Download Print this page

ZyXEL Communications MS-7206 User Manual

Modular ethernet switch system

Hide thumbs Also See for MS-7206:

Manual (394 pages)

,

User manual (94 pages)

,

Specifications (4 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual

MS-7206

Modular Ethernet Switch System

User's Guide

Version 3.75

4/2007

Edition 1

www.zyxel.com

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the MS-7206 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications MS-7206

Page 1 MS-7206 Modular Ethernet Switch System User’s Guide Version 3.75 4/2007 Edition 1 www.zyxel.com...
Page 3: About This User's Guide
• Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead.
Page 4: Document Conventions
“MM-7201,” the “management card,” or the “product”. • The “MS-7206 system” refers to the MS-7206 chassis and all the modules that are in the MS-7206 chassis. It is also referred to as the “system” or the “switch” in this User’s Guide.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The MS-7206 icon is not an exact representation of your device. MS-7206 Computer Notebook computer Server DSLAM Firewall Telephone Switch Router MS-7206 User’s Guide...
Page 6: Safety Warnings
• Warning! To avoid risk of electric shock, remove only one card at a time and do not place fingers or objects inside the chassis. Cover empty slots with slot covers. This product is recyclable. Dispose of it properly. MS-7206 User’s Guide...
Page 7 Safety Warnings MS-7206 User’s Guide...
Page 8 Safety Warnings MS-7206 User’s Guide...
Page 9: Table Of Contents
Mirroring ..........................109 Link Aggregation ........................111 Port Authentication ........................115 Port Security ..........................119 Classifier ..........................121 Policy Rule ..........................127 Queuing Method ........................133 VLAN Stacking ......................... 137 Multicast ..........................143 IP ............................155 Static Route ..........................157 MS-7206 User’s Guide...
Page 10 User and Enable Mode Commands ..................283 Configuration Mode Commands ....................291 Interface Commands ....................... 303 Routing Domain Command Examples ..................311 IEEE 802.1Q Tagged VLAN Commands ................. 313 Multicast VLAN Registration Commands ................321 Troubleshooting ........................323 Appendices and Index ......................327 MS-7206 User’s Guide...
Page 11: Table Of Contents
2.2 Connections ......................... 39 2.2.1 MGMT Port ......................... 39 2.2.2 CONSOLE Port ......................40 2.2.3 ALARM Port ....................... 40 Chapter 3 Installing Cards ........................41 3.1 Management Cards ......................41 3.1.1 Add a Management Card (System Is Off) ..............41 MS-7206 User’s Guide...
Page 12 System Status and Port Statistics ..................59 6.1 Status ........................... 59 6.1.1 Port Status ........................60 6.1.2 Port Details ......................... 61 Chapter 7 System Info ..........................65 7.1 System Info .......................... 65 7.1.1 Hardware Monitor ....................... 67 Chapter 8 General Setup.......................... 69 MS-7206 User’s Guide...
Page 13 13.6 VLAN Status ........................86 13.6.1 VLAN Detail ......................87 13.6.2 Static VLAN ......................87 13.6.3 VLAN Port Setting ....................89 Chapter 14 Static MAC Forward Setup ..................... 91 14.1 Static MAC Forwarding ....................91 Chapter 15 Filtering............................ 93 MS-7206 User’s Guide...
Page 14 20.2.1 Link Aggregation ID ....................112 20.3 Link Aggregation Control Protocol Status ................112 20.4 Link Aggregation ......................113 Chapter 21 Port Authentication....................... 115 21.1 Port Authentication Overview ..................115 21.1.1 RADIUS ........................115 21.2 Port Authentication ......................116 21.2.1 RADIUS ........................117 21.2.2 802.1x ........................117 MS-7206 User’s Guide...
Page 15 26.4 VLAN Stacking ......................... 140 Chapter 27 Multicast ..........................143 27.1 Multicast Overview ......................143 27.1.1 IP Multicast Addresses ................... 143 27.1.2 IGMP Filtering ......................143 27.1.3 IGMP Snooping ..................... 143 27.2 Multicast Status ......................144 27.3 Multicast Setting ......................144 MS-7206 User’s Guide...
Page 16 30.4 OSPF Interface ....................... 168 30.5 OSPF Virtual-Link ......................170 Chapter 31 IGMP............................173 31.1 IGMP ..........................173 Chapter 32 DVMRP ........................... 175 32.1 DVMRP Overview ......................175 32.2 How DVMRP Works ......................175 32.2.1 DVMRP Terminology ..................... 176 MS-7206 User’s Guide...
Page 17 35.3.1 One Subnet Network Example ................193 35.3.2 Two Subnets Example ................... 195 Part VI: Manage ..................197 Chapter 36 Maintenance .......................... 199 36.1 Maintenance ........................199 36.1.1 Firmware Upgrade ....................200 36.1.2 Restore Configuration .................... 202 MS-7206 User’s Guide...
Page 18 40.1 Cluster Management Status Overview ................225 40.2 Clustering Management Status ..................226 40.2.1 Cluster Member Switch Management ..............227 40.2.2 Uploading Firmware to a Cluster Member Switch ..........227 40.3 Clustering Management Configuration ................228 Chapter 41 MAC Table..........................231 MS-7206 User’s Guide...
Page 19 46.8 Getting Help ........................247 46.8.1 List of Available Commands ................... 248 46.9 Using Command History ....................249 46.10 Saving Your Configuration ..................... 249 46.10.1 Switch Configuration File ..................250 46.10.2 Logging Out ......................250 46.11 Command Summary ...................... 250 MS-7206 User’s Guide...
Page 20 48.6 Static Route Commands ....................298 48.7 Enabling MAC Filtering ....................298 48.8 Enabling Trunking ......................299 48.9 Enabling Port Authentication ................... 300 48.9.1 RADIUS Server Settings ..................300 48.9.2 Port Authentication Settings ................... 301 Chapter 49 Interface Commands ......................303 MS-7206 User’s Guide...
Page 21 51.3.4 Modify Static VLAN ....................316 51.3.5 Delete VLAN ID ...................... 318 51.4 Enable VLAN ........................318 51.5 Disable VLAN ........................318 51.6 Show VLAN Setting ......................318 Chapter 52 Multicast VLAN Registration Commands ................321 52.1 Overview .......................... 321 MS-7206 User’s Guide...
Page 22 Part VIII: Appendices and Index ............327 Appendix A Product Specifications..................329 Appendix B IP Addresses and Subnetting ................337 Appendix C Pop-up Windows, JavaScripts and Java Permissions ........345 Appendix D Legal Information ....................351 Appendix E Customer Support..................... 355 Index............................359 MS-7206 User’s Guide...
Page 23: List Of Figures
Figure 34 Rapid Spanning Tree Protocol ....................99 Figure 35 Rapid Spanning Tree Protocol Status .................. 101 Figure 36 Multiple Rapid Spanning Tree Protocol ................102 Figure 37 Multiple Rapid Spanning Tree Protocol Status ..............104 Figure 38 Bandwidth Control ....................... 106 MS-7206 User’s Guide...
Page 24 Figure 77 How DVMRP Works ......................176 Figure 78 DVMRP ..........................176 Figure 79 DVMRP: IGMP Not Set Error ....................177 Figure 80 DVMRP: Unable to Disable IGMP Error ................177 Figure 81 DVMRP: Duplicate VID Error Message ................178 MS-7206 User’s Guide...
Page 25 Figure 119 Security Certificate 2 (Netscape) ..................215 Figure 120 Example: Lock Denoting a Secure Connection ..............216 Figure 121 Service Access Control ...................... 216 Figure 122 Remote Management ......................217 Figure 123 Diagnostic .......................... 219 Figure 124 Syslog Setup ........................222 MS-7206 User’s Guide...
Page 26 Figure 142 Internet Options ........................347 Figure 143 Pop-up Blocker Settings ..................... 347 Figure 144 Internet Options ........................348 Figure 145 Security Settings - Java Scripting ..................349 Figure 146 Security Settings - Java ...................... 349 Figure 147 Java (Sun) .......................... 350 MS-7206 User’s Guide...
Page 27: List Of Tables
Table 33 Link Aggregation ID: Peer Switch ..................112 Table 34 Link Aggregation Control Protocol Status ................112 Table 35 Link Aggregation ........................113 Table 36 Supported VSA ........................116 Table 37 Supported Tunnel Protocol Attribute ..................116 Table 38 RADIUS ..........................117 MS-7206 User’s Guide...
Page 28 Table 76 Filename Conventions ......................203 Table 77 General Commands for GUI-based FTP Clients ..............204 Table 78 SNMP Commands ........................ 208 Table 79 SNMP Traps .......................... 209 Table 80 SNMP ............................ 210 Table 81 Logins ............................211 MS-7206 User’s Guide...
Page 29 Table 119 Subnet 1 ..........................341 Table 120 Subnet 2 ..........................341 Table 121 Subnet 3 ..........................342 Table 122 Subnet 4 ..........................342 Table 123 Eight Subnets ........................342 Table 124 Class C Subnet Planning ....................342 MS-7206 User’s Guide...
Page 30 List of Tables Table 125 Class B Subnet Planning ....................343 MS-7206 User’s Guide...
Page 31: Introduction
Introduction Introducing the MM-7201 (33)
Page 33: Introducing The Mm-7201
MI-7248 interface modules. In addition, the two MM- 7201s provide switching and management redundancy. If one MM-7201 becomes unavailable, the other one takes over. The MS-7206 system is designed to be used in enterprise applications, such as the one in the following example. Figure 1 Applications: Enterprise In this example, the MS-7206 system is connected to three Gigabit Ethernet switches A, B, and C and one router D.
Page 34: Ways To Manage The Mm-7201
Chapter 1 Introducing the MM-7201 • Switch A provides access to the servers in the data center. The MS-7206 system uses link aggregation (trunking) to create a high-speed connection with switch A. • Switches B and C are connected to users in different departments via wired or wireless networks.
Page 35: Leds
Green The MM-7201 is receiving power from one of the MS- 7206 power modules. The MM-7201 is not receiving power from any of the MS-7206 power modules. Green The MM-7201 is receiving power from a Power over Ethernet (PoE) injector.
Page 36 Chapter 1 Introducing the MM-7201 MS-7206 User’s Guide...
Page 37: Hardware
Hardware Front Panel (39) Installing Cards (41)
Page 39: Front Panel
• Auto-negotiating. The port can detect and adjust to the optimum Ethernet speed and duplex mode (full duplex or half duplex) of the connected device. • Auto-crossover or auto-MDI/MDI-X. The port automatically works with a straight- through or crossover Ethernet cable. MS-7206 User’s Guide...
Page 40: Console Port
The MM-7201 signals an alarm when it detects an alarm on the ALARM input pins or in the MS-7206 system (for example, the voltage or temperature is outside the normal range). To signal an alarm, the MM-7201 opens the circuit for pins 1 and 6 (the common pin) and closes the circuit for pins 2 and 6.
Page 41: Installing Cards
7206 system keeps using this MAC address, even if the standby management card takes over, until the system starts up again. As a result, it is possible for two or more MS-7206 systems to have the same MAC address at the same time if the same management card was active when each of them last started up.
Page 42: Remove A Management Card
3.1.3 Remove a Management Card Remove the card from the MS-7206 chassis. If you remove the active management card, the standby management card takes over. 3.2 Interface Modules This section describes the steps required to add and remove interface modules.
Page 43: Figure 5 Slot Setup (Uninstall)
2 Remove the interface module from the system (if necessary). 3 Insert the interface module in slot 3, slot 4, slot 5, or slot 6. 4 Open the Slot Setup screen, and install the new type of interface module in the slot. MS-7206 User’s Guide...
Page 44: Remove An Interface Module
Chapter 3 Installing Cards Figure 6 Slot Setup (Install) 3.2.3 Remove an Interface Module Remove the interface module from the MS-7206 chassis. MS-7206 User’s Guide...
Page 45: Basic
Basic The Web Configurator (47) Initial Setup Example (55) System Status and Port Statistics (59) System Info (65) General Setup (69) Switch Setup (71) IP Setup (73) Slot Setup (77) Port Setup (79)
Page 47: The Web Configurator
2 Type “http://” and the IP address of the system (for example, the default is 192.168.0.1) in the Location or Address field. Press [ENTER]. 3 The login screen appears. The default username is admin and associated default password is 1234. MS-7206 User’s Guide...
Page 48: The Status Screen
The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 8 Web Configurator Home Screen (Status) B C D E MS-7206 User’s Guide...
Page 49: Table 3 Navigation Panel Menu Overview
Configure MAC address learning, declaration timeout values for GARP, and priority queues. You can also control whether or not the switch handles bridge control protocols, such as STP. IP Setup Configure the default gateway, DNS server, management IP address, and IP domains. MS-7206 User’s Guide...
Page 50 Use this to configure OSPF on the switch. IGMP IGMP (Internet Group Multicast Protocol) is a session-layer protocol used to establish membership in a multicast group. It is not used to carry user data. Use this to configure IGMP on the switch. MS-7206 User’s Guide...
Page 51: Change Your Password
Use this to copy attributes of one port or slot to other ports or slots. 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. MS-7206 User’s Guide...
Page 52: Saving Your Configuration
3 Filter all traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from accessing the switch. MS-7206 User’s Guide...
Page 53: Resetting The Switch
FLASH: Intel 32M ZyNOS Version: V3.75(ABX.0)b2 | 10/13/2006 Press any key to enter debug mode within 3 seconds..... Enter Debug Mode MM-7201> atlc Starting XMODEM upload (CRC mode)..CCCCCCCCCCCCCCCC Total 393216 bytes received. Erasing..............MM-7201> atgo MS-7206 User’s Guide...
Page 54: Logging Out Of The Web Configurator
Figure 11 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. MS-7206 User’s Guide...
Page 55: Initial Setup Example
Make sure your computer is in the same subnet as the MGMT port. 2 Open your web browser and enter http://192.168.0.1 (the default MGMT port IP address) in the address bar to access the web configurator. See Section 4.2 on page 47 more information. MS-7206 User’s Guide...
Page 56: Configuring Dhcp Server Settings
VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 in slot 3 as a member of VLAN 2. MS-7206 User’s Guide...
Page 57: Setting Port Vid
VLAN group that the tag defines. In the example network, configure 2 as the port VID on port 1 in slot 3 so that any untagged frames received on that port get sent to VLAN 2. MS-7206 User’s Guide...
Page 58: Enabling Rip
3 In the Version field, select RIP-1 for the RIP packet format that is universally supported. 4 Click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the MM-7201’s power is turned off. MS-7206 User’s Guide...
Page 59: System Status And Port Statistics
This field shows the total amount of time in hours, minutes and seconds the card has been up in the slot. F/W Version This field displays the version number of the card's current firmware including the date created. MS-7206 User’s Guide...
Page 60: Port Status
Select this, and click Clear Counter to reset all the port counters for this slot. Port Select this, enter a specific port number, and click Clear Counter to reset the port counters for the specified port. Clear Counter Click this to clear the port counters for the specified port(s). MS-7206 User’s Guide...
Page 61: Port Details
Port Status screen. See Section 6.1.1 on page 60. To open this screen, click Status in any web configurator screen, then click the number of the slot, and finally click the number of the port. Figure 17 Port Details MS-7206 User’s Guide...
Page 62: Table 7 Port Details
This field shows the number of pause frames received on this port. Control This field shows the number of control frames received on this port. TX Collision Single This field shows the number of times one collision occurred before a frame could be transmitted successfully on this port. MS-7206 User’s Guide...
Page 63 1024 to 1518 octets in length (this includes FCS octets but excludes framing bits). Giant This field shows the number of frames received and transmitted (including bad frames) that were 1519 or more octets in length (this includes FCS octets but excludes framing bits). MS-7206 User’s Guide...
Page 64 Chapter 6 System Status and Port Statistics MS-7206 User’s Guide...
Page 65: System Info
Use this screen to look at basic information about the MM-7201 and to monitor the system hardware, including temperature, fan speed, voltage, and power. To open this screen, click Basic Setting > System Info. Figure 18 System Info MS-7206 User’s Guide...
Page 66: Table 8 System Info
Chapter 36 on page 199. Ethernet This field displays the Ethernet MAC (Media Access Control) address of the MS-7206 Address system. The MS-7206 system copies the MAC address from the active management card when the MS-7206 system starts up. The MS-7206 system keeps using this MAC address, even if the standby management card takes over, until the system starts up again.
Page 67: Hardware Monitor
The number is the slot number in which the card is located. The power supply for each voltage has a sensor that is capable of detecting and reporting if the voltage falls out of the tolerance range. Current This is the current voltage reading. MS-7206 User’s Guide...
Page 68 This field displays the percentage tolerance of the voltage with which the card still works. Status This field displays the status of each sensor. Normal: The voltage is within allowable range. Error: The voltage is outside the allowable range at one or more sensors. MS-7206 User’s Guide...
Page 69: General Setup
Enter the geographic location of your switch. You can use up to 32 printable English keyboard characters; spaces are allowed. Contact Person's Enter the name of the person in charge of this switch. You can use up to 32 Name printable English keyboard characters; spaces are allowed. MS-7206 User’s Guide...
Page 70 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 71: Switch Setup
Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out (and must be relearned). MS-7206 User’s Guide...
Page 72 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 73: Ip Setup
IP address in the same subnet. 10.2 IP Setup Use this screen to configure the default gateway, DNS server, management IP address, and IP domains. To open this screen, click Basic Setting > IP Setup. MS-7206 User’s Guide...
Page 74: Figure 22 Ip Setup
Select In-Band to have the switch send the packets to all ports except the management port (labelled MGMT) to which connected device(s) do not receive these packets. Management Use these fields to set the settings for the out-of-band management port. IP Address MS-7206 User’s Guide...
Page 75 This field displays the VLAN identification number of the IP domain on the switch. Delete Click Delete to remove the selected entry from the summary table. Note: Deleting all IP subnets locks you out from the switch. Cancel Click Cancel to clear the Delete check boxes. MS-7206 User’s Guide...
Page 76 Chapter 10 IP Setup MS-7206 User’s Guide...
Page 77: Slot Setup
Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. MS-7206 User’s Guide...
Page 78 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 79: Port Setup
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this check box to enable a port. The factory default for all ports is enabled. A port must be enabled for data transmission to occur. MS-7206 User’s Guide...
Page 80 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 81: Advanced
Advanced VLAN (83) Static MAC Forward Setup (91) Filtering (93) Spanning Tree Protocol (95) Bandwidth Control (105) Broadcast Storm Control (107) Mirroring (109) Link Aggregation (111) Port Authentication (115) Port Security (119) Classifier (121) Policy Rule (127) Queuing Method (133) VLAN Stacking (137) Multicast (143)
Page 83: Vlan
TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag Control Information, starts after the source address field of the Ethernet frame). MS-7206 User’s Guide...
Page 84: Forwarding Tagged And Untagged Frames
13.3.2 GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLANs groups beyond the local switch. MS-7206 User’s Guide...
Page 85: Port Vlan Trunking
VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s). Figure 25 Port VLAN Trunking MS-7206 User’s Guide...
Page 86: Static Vlan
Static: The VLAN was added as a permanent entry. Other: The VLAN was added another way, such as Multicast VLAN Registration (MVR). Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. MS-7206 User’s Guide...
Page 87: Vlan Detail
Use this screen to look at and configure 802.1Q VLAN parameters for the switch. See Section 13.2 on page 83 for background information about VLAN. To open this screen, click Advanced Application > VLAN > Static VLAN. MS-7206 User’s Guide...
Page 88: Figure 28 Static Vlan
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MS-7206 User’s Guide...
Page 89: Vlan Port Setting
Use this screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 13.2 on page 83 for background information about VLAN. To open this screen, click Advanced Application > VLAN > VLAN Port Setting. Figure 29 VLAN Port Setting MS-7206 User’s Guide...
Page 90: Table 19 Vlan Port Setting
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 91: Static Mac Forward Setup
Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule. MS-7206 User’s Guide...
Page 92 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MS-7206 User’s Guide...
Page 93: Filtering
Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The switch can still receive frames originating from the MAC address. Select Discard source and Discard destination to block traffic to/from the MAC address specified in the MAC field. MS-7206 User’s Guide...
Page 94 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MS-7206 User’s Guide...
Page 95: Spanning Tree Protocol
Both RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. In this user’s guide, “STP” refers to both STP and RSTP. 16.1.1 STP Terminology The root bridge is the base of the spanning tree. MS-7206 User’s Guide...
Page 96: How Stp Works
BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. MS-7206 User’s Guide...
Page 97: Stp Port States
16.1.4 Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 98: Spanning Tree Protocol
16.3 Rapid Spanning Tree Protocol Use this screen to configure RSTP on the switch. See Section 16.1 on page 95 for background information about RSTP. To open this screen, click Advanced Application > Spanning Tree Protocol > RSTP. MS-7206 User’s Guide...
Page 99: Figure 34 Rapid Spanning Tree Protocol
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds. MS-7206 User’s Guide...
Page 100: Rapid Spanning Tree Protocol Status
Use this screen to look at the status of RSTP on the switch. See Section 16.1 on page 95 background information about RSTP. To open this screen, click Advanced Application > Spanning Tree Protocol. This screen is only available after you activate RSTP on the switch. MS-7206 User’s Guide...
Page 101: Multiple Rapid Spanning Tree Protocol
16.5 Multiple Rapid Spanning Tree Protocol Use this screen to configure MRSTP on the switch. See Section 16.1 on page 95 background information about MRSTP. To open this screen, click Advanced Application > Spanning Tree Protocol > MRSTP. MS-7206 User’s Guide...
Page 102: Figure 36 Multiple Rapid Spanning Tree Protocol
(provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the switch ports attached to the network. The allowed range is 6 to 40 seconds. MS-7206 User’s Guide...
Page 103: Multiple Rapid Spanning Tree Protocol Status
Use this screen to look at the status of MRSTP on the switch. See Section 16.1 on page 95 background information about MRSTP. To open this screen, click Advanced Application > Spanning Tree Protocol. This screen is only available after you activate MRSTP on the switch. MS-7206 User’s Guide...
Page 104: Figure 37 Multiple Rapid Spanning Tree Protocol Status
Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MS-7206 User’s Guide...
Page 105: Bandwidth Control
Use this screen to specify the guaranteed bandwidth and maximum bandwidth for incoming (ingress) traffic on a port and to specify the maximum bandwidth for outgoing (egress) traffic on a port. To open this screen, click Advanced Application > Bandwidth Control. MS-7206 User’s Guide...
Page 106: Figure 38 Bandwidth Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 107: Broadcast Storm Control
Enable this feature to reduce broadcast, multicast and/or DLF packets in your network. You can specify limits for each packet type on each port. To open this screen, click Advanced Application > Broadcast Storm Control. Figure 39 Broadcast Storm Control MS-7206 User’s Guide...
Page 108: Table 30 Broadcast Storm Control
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 109: Mirroring
Select the slot, and enter the port number of the monitor port. Select None if this port is not yet configured. Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. MS-7206 User’s Guide...
Page 110 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 111: Link Aggregation
• All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. MS-7206 User’s Guide...
Page 112: Link Aggregation Id
These are the ports that are currently transmitting data as one logical link in this trunk Ports group. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MS-7206 User’s Guide...
Page 113: Link Aggregation
LACP “server”. The LACP “server” controls the operation of LACP setup. Enter a number to set the priority of an active port using Link Aggregate Control Protocol (LACP). The smaller the number, the higher the priority level. MS-7206 User’s Guide...
Page 114 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 115: Port Authentication
At the time of writing, only Windows XP of the Microsoft operating systems supports it. See the Microsoft web site for information on other Windows operating system support. For other operating systems, see its documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MS-7206 User’s Guide...
Page 116: Port Authentication
Note: You must also create a VLAN with the specified VID on the switch. 21.2 Port Authentication Follow these steps to enable port authentication. 1 Activate IEEE 802.1x security on the switch and the port(s). 2 Configure the RADIUS server settings. MS-7206 User’s Guide...
Page 117: Radius
Cancel Click Cancel to reset the fields. 21.2.2 802.1x Use this screen to configure IEEE 802.1x security on the switch and on the ports. To open this screen, click Advanced Application > Port Authentication > 802.1x. MS-7206 User’s Guide...
Page 118: Figure 46 802.1X
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 119: Port Security
The following table describes the labels in this screen. Table 40 Port Security LABEL DESCRIPTION Active Select this option to enable port security on the switch. Slot Select the slot at whose settings you want to look. MS-7206 User’s Guide...
Page 120 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 121: Classifier
(“policies”) for traffic that matches the rules. See Chapter 24 on page 127 more information about policies. To open this screen, click Advanced Application > Classifier. When two rules conflict with each other, a higher layer rule has priority over lower layer rule. MS-7206 User’s Guide...
Page 122: Figure 48 Classifier
A value of 802.3 indicates that the packets are formatted according to the IEEE 802.3 standards. A value of Ethernet II indicates that the packets are formatted according to RFC 894, Ethernet II encapsulation. Layer 2 Specify the fields below to configure a layer 2 classifier. MS-7206 User’s Guide...
Page 123 The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. MS-7206 User’s Guide...
Page 124: Classifier Example
Table 43 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 23.3 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2 in slot 3. MS-7206 User’s Guide...
Page 125: Figure 49 Example: Configuring A Classifier
The resulting entry in the summary table is shown below. Figure 50 Example: Looking at the Classifier in the Summary Table After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. MS-7206 User’s Guide...
Page 126 Chapter 23 Classifier MS-7206 User’s Guide...
Page 127: Policy Rule
DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. MS-7206 User’s Guide...
Page 128: Configuring Policy Rules
You must first configure a classifier in the Classifier screen. See Chapter 23 on page 121 for more information about classifiers. Use this screen to configure policy rules for classified traffic. To open this screen, click Advanced Applications > Policy Rule. MS-7206 User’s Guide...
Page 129: Figure 51 Policy
Chapter 24 Policy Rule Figure 51 Policy The following table describes the labels in this screen. Table 44 Policy LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. MS-7206 User’s Guide...
Page 130 Select Set the packet’s VLAN ID to set the VLAN ID of the packet with the value you configure in the VLAN ID field. Metering Select Enable to activate bandwidth limitation on the traffic flow(s) then set the actions to be taken on out-of-profile packets. MS-7206 User’s Guide...
Page 131: Policy Example
24.3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (created in Section 23.3 on page 124). MS-7206 User’s Guide...
Page 132: Figure 52 Example: Policy
Chapter 24 Policy Rule Figure 52 Example: Policy The resulting entry in the summary table is shown below. Figure 53 Example: Looking at the Classifier in the Summary Table MS-7206 User’s Guide...
Page 133: Queuing Method
Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. MS-7206 User’s Guide...
Page 134: Weighted Fair Queuing
For example, using the default setting, Q0 on Port 1 gets a guaranteed bandwidth of: 25.2 Queuing Method Use this screen to configure queuing methods to handle network congestion. To open this screen, click Advanced Application > Queuing Method. Figure 54 Queuing Method MS-7206 User’s Guide...
Page 135: Table 45 Queuing Method
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MS-7206 User’s Guide...
Page 136 Chapter 25 Queuing Method MS-7206 User’s Guide...
Page 137: Vlan Stacking
VLANs within its network by adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. MS-7206 User’s Guide...
Page 138: Vlan Stacking Port Roles
All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by SP VID). Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. MS-7206 User’s Guide...
Page 139: Vlan Tag Format
FCS IEEE 802.1Q Etype customer tagged frame DA SA SPTPID Priority VID TPID Priority Len/ Data FCS Double-tagged Etype frame Table 48 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/ Length and type of Ethernet frame Etype MS-7206 User’s Guide...
Page 140: Vlan Stacking
This allows a service provider to provide different service, based on specific VLANs, for many different customers and to distinguish between multiple customers’ VLANs, even if they have the same VLAN ID, within its network. To open this screen, click Advanced Applications > VLAN Stacking. Figure 56 VLAN Stacking MS-7206 User’s Guide...
Page 141: Table 49 Vlan Stacking
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MS-7206 User’s Guide...
Page 142 Chapter 26 VLAN Stacking MS-7206 User’s Guide...
Page 143: Multicast
IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the switch to learn multicast groups without you having to manually configure them. MS-7206 User’s Guide...
Page 144: Multicast Status
Use this screen to configure multicast settings for the switch or for the ports. See Section 27.1 on page 143 for more information on multicasting. To open this screen, click Advanced Application > Multicast > Multicast Setting. MS-7206 User’s Guide...
Page 145: Figure 58 Multicast Setting
Select Active to enable IGMP filtering to control which IGMP groups a subscriber on a port can join. Unknown Specify the action to perform when the switch receives an unknown multicast Multicast Frame frame. Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports. MS-7206 User’s Guide...
Page 146 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 147: Igmp Filtering Profile
Click Clear to clear the fields to the factory defaults. Profile Name This field displays the descriptive name of the profile. Start Address This field displays the start of the multicast address range. End Address This field displays the end of the multicast address range. MS-7206 User’s Guide...
Page 148: Mvr Overview
In dynamic mode, the switch sends IGMP leave and join reports to the other multicast devices (such as multicast routers or servers) in the multicast VLAN. This allows the multicast devices to update the multicast forwarding table to forward or not forward multicast traffic to the receiver ports. MS-7206 User’s Guide...
Page 149: How Mvr Works
VLAN in this screen. To open this screen, click Advanced Application > Multicast > Multicast Setting > MVR. You must enable IGMP snooping to use MVR. However, MVR only responds to IGMP messages from multicast groups that are configured under MVR. MS-7206 User’s Guide...
Page 150: Figure 62 Mvr
Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN. Select Compatible to set the switch not to send IGMP reports. Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. MS-7206 User’s Guide...
Page 151: Group Configuration
MVR. To open this screen, click Advanced Application > Multicast > Multicast Setting > MVR > Group Configuration. A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. MS-7206 User’s Guide...
Page 152: Mvr Configuration Example
VLAN 1. In addition, port 7 (also in slot 3) belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic. MS-7206 User’s Guide...
Page 153: Figure 64 Mvr Configuration Example
To set the switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. MS-7206 User’s Guide...
Page 154: Figure 66 Mvr Group Configuration Example
Chapter 27 Multicast Figure 66 MVR Group Configuration Example Figure 67 MVR Group Configuration Example MS-7206 User’s Guide...
Page 155: Part V: Ip
Static Route (157) RIP (159) OSPF (161) IGMP (173) DVMRP (175) Differentiated Services (179) DHCP (183) VRRP (189)
Page 157: Static Route
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Address switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch. MS-7206 User’s Guide...
Page 158 Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MS-7206 User’s Guide...
Page 159: Rip
Incoming: The switch will not send any RIP packets but will accept all RIP packets received. Outgoing: the switch will send out RIP packets but will not accept any RIP packets received. None: The switch will not send any RIP packets and will ignore any RIP packets received. MS-7206 User’s Guide...
Page 160 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring the fields again. MS-7206 User’s Guide...
Page 161: Ospf
An Area Border Router connects two or more areas. (ABR) Backbone Router (BR) A backbone router has an interface to the backbone. AS Boundary Router An AS boundary router exchanges routing information with routers in other ASes. MS-7206 User’s Guide...
Page 162: How Ospf Works
In the following figure only router A has direct connectivity with all the other routers on the network segment. Routers B and C do not have a direct connection with each other. Therefore they should not be allowed to become DR or BDR. Only router A should become the DR. MS-7206 User’s Guide...
Page 163: Configuring Ospf
4 Create virtual links to maintain backbone connectivity. 30.2 OSPF Status Use this screen to look at the current status of OSPF on the switch. See Section 30.1 on page for more information on OSPF. To open this screen, click IP Application >OSPF. MS-7206 User’s Guide...
Page 164: Figure 72 Ospf Status
This field displays the state of the switch (backup or DR (designated router)). Priority This field displays the priority of the switch. This number is used in the designated router election. Designated This field displays the router ID of the designated router. Router MS-7206 User’s Guide...
Page 165: Ospf Configuration
30.3 OSPF Configuration Use this screen to activate OSPF, set general settings, and configure areas. See Section 30.1 on page 161 for more information on OSPF. To open this screen, click IP Application > OSPF > Configuration. MS-7206 User’s Guide...
Page 166: Figure 73 Ospf Configuration
AB boundary router to the external metrics. Select 2 for routing protocols whose external metrics are not comparable to the OSPF cost. In this case, the external cost of the AB boundary router is used in path decision to a destination. MS-7206 User’s Guide...
Page 167 An area ID of 0.0.0.0 indicates the backbone. Authenticati This field displays the authentication method used (None, Simple or MD5). Stub This field displays whether an area is a stub network (Yes) or not (No). Network MS-7206 User’s Guide...
Page 168: Ospf Interface
Table 62 OSPF Interface LABEL DESCRIPTION Network Select an IP interface. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area. MS-7206 User’s Guide...
Page 169 This field displays the interface cost used for calculating the routing table. Priority This field displays the priority for this OSPF interface. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to start configuring the above fields again. MS-7206 User’s Guide...
Page 170: Ospf Virtual-Link
Select MD5 to authenticate OSPF packets transmitted through this interface using MD5 authentication. Key ID When you select MD5 in the Authentication field, specify the identification number of the authentication you want to use. MS-7206 User’s Guide...
Page 171 When the Authentication field displays MD5, this field displays the identification number of the key used. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MS-7206 User’s Guide...
Page 172 Chapter 30 OSPF MS-7206 User’s Guide...
Page 173: Igmp
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring the fields again. MS-7206 User’s Guide...
Page 174 Chapter 31 IGMP MS-7206 User’s Guide...
Page 175: Dvmrp
(“P”). 3 If hosts later join the multicast group, a graft message (“G”) to undo the prune is sent to the parent. 4 The final multicast (“M”) after pruning and grafting is shown in the next figure. MS-7206 User’s Guide...
Page 176: Dvmrp Terminology
32.3 DVMRP Use this screen to configure DVMRP on the switch when you wish it to act as a multicast router (“mrouter”). To open this screen, click IP Application > DVMRP. Figure 78 DVMRP MS-7206 User’s Guide...
Page 177: Dvmrp Configuration Error Messages
When you disable IGMP, but DVMRP is still active you also see another warning screen. Figure 80 DVMRP: Unable to Disable IGMP Error Each IP routing domain DVMRP configuration must be in a different VLAN group; otherwise you see the following screen. MS-7206 User’s Guide...
Page 178: Default Dvmrp Timer Values
Figure 81 DVMRP: Duplicate VID Error Message 32.4 Default DVMRP Timer Values Appendix A on page 329 for default DVMRP timer values. These may be changed using line commands. Please see the commands chapter later in this User's Guide for more information. MS-7206 User’s Guide...
Page 179: Differentiated Services
Resources can then be allocated according to the DSCP values and the configured policies. 33.1.2 DiffServ Network Example The following figure depicts a simple DiffServ network consisting of a group of contiguous DiffServ-compliant network devices. MS-7206 User’s Guide...
Page 180: Diffserv
The following table describes the labels in this screen. Table 66 Diffserv LABEL DESCRIPTION Active Select this option to enable DiffServ on the switch. Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. MS-7206 User’s Guide...
Page 181: Dscp Setting
8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE802.1p To open this screen, IP Application > DiffServ > DSCP Setting. Figure 85 DSCP Setting MS-7206 User’s Guide...
Page 182: Table 68 Dscp Setting
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to discard all changes and start configuring the screen again. MS-7206 User’s Guide...
Page 183: Dhcp
IP information, and then relays the assigned information back to the computer. 34.2 DHCP Server Status Use this screen to look at the status of DHCP servers on the switch. To open this screen, click IP Application > DHCP. Figure 86 DHCP Server Status MS-7206 User’s Guide...
Page 184: Dhcp Server
Specify the first of the contiguous addresses in the IP address pool. Starting Address Size of Client Specify the size, or count of the IP address pool. IP Pool IP Subnet Enter the subnet mask for the client IP pool. Mask MS-7206 User’s Guide...
Page 185: Dhcp Server Configuration Example
DHCP clients in the RD (VLAN 1) and Sales (VLAN 2) network. Figure 88 DHCP Server Network Example In the DHCP Server screen, configure two DHCP client IP address pools for the two networks. The following shows an example. MS-7206 User’s Guide...
Page 186: Dhcp Relay Overview
The following lists the DHCP relay agent option 82 information that the switch sends to the DHCP server: • Slot ID (1 byte) • Port ID (1 byte) • VLAN ID (2 bytes) • System name (up to 32 bytes, this is optional) MS-7206 User’s Guide...
Page 187: Dhcp Relay
The follow figure shows a network example where the switch is used to relay DHCP requests for the RD (VLAN 1) and Sales (VLAN 2) network. There is only one DHCP server that services the DHCP clients in both networks. MS-7206 User’s Guide...
Page 188: Figure 91 Dhcp Relay Network Example
(such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. Figure 92 DHCP Relay Configuration Example MS-7206 User’s Guide...
Page 189: Vrrp
G. Host X is configured to use VR1 (192.168.1.20) as the default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router. Figure 93 VRRP: Example 1 MS-7206 User’s Guide...
Page 190: Vrrp Parameters
35.2 VRRP Status Use this screen to look at the virtual routers in which the switch is participating. To open this screen, click IP Application > VRRP. Figure 94 VRRP Status MS-7206 User’s Guide...
Page 191: Vrrp Configuration
You can only configure VRRP on interfaces with unique VLAN IDs. Routing domains with the same VLAN ID are not displayed in the table indicated. To open this screen, click IP Application > VRRP > Configuration. MS-7206 User’s Guide...
Page 192: Figure 95 Vrrp Configuration
Select an IP domain to which this VRRP entry applies. Virtual Router Select a virtual router number (1 to 7) for which this VRRP entry is created. You can configure up to seven virtual routers for one network. MS-7206 User’s Guide...
Page 193: Vrrp Configuration Examples
The figure below shows a simple VRRP network with only one virtual router VR1 (VRID =1) and two switches. The network is connected to the WAN via an uplink gateway G (172.21.1.100). The host computer X is set to use VR1 as the default gateway. MS-7206 User’s Guide...
Page 194: Figure 96 Vrrp Configuration Example: One Virtual Router Network
You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 97 VRRP Example 1: VRRP Parameter Settings on Switch A Figure 98 VRRP Example 1: VRRP Parameter Settings on Switch B MS-7206 User’s Guide...
Page 195: Two Subnets Example
Keeping the VRRP configuration in example 1 for virtual router VR1 (refer to Section 35.3.2 on page 195), you need to configure the VRRP Configuration screen for virtual router VR2 on each switch. Configure the VRRP parameters on the switches as shown in the figures below. MS-7206 User’s Guide...
Page 196: Figure 102 Vrrp Example 2: Vrrp Parameter Settings For Vr2 On Switch A
After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 104 VRRP Example 2: VRRP Status on Switch A Figure 105 VRRP Example 2: VRRP Status on Switch B MS-7206 User’s Guide...
Page 197: Manage
Manage Maintenance (199) Access Control (207) Diagnostic (219) Syslog (221) Cluster Management (225) MAC Table (231) IP Table (233) ARP Table (235) Routing Table (237) Configure Clone (239)
Page 199: Maintenance
3. In the main screen, click Save to make the changes take effect. If you want to access the switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default IP address (192.168.0.1). MS-7206 User’s Guide...
Page 200: Firmware Upgrade
Use this screen to upload new firmware to the switch. You have to restart the switch (or slot for interface modules) before the new firmware starts running. To open this screen, click Management > Maintenance > Firmware Upgrade. MS-7206 User’s Guide...
Page 201: Figure 107 Firmware Upgrade
You can restart the card in the Maintenance screen. See Section 36.1 on page 199. After the card has restarted, see the System Info screen to verify your current firmware version number. See Section 7.1 on page MS-7206 User’s Guide...
Page 202: Restore Configuration
File name list box. Click Save to save the configuration file to your computer. 36.2 FTP Command Line This section explains the filename conventions and then shows some examples of uploading files to or downloading files from the system using FTP commands. MS-7206 User’s Guide...
Page 203: Filename Conventions
MM-7201’s settings, they can be saved back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension.
Page 204: Ftp Command Line Procedure
This is when a user name and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option. Normal. The server requires a unique User ID and Password to login. MS-7206 User’s Guide...
Page 205: Ftp Restrictions
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the switch will disconnect the Telnet session immediately. MS-7206 User’s Guide...
Page 206 Chapter 36 Maintenance MS-7206 User’s Guide...
Page 207: Access Control
(NMS) and a network element (NE). A manager station can manage and monitor the switch through the network via SNMP version one (SNMPv1) and/or SNMP version 2c. The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. MS-7206 User’s Guide...
Page 208: Supported Mibs
MIBs let administrators collect statistics and monitor status and performance. The switch supports the following MIBs: • SNMP MIB II (RFC 1213) • RFC 1157 SNMP v1 • RFC 1493 Bridge MIBs • RFC 1643 Ethernet MIBs • RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c MS-7206 User’s Guide...
Page 209: Snmp Traps
1.3.6.1.2.1.17.0.2 This trap is sent when the STP topology changes. 37.2.3 SNMP Use this screen to configure SNMP on the switch. To open this screen, click Management > Access Control > SNMP. Figure 112 SNMP MS-7206 User’s Guide...
Page 210: Logins
• A non-administrator (username is something other than admin) is someone who can view but not configure switch settings. Use this screen to change the administrator password and to manage non-administrator accounts. To open this screen, click Management > Access Control > Logins. MS-7206 User’s Guide...
Page 211: Figure 113 Logins
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 212: Ssh Overview
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. 2 Encryption Method MS-7206 User’s Guide...
Page 213: Ssh Implementation On The Switch
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the switch’s WS (web server). 2 HTTP connection requests from a web browser go to port 80 (by default) on the switch’s WS (web server). MS-7206 User’s Guide...
Page 214: Https Example
You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked. Figure 117 Security Alert Dialog Box (Internet Explorer) MS-7206 User’s Guide...
Page 215: Figure 118 Security Certificate 1 (Netscape)
37.5.1.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection. MS-7206 User’s Guide...
Page 216: Service Access Control
Use this screen to decide what services can be used to access the switch. You may also change the default service port. To open this screen, click Management > Access Control > Service Access Control. Figure 121 Service Access Control MS-7206 User’s Guide...
Page 217: Remote Management
Configure the IP address range of trusted computers from which you can manage this switch. End Address The switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The switch immediately disconnects the session if it does not match. MS-7206 User’s Guide...
Page 218 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 219: Diagnostic
Click Ping to have the switch ping the IP address (in the field to the left). Ethernet Port Test Select a slot number, enter a port number, and click Port Test to perform an internal loopback test. MS-7206 User’s Guide...
Page 220 Chapter 38 Diagnostic MS-7206 User’s Guide...
Page 221: Syslog
Debug: The message is intended for debug-level purposes. 39.2 Syslog Setup Use this screen to configure the system logging settings. The syslog feature sends logs to an external syslog server. To open this screen, click Management > Syslog. MS-7206 User’s Guide...
Page 222: Syslog Server Setup
Cancel Click Cancel to reset the fields. 39.2.1 Syslog Server Setup Use this screen to configure a list of external syslog servers. To open this screen, click Management > Syslog > Syslog Server Setup. MS-7206 User’s Guide...
Page 223: Figure 125 Syslog Server Setup
This field displays the severity level of the logs that the system is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 224 Chapter 39 Syslog MS-7206 User’s Guide...
Page 225: Cluster Management
The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another. Table 88 Cluster Management Specifications Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches.
Page 226: Clustering Management Status
Error (for example the cluster member switch password was changed or the switch was set as the manager and so left the member list, etc.) Offline (the switch is disconnected - Offline shows approximately 1.5 minutes after the link between cluster member and manager goes down) MS-7206 User’s Guide...
Page 227: Cluster Member Switch Management
Figure 128 Cluster Management: Cluster Member Web Configurator Screen 40.2.2 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example. MS-7206 User’s Guide...
Page 228: Clustering Management Configuration
This is the cluster member switch’s configuration file name as seen in the cluster manager switch. 40.3 Clustering Management Configuration Use this screen to configure cluster management. To open this screen, click Management > Cluster Management > Configuration. MS-7206 User’s Guide...
Page 229: Figure 130 Clustering Management Configuration
All switches must be directly connected and in the same VLAN group to belong to the same cluster. Switches that are not in the same VLAN group are not visible in the Clustering Candidates list. This field is ignored if the Clustering Manager is using Port-based VLAN. MS-7206 User’s Guide...
Page 230 This is the cluster member switch’s system name. Model This is the cluster member switch’s model name. Remove Select this check box and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 231: Mac Table
• If the switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 131 MAC Table Flowchart MS-7206 User’s Guide...
Page 232: Mac Table
This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen, Chapter 14 on page 91). MS-7206 User’s Guide...
Page 233: Ip Table
• If the switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it filters the packet. Figure 133 IP Table Flowchart MS-7206 User’s Guide...
Page 234: Ip Table
This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the switch. Type This shows whether the IP address is dynamic (learned by the switch) or static (belonging to the switch). MS-7206 User’s Guide...
Page 235: Arp Table
ARP Table for future reference and then sends the packet to the MAC address that replied. 43.2 ARP Table Use this screen to view IP-to-MAC address mapping(s). To open this screen, click Management > ARP Table. MS-7206 User’s Guide...
Page 236: Figure 135 Arp Table
MAC Address This is the MAC address of the device with corresponding IP address above. Type This shows whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen). MS-7206 User’s Guide...
Page 237: Routing Table
This field displays the IP address of the gateway device. Interface This field displays the IP address of the Interface. Metric This field displays the cost of the route. Type This field displays the method used to learn the route. MS-7206 User’s Guide...
Page 238 Chapter 44 Routing Table MS-7206 User’s Guide...
Page 239: Configure Clone
Use this screen to copy basic or advanced settings from a source port or source card to one or more destination ports or cards. To open this screen, click Management > Configure Clone. Figure 137 Configure Clone MS-7206 User’s Guide...
Page 240: Table 96 Configure Clone
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MS-7206 User’s Guide...
Page 241: Commands And Troubleshooting
Commands and Troubleshooting Introducing Commands (243) User and Enable Mode Commands (283) Configuration Mode Commands (291) Interface Commands (303) Routing Domain Command Examples (311) IEEE 802.1Q Tagged VLAN Commands (313) Multicast VLAN Registration Commands (321) Troubleshooting (323)
Page 243: Introducing Commands
Console port access has higher priority. 46.2.1 The Console Port Connect to the switch’s console port using a terminal emulation software configured to the following settings: MS-7206 User’s Guide...
Page 244: The Login Screen
You can view the initialization information using the console port. After the initialization, the login screen displays (refer to Section 46.3 on page 244). Copyright (c) 1994 - 2006 ZyXEL Communications Corp. initialize mgmt, ethernet address: 00:13:49:00:00:01 initialize switch, ethernet address: 00:13:49:00:00:02 Initializing switch unit 0...
Page 245: Changing The Password
If you use an external RADIUS server to authenticate users, you can use a VSA (Vendor Specific Attribute) to configure a privilege level for an account on the RADIUS server. See Section 21.1.1.1 on page 115 for more information. MS-7206 User’s Guide...
Page 246: Command Modes
12) need to type the takes you to config mode. enable command and enter enable mode password. Config Commands available in this mode Type config sysname(config)# allow you to configure settings that enable mode. affect the switch globally. MS-7206 User’s Guide...
Page 247: Getting Help
46.8 Getting Help The system includes a help facility to provide you with the following information about the commands: • List of available commands under a command group. • Detailed descriptions of the commands. MS-7206 User’s Guide...
Page 248: List Of Available Commands
Exit from the EXEC help Description of the interactive help system history Show a list of previously run commands logout Exit from the EXEC ping Exec ping show Show system information SSH client traceroute Exec traceroute sysname> MS-7206 User’s Guide...
Page 249: Using Command History
46.10 Saving Your Configuration After you set the switch settings with the configuration commands, use the write memory command to save the changes permanently. command is not available in User mode. write memory MS-7206 User’s Guide...
Page 250: Switch Configuration File
The following table describes the commands available for User mode. These commands are also available in Enable mode. Table 98 Command Summary: User Mode PRIVILEG COMMAND DESCRIPTION Accesses Enable (or privileged) mode. See enable Section 46.11.2 on page 252. Logs out from the CLI. exit MS-7206 User’s Guide...
Page 251 Determines the path a packet takes to a device. traceroute <ip|host-name> Determines the path a packet takes to a device in a <ip|host-name> VLAN. [vlan <vlan-id>] [ttl <1-255>] [wait <1-60>] [queries <1-10>] Displays command help information. help MS-7206 User’s Guide...
Page 252: Enable Mode
TFTP server to the file> specified configuration file on the router. Restores firmware via TFTP. flash <ip> <remote-file> [<local-file>] Exits Enable (or privileged) mode. disable Accesses Enable (or privileged) enable mode. Resets to the factory default erase running-config settings. MS-7206 User’s Guide...
Page 253 Displays the specified classifier [name] related information. Displays cluster management cluster status. Displays cluster candidate candidates information. Displays the MAC address of the member cluster member(s). Displays the configuration of the member config cluster member(s). MS-7206 User’s Guide...
Page 254 Displays the IGMP group limit. igmp-group- limited Displays the IGMP Immediate igmp-immediate- Leave setting. leave Displays IGMP query mode for the igmp-query-mode specified port. Displays IP related information. Displays the ARP table. Displays DVMRP group dvmrp group information. MS-7206 User’s Guide...
Page 255 Displays static MAC address address-table table. static Displays the number of entries in address-table the MAC address table. count Displays MAC learning aging mac-aging-time time. Displays multiple rapid spanning mrstp <tree- tree configuration for the specified index> tree. MS-7206 User’s Guide...
Page 256 Displays OSPF area settings. ospf area Displays OSPF network (or ospf network interface) settings. Displays OSPF redistribution ospf redistribute settings. Displays OSPF virtual link ospf virtual-link settings. Displays global RIP settings. Displays VRRP settings. vrrp Displays current operating running-config configuration. MS-7206 User’s Guide...
Page 257 Displays port isolation settings. port-isolation Connects to an SSH server with <1|2> the specified SSH version. <[user@]dest-ip> Connects to an SSH server with [command </>] the specified SSH version and addition commands to be executed on the server. MS-7206 User’s Guide...
Page 258: General Configuration Mode
The following table lists the commands in Configuration (or Config) mode. Table 100 Command Summary: Configuration Mode PRIVILEG COMMAND DESCRIPTION Changes the administrator admin- <pw-string> password. password <confirm-string> Enables bandwidth control. bandwidth- control Enables Bridge Control Protocol bcp- (BCP) transparency. transparenc MS-7206 User’s Guide...
Page 259 Sets a descriptive name for the name <cluster cluster. name> Logs into the CLI of the specified rcommand <mac- cluster member. address> Specifies through which traffic default- <in-band|out-of- flow the switch is to send management band> packets. MS-7206 User’s Guide...
Page 260 Enables IGMP filtering on the igmp- switch. filtering Sets the range of multicast profile <name> address(es) in a profile. start-address <ip> end-address <ip> Enables IGMP snooping. igmp- snooping Sets the 802.1p priority for 8021p-priority <0-7> outgoing igmp snooping packets. MS-7206 User’s Guide...
Page 261 <LocalOnly | should use (first) to authenticate ence LocalRADIUS | a user. RADIUSOnly> Configures up to four read-only logins username <name> login accounts. password <pwd> Assigns a privilege level to user username <name> privilege <0- accounts. 14> MS-7206 User’s Guide...
Page 262 Displays the detailed help for the help mrstp command. Enables multi-login. multi-login Enters the MVR (Multicast VLAN <vlan-id> Registration) configuration mode. Refer to Section 46.12 on page for more information. Disable bandwidth control on the bandwidth-control switch. MS-7206 User’s Guide...
Page 263 Sets the management IP address to the default value. Removes a specified IP static route <ip> route. <mask> Enables a specified IP static route <ip> route. <mask> inactive Disables the link aggregation lacp control protocol (dynamic trunking) on the switch. MS-7206 User’s Guide...
Page 264 Disables port security on the port-security switch. Disables port security on the <port-list> specified ports. Enables MAC address learning <port-list> on the specified ports. learn inactive Disables Power over Ethernet interface (PoE) on the specified port(s). <port-list> MS-7206 User’s Guide...
Page 265 Disables telnet access to the telnet switch. Turns on the power to the slot. shutdown slot <slot-list> Disables sending of SNMP traps snmp-server trap- to a station. destination <ip> Disables STP. spanning-tree Disables STP on listed ports. <port-list> MS-7206 User’s Guide...
Page 266 |T6> interface <port-list> Disables LACP in the specified <T1|T2|T3|T4|T5 trunk group. |T6> lacp Deletes the static VLAN entry. vlan <vlan-id> Disables GVRP on the switch. vlan1q gvrp Disables VLAN stacking. vlan-stacking Change the password for Enable password mode. MS-7206 User’s Guide...
Page 267 Enables 802.1x authentication port- on the switch. access- authenticat Enables 802.1x authentication <port-list> on the specified port(s). Sets a subscriber to periodically reauthenticate re-enter his or her username and password to stay connected to a specified port. MS-7206 User’s Guide...
Page 268 Activates the specified group of remote- <index> trusted computers. management Specifies a group of trusted <index> start-addr computer(s) from which an <ip> end-addr <ip> administrator may use a service service <[telnet] to manage the switch. [ftp] [http] [icmp] [snmp] [ssh] [https]> MS-7206 User’s Guide...
Page 269 <router-id> area. authentication- key <key> Sets the virtual link to use the area <area-id> same authentication method as virtual-link the area. <router-id> authentication- same-as-area MS-7206 User’s Guide...
Page 270 <router- id> message- digest-key Resets the authentication no area <area- settings on this virtual area. id> virtual- link <router- id> authentication- same-as-area Deletes the virtual link from the no area <area- area. id> virtual- link <router- id> MS-7206 User’s Guide...
Page 271 Sets the time interval (in interval seconds) between Hello <1..255> message transmissions. Sets a descriptive name of the name <name VRRP setting for identification string> purposes. Activates this VRRP. no inactive Disables VRRP preemption no preempt mode. MS-7206 User’s Guide...
Page 272 SNMP <ip> traps to. Enables STP on the switch. spanning- tree Enables STP on a specified port. 13 <port-list> Sets the STP path cost for a <port-list> path- specified port. cost <1-65535> MS-7206 User’s Guide...
Page 273 Adds a port(s) to the specified <T1|T2|T3|T4|T5|T6 trunk group. >interface <port- list> Defines the port number and interface <port- LACP timeout period. list> timeout <lacp-timeout> Enters the VLAN configuration vlan <vlan-id> mode. See Section 46.11.6 on page 279 for more information. MS-7206 User’s Guide...
Page 274: Interface Port-Channel Commands
Specifies the maximum number of <pkt/s> broadcast packets to allow through the port. Enables DiffServ on the port(s). diffserv Enables the Destination Lookup dlf-limit Failure (DLF) limit. Sets the interface DLF limit in <pkt/s> packets per second (pps). MS-7206 User’s Guide...
Page 275 Enables port mirroring in the mirror interface. Enables port mirroring for dir <ingress| incoming, outgoing or both egress|both> incoming and outgoing traffic. Port mirroring copies traffic from one or all ports to another or all ports for external analysis. MS-7206 User’s Guide...
Page 276 Disables multicast limit on the multicast-limit port(s). Disables VLAN trunking on the vlan-trunking port(s). The default PVID is VLAN 1 for all pvid <vlan-id> ports. Sets a PVID in the range 1 to 4094 for the specified interface. MS-7206 User’s Guide...
Page 277: Interface Route-Domain Commands
Use these commands to configure the IP routing domains. Table 102 interface route-domain Commands PRIVILEG COMMAND DESCRIPTION Enables a routing domain for interface configuration. route-domain <ip-address>/ <mask-bits> Exits from the interface routing- exit domain command mode. MS-7206 User’s Guide...
Page 278 <k> Disables DVMRP in this routing ip dvmrp domain. Disables IP IGMP in this routing ip igmp domain. Disables OSPF authentication ip ospf key settings in this routing authentication-key domain. MS-7206 User’s Guide...
Page 279: Config-Vlan Commands
<ip- address in this VLAN. address> Specifies a name for name <name-str> identification purposes. Sets fixed port(s) to normal fixed <port-list> port(s). Sets forbidden port(s) to normal forbidden <port- port(s). list> Enables the specified VLAN. inactive MS-7206 User’s Guide...
Page 280: Mvr Commands
Disables all MVR group group settings. Disables the specified MVR group <name-str> group setting. Enables MVR. inactive Disables the receiver port(s).An receiver-port MVR receiver port can only <port-list> receive multicast traffic in a multicast VLAN. MS-7206 User’s Guide...
Page 281 MVR source port can send and <port-list> receive multicast traffic in a multicast VLAN. Sets the port(s) to tag VLAN tagged <port- tags. list> Sets the 802.1p priority for the 8021p-priority packets belonging to this VLAN group. MS-7206 User’s Guide...
Page 282 Chapter 46 Introducing Commands MS-7206 User’s Guide...
Page 283: User And Enable Mode Commands
Ethernet Address : 00:13:49:00:65:18 ZyNOS F/W Version : V3.75(ABX.0)b7 | 1/23/2007 RomRasSize : 3370138 System up Time 147:46:18 (32bbc4b ticks) Bootbase Version : V128ram | 04/03/2006 ZyNOS CODE : RAS Jan 23 2007 11:53:22 Product Model : MM-7201 MS-7206 User’s Guide...
Page 284: Show Ip
1 00:00:04 1970 PP05 -WARN SNMP TRAP 3: link up Clear Error Log (y/n): If you clear a log (by entering at the prompt), you Clear Error Log (y/n): cannot view it again. 47.2.4 show interface Syntax: show interfaces [port-number] MS-7206 User’s Guide...
Page 285: Show Mac Address-Table
128 to 255 256 to 511 512 to 1023 1024 to 1518 Giant sysname# 47.2.5 show mac address-table Syntax: show mac address-table <count>|<static>|<all|vlan <vid>|port <port-list> [sort]> Where = Specifies the sorting criteria (MAC, VID or PORT). <sort> MS-7206 User’s Guide...
Page 286: Ping
47.4 traceroute Syntax: traceroute <ip|host-name> [in-band|out-of-band][ttl <1-255>] [wait <1-60>] -> [queries <1-10>] where The IP address or host name of an Ethernet device. <ip|host-name> Specifies the network interface to which the Ethernet device [in-band|out-of- band belongs. MS-7206 User’s Guide...
Page 287: Copy Port Attributes
Copies only the specified attributes from one slot to another slot interface slot <slot> or slots. <slot-list> [active ...] An example is shown next. • Copy all attributes of port 1 to port 2 in slot 4. MS-7206 User’s Guide...
Page 288: Configuration File Maintenance
2 Enter to save the changes to the current configuration file. If you want write memory to reset the second configuration file, use the command again with the write memory specified index number. MS-7206 User’s Guide...
Page 289 Chapter 47 User and Enable Mode Commands The following example resets both configuration files to the factory default settings. sysname# erase running-config sysname# write memory sysname# write memory 2 MS-7206 User’s Guide...
Page 290 Chapter 47 User and Enable Mode Commands MS-7206 User’s Guide...
Page 291: Configuration Mode Commands
Syntax: igmp-snooping igmp-snooping 8021p-priority <0-7> igmp-snooping host-timeout <1-16711450> igmp-snooping leave-timeout <1-16711450> igmp-snooping reserved-multicast-group <drop|flooding> igmp-snooping unknown-multicast-frame <drop|flooding> MS-7206 User’s Guide...
Page 292: Configure Igmp Filter
30 sysname(config)# igmp-snooping reserved-multicast-group drop sysname(config)# igmp-snooping unknown-multicast-frame drop 48.3 Configure IGMP Filter Use the following commands in the config mode to configure IGMP filtering profiles. Syntax: igmp-filtering igmp-filtering profile <name> start-address <ip> end-address <ip> MS-7206 User’s Guide...
Page 293: Enabling Stp
<port-list> path-cost <1-65535> spanning-tree <port-list> priority <0-255> mrstp <treeIndex> mrstp <treeIndex> priority <0-61440> mrstp <treeIndex> hello-time <1-10> maximum-age <6-40> forward-delay <4-30> mrstp interface <port-list> mrstp interface <port-list> path-cost <1-65535> mrstp interface <port-list> priority <0-255> mrstp interface <port-list> treeIndex <1-4> MS-7206 User’s Guide...
Page 294 • Enable STP on the switch. • Set the bridge priority of the switch to 0. • Set the Hello Time to 4, Maximum Age to 20 and Forward Delay to 15 on the switch. MS-7206 User’s Guide...
Page 295: No Command Examples
An example is shown next. The management IP address is reset to its default value. sysname(config)# no ip 48.5.3 Re-enable commands The no command can also be used to re-enable features which have been disabled. Syntax: no ip route <ip> <mask> inactive MS-7206 User’s Guide...
Page 296: Other Examples Of No Commands
• Remove ports 1, 3, 4, and 5 in slot 4 from trunk two (T2). sysname(config)# no trunk T1 sysname(config)# no trunk T3 lacp sysname(config)# no trunk T2 interface 4/1,4/3-4/5 48.5.4.2 no port-access-authenticator Syntax: no port-access-authenticator no port-access-authenticator <port-list> reauthenticate no port-access-authenticator <port-list> MS-7206 User’s Guide...
Page 297: Figure 138 No Port-Access-Authenticator Command Example
• Remove the remote host with IP address 172.165.1.9 and with an SSH-RSA encryption key from the list of known hosts. sysname(config)# no ssh key rsa1 sysname(config)# no ssh known-hosts 172.165.1.8 sysname(config)# no ssh known-hosts 172.165.1.9 ssh-rsa MS-7206 User’s Guide...
Page 298: Static Route Commands
172.21.1.104 255.255.0.0 192.168.1.2 name route1 48.7 Enabling MAC Filtering You can create a filter to drop packets based on the MAC address of the source or the destination. Syntax: mac-filter name <name> mac <mac-addr> vlan <vlan-id> drop <src|dst|both> MS-7206 User’s Guide...
Page 299: Enabling Trunking
Places ports in the trunk. <T1|T2|T3|T4|T5|T6> interface <port-list> Enables LACP in the trunk. <T1|T2|T3|T4|T5|T6> lacp An example is shown next. • Create trunk 1 on the switch. • Place ports 5-8 in slot 4 into trunk 1. MS-7206 User’s Guide...
Page 300: Enabling Port Authentication
Changes the UDP port of the RADIUS server from [acct-port <socket-number>] the default (1812). Specifies a password (up to 32 alphanumeric [key <key-string>] characters) as the key to be shared between the RADIUS server and the switch. MS-7206 User’s Guide...
Page 301: Port Authentication Settings
An example is shown next. • Specify RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password. See Section 48.9.1 on page 300 for more information on RADIUS server commands. MS-7206 User’s Guide...
Page 302 • Specify 1800 seconds as the interval for client reauthentication. sysname(config)# radius-server host 1 10.10.10.1 acct-port 1890 key --> secretKey sysname(config)# radius-server timeout 30 sysname(config)# port-access-authenticator sysname(config)# port-access-authenticator 4/4-4/8 sysname(config)# port-access-authenticator 4/4-4/8 reauthenticate sysname(config)# port-access-authenticator 4/4-4/8 reauth-period 1800 MS-7206 User’s Guide...
Page 303: Interface Commands
An example is shown next. • Enter the configuration mode. • Enable ports 1, 3, 4 and 5 in slot 4 for configuration. • Begin configuring for those ports. sysname# config sysname(config)# interface port-channel 4/1,4/3-4/5 sysname(config-interface)# 49.2.2 bpdu-control Syntax: bpdu-control <peer|tunnel|discard|network> MS-7206 User’s Guide...
Page 304: Broadcast-Limit
• Enable port 1 in slot 4 for configuration. • Enable broadcast control. • Set how many broadband packets the interface receives per second. sysname(config)# interface port-channel 4/1 sysname(config-interface)# broadcast-limit sysname(config-interface)# broadcast-limit 21 49.2.4 bandwidth-limit command enables bandwidth control on the switch. bandwidth-limit MS-7206 User’s Guide...
Page 305: Mirror
Port mirroring copies traffic from one or all ports to another or all ports for external analysis. An example is shown next. • Enable the monitor port 3. • Enable port mirroring. • Enable ports 1, 4, 5 and 6 in slot 4 for configuration. MS-7206 User’s Guide...
Page 306: Gvrp
An example is shown next. • Enable ports 1, 3, 4 and 5 in slot 4 for configuration. • Enable ingress checking on the interface. sysname(config)# interface port-channel 4/1,4/3-4/5 sysname(config-interface)# ingress-check 49.2.8 frame-type Syntax: frame-type <all|tagged|untagged> MS-7206 User’s Guide...
Page 307: Weight
Syntax: qos priority <0 .. 7> where Sets the quality of service priority for a port. <0 .. 7> An example is shown next. • Enable ports 1, 3, 4, and 5 in slot 4 for configuration. MS-7206 User’s Guide...
Page 308: Name
49.3 Interface no Command Examples Similar to the no commands in the Enable and Config modes, the no commands for the Interface sub mode also disable certain features. In this mode, however, this takes place on a port by port basis. MS-7206 User’s Guide...
Page 309: No Bandwidth-Limit
An example is shown next: • Disable bandwidth limits on port 1 in slot 4. sysname(config)# interface port-channel 4/1 sysname(config-interface)# no bandwidth-limit cir sysname(config-interface)# no bandwidth-limit egress sysname(config-interface)# no bandwidth-limit pir MS-7206 User’s Guide...
Page 310 Chapter 49 Interface Commands MS-7206 User’s Guide...
Page 311: Routing Domain Command Examples
An example is shown next. • Enter the configuration mode. • Enable default routing domain (the 192.168.1.1 subnet) for configuration. • Begin configuring for this domain. sysname# config sysname(config)# interface route-domain 192.168.1.1/24 cmd interface route domain 192.168.1.1 255.255.255.0 sysname(config-if)# MS-7206 User’s Guide...
Page 312 Chapter 50 Routing Domain Command Examples MS-7206 User’s Guide...
Page 313: Ieee 802.1Q Tagged Vlan Commands
VLAN (VID 3 in this example) for vlan <vlan-id> managing the switch, and the switch will activate the new management VLAN. • Use the command to disable the new management VLAN. inactive sysname (config)# vlan 3 sysname (config-vlan)# inactive MS-7206 User’s Guide...
Page 314: Global Vlan1Q Tagged Vlan Configuration Commands
Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. MS-7206 User’s Guide...
Page 315: Gvrp Timer
You must configure the switch port VLAN settings in config-interface mode. 51.3.1 Set Port VID Syntax: pvid <VID> where Specifies the VLAN number between 1 and 4094. <VID> This command sets the default VLAN ID on the port(s). MS-7206 User’s Guide...
Page 316: Set Acceptable Frame Type
51.3.4 Modify Static VLAN Use the following commands in the config-vlan mode to configure the static VLAN table. Syntax: vlan <vlan-id> fixed <port-list> forbidden <port-list> name <name-str> normal <port-list> untagged <port-list> no fixed <port-list> no forbidden <port-list> no untagged <port-list> MS-7206 User’s Guide...
Page 317 The switch also does not forward frames to “forbidden” ports. 4 If after looking at the static VLAN, the switch does not have any ports to which it will send the frame, it won’t check the port filter. MS-7206 User’s Guide...
Page 318: Delete Vlan Id
This command shows the IEEE 802.1Q Tagged SVLAN (Static VLAN) table. An example is shown next. • VID is the VLAN identification number. • Status shows whether the VLAN is static or active. • Elap-Time is the time since the VLAN was created on the switch. MS-7206 User’s Guide...
Page 319 TagCtl untagged. sysname# show vlan The Number of VLAN : Idx. Status Elap-Time TagCtl ---- ---- --------- ----------- ----------------------------------- Static 0:07:05 Untagged : Tagged MS-7206 User’s Guide...
Page 320 Chapter 51 IEEE 802.1Q Tagged VLAN Commands MS-7206 User’s Guide...
Page 321: Multicast Vlan Registration Commands
The VLAN ID [1 – 4094]. <vlan-id> Specifies the MVR source ports which send and receive multicast source-port <port-list> traffic. Specifies the MVR receiving ports which only receive multicast receiver-port <port-list> traffic. A name to identify the multicast VLAN group. name <name-str> MS-7206 User’s Guide...
Page 322 • Configure MVR multicast group addresses by the name of ipgroup. • Exit MVR mode. See the following example. sysname(config)# mvr 3 name multivlan sysname(config-mvr)# source-port 4/2,4/3,4/5 receiver-port 4/6-4/8 sysname(config-mvr)# mode dynamic sysname(config-mvr)# group ipgroup start-address 224.0.0.1 end-address --> 224.0.0.255 sysname(config-mvr)# exit MS-7206 User’s Guide...
Page 323: Troubleshooting
The MM-7201 does not turn on. None of the LEDs turn on. 1 Make sure the MM-7201 is inserted correctly. 2 Make sure the MS-7206 system is receiving power. If it is not, see the appropriate User’s Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables.
Page 324: Mm-7201 Access And Login
IP address must match it. Refer to the chapter on access control for details. 7 Reset the device to its factory defaults, and try to access the MM-7201 with the default IP address. See Section 4.6 on page 8 If the problem continues, contact the network administrator or vendor. MS-7206 User’s Guide...
Page 325 I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. MS-7206 User’s Guide...
Page 326 Chapter 53 Troubleshooting MS-7206 User’s Guide...
Page 327: Appendices And Index
VIII Appendices and Index Product Specifications (329) IP Addresses and Subnetting (337) Pop-up Windows, JavaScripts and Java Permissions (345) Legal Information (351) Customer Support (355) Index (359)
Page 329: Appendix A Product Specifications
1.3 V • 1.25 V Temperature: • MAC: • CPU: • PHY: Fan: • 2250-4950 rpm for 8 fans in the fan tray. Temperature Operating: 0~45 ºC (32~113 ºF) Storage: -25~70 ºC (13~158 ºF) Humidity 10-90% (non-condensing) MS-7206 User’s Guide...
Page 330: Table 106 Feature Descriptions
- not everybody. In addition, the switch can send packets to Ethernet devices that are not VLAN-aware by untagging (removing the VLAN tags) IP multicast packets. RIP (Routing Information Protocol) allows a routing device to exchange routing information with other routers. MS-7206 User’s Guide...
Page 331: Table 107 General Specifications
Use the web configurator to easily configure the rich range of features on the MM-7201. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the MM- 7201.
Page 332 Probe interval: 10 sec Report interval: 35 sec Route expiration time: 140 sec Prune lifetime: Variable (less than two hours) Prune retransmission time: 3 sec with exponential back off Graft retransmission time: 5 sec with exponential back off MS-7206 User’s Guide...
Page 333: Table 108 Management Specifications
Management Table 109 Supported Standards STANDARD DESCRIPTION RFC 867 Daytime protocol RFC 868 Time protocol RFC 1305 Network Time Protocol (NTP) RFC 894 IP Datagrams over Ethernet Networks RFC 1112 Internet Group Multicast Protocol (IGMP) RFC 2236 MS-7206 User’s Guide...
Page 334: Cable Pin Assignments
Cable Pin Assignments In a serial communications connection, generally a computer is DTE (Data Terminal Equipment) and a modem is DCE (Data Circuit-terminating Equipment). The MM-7201 is DCE when you connect a computer to the console port. MS-7206 User’s Guide...
Page 335: Figure 139 Console/Dial Backup Port Pin Layout
1 IRD + 2 IRD - 2 OTD - 2 IRD - 2 IRD - 3 OTD 3 IRD + 3 OTD + 3 OTD 6 OTD - 6 IRD - 6 OTD - 6 OTD - MS-7206 User’s Guide...
Page 336 Appendix A Product Specifications MS-7206 User’s Guide...
Page 337: Appendix B Ip Addresses And Subnetting
The following table shows the network number and host ID arrangement for classes A, B and Table 112 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID Host ID Host ID MS-7206 User’s Guide...
Page 338: Table 113 Allowed Ip Address Range By Class
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. MS-7206 User’s Guide...
Page 339: Table 114 "Natural" Masks
1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. MS-7206 User’s Guide...
Page 340: Table 116 Two Subnets Example
Lowest Host ID: 192.168.1.1 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 118 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask 255.255.255. Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 MS-7206 User’s Guide...
Page 341: Table 119 Subnet 1
Table 120 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 MS-7206 User’s Guide...
Page 342: Table 121 Subnet 3
FIRST ADDRESS ADDRESS ADDRESS ADDRESS The following table is a summary for class “C” subnet planning. Table 124 Class C Subnet Planning NO. “BORROWED” HOST NO. HOSTS PER SUBNET MASK NO. SUBNETS BITS SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) MS-7206 User’s Guide...
Page 343: Subnetting With Class A And Class B Networks
16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 MS-7206 User’s Guide...
Page 344 Appendix B IP Addresses and Subnetting MS-7206 User’s Guide...
Page 345: Appendix C Pop-Up Windows, Javascripts And Java Permissions
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. MS-7206 User’s Guide...
Page 346: Figure 141 Internet Options
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. MS-7206 User’s Guide...
Page 347: Figure 142 Internet Options
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 143 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. MS-7206 User’s Guide...
Page 348: Figure 144 Internet Options
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. MS-7206 User’s Guide...
Page 349: Figure 145 Security Settings - Java Scripting
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 146 Security Settings - Java MS-7206 User’s Guide...
Page 350: Figure 147 Java (Sun)
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 147 Java (Sun) MS-7206 User’s Guide...
Page 351: Appendix D Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 352: Zyxel Limited Warranty
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 353 (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Page 354 Appendix D Legal Information MS-7206 User’s Guide...
Page 355: Appendix E Customer Support
• Telephone: +506-2017878 • Fax: +506-2015098 • Web Site: www.zyxel.co.cr • FTP Site: ftp.zyxel.co.cr • Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 •...
Page 356 • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web Site: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-690969 •...
Page 357 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 358 Appendix E Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 359: Index
Backbone Router (BR) getting help backbone, routing interface Backup Designated Router (BDR), and OSPF logging in modes basic settings modes summary BDR (Backup Designated Router) static VLAN table example BPDUs (Bridge Protocol Data Units) MS-7206 User’s Guide...
Page 360 FTP system log command example Differentiated Service (DiffServ) filename convention DiffServ filtering activate rules DS field filtering database, MAC table DSCP firmware 59, 66 DSCP-to-IEEE802.1p mapping upgrade 200, 227 network example flow control back pressure disclaimer MS-7206 User’s Guide...
Page 361 IEEE 802.1p, priority LSA (Link State Advertisement) IEEE 802.1x activate reauthentication IEEE 802.1x, port authentication IGMP 173, 175 setup version 143, 173 MAC (Media Access Control) MS-7206 User’s Guide...
Page 362 VLAN policy and classifier Multiple Spanning Tree Protocol and DiffServ Multiple STP configuration example configuration overview group configuration rules network example port authentication MVR (Multicast VLAN Registration) and RADIUS 115, 117 and VSA IEEE 802.1x MS-7206 User’s Guide...
Page 363 Queue weight save configuration 52, 200 queue weight Secure Shell See SSH queuing service access control service port show commands examples Queuing algorithm Simple Network Management Protocol, See SNMP Queuing method queuing method slot setup slot status MS-7206 User’s Guide...
Page 364 Max Age 99, 101, 102, 104 path cost 96, 100, 103 port priority 100, 103 port state user mode root port examples status 100, 103 terminology stub area 161, 167 stub area, See also OSPF MS-7206 User’s Guide...
Page 365 WRR (Weighted Round Robin Scheduling) introduction number of VLANs port number port settings static VLAN status 86, 87 tagged ZyNOS (ZyXEL Network Operating System) trunking 85, 90 VLAN (Virtual Local Area Network) VLAN commands examples VLAN number VLAN stacking 137, 139 configuration...
Page 366 Index MS-7206 User’s Guide...