can perform the following actions on the colored packets: • Red (high loss priority level) packets are dropped. • Yellow (medium loss priority level) packets are dropped if there is congestion on the network. MGS-3712/MGS-3012F User’s Guide...
Page 211: Trtcm - Color-Blind Mode
PIR and then if they don’t exceed the PIR level are they evaluated against the CIR. Figure 124 trTCM - Color-aware Mode Exceed Exceed Low Packet Red? Yellow? CIR? Loss PIR? Medium Packet High Packet High Packet Medium Packet Loss Loss Loss Loss MGS-3712/MGS-3012F User’s Guide...
Page 212: Configuring Two Rate Three Color Marker Settings
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MGS-3712/MGS-3012F User’s Guide...
Page 213 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 214 Chapter 25 Two Rate Three Color Marker MGS-3712/MGS-3012F User’s Guide...
Page 215: Ip Application
IP Application Static Route (217) DHCP (221)
Page 217: Static Route
R2 to send traffic to an SNMP trap server on network N2. Figure 126 Static Routing Overview SNMP Telnet 26.2 Configuring Static Routing Click IP Application > Static Routing in the navigation panel to display the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 218: Figure 127 Ip Application > Static Routing
This field displays the descriptive name for this route. This is for identification purposes only. Destination This field displays the IP network address of the final destination. Address Subnet Mask This field displays the subnet mask for this destination. MGS-3712/MGS-3012F User’s Guide...
Page 219 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS-3712/MGS-3012F User’s Guide...
Page 220 Chapter 26 Static Route MGS-3712/MGS-3012F User’s Guide...
Page 221: Dhcp
• VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. 27.2 DHCP Status Click IP Application > DHCP in the navigation panel. The DHCP Status screen displays. MGS-3712/MGS-3012F User’s Guide...
Page 222: Dhcp Relay
The following describes the DHCP relay information that the Switch sends to the DHCP server: Table 81 Relay Agent Information FIELD LABELS DESCRIPTION Slot ID (1 byte) This value is always 0 for stand-alone switches. Port ID (1 byte) This is the port that the DHCP client is connected to. MGS-3712/MGS-3012F User’s Guide...
Page 223: Configuring Dhcp Global Relay
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 224: Global Dhcp Relay Configuration Example
Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. MGS-3712/MGS-3012F User’s Guide...
Page 225: Figure 132 Ip Application > Dhcp > Vlan
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. Clear Click this to clear the fields above. MGS-3712/MGS-3012F User’s Guide...
Page 226: Example: Dhcp Relay For Two Vlans
192.168.1.100. Requests from the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 133 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 227: Figure 134 Dhcp Relay For Two Vlans Configuration Example
Chapter 27 DHCP Figure 134 DHCP Relay for Two VLANs Configuration Example MGS-3712/MGS-3012F User’s Guide...
Page 228 Chapter 27 DHCP MGS-3712/MGS-3012F User’s Guide...
Page 229: Management
Management Maintenance (231) Access Control (237) Diagnostic (255) Syslog (257) Cluster Management (261) MAC Table (267) ARP Table (269) Configure Clone (271)
Page 231: Maintenance
Click Click Here to go to the Restore Configuration screen. Configuration Backup Click Click Here to go to the Backup Configuration screen. Configuration Load Factory Click Click Here to reset the configuration to the factory default settings. Default MGS-3712/MGS-3012F User’s Guide...
Page 232: Load Factory Default
Alternatively, click Save on the top right-hand corner in any screen to save the configuration changes to the current configuration. Clicking the Apply or Add button does NOT save the changes permanently. All unsaved changes are erased after you reboot the Switch. MGS-3712/MGS-3012F User’s Guide...
Page 233: Reboot System
Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. After the firmware upgrade process is complete, see the System Info screen to verify your current firmware version number. MGS-3712/MGS-3012F User’s Guide...
Page 234: Restore A Configuration File
3 Choose a location to save the file on your computer from the Save in drop-down list box and type a descriptive name for it in the File name list box. Click Save to save the configuration file to your computer. MGS-3712/MGS-3012F User’s Guide...
Page 235: Ftp Command Line
Switch’s settings, they can be saved back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension.
Page 236: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MGS-3712/MGS-3012F User’s Guide...
Page 237: Access Control
Section 36.12.2 on page 286 for more information on disabling multi-login. 29.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 141 Management > Access Control MGS-3712/MGS-3012F User’s Guide...
Page 238: About Snmp
Get operation, followed by a series of GetNext operations. Allows the manager to set values for object variables within an agent. Trap Used by the agent to inform the manager of some events. MGS-3712/MGS-3012F User’s Guide...
Page 239: Snmp V3 And Security
This trap is sent when the fan speed 1.3.6.1.4.1.890.1.5.8.48.25.2.1 goes above or below the normal operating range. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25.2.1 FanSpeedEventClear MGS-3712F: This trap is sent when the fan speed 1.3.6.1.4.1.890.1.5.8.48.25.2.2 returns to the normal operating range. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25.2.2 MGS-3712/MGS-3012F User’s Guide...
Page 240 MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25.2.2 intrusionlock IntrusionLockEventOn MGS-3712F: This trap is sent when intrusion lock 1.3.6.1.4.1.890.1.5.8.48.25.2.1 occurs on a port. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25.2.1 loopguard LoopguardEventOn MGS-3712F: This trap is sent when loopguard 1.3.6.1.4.1.890.1.5.8.48.25.2.1 shuts down a port. MGS-3712: 1.3.6.1.4.1.890.1.5.8.47.25.2.1 MGS-3712/MGS-3012F User’s Guide...
Page 241: Table 89 Snmp Interfacetraps
This trap is sent when an 1.3.6.1.4.1.890.1.5.8.48.25.2.1 Ethernet interface fails to auto- negotiate with the peer Ethernet MGS-3712: interface. 1.3.6.1.4.1.890.1.5.8.47.25.2.1 AutonegotiationFailedEvent MGS-3712F: This trap is sent when an Clear 1.3.6.1.4.1.890.1.5.8.48.25.2.2 Ethernet interface auto- negotiates with the peer MGS-3712: Ethernet interface. 1.3.6.1.4.1.890.1.5.8.47.25.2.2 MGS-3712/MGS-3012F User’s Guide...
Page 242: Table 90 Aaa Traps
This trap is sent when path to target has changed from a previously determined path. traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 This trap is sent when a traceroute test is completed. MGS-3712/MGS-3012F User’s Guide...
Page 243: Configuring Snmp
This trap is sent when the variable falls below the RMON "falling" threshold. 29.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. MGS-3712/MGS-3012F User’s Guide...
Page 244: Figure 143 Management > Access Control > Snmp
Use this section to configure where to send SNMP traps from the Switch. Version Specify the version of the SNMP trap messages. Enter the IP addresses of up to four managers to send your SNMP traps to. MGS-3712/MGS-3012F User’s Guide...
Page 245: Configuring Snmp Trap Group
29.3.5 Configuring SNMP Trap Group Click Management > Access Control > SNMP > Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP traps that should be sent to each SNMP manager. MGS-3712/MGS-3012F User’s Guide...
Page 246: Setting Up Login Accounts
Up to five people (one administrator and four non-administrators) may access the Switch via web configurator at any one time. • An administrator is someone who can both view and configure Switch changes. The username for the Administrator is always admin. The default administrator password is 1234. MGS-3712/MGS-3012F User’s Guide...
Page 247: Figure 145 Management > Access Control > Logins
CLI. For more information on assigning privileges see Chapter 36 on page 277. User Name Set a user name (up to 32 ASCII characters long). Password Enter your new system password. Retype to confirm Retype your new system password for confirmation MGS-3712/MGS-3012F User’s Guide...
Page 248: Ssh Overview
Figure 146 SSH Communication Example 29.5 How SSH works The following table summarizes how a secure connection is established between two remote hosts. MGS-3712/MGS-3012F User’s Guide...
Page 249: Ssh Implementation On The Switch
22. Only one SSH connection is allowed at a time. 29.6.1 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. MGS-3712/MGS-3012F User’s Guide...
Page 250: Introduction To Https
If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https://Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access. MGS-3712/MGS-3012F User’s Guide...
Page 251: Internet Explorer Warning Messages
If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. Select Accept this certificate permanently to import the Switch’s certificate into the SSL client. Figure 150 Security Certificate 1 (Netscape) EXAMPLE EXAMPLE EXAMPLE MGS-3712/MGS-3012F User’s Guide...
Page 252: The Main Screen
You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Management > Access Control > Service Access Control to view the screen as shown. MGS-3712/MGS-3012F User’s Guide...
Page 253: Remote Management
Click Management > Access Control > Remote Management to view the screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen. MGS-3712/MGS-3012F User’s Guide...
Page 254: Figure 154 Management > Access Control > Remote Management
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 255: Diagnostic
Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test. MGS-3712/MGS-3012F User’s Guide...
Page 256 Chapter 30 Diagnostic MGS-3712/MGS-3012F User’s Guide...
Page 257: Syslog
Debug: The message is intended for debug-level purposes. 31.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. MGS-3712/MGS-3012F User’s Guide...
Page 258: Syslog Server Setup
Click Cancel to begin configuring this screen afresh. 31.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to view the screen as shown next. Use this screen to configure a list of external syslog servers. MGS-3712/MGS-3012F User’s Guide...
Page 259: Figure 157 Management > Syslog > Syslog Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 260 Chapter 31 Syslog MGS-3712/MGS-3012F User’s Guide...
Page 261: Cluster Management
Table 102 ZyXEL Clustering Management Specifications Maximum number of cluster members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches.
Page 262: Cluster Management Status
Figure 158 Clustering Application Example 32.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. A cluster can only have one manager. Figure 159 Management > Cluster Management: Status MGS-3712/MGS-3012F User’s Guide...
Page 263: Cluster Member Switch Management
Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. Figure 160 Cluster Management: Cluster Member Web Configurator Screen MGS-3712/MGS-3012F User’s Guide...
Page 264: Clustering Management Configuration
This is the cluster member switch’s configuration file name as seen in the cluster manager switch. 32.3 Clustering Management Configuration Use this screen to configure clustering management. Click Management > Cluster Management > Configuration to display the next screen. MGS-3712/MGS-3012F User’s Guide...
Page 265: Figure 162 Management > Cluster Management > Configuration
All switches must be directly connected and in the same VLAN group to belong to the same cluster. Switches that are not in the same VLAN group are not visible in the Clustering Candidates list. This field is ignored if the Clustering Manager is using Port-based VLAN. MGS-3712/MGS-3012F User’s Guide...
Page 266 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 267: Mac Table
• If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 163 MAC Table Flowchart MGS-3712/MGS-3012F User’s Guide...
Page 268: Viewing The Mac Table
This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). MGS-3712/MGS-3012F User’s Guide...
Page 269: Arp Table
ARP Table for future reference and then sends the packet to the MAC address that replied. 34.2 Viewing the ARP Table Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s). MGS-3712/MGS-3012F User’s Guide...
Page 270: Figure 165 Management > Arp Table
This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above. Type This shows whether the MAC address is dynamic (learned by the Switch) or static. MGS-3712/MGS-3012F User’s Guide...
Page 271: Configure Clone
35.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 166 Management > Configure Clone MGS-3712/MGS-3012F User’s Guide...
Page 272: Table 108 Management > Configure Clone
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS-3712/MGS-3012F User’s Guide...
Page 273: Troubleshooting & Product Specifications
Troubleshooting & Product Specifications Troubleshooting (275) Product Specifications (279)
Page 275: Troubleshooting
Section 36.1 on page 275. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power cord to the Switch. 5 If the problem continues, contact the vendor. MGS-3712/MGS-3012F User’s Guide...
Page 276: Switch Access And Login
6 If the problem continues, contact the vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HTTP. MGS-3712/MGS-3012F User’s Guide...
Page 277 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). MGS-3712/MGS-3012F User’s Guide...
Page 278 Chapter 36 Troubleshooting MGS-3712/MGS-3012F User’s Guide...
Page 279: Product Specifications
SPECIFICATION DESCRIPTION Dimensions Standard 19” rack mountable MGS-3712F: 438 mm (W) x 225 mm (D) x 45.45 mm (H) MGS-3712: 438 mm (W) x 225 mm (D) x 45.45 mm (H) Weight MGS-3712F: 3.4 Kg MGS-3712: 3.4 Kg Power Specification...
Page 280: Table 110 Firmware Specifications
Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. Broadcast Storm Control Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. MGS-3712/MGS-3012F User’s Guide...
Page 281 The Switch can generate syslog messages and send it to a syslog server. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the Switch.
Page 282: Table 111 Feature Specifications
64 Management IPs Wire speed IP forwarding Routing Static Routing protocols IP services DHCP relay; VLAN based DHCP relay DHCP Snooping Security IEEE 802.1x port-based authentication Static MAC address filtering Limiting number of dynamic addresses per port MGS-3712/MGS-3012F User’s Guide...
Page 283: Table 112 Standards Supported
IEEE 802.1Q Tagged VLAN IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation IEEE 802.3ah Ethernet OAM (Operations, Administration and Maintenance) IEEE 802.3x Flow Control MGS-3712/MGS-3012F User’s Guide...
Page 284 Chapter 37 Product Specifications Table 112 Standards Supported (continued) STANDARD DESCRIPTION Safety UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) MGS-3712/MGS-3012F User’s Guide...
Page 285: Appendices And Index
Appendices and Index Common Services (287) Legal Information (291) Customer Support (295) Index (301)
Page 287: Appendix A Common Services
7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 288 This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web. REXEC Remote Execution Daemon. RLOGIN Remote Login. MGS-3712/MGS-3012F User’s Guide...
Page 289 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. MGS-3712/MGS-3012F User’s Guide...
Page 290 Appendix A Common Services MGS-3712/MGS-3012F User’s Guide...
Page 291: Appendix B Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 292: Zyxel Limited Warranty
3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 293 Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 294 Appendix B Legal Information MGS-3712/MGS-3012F User’s Guide...
Page 295: Appendix C Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 296 • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France MGS-3712/MGS-3012F User’s Guide...
Page 297 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 298 • Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 299 • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Page 300 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 0845 122 0301 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) MGS-3712/MGS-3012F User’s Guide...
Page 301: Index
143, 145, 146 setup viewing Authentication, Authorization and Accounting, see cloning a port See port cloning cluster management authorization and switch passwords privilege levels cluster manager 261, 265 MGS-3712/MGS-3012F User’s Guide...
Page 302 DHCP relay option 82 flow control DHCP snooping back pressure configuring IEEE802.3x DHCP relay option 82 forwarding trusted ports delay untrusted ports frames DHCP snooping database tagged diagnostics untagged Ethernet port test front panel ping system log MGS-3712/MGS-3012F User’s Guide...
Page 303 135, 136, 174, 176 status reauthentication lockout IEEE 802.1x, port authentication IGMP login version password IGMP (Internet Group Management Protocol) login account IGMP filtering Administrator profile non-administrator profiles login accounts IGMP snooping configuring via web configurator MGS-3712/MGS-3012F User’s Guide...
Page 304 Telnet. See command interface. using the command interface. See command interface. man-in-the-middle attacks network applications hops network management system (NMS) MDIX (Media Dependent Interface Crossover) NTP (RFC-1305) MGMT port and SNMP supported MIBs MIB (Management Information Base) mirroring ports MGS-3712/MGS-3012F User’s Guide...
Page 305 “standby” product diagnostics related documentation mirroring remote management speed/duplex service power trusted computers voltage resetting 59, 232 power connector to factory default settings power consumption restoring configuration 59, 234 power specification MGS-3712/MGS-3012F User’s Guide...
Page 306 SSH (Secure Shell) system information SSL (Secure Socket Layer) system log standby ports system reboot static bindings static link aggregation example static MAC address static MAC forwarding 93, 97 static routes static trunking example TACACS+ 171, 172 MGS-3712/MGS-3012F User’s Guide...
Page 307 ARP inspection Weighted Round Robin Scheduling (WRR) DHCP snooping WRR (Weighted Round Robin Scheduling) user profiles ZyNOS (ZyXEL Network Operating System) Vendor Specific Attribute See VSA ventilation MGS-3712/MGS-3012F User’s Guide...
Page 308 Index MGS-3712/MGS-3012F User’s Guide...

This manual is also suitable for:

Mgs-3712f

ZyXEL Communications MGS-3712 User Manual

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 System Status and Port Statistics

Chapter 7 Basic Setting

Chapter 8 VLAN

Chapter 9 Static MAC Forward Setup

Chapter 10 Filtering

Chapter 11 Spanning Tree Protocol

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 Multicast

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for ZyXEL Communications MGS-3712

Summary of Contents for ZyXEL Communications MGS-3712