Download Print this page

ZyXEL Communications MS-7206 - EDITION 1 Manual

Modular ethernet switch system

Hide thumbs Also See for MS-7206 - EDITION 1:

User manual (366 pages)

,

Specifications (4 pages)

,

Sales manual (8 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual

MS-7206

Modular Ethernet Switch System

Default Login Details

IP Address

http://192.168.0.1

User Name

Password

Firmware Version 3.85

www.zyxel.com

Edition 1, 10/2009

www.zyxel.com

admin

1234

Copyright © 2009

ZyXEL Communications Corporation

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the MS-7206 - EDITION 1 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications MS-7206 - EDITION 1

Page 1 MS-7206 Modular Ethernet Switch System Default Login Details IP Address http://192.168.0.1 User Name admin Password 1234 Firmware Version 3.85 www.zyxel.com Edition 1, 10/2009 www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Embedded web help for descriptions of individual screens and supplementary information. • Supporting Disc Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp.,...
Page 4 • Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products. • Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well.
Page 5: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The MS-7206 icon is not an exact representation of your device. MS-7206 Computer Notebook computer Server DSLAM Firewall Telephone Switch Router MS-7206 User’s Guide...
Page 7: Safety Warnings
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Page 8: Safety Warnings
Safety Warnings MS-7206 User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview Introduction ..........................23 Introducing the MM-7201 ......................25 Hardware ..........................29 Front Panel ..........................31 Installing Cards .......................... 33 Basic ............................37 The Web Configurator ....................... 39 Initial Setup Example ......................... 49 System Status and Port Statistics ....................55 System Info ..........................
Page 10 Contents Overview IP ............................239 Static Route ..........................241 RIP ............................243 OSPF ............................245 IGMP ............................257 DVMRP ............................ 259 Differentiated Services ......................263 DHCP ............................271 VRRP ............................281 Manage ..........................291 Maintenance ..........................293 Access Control ........................301 Diagnostic ..........................
Page 11: Table Of Contents
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................5 Safety Warnings........................7 Contents Overview ........................9 Table of Contents........................11 Part I: Introduction................. 23 Chapter 1 Introducing the MM-7201......................25 1.1 Overview ..........................25 1.2 Ways to Manage the MM-7201 ....................
Page 12 Table of Contents 3.2.2 Add an Interface Module (System Is On) ..............34 3.2.3 Remove an Interface Module ..................36 Part III: Basic ..................37 Chapter 4 The Web Configurator ......................39 4.1 Introduction .......................... 39 4.2 System Login ........................39 4.3 The Status Screen ......................
Page 13 Table of Contents 9.1 Switch Setup ........................69 Chapter 10 IP Setup............................ 73 10.1 IP Interfaces ........................73 10.2 IP Setup ..........................74 Chapter 11 Slot Setup ..........................77 11.1 Slot Setup .......................... 77 Chapter 12 Port Setup..........................79 12.1 Port Setup .......................... 79 Part IV: Advanced ..................
Page 14 Table of Contents Chapter 15 Filtering..........................103 15.1 Filtering ........................... 103 Chapter 16 Spanning Tree Protocol......................105 16.1 STP/RSTP Overview ...................... 105 16.1.1 STP Terminology ....................105 16.1.2 How STP Works ....................106 16.1.3 STP Port States ..................... 107 16.1.4 Multiple RSTP ....................... 107 16.1.5 Multiple STP ......................
Page 15 Table of Contents Chapter 21 Port Authentication....................... 143 21.1 Port Authentication Overview ..................143 21.1.1 IEEE 802.1x Authentication ................... 143 21.1.2 MAC Authentication ....................144 21.2 Port Authentication ......................145 21.2.1 802.1x ......................... 146 21.2.2 MAC Authentication ....................147 Chapter 22 Port Security..........................
Page 16 Table of Contents 26.4 VLAN Stacking ......................... 176 Chapter 27 Multicast ..........................179 27.1 Multicast Overview ......................179 27.1.1 IP Multicast Addresses ................... 179 27.1.2 IGMP Filtering ......................179 27.1.3 IGMP Snooping ..................... 180 27.1.4 IGMP Snooping and VLANs ................... 180 27.2 Multicast Status ......................
Page 17 Table of Contents 29.5.2 DHCP Snooping VLAN Configure ................221 29.6 ARP Inspection Status ..................... 223 29.6.1 ARP Inspection VLAN Status ................. 224 29.6.2 ARP Inspection Log Status ..................225 29.7 ARP Inspection Configure ....................226 29.7.1 ARP Inspection Port Configure ................228 29.7.2 ARP Inspection VLAN Configure ................
Page 18 Table of Contents 35.1 DVMRP Overview ......................259 35.2 How DVMRP Works ......................259 35.2.1 DVMRP Terminology ..................... 260 35.3 DVMRP ..........................260 35.3.1 DVMRP Configuration Error Messages ..............261 35.4 Default DVMRP Timer Values ..................262 Chapter 36 Differentiated Services ......................263 36.1 DiffServ Overview ......................
Page 19 Table of Contents Part VI: Manage ..................291 Chapter 39 Maintenance .......................... 293 39.1 Maintenance ........................293 39.1.1 Firmware Upgrade ....................294 39.1.2 Restore Configuration .................... 296 39.1.3 Backup Configuration ..................... 296 39.2 FTP Command Line ......................297 39.2.1 Filename Conventions ..................297 39.2.2 FTP Command Line Procedure ................
Page 20 Table of Contents Chapter 43 Cluster Management......................327 43.1 Cluster Management Status Overview ................327 43.2 Clustering Management Status ..................328 43.2.1 Cluster Member Switch Management ..............329 43.2.2 Uploading Firmware to a Cluster Member Switch ..........330 43.3 Clustering Management Configuration ................332 Chapter 44 MAC Table..........................
Page 21 Table of Contents Part VIII: Appendices and Index ............367 Appendix A IP Addresses and Subnetting ................369 Appendix B Legal Information ....................381 Index............................385 MS-7206 User’s Guide...
Page 22: Ms-7206 User's Guide
Table of Contents MS-7206 User’s Guide...
Page 23: Introduction
Introduction Introducing the MM-7201 (25)
Page 25: Introducing The Mm-7201
H A P T E R Introducing the MM-7201 This chapter introduces the main applications and features of the MM-7201. It also introduces the ways you can manage the MM-7201. 1.1 Overview The MM-7201 is the management card for the MS-7206 Ethernet chassis system. The MM-7201 contains the configuration of the MS-7206 system and makes the interface modules work together as one switch.
Page 26: Ways To Manage The Mm-7201
Chapter 1 Introducing the MM-7201 In this example, the MS-7206 system is connected to three Gigabit Ethernet switches A, B, and C and one router D. • Switch A provides access to the servers in the data center. The MS-7206 system uses link aggregation (trunking) to create a high-speed connection with switch •...
Page 27: Leds
Chapter 1 Introducing the MM-7201 1.4 LEDs Figure 2 LEDs Table 1 LEDs COLOR STATUS DESCRIPTION Green The MM-7201 is receiving power from one of the MS-7206 power modules. The MM-7201 is not receiving power from any of the MS- 7206 power modules.
Page 28 Chapter 1 Introducing the MM-7201 MS-7206 User’s Guide...
Page 29: Hardware
Hardware Front Panel (31) Installing Cards (33)
Page 31: Front Panel
H A P T E R Front Panel This chapter describes the front panel of and connections to the MM-7201. 2.1 Front Panel This section introduces the ports on the front panel of the MM-7201. See Section 1.4 on page 27 for a description of LEDs.
Page 32: Console Port
Chapter 2 Front Panel • Auto-crossover or auto-MDI/MDI-X. The port automatically works with a straight-through or crossover Ethernet cable. 2.2.2 CONSOLE Port For local management through the command line interface (CLI), use a computer with terminal emulation software configured to the following parameters: •...
Page 33: Installing Cards
H A P T E R Installing Cards This chapter describes how to add, remove, and hot-swap management cards and interface modules in the system. 3.1 Management Cards This section describes the steps required to add and remove management cards. If you want to hot-swap management cards, follow the steps below to remove the existing management card and add the new management card.
Page 34: Add A Management Card (System Is On)
Chapter 3 Installing Cards 3.1.2 Add a Management Card (System Is On) Insert the card in the MS-7206 chassis. If there is another management card in the system, the new management card automatically becomes the standby management card. If the firmware version of the new management card is different than the firmware version of the existing management card, the new management card does not function in the system.
Page 35 Chapter 3 Installing Cards Open the Slot Setup screen, and uninstall the existing type of interface module in the slot (if necessary). Figure 5 Slot Setup (Uninstall) Remove the interface module from the system (if necessary). Insert the interface module in slot 3, slot 4, slot 5, or slot 6. MS-7206 User’s Guide...
Page 36: Remove An Interface Module
Chapter 3 Installing Cards Open the Slot Setup screen, and install the new type of interface module in the slot. Figure 6 Slot Setup (Install) 3.2.3 Remove an Interface Module Remove the interface module from the MS-7206 chassis. MS-7206 User’s Guide...
Page 37: Basic
Basic The Web Configurator (39) Initial Setup Example (49) System Status and Port Statistics (55) System Info (61) General Setup (65) Switch Setup (69) IP Setup (73) Slot Setup (77) Port Setup (79)
Page 39: The Web Configurator
H A P T E R The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 40: The Status Screen
Chapter 4 The Web Configurator The login screen appears. The default username is admin and associated default password is 1234. Figure 7 Web Configurator: Login You may configure the time in the General Setup screen. See Chapter 8 on page Click OK to view the first web configurator screen.
Page 41 Chapter 4 The Web Configurator B - Click this link to save your configuration into the MM-7201’s nonvolatile memory. Nonvolatile memory is the configuration of your MM-7201 that stays the same even if the MM-7201’s power is turned off. C - Click this link to go to the status page of the system. D - Click this link to log out of the web configurator.
Page 42 Chapter 4 The Web Configurator Table 4 Navigation Panel Menu Description (continued) LINK DESCRIPTION IP Setup Configure the default gateway, DNS server, management IP address, and IP domains. Slot Setup Control the power to the each slot or to change what type of card is in the slot without restarting the system.
Page 43 Chapter 4 The Web Configurator Table 4 Navigation Panel Menu Description (continued) LINK DESCRIPTION Loop Guard Configure protection against network loops that occur on the edge of your network. IP Application Static Routing Tell the switch how to forward IP traffic when you configure the TCP/IP parameters manually.
Page 44: Change Your Password
Chapter 4 The Web Configurator Table 4 Navigation Panel Menu Description (continued) LINK DESCRIPTION Routing Table Use this to look at the routing table. Configure Use this to copy attributes of one port or slot to other ports or slots. Clone 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default...
Page 45: Switch Lockout
Chapter 4 The Web Configurator 4.5 Switch Lockout You could block yourself (and all others) from using in-band-management (managing through the data ports on the interface modules) if you do one of the following: Delete the management VLAN (default is VLAN 1). Delete all port-based VLANs with the CPU port as a member.
Page 46: Logging Out Of The Web Configurator
Chapter 4 The Web Configurator Disconnect and reconnect the system’s power to begin a session. When you reconnect the power, you will see the initial screen. When you see the message “Press any key to enter Debug Mode within 3 seconds ...”...
Page 47: Help
Chapter 4 The Web Configurator 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. MS-7206 User’s Guide...
Page 48 Chapter 4 The Web Configurator MS-7206 User’s Guide...
Page 49: Initial Setup Example
H A P T E R Initial Setup Example This chapter explains how to complete the following steps for an example network. • Configure an IP interface • Configure DHCP server settings • Create a VLAN • Set port VLAN ID •...
Page 50: Configuring Dhcp Server Settings
Chapter 5 Initial Setup Example Connect your computer to the out-of-band MGMT port that is used only for management. Make sure your computer is in the same subnet as the MGMT port. Open your web browser and enter http://192.168.0.1 (the default MGMT port IP address) in the address bar to access the web configurator.
Page 51: Creating A Vlan
Chapter 5 Initial Setup Example Click IP Application > DHCP > VLAN. In the DHCP VLAN Setting screen, specify the ID of the VLAN to which the DHCP clients belong, set the DHCP status to Server, configure the starting IP address pool, subnet mask, default gateway address and the DNS server address(es).
Page 52: Setting Port Vid
Chapter 5 Initial Setup Example In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. Select Slot 3 in the drop-down box above the port list.
Page 53: Enabling Rip
Chapter 5 Initial Setup Example Click Advanced Application > VLAN > VLAN Port Setting. Select Slot 3 in the drop-down box above the port list. Enter 2 in the PVID field for port Click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the MM-7201’s power is turned off.
Page 54 Chapter 5 Initial Setup Example MS-7206 User’s Guide...
Page 55: System Status And Port Statistics
H A P T E R System Status and Port Statistics This chapter describes the system status (web configurator home page), port status, and port details screens. 6.1 Status Use this screen to look at a summary of each slot and whatever card may be in each slot.
Page 56: Port Status
Chapter 6 System Status and Port Statistics Table 5 Status (continued) LABEL DESCRIPTION Up Time This field shows the total amount of time in hours, minutes and seconds the card has been up in the slot. F/W Version This field displays the version number of the card's current firmware including the date created.
Page 57: Port Details
Chapter 6 System Status and Port Statistics Table 6 Port Status (continued) LABEL DESCRIPTION LACP This fields displays whether LACP (Link Aggregation Control Protocol) is Enabled or Disabled on the port. See Chapter 20 on page 135 for more information about LACP. TxPkts This field shows the number of frames transmitted on this port.
Page 58 Chapter 6 System Status and Port Statistics on page 56. To open this screen, click Status in any web configurator screen, then click the number of the slot, and finally click the number of the port. Figure 17 Port Details The following table describes the labels in this screen.
Page 59 Chapter 6 System Status and Port Statistics Table 7 Port Details (continued) LABEL DESCRIPTION Name This is the name assigned to this port. You can configure this in the Port Setup screen. See Chapter 12 on page Link This field displays the speed (either 10M for 10 Mbps, 100M for 100 Mbps, 1000M for 1000 Mbps, or 10G for 10-Gigabit) and the duplex (F for full duplex or H for half).
Page 60 Chapter 6 System Status and Port Statistics Table 7 Port Details (continued) LABEL DESCRIPTION Single This field shows the number of times one collision occurred before a frame could be transmitted successfully on this port. Multiple This field shows the number of times 2-15 collisions occurred before a frame could be transmitted successfully on this port.
Page 61: System Info
H A P T E R System Info 7.1 System Info Use this screen to look at basic information about the MM-7201 and to monitor the system hardware, including temperature, fan speed, voltage, and power. To open this screen, click Basic Setting > System Info. Figure 18 System Info MS-7206 User’s Guide...
Page 62 Chapter 7 System Info The following table describes the labels in this screen. Table 8 System Info LABEL DESCRIPTION System This field displays the descriptive name of the MM-7201 for identification Name purposes. Click Basic Setting > General Setup to change this. See Chapter 8 on page ZyNOS F/W This field displays the version number of the MM-7201's current firmware...
Page 63: Hardware Monitor
Chapter 7 System Info Table 8 System Info (continued) LABEL DESCRIPTION Fan Speed A properly functioning fan is an essential component (along with a (RPM) sufficiently ventilated, cool operating environment) in order for the system to stay within the temperature threshold. Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown.
Page 64 Chapter 7 System Info Table 9 Hardware Monitor (continued) LABEL DESCRIPTION Temperature The number is the slot number in which the card is located. MAC, PHY and BOARD refer to the location of the temperature sensors on the card’s printed circuit board. Current This shows the current temperature in degrees at this sensor.
Page 65: General Setup
H A P T E R General Setup 8.1 General Setup Use this screen to configure the system name, login precedence, time, and other general settings for the system. To open this screen, click Basic Setting > General Setup. Figure 20 General Setup The following table describes the labels in this screen.
Page 66 Chapter 8 General Setup Table 10 General Setup (continued) LABEL DESCRIPTION Contact Enter the name of the person in charge of this switch. You can use up to Person's Name 32 printable English keyboard characters; spaces are allowed. Use Time Enter the time service protocol that your timeserver uses.
Page 67 Chapter 8 General Setup Table 10 General Setup (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Saving Time. The time is displayed in the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March.
Page 68 Chapter 8 General Setup MS-7206 User’s Guide...
Page 69: Switch Setup
H A P T E R Switch Setup 9.1 Switch Setup Use this screen to configure MAC address learning, declaration timeout values for GARP, and priority queues. You can also control whether or not the switch handles bridge control protocols, such as STP. To open this screen, click Basic Setting > Switch Setup.
Page 70 Chapter 9 Switch Setup Table 11 Switch Setup (continued) LABEL DESCRIPTION Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out (and must be relearned). GARP Timer: Switches join VLANs by making a declaration.
Page 71 Chapter 9 Switch Setup Table 11 Switch Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 72 Chapter 9 Switch Setup MS-7206 User’s Guide...
Page 73: Ip Setup
H A P T E R IP Setup This chapter introduces IP interfaces and then describes the IP Setup screen. 10.1 IP Interfaces The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.0.1. The subnet mask specifies the network number portion of an IP address.
Page 74: Ip Setup
Chapter 10 IP Setup 10.2 IP Setup Use this screen to configure the default gateway, DNS server, management IP address, and IP domains. To open this screen, click Basic Setting > IP Setup. Figure 22 IP Setup The following table describes the labels in this screen. Table 12 IP Setup LABEL DESCRIPTION...
Page 75: Ip Setup
Chapter 10 IP Setup Table 12 IP Setup (continued) LABEL DESCRIPTION Default Specify which traffic flow (In-Band or Out-of-band) the switch is to send Management packets originating from itself (such as SNMP traps) or packets with unknown source. Select Out-of-band to have the switch send the packets to the management port labelled MGMT.
Page 76 Chapter 10 IP Setup MS-7206 User’s Guide...
Page 77: Slot Setup
H A P T E R Slot Setup 11.1 Slot Setup Use this screen to control the power to the each slot or to change what type of card is in the slot without restarting the system. To open this screen, click Basic Setting >...
Page 78 Chapter 11 Slot Setup The following table describes the labels in this screen. Table 13 Slot Setup LABEL DESCRIPTION Shutdown Use this section to control the power to each slot. Slot This field displays the number of each slot in the system. Shutdown Select this to turn off the power to the slot.
Page 79: Port Setup
H A P T E R Port Setup 12.1 Port Setup Use this screen to configure basic port settings, such as speed, duplex, and flow control. You can also configure the default 802.1p priority and the way bridge protocol data units (BPDU) are handled. To open this screen, click Basic Setting >...
Page 80 Chapter 12 Port Setup Table 14 Port Setup (continued) LABEL DESCRIPTION Name Enter a descriptive name that identifies this port. You can enter up to 64 alpha-numerical characters. Note: Due to space limitation, the port name may be truncated in some web configurator screens.
Page 81 Chapter 12 Port Setup Table 14 Port Setup (continued) LABEL DESCRIPTION This field only applies to Power over Ethernet (PoE) modules. Select this to provide power to connected powered devices (PD) that use PoE to get power from the switch on this port. Apply Click Apply to save your changes to the switch’s run-time memory.
Page 82 Chapter 12 Port Setup MS-7206 User’s Guide...
Page 83: Advanced
Advanced VLAN (85) Static MAC Forward Setup (101) Filtering (103) Spanning Tree Protocol (105) Bandwidth Control (127) Broadcast Storm Control (131) Mirroring (133) Link Aggregation (135) Port Authentication (143) Port Security (149) Classifier (155) Policy Rule (161) Queuing Method (169) VLAN Stacking (173) Multicast (179) AAA (195)
Page 85: Vlan
H A P T E R VLAN This chapter introduces VLANs and then describes the screens you use to configure VLAN settings. 13.1 Introduction to VLANs A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group.
Page 86: Forwarding Tagged And Untagged Frames
Chapter 13 VLAN field of the Ethernet frame) and two bytes of TCI (Tag Control Information, starts after the source address field of the Ethernet frame). The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches.
Page 87: Gvrp
Chapter 13 VLAN Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. 13.3.2 GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the...
Page 88: Static Vlan
Chapter 13 VLAN Refer to the following figure. Suppose you want to create VLAN groups 1 and 2 (V1 and V2) on devices A and B. Without VLAN Trunking, you must configure VLAN groups 1 and 2 on all intermediary switches C, D and E; otherwise they will drop frames with unknown VLAN group tags.
Page 89: Vlan Status
Chapter 13 VLAN 13.6 VLAN Status Use this screen to look at the current status of VLANs in the system. See Section 13.2 on page 85 for background information about VLAN. To open this screen, click Advanced Application > VLAN. Figure 26 VLAN Status The following table describes the labels in this screen.
Page 90 Chapter 13 VLAN Advanced Application > VLAN, and then click on the index number of the VLAN. Figure 27 VLAN Detail The following table describes the labels in this screen. Table 17 VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen. This is the VLAN identification number that was configured in the Static VLAN screen.
Page 91: Static Vlan
Chapter 13 VLAN 13.6.2 Static VLAN Use this screen to look at and configure 802.1Q VLAN parameters for the switch. Section 13.2 on page 85 for background information about VLAN. To open this screen, click Advanced Application > VLAN > Static VLAN. Figure 28 Static VLAN The following table describes the related labels in this screen.
Page 92 Chapter 13 VLAN Table 18 Static VLAN (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 93: Vlan Port Setting
Chapter 13 VLAN 13.6.3 VLAN Port Setting Use this screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 13.2 on page 85 for background information about VLAN. To open this screen, click Advanced Application > VLAN > VLAN Port Setting. Figure 29 VLAN Port Setting The following table describes the labels in this screen.
Page 94: Subnet Based Vlans
Chapter 13 VLAN Table 19 VLAN Port Setting (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 95: Configuring Subnet Based Vlan
Chapter 13 VLAN data for 10.1.1.0/24. The switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames. You configure a subnet based VLAN with priority 6 and VID of 100 for traffic received from IP subnet 172.16.1.0/24 (voice services).
Page 96 Chapter 13 VLAN Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 31 Subnet Based VLAN The following table describes the labels in this screen. Table 20 Subnet Based VLAN Setup LABEL DESCRIPTION Active...
Page 97: Protocol Based Vlans
Chapter 13 VLAN Table 20 Subnet Based VLAN Setup (continued) LABEL DESCRIPTION Mask-Bits Enter the bit number of the subnet mask. To find the bit number, convert the subnet mask to binary format and add all the 1’s together. Take “255.255.255.0”...
Page 98: Configuring Protocol Based Vlan
Chapter 13 VLAN traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic, when they go through the uplink port to a backbone switch C. Figure 32 Protocol Based VLAN Application Example 13.10 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown.
Page 99 Chapter 13 VLAN The following table describes the labels in this screen. Table 21 Protocol Based VLAN LABEL DESCRIPTION Active Check this box to activate this protocol based VLAN. Port Select the slot and enter the number of the port to be included in this protocol based VLAN.
Page 100: Create An Ip-Based Vlan Example
Chapter 13 VLAN 13.11 Create an IP-based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. Follow these steps: Activate this protocol based VLAN. Select the slot number and type the port number you want to include in this protocol based VLAN.
Page 101: Static Mac Forward Setup
H A P T E R Static MAC Forward Setup 14.1 Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When you set up static MAC address rules, you are setting static MAC addresses for a port.
Page 102: Static Mac Forward Setup
Chapter 14 Static MAC Forward Setup The following table describes the labels in this screen. Table 22 Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule.
Page 103: Filtering
H A P T E R Filtering 15.1 Filtering Use this screen to drop frames based on the source MAC address, destination MAC address, and/or VLAN ID. To open this screen, click Advanced Application > Filtering. Figure 36 Filtering The following table describes the related labels in this screen. Table 23 Filtering LABEL DESCRIPTION...
Page 104: Filtering
Chapter 15 Filtering Table 23 Filtering (continued) LABEL DESCRIPTION Action Select Discard source to drop frame from the source MAC address (specified in the MAC field). The switch can still send frames to the MAC address. Select Discard destination to drop frames to the destination MAC address (specified in the MAC address).
Page 105: Spanning Tree Protocol
H A P T E R Spanning Tree Protocol The switch supports Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol •...
Page 106: How Stp Works
Chapter 16 Spanning Tree Protocol Path cost is the cost of transmitting a frame onto a LAN through that port. It is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost. Table 24 STP Path Costs LINK RECOMMENDED...
Page 107: Stp Port States
16.1.4 Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 108: Multiple Stp
Chapter 16 Spanning Tree Protocol 16.1.5 Multiple STP Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/ RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include the following features: • One Common and Internal Spanning Tree (CIST) that represents the entire network’s connectivity.
Page 109: Mst Region
Chapter 16 Spanning Tree Protocol With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP. Figure 39 MSTP Network Example VLAN 1 VLAN 2 16.1.5.2 MST Region...
Page 110 Chapter 16 Spanning Tree Protocol The following figure shows an example where there are two MST regions. Regions 1 and 2 have 2 spanning tree instances. Figure 40 MSTIs in Different Regions 16.1.5.4 Common and Internal Spanning Tree (CIST) A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/RSTP.
Page 111: Spanning Tree Protocol Status Screen
Chapter 16 Spanning Tree Protocol 16.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. Figure 42 Advanced Application >...
Page 112: Rapid Spanning Tree Protocol
Chapter 16 Spanning Tree Protocol The following table describes the labels in this screen. Table 26 Advanced Application > Spanning Tree Protocol > Configuration LABEL DESCRIPTION Spanning Tree You can activate one of the STP modes on the switch. Mode Select Rapid Spanning Tree, Multiple Rapid Spanning Tree or Multiple Spanning Tree.
Page 113: Rapid Spanning Tree Protocol
Chapter 16 Spanning Tree Protocol The following table describes the labels in this screen. Table 27 Rapid Spanning Tree Protocol LABEL DESCRIPTION Status Click Status to display the RSTP Status screen. See Figure 45 on page 114. Active Select this to activate RSTP. Clear this to disable RSTP. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port.
Page 114: Rapid Spanning Tree Protocol Status
Chapter 16 Spanning Tree Protocol Table 27 Rapid Spanning Tree Protocol (continued) LABEL DESCRIPTION Priority Configure the priority for each port here. Priority decides which port should be disabled when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first.
Page 115 Chapter 16 Spanning Tree Protocol The following table describes the labels in this screen. Table 28 Rapid Spanning Tree Protocol Status LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click RSTP to edit RSTP settings on the switch. Bridge Root refers to the base of the spanning tree (the root bridge).
Page 116: Multiple Rapid Spanning Tree Protocol
Chapter 16 Spanning Tree Protocol 16.6 Multiple Rapid Spanning Tree Protocol Use this screen to configure MRSTP on the switch. See Section 16.1 on page 105 for background information about MRSTP. To open this screen, click Advanced Application > Spanning Tree Protocol > MRSTP. Figure 46 Multiple Rapid Spanning Tree Protocol The following table describes the labels in this screen.
Page 117 Chapter 16 Spanning Tree Protocol Table 29 Multiple Rapid Spanning Tree Protocol (continued) LABEL DESCRIPTION Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch.
Page 118: Multiple Rapid Spanning Tree Protocol Status
Chapter 16 Spanning Tree Protocol Table 29 Multiple Rapid Spanning Tree Protocol (continued) LABEL DESCRIPTION Tree Select which STP tree configuration this port should participate in. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 119 Chapter 16 Spanning Tree Protocol Table 30 Multiple Rapid Spanning Tree Protocol Status (continued) LABEL DESCRIPTION Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the switch is the root switch.
Page 120: Configure Multiple Spanning Tree Protocol
Chapter 16 Spanning Tree Protocol 16.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 16.1.5 on page 108 for more information on MSTP. Figure 48 Multiple Spanning Tree Protocol MS-7206 User’s Guide...
Page 121 Chapter 16 Spanning Tree Protocol The following table describes the labels in this screen. Table 31 Multiple Spanning Tree Protocol LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 49 on page 123). Active Select this to activate MSTP on the switch. Clear this to disable MSTP on the switch.
Page 122 Chapter 16 Spanning Tree Protocol Table 31 Multiple Spanning Tree Protocol (continued) LABEL DESCRIPTION Bridge Priority Set the priority of the switch for the specific spanning tree instance. The lower the number, the more likely the switch will be chosen as the root bridge within the spanning tree instance.
Page 123: Multiple Spanning Tree Protocol Status
Chapter 16 Spanning Tree Protocol Table 31 Multiple Spanning Tree Protocol (continued) LABEL DESCRIPTION Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. 16.9 Multiple Spanning Tree Protocol Status Click Advanced Application >...
Page 124 Chapter 16 Spanning Tree Protocol The following table describes the labels in this screen. Table 32 Multiple Spanning Tree Protocol Status LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MSTP to edit MSTP settings on the switch. This section describes the Common Spanning Tree settings.
Page 125 Chapter 16 Spanning Tree Protocol Table 32 Multiple Spanning Tree Protocol Status (continued) LABEL DESCRIPTION Internal Cost This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the switch through which this switch must communicate with the root of the MST instance.
Page 126 Chapter 16 Spanning Tree Protocol MS-7206 User’s Guide...
Page 127: Bandwidth Control
H A P T E R Bandwidth Control This chapter introduces Committed Information Rate (CIR) and Peak Information Rate (PIR) and then shows you how to configure the maximum allowable bandwidth for incoming (ingress) and outgoing (egress) traffic flows on a port. 17.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Page 128: Bandwidth Control
Chapter 17 Bandwidth Control outgoing (egress) traffic on a port. To open this screen, click Advanced Application > Bandwidth Control. Figure 50 Bandwidth Control The following table describes the related labels in this screen. Table 33 Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the switch.
Page 129 Chapter 17 Bandwidth Control Table 33 Bandwidth Control (continued) LABEL DESCRIPTION Egress Rate Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic flow on a port. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 130 Chapter 17 Bandwidth Control MS-7206 User’s Guide...
Page 131: Broadcast Storm Control
H A P T E R Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 18.1 Broadcast Storm Control Use this screen to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the switch receives per second on the ports.
Page 132: Chapter 18 Broadcast Storm Control
Chapter 18 Broadcast Storm Control The following table describes the labels in this screen. Table 34 Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the switch. Clear this check box to disable this feature. Slot Select the slot at whose settings you want to look.
Page 133: Mirroring
H A P T E R Mirroring 19.1 Mirroring Use this screen to copy (“mirror”) traffic from one or more ports to a specified monitor port. You can examine the traffic on the monitor port without interfering with regular traffic flow. To open this screen, click Advanced Application > Mirroring.
Page 134 Chapter 19 Mirroring Table 35 Mirroring (continued) LABEL DESCRIPTION Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 135: Link Aggregation
H A P T E R Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higher-bandwidth link. 20.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link.
Page 136: Link Aggregation Id
Chapter 20 Link Aggregation • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops.
Page 137: Link Aggregation Status
Chapter 20 Link Aggregation 20.3 Link Aggregation Status Use this screen to look at the trunk groups that are on the switch. See Section 20.1 on page 135 for background information about trunk groups. To open this screen, click Advanced Application > Link Aggregation. Figure 53 Link Aggregation Status The following table describes the labels in this screen.
Page 138: Link Aggregation Setting
Chapter 20 Link Aggregation Table 38 Link Aggregation Control Protocol Status (continued) LABEL DESCRIPTION Criteria This shows the outgoing traffic distribution algorithm used in this trunk group. Packets from the same source and/or to the same destination are sent over the same link within the trunk. src-mac means the switch distributes traffic based on the packet’s source MAC address.
Page 139: Link Aggregation Setting
Chapter 20 Link Aggregation screen shown next. See Section 20.1 on page 135 for more information on link aggregation. Figure 54 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen. Table 39 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link...
Page 140: Link Aggregation Control Protocol
Chapter 20 Link Aggregation Table 39 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk.
Page 141 Chapter 20 Link Aggregation Advanced Application > Link Aggregation > Link Aggregation Setting > LACP. Figure 55 Link Aggregation Control Protocol The following table describes the labels in this screen. Table 40 Link Aggregation Control Protocol LABEL DESCRIPTION Active Select this to enable Link Aggregation Control Protocol (LACP). System LACP system priority is a number between 1 and 65,535.
Page 142 Chapter 20 Link Aggregation Table 40 Link Aggregation Control Protocol (continued) LABEL DESCRIPTION Dynamic Select this check box to enable LACP for a trunk. (LACP) Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. LACP Timeout is the time interval between the individual port exchanges of LACP Timeout...
Page 143: Port Authentication
H A P T E R Port Authentication 21.1 Port Authentication Overview Port authentication is a way to validate access to ports on the switch to clients based on an external server (authentication server). The switch supports the following methods for port authentication: •...
Page 144: Mac Authentication
Chapter 21 Port Authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. Figure 56 IEEE 802.1x Authentication Process New Connection Login Info Request Login Credentials Authentication Request Authentication Reply Session Granted/Denied 21.1.2 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication.
Page 145: Port Authentication
Chapter 21 Port Authentication client connecting to a port on the switch along with a password configured specifically for MAC authentication on the switch. Figure 57 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied 21.2 Port Authentication Follow these steps to enable port authentication.
Page 146: 146
Chapter 21 Port Authentication 21.2.1 802.1x Use this screen to configure IEEE 802.1x security on the switch and on the ports. To open this screen, click Advanced Application > Port Authentication > 802.1x. Figure 59 802.1x The following table describes the labels in this screen. Table 41 802.1x LABEL DESCRIPTION...
Page 147: Mac Authentication
Chapter 21 Port Authentication Table 41 802.1x (continued) LABEL DESCRIPTION Active Select this to permit 802.1x authentication on this port. You must first allow 802.1x authentication on the switch before configuring it on each port. Reauthenticati Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port.
Page 148 Chapter 21 Port Authentication The following table describes the labels in this screen. Table 42 MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the switch. Note: You must first enable MAC authentication on the switch before configuring it on each port.
Page 149: Port Security
H A P T E R Port Security 22.1 Port Security Use this screen to allow only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch. See Chapter 50 on page 357 for the maximum number of MAC addresses the switch can learn.
Page 150: Port Security
Chapter 22 Port Security To open this screen, click Advanced Application > Port Security. Figure 61 Port Security The following table describes the labels in this screen. Table 43 Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which you want to enable port security and disable MAC address learning.
Page 151 Chapter 22 Port Security Table 43 Port Security (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 152: Vlan Mac Address Limit
Chapter 22 Port Security 22.2 VLAN MAC Address Limit Use this screen to set the MAC address learning limit on per-port and per-VLAN basis. Click VLAN MAC Address Limit in the Advanced Application > Port Security screen to display the screen as shown. Figure 62 Advanced Application >...
Page 153 Chapter 22 Port Security Table 44 Advanced Application > Port Security > VLAN MAC Address Limit LABEL DESCRIPTION Limit Number This is the maximum number of MAC addresses which a port can learn in a VLAN. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button.
Page 154 Chapter 22 Port Security MS-7206 User’s Guide...
Page 155: Classifier
H A P T E R Classifier This chapter introduces the packet classifier and shows you how to configure it. 23.1 Packet Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Page 156 Chapter 23 Classifier Note: When two rules conflict with each other, a higher layer rule has priority over lower layer rule. Figure 63 Classifier The following table describes the labels in this screen. Table 45 Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes.
Page 157 Chapter 23 Classifier Table 45 Classifier (continued) LABEL DESCRIPTION Packet Specify the format of the packet. Choices are All, 802.3 tagged, 802.3 Format untagged, Ethernet II tagged and Ethernet II untagged. A value of 802.3 indicates that the packets are formatted according to the IEEE 802.3 standards.
Page 158 Chapter 23 Classifier Table 45 Classifier (continued) LABEL DESCRIPTION IP Address/ Enter a destination IP address in dotted decimal notation. Address Specify the address prefix by entering the number of ones in the subnet Prefix mask. Socket Note: You must select either UDP or TCP in the IP Protocol field Number before you configure the socket numbers.
Page 159: Classifier Example
Chapter 23 Classifier Some of the most common IP ports are: Table 47 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 23.3 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2 in slot 3. Figure 64 Example: Configuring a Classifier MS-7206 User’s Guide...
Page 160 Chapter 23 Classifier The resulting entry in the summary table is shown below. Figure 65 Example: Looking at the Classifier in the Summary Table After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. MS-7206 User’s Guide...
Page 161: Policy Rule
H A P T E R Policy Rule This chapter introduces policy rules and shows you how to configure them. 24.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria. A policy rule ensures that a traffic flow gets the requested treatment in the network. See Chapter 23 on page 155 for more information about classifiers.
Page 162: Diffserv
Chapter 24 Policy Rule The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.
Page 163 Chapter 24 Policy Rule Use this screen to configure policy rules for classified traffic. To open this screen, click Advanced Applications > Policy Rule. Figure 66 Policy MS-7206 User’s Guide...
Page 164 Chapter 24 Policy Rule The following table describes the labels in this screen. Table 48 Policy LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. Classifier(s) This field displays the active classifier(s) you configure in the Classifier screen.
Page 165 Chapter 24 Policy Rule Table 48 Policy (continued) LABEL DESCRIPTION Diffserv Select No change to keep the TOS and/or DSCP fields in the packets. Select Set the packet’s TOS field to set the TOS field with the value you configure in the TOS field. Select Replace the IP TOS with the 802.1 priority value to replace the TOS field with the value you configure in the Priority field.
Page 166: Policy Example
Chapter 24 Policy Rule 24.3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (created in Section 23.3 on page 159).
Page 167 Chapter 24 Policy Rule MS-7206 User’s Guide...
Page 168 Chapter 24 Policy Rule MS-7206 User’s Guide...
Page 169: Queuing Method
H A P T E R Queuing Method This chapter introduces the queuing methods supported and then explains the screen for configuring them. 25.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic.
Page 170: Weighted Fair Queuing
Chapter 25 Queuing Method Weighted Round Robin Scheduling (WRR) uses the same algorithm as round robin scheduling, but services queues based on their priority and queue weight (the number you configure in the queue Weight field) rather than a fixed amount of bandwidth.
Page 171: Queuing Method
Chapter 25 Queuing Method 25.2 Queuing Method Use this screen to configure queuing methods to handle network congestion. To open this screen, click Advanced Application > Queuing Method. Figure 69 Queuing Method The following table describes the labels in this screen. Table 49 Queuing Method LABEL DESCRIPTION...
Page 172: Queuing Method
Chapter 25 Queuing Method Table 49 Queuing Method (continued) LABEL DESCRIPTION Method Select SPQ (Strict Priority Queuing, WFQ, or WRR (Weighted Round Robin). Strict Priority Queuing (SPQ) services queues based on priority only. When the highest priority queue empties, traffic on the next highest- priority queue begins.
Page 173: Vlan Stacking
H A P T E R VLAN Stacking This chapter shows you how to configure VLAN stacking on your switch. See Chapter 13 on page 85 for background information about VLANs. 26.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 174: Vlan Stacking Port Roles
Chapter 26 VLAN Stacking distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. Figure 70 VLAN Stacking Example 26.2 VLAN Stacking Port Roles Each port can have these VLAN stacking “roles”: Access Port and Tunnel (the latter is for Gigabit ports only).
Page 175: Vlan Tag Format
Chapter 26 VLAN Stacking 26.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 50 VLAN Tag Format Type Priority Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information.
Page 176: Vlan Stacking
Chapter 26 VLAN Stacking Configure the fields as circled in the switch VLAN Stacking screen. Table 51 Single and Double Tagged 802.1Q Frame Format Len/ Data FCS Untagged Etype Ethernet frame TPID Priority VID Len/ Data FCS IEEE Etype 802.1Q customer tagged frame...
Page 177: Vlan Stacking
Chapter 26 VLAN Stacking To open this screen, click Advanced Applications > VLAN Stacking. Figure 71 VLAN Stacking The following table describes the labels in this screen. Table 53 VLAN Stacking LABEL DESCRIPTION Active Select this to enable VLAN stacking on the switch. SP TPID SP TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802.1Q tag information.
Page 178 Chapter 26 VLAN Stacking Table 53 VLAN Stacking (continued) LABEL DESCRIPTION Role Select Normal to have the switch ignore frames received (or transmitted) on this port with VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the switch add the SP TPID tag to all incoming frames received on this port.
Page 179: Multicast
H A P T E R Multicast This chapter shows you how to configure various multicast features. 27.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
Page 180: Igmp Snooping
Chapter 27 Multicast 27.1.3 IGMP Snooping A switch can passively snoop on IGMP Query, Report and Leave (IGMP version 2) packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly.
Page 181: Multicast Setting
Chapter 27 Multicast Table 54 Multicast Status (continued) LABEL DESCRIPTION Port This field displays the slot number and port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. 27.3 Multicast Setting Use this screen to configure multicast settings for the switch or for the ports. See Section 27.1 on page 179 for more information on multicasting.
Page 182 Chapter 27 Multicast The following table describes the labels in this screen. Table 55 Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping. Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Querier Select this option to allow the switch to send IGMP General Query messages to the VLANs with the multicast hosts attached.
Page 183: Igmp Snooping Vlan
Chapter 27 Multicast Table 55 Multicast Setting (continued) LABEL DESCRIPTION Normal Leave Enter an IGMP normal leave timeout value (from 200 to 6,348,800) in milliseconds. Select this option to have the switch use this timeout to update the forwarding table for the port. This defines how many seconds the switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host.
Page 184 Chapter 27 Multicast screen as shown. See Section 27.1.4 on page 180 for more information on IGMP Snooping VLAN. Figure 74 IGMP Snooping VLAN The following table describes the labels in this screen. Table 56 IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the switch learn multicast group membership information of any VLANs automatically.
Page 185: Igmp Filtering Profile
Chapter 27 Multicast Table 56 IGMP Snooping VLAN (continued) LABEL DESCRIPTION Click Add to insert the entry in the summary table below and save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 186: Mvr Overview
Chapter 27 Multicast The following table describes the labels in this screen. Table 57 IGMP Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range.
Page 187: Types Of Mvr Ports
Chapter 27 Multicast MVR. Join and leave reports from other multicast groups are managed by IGMP snooping. The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the switch and S.
Page 188: Mvr
Chapter 27 Multicast entry is created in the forwarding table on the switch. This maps the subscriber VLAN to the list of forwarding destinations for the specified multicast traffic. When the subscriber changes the channel or turns off the computer, an IGMP leave message is sent to the switch to leave the multicast group.
Page 189 Chapter 27 Multicast Note: You must enable IGMP snooping to use MVR. However, MVR only responds to IGMP messages from multicast groups that are configured under MVR. Figure 78 MVR The following table describes the related labels in this screen. Table 58 MVR LABEL DESCRIPTION...
Page 190: Group Configuration
Chapter 27 Multicast Table 58 MVR (continued) LABEL DESCRIPTION Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 191: Group Configuration
Chapter 27 Multicast Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. Figure 79 Group Configuration The following table describes the labels in this screen. Table 59 Group Configuration LABEL DESCRIPTION Multicast...
Page 192: Mvr Configuration Example
Chapter 27 Multicast 27.8.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 (in slot 3) on the switch belong to VLAN 1. In addition, port 7 (also in slot 3) belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S.
Page 193 Chapter 27 Multicast following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 82 MVR Group Configuration Example Figure 83 MVR Group Configuration Example MS-7206 User’s Guide...
Page 194 Chapter 27 Multicast MS-7206 User’s Guide...
Page 195: Aaa
H A P T E R This chapter describes how to configure authentication, authorization and accounting settings on the switch. 28.1 Authentication, Authorization and Accounting (AAA) Authentication is the process of determining who a user is and validating access to the switch.
Page 196: Local User Accounts
Chapter 28 AAA 28.1.2 on page 196) as external authentication, authorization and accounting servers. Figure 84 AAA Server Client AAA Server 28.1.1 Local User Accounts By storing user profiles locally on the switch, your switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Section 40.3 on page...
Page 197: Radius Server Setup
Chapter 28 AAA Click Advanced Application > AAA in the navigation panel to display the screen as shown. Figure 85 AAA 28.2.1 RADIUS Server Setup Use this screen to configure your RADIUS server settings. See Section 28.1.2 on page 196 for more information on RADIUS servers.
Page 198 Chapter 28 AAA The following table describes the labels in this screen. Table 61 RADIUS Server Setup LABEL DESCRIPTION Authentication Use this section to configure your RADIUS authentication settings. Server Mode This field is only valid if you configure multiple RADIUS servers. Select index-priority and the switch tries to authenticate with the first configured RADIUS server, if the RADIUS server does not respond then the switch tries to authenticate with the second RADIUS server.
Page 199: Tacacs+ Server Setup
Chapter 28 AAA Table 61 RADIUS Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS accounting server and the switch. This key is not sent over the network. This key must be the same on the external RADIUS accounting server and the switch.
Page 200 Chapter 28 AAA The following table describes the labels in this screen. Table 62 TACACS+ Server Setup LABEL DESCRIPTION Authentication Use this section to configure your TACACS+ authentication settings. Server Mode This field is only valid if you configure multiple TACACS+ servers. Select index-priority and the switch tries to authenticate with the first configured TACACS+ server, if the TACACS+ server does not respond then the switch tries to authenticate with the second TACACS+ server.
Page 201: Aaa Setup
Chapter 28 AAA Table 62 TACACS+ Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ accounting server and the switch. This key is not sent over the network. This key must be the same on the external TACACS+ accounting server and the switch.
Page 202 Chapter 28 AAA The following table describes the labels in this screen. Table 63 AAA Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the switch. Privilege These fields specify which database the switch should use (first, second Enable and third) to authenticate access privilege level for administrator accounts (users for switch management).
Page 203 Chapter 28 AAA Table 63 AAA Setup (continued) LABEL DESCRIPTION Active Select this to activate authorization for a specified event types. Method Select whether you want to use RADIUS or TACACS+ for authorization of specific types of events. RADIUS is the only method for IEEE 802.1x authorization. Accounting Use this section to configure accounting settings on the switch.
Page 204: Vendor Specific Attribute
VSA. The following table describes the VSAs supported on the switch. Table 64 Supported VSA FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 (ZyXEL) Assignment Vendor-Type = 1 ingress rate (decimal) Vendor-data = Egress Bandwidth Vendor-Id = 890 (ZyXEL)
Page 205: Tunnel Protocol Attribute
Chapter 28 AAA 28.2.5 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server to assign a port on the switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for more information. Table 65 Supported Tunnel Protocol Attribute FUNCTION ATTRIBUTE...
Page 206 Chapter 28 AAA MS-7206 User’s Guide...
Page 207: Ip Source Guard
H A P T E R IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 29.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network.
Page 208: Dhcp Snooping Overview
Chapter 29 IP Source Guard 29.1.1 DHCP Snooping Overview Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the binding table dynamically. This can prevent clients from getting IP addresses from unauthorized DHCP servers. 29.1.1.1 Trusted vs. Untrusted Ports Every port is either a trusted port or an untrusted port for DHCP snooping.
Page 209: Configuring Dhcp Snooping
Chapter 29 IP Source Guard You can configure the name and location of the file on the external TFTP server. The file has the following format: Figure 89 DHCP Snooping Database File Format <initial-checksum> TYPE DHCP-SNOOPING VERSION 1 BEGIN <binding-1> <checksum-1> <binding-2>...
Page 210: Arp Inspection Overview
Chapter 29 IP Source Guard Configure trusted and untrusted ports, and specify the maximum number of DHCP packets that each port can receive per second. Configure static bindings. 29.1.2 ARP Inspection Overview Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of man-in-the-middle attacks, such as the one in the following example.
Page 211: Ip Source Guard
Chapter 29 IP Source Guard • They appear only in the ARP Inspection screens and commands, not in the MAC address filtering screen and commands. 29.1.2.2 Trusted vs. Untrusted Ports Every port is either a trusted port or an untrusted port for ARP inspection. This setting is independent of the trusted/untrusted setting for DHCP snooping.
Page 212: Ip Source Guard Static Binding
Chapter 29 IP Source Guard the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings). To open this screen, click Advanced Application > IP Source Guard. Figure 91 IP Source Guard The following table describes the labels in this screen. Table 66 IP Source Guard LABEL DESCRIPTION...
Page 213 Chapter 29 IP Source Guard new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. Figure 92 IP Source Guard Static Binding The following table describes the labels in this screen. Table 67 IP Source Guard Static Binding LABEL DESCRIPTION...
Page 214 Chapter 29 IP Source Guard Table 67 IP Source Guard Static Binding (continued) LABEL DESCRIPTION VLAN This field displays the source VLAN ID in the binding. Port This field displays the port number in the binding. If this field is blank, the binding applies to all ports.
Page 215: Dhcp Snooping
Chapter 29 IP Source Guard 29.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 93 DHCP Snooping MS-7206 User’s Guide...
Page 216 Chapter 29 IP Source Guard The following table describes the labels in this screen. Table 68 DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database. You can configure them in the DHCP Snooping Configure screen.
Page 217 Chapter 29 IP Source Guard Table 68 DHCP Snooping (continued) LABEL DESCRIPTION Failed transfers This field displays the number of times the switch was unable to read bindings from or update the bindings in the DHCP snooping database. Successful reads This field displays the number of times the switch read bindings from the DHCP snooping database successfully.
Page 218: Dhcp Snooping Configure
Chapter 29 IP Source Guard Table 68 DHCP Snooping (continued) LABEL DESCRIPTION Expired leases This field displays the number of bindings the switch has ignored because the lease time had already expired. Unsupported vlans This field displays the number of bindings the switch has ignored because the VLAN ID does not exist anymore.
Page 219 Chapter 29 IP Source Guard The following table describes the labels in this screen. Table 69 DHCP Snooping Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the switch. You still have to enable DHCP snooping on specific VLAN and specify trusted ports.
Page 220: Dhcp Snooping Port Configure
Chapter 29 IP Source Guard Table 69 DHCP Snooping Configure (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 221: Dhcp Snooping Vlan Configure
Chapter 29 IP Source Guard The following table describes the labels in this screen. Table 70 DHCP Snooping Port Configure LABEL DESCRIPTION Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number. If you configure the * port, the settings are applied to all of the ports.
Page 222 Chapter 29 IP Source Guard open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN. Figure 96 DHCP Snooping VLAN Configure The following table describes the labels in this screen. Table 71 DHCP Snooping VLAN Configure LABEL DESCRIPTION Show VLAN...
Page 223: Arp Inspection Status
Chapter 29 IP Source Guard 29.6 ARP Inspection Status Use this screen to look at the current list of MAC address filters that were created because the switch identified an unauthorized ARP packet. When the switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Page 224: Arp Inspection Vlan Status
Chapter 29 IP Source Guard Table 72 ARP Inspection Status (continued) LABEL DESCRIPTION Delete Select this, and click Delete to remove the specified entry. Cancel Click this to clear the Delete check boxes above. Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen.
Page 225: Arp Inspection Log Status
Chapter 29 IP Source Guard Table 73 ARP Inspection VLAN Status LABEL DESCRIPTION Reply This field displays the total number of ARP Reply packets received from the VLAN since the switch last restarted. Forwarded This field displays the total number of ARP packets the switch forwarded for the VLAN since the switch last restarted.
Page 226: Arp Inspection Configure
Chapter 29 IP Source Guard Table 74 ARP Inspection Log Status (continued) LABEL DESCRIPTION Num Pkts This field displays the number of ARP packets that were consolidated into this log message. The switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message.
Page 227 Chapter 29 IP Source Guard settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure. Figure 100 ARP Inspection Configure The following table describes the labels in this screen. Table 75 ARP Inspection Configure LABEL DESCRIPTION...
Page 228: Arp Inspection Port Configure
Chapter 29 IP Source Guard Table 75 ARP Inspection Configure (continued) LABEL DESCRIPTION Log buffer size Enter the maximum number (1~1024) of log messages that were generated by ARP packets and have not been sent to the syslog server yet. Make sure this number is appropriate for the specified Syslog rate and Log interval.
Page 229: Arp Inspection Port Configure
Chapter 29 IP Source Guard ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 101 ARP Inspection Port Configure The following table describes the labels in this screen. Table 76 ARP Inspection Port Configure LABEL DESCRIPTION...
Page 230: Arp Inspection Vlan Configure
Chapter 29 IP Source Guard Table 76 ARP Inspection Port Configure (continued) LABEL DESCRIPTION Burst interval The burst interval is the length of time over which the rate of ARP (seconds) packets is monitored for each port. For example, if the Rate is 15 pps and the burst interval is 1 second, then the switch accepts a maximum of 15 ARP packets in every one-second interval.
Page 231: Arp Inspection Vlan Configure
Chapter 29 IP Source Guard Table 77 ARP Inspection VLAN Configure (continued) LABEL DESCRIPTION End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below.
Page 232 Chapter 29 IP Source Guard MS-7206 User’s Guide...
Page 233: Loop Guard
H A P T E R Loop Guard This chapter shows you how to configure the switch to guard against loops on the edge of your network. 30.1 Loop Guard Overview Loop guard allows you to configure the switch to shut down a port if it detects that packets sent out on that port loop back to the switch.
Page 234 Chapter 30 Loop Guard • It will receive its own broadcast messages that it sends out as they loop back. It will then re-broadcast those messages again. The following figure shows port N on switch A connected to switch B. Switch B is in loop state.
Page 235: Loop Guard Setup
Chapter 30 Loop Guard port N. The switch will shut down port N if it detects that the probe packet has returned to the switch. Figure 106 Loop Guard - Network Loop Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 12.1 on page 79) or via...
Page 236 Chapter 30 Loop Guard The following table describes the labels in this screen. Table 78 Advanced Application > Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the switch. The switch generates syslog, internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature.
Page 237 Chapter 30 Loop Guard MS-7206 User’s Guide...
Page 238 Chapter 30 Loop Guard MS-7206 User’s Guide...
Page 239: Part V: Ip
Static Route (241) (243) OSPF (245) IGMP (257) DVMRP (259) Differentiated Services (263) DHCP (271) VRRP (281)
Page 241: Static Route
H A P T E R Static Route 31.1 Static Routing Use this screen to tell the switch how to forward IP traffic when you configure the TCP/IP parameters manually. To open this screen, click IP Application > Static Routing. Figure 108 Static Routing The following table describes the related labels you use to create a static route.
Page 242: Static Routing
Chapter 31 Static Route Table 79 Static Routing (continued) LABEL DESCRIPTION IP Subnet Enter the subnet mask for this destination. Mask Gateway IP Enter the IP address of the gateway. The gateway is an immediate Address neighbor of your switch that will forward the packet to the destination. The gateway must be a router on the same segment as your switch.
Page 243: Rip
H A P T E R 32.1 RIP RIP (Routing Information Protocol) allows a routing device to exchange routing information with other routers. Use this screen to configure RIP on the switch. To open this screen, click IP Application > RIP. You cannot manually configure a new entry.
Page 244 Chapter 32 RIP Table 80 RIP (continued) LABEL DESCRIPTION Direction Select the RIP direction from the drop-down list box. Choices are Outgoing, Incoming, Both and None. Both: The switch will broadcast its routing table periodically and incorporate the RIP information that it receives. Incoming: The switch will not send any RIP packets but will accept all RIP packets received.
Page 245: Ospf
H A P T E R OSPF This chapter describes the OSPF (Open Shortest Path First) routing protocol and shows you how to configure OSPF. 33.1 OSPF Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS).
Page 246: How Ospf Works
Chapter 33 OSPF The following table describes the four classes of OSPF routers. Table 82 OSPF: Router Types TYPE DESCRIPTION Internal Router (IR) An Internal or intra-area router is a router in an area. Area Border Router (ABR) An Area Border Router connects two or more areas. Backbone Router (BR) A backbone router has an interface to the backbone.
Page 247: Ospf And Router Elections
Chapter 33 OSPF You can configure a virtual link to establish/maintain connectivity between a non- backbone area and the backbone. The virtual link must be configured on both layer 3 devices in the non-backbone area and the backbone. 33.1.4 OSPF and Router Elections The OSPF protocol provides for automatic election of Designated Router (DR) and Backup Designated Router (BDR) on network segments.
Page 248: Ospf Status
Chapter 33 OSPF Create virtual links to maintain backbone connectivity. 33.2 OSPF Status Use this screen to look at the current status of OSPF on the switch. See Section 33.1 on page 245 for more information on OSPF. To open this screen, click IP Application >OSPF.
Page 249 Chapter 33 OSPF The following table describes some common output fields. Table 84 OSPF Status: Common Output Fields FIELD DESCRIPTION Interface Internet This field displays the IP address and subnet bits of an IP routing Address domain. Area This field displays the area ID. Router ID This field displays the unique ID of the switch.
Page 250: Ospf Configuration
Chapter 33 OSPF 33.3 OSPF Configuration Use this screen to activate OSPF, set general settings, and configure areas. See Section 33.1 on page 245 for more information on OSPF. To open this screen, click IP Application > OSPF > Configuration. Figure 113 OSPF Configuration The follow table describes the related labels in this screen.
Page 251 Chapter 33 OSPF Table 85 OSPF Configuration (continued) LABEL DESCRIPTION Redistribute Route redistribution allows your switch to import and translate external Route routes learned through other routing protocols (RIP and Static) into the OSPF network transparently. Active Select this option to activate route redistribution for routes learn through the selected protocol.
Page 252: Ospf Interface
Chapter 33 OSPF Table 85 OSPF Configuration (continued) LABEL DESCRIPTION Default Route Specify a cost (between 0 and 16777214) used to add a default route Cost into a stub area for routes which are external to an OSPF domain. If you do not set a route cost, no default route is added.
Page 253: Ospf Interface
Chapter 33 OSPF To open this screen, click IP Application > OSPF > Configuration > Interface. Figure 114 OSPF Interface The following table describes the labels in this screen. Table 86 OSPF Interface LABEL DESCRIPTION Network Select an IP interface. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area.
Page 254 Chapter 33 OSPF Table 86 OSPF Interface (continued) LABEL DESCRIPTION When you select Simple in the Authentication field, enter a password eight-character long. Characters after the eighth character will be ignored. When you select MD5 in the Authentication field, enter a password 16- character long.
Page 255: Ospf Virtual-Link
Chapter 33 OSPF 33.5 OSPF Virtual-Link Use this screen to configure and view virtual link settings. See Section 33.1 on page 245 for more information on OSPF. To open this screen, click IP Application > OSPF > Configuration > Virtual-Link. Figure 115 OSPF Virtual-Link The following table describes the related labels in this screen.
Page 256 Chapter 33 OSPF Table 87 OSPF Virtual-Link (continued) LABEL DESCRIPTION Authentication Note: Virtual interface(s) must use the same authentication method within the same area. Select an authentication method. Choices are Same-as-Area, None (default), Simple and MD5. To exchange OSPF packets with peer border router, you must set the authentication method and/or password the same as the peer border router.
Page 257: Igmp
H A P T E R IGMP 34.1 IGMP IGMP (Internet Group Multicast Protocol) is a session-layer protocol used to establish membership in a multicast group. It is not used to carry user data. See RFC 1112 and RFC 2236 for information on IGMP versions 1 and 2, respectively. To open this screen, click IP Application >...
Page 258 Chapter 34 IGMP Table 88 IGMP (continued) LABEL DESCRIPTION Version Select an IGMP version from the drop-down list box. Choices are IGMP-v1, IGMP-v2, IGMP-v3 and None. The switch supports both IGMP version 1 (IGMP-v1), version 2 (IGMP-v2) and version 3 (IGMP-v3). At start up, the switch queries all directly connected networks to gather group membership.
Page 259: Dvmrp
H A P T E R DVMRP This chapter introduces DVMRP and tells you how to configure it. 35.1 DVMRP Overview DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast data within an autonomous system (AS). This DVMRP implementation is based on draft-ietf-idmr-dvmrp-v3-10.
Page 260: Dvmrp Terminology
Chapter 35 DVMRP The final multicast (“M”) after pruning and grafting is shown in the next figure. Figure 117 How DVMRP Works 35.2.1 DVMRP Terminology DVMRP probes are used to discover other DVMRP Neighbors on a network. DVMRP reports are used to exchange DVMRP source routing information. These packets are used to build the DVMRP multicast routing table that is used to build source trees and also perform Reverse Path Forwarding (RPF) checks on incoming multicast packets.
Page 261: Dvmrp Configuration Error Messages
Chapter 35 DVMRP The following table describes the labels in this screen. Table 89 DVMRP LABEL DESCRIPTION Active Select this to enable DVMRP on the switch. You should do this if you want the switch to act as a multicast router. Threshold Threshold is the maximum time to live (TTL) value.
Page 262: Default Dvmrp Timer Values
Chapter 35 DVMRP Each IP routing domain DVMRP configuration must be in a different VLAN group; otherwise you see the following screen. Figure 121 DVMRP: Duplicate VID Error Message 35.4 Default DVMRP Timer Values Chapter 50 on page 357 for default DVMRP timer values. These may be changed using line commands.
Page 263: Differentiated Services
H A P T E R Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the switch. 36.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Page 264: Chapter 36 Differentiated Services
Chapter 36 Differentiated Services different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. 36.1.2 DiffServ Network Example The following figure depicts a simple DiffServ network consisting of a group of contiguous DiffServ-compliant network devices.
Page 265: Trtcm-Color-Blind Mode
Chapter 36 Differentiated Services • Red (high loss priority level) packets are dropped. • Yellow (medium loss priority level) packets are dropped if there is congestion on the network. • Green (low loss priority level) packets are forwarded. TRTCM operates in one of two modes: color-blind or color-aware. In color-blind mode, packets are marked based on evaluating against the PIR and CIR regardless of if they have previously been marked or not.
Page 266: Diffserv
Chapter 36 Differentiated Services marked green are first evaluated against the PIR and then if they don’t exceed the PIR level are they evaluated against the CIR. Figure 125 TRTCM-Color-aware Mode Exceed Exceed Low Packet Red? Yellow? Loss CIR? PIR? High Packet High Packet Medium Packet...
Page 267: 2-Rate 3 Color Marker
Chapter 36 Differentiated Services The following table describes the labels in this screen. Table 90 Diffserv LABEL DESCRIPTION Active Select this option to enable DiffServ on the switch. Slot Select the slot at whose settings you want to look. Port This field displays the slot number and port number.
Page 268 Chapter 36 Differentiated Services Note: You cannot enable both TRTCM and Bandwidth Control at the same time. Figure 127 2-rate 3 Color Marker The following table describes the labels in this screen. Table 91 2-rate 3 Color Marker LABEL DESCRIPTION Active Select this to activate TRTCM (Two Rate Three Color Marker) on the switch.
Page 269: Dscp Setting
Chapter 36 Differentiated Services Table 91 2-rate 3 Color Marker (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port- by-port basis.
Page 270 Chapter 36 Differentiated Services To open this screen, IP Application > DiffServ > DSCP Setting. Figure 128 DSCP Setting The following table describes the labels in this screen. Table 93 DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE802.1p priority mapping, select the priority level from the drop- down list box.
Page 271: Dhcp
H A P T E R DHCP This chapter shows you how to configure the DHCP feature. 37.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the switch as a DHCP server or disable it.
Page 272: Dhcp Status
Chapter 37 DHCP 37.2 DHCP Status Use this screen to look at the status of DHCP servers on the switch. To open this screen, click IP Application > DHCP. Figure 129 DHCP Status The following table describes the labels in this screen. Table 94 DHCP Status LABEL DESCRIPTION...
Page 273: Dhcp Relay Agent Information
Chapter 37 DHCP 37.3.1 DHCP Relay Agent Information The switch can add information about the source of client DHCP requests that it relays to a DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information.
Page 274: Configuring Dhcp Global Relay
Chapter 37 DHCP 37.3.2 Configuring DHCP Global Relay Use this screen to configure the DHCP relay on the switch. To open this screen, click IP Application > DHCP in the navigation panel and click the Global link In the DHCP Status screen. Figure 130 DHCP Relay The following table describes the labels in this screen.
Page 275: Global Dhcp Relay Configuration Example
Chapter 37 DHCP 37.3.3 Global DHCP Relay Configuration Example The follow figure shows a network example where the switch is used to relay DHCP requests for the RD (VLAN 1) and Sales (VLAN 2) network. There is only one DHCP server that services the DHCP clients in both networks. Figure 131 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown.
Page 276: Configuring Dhcp Vlan Settings
Chapter 37 DHCP 37.4 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the switch.
Page 277 Chapter 37 DHCP The following table describes the labels in this screen. Table 97 DHCP VLAN Setting LABEL DESCRIPTION Enter the ID number of the VLAN group to which this DHCP settings apply. DHCP Status Select Sever to set the switch to act as a DHCP server. Select Relay to set the switch to act as a DHCP relay.
Page 278: Dhcp Vlan Setting Example
Chapter 37 DHCP Table 97 DHCP VLAN Setting (continued) LABEL DESCRIPTION DHCP Status For DHCP server configuration, this field displays the starting and the size of DHCP client IP address. For DHCP relay configuration, this field displays the first remote DHCP server IP address.
Page 279 Chapter 37 DHCP In the DHCP VLAN Setting screen, set the DHCP Status to Server and configure two DHCP client IP address pools for the two networks. The following shows an example. Figure 135 DHCP VLAN Setting Example MS-7206 User’s Guide...
Page 280 Chapter 37 DHCP MS-7206 User’s Guide...
Page 281: Vrrp
H A P T E R VRRP This chapter shows you how to configure and monitor the Virtual Router Redundancy Protocol (VRRP) on the switch. 38.1 VRRP Overview Each host on a network is configured to send packets to a statically configured default gateway (this switch).
Page 282: Vrrp Parameters
Chapter 38 VRRP the default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router. Figure 136 VRRP: Example 1 If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B.
Page 283: Preempt Mode
Chapter 38 VRRP 38.1.1.3 Preempt Mode If the master router is unavailable, a backup router assumes the role of the master router. However, when another backup router with a higher priority joins the network, it will preempt the lower priority backup router that is the master. Disable preempt mode to prevent this from happening.
Page 284: Vrrp Configuration
Chapter 38 VRRP 38.2.1 VRRP Configuration Use this screen to specify the virtual routers in which the switch participates. Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen. See Section 10.2 on page 74 for more information.
Page 285 Chapter 38 VRRP Table 99 VRRP Configuration (continued) LABEL DESCRIPTION When you select Simple in the Authentication field, enter a password key (up to eight printable English keyboard character long) in this field. Apply Click Apply to save your changes to the switch’s run-time memory. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 286: Vrrp Configuration Examples
Chapter 38 VRRP Table 99 VRRP Configuration (continued) LABEL DESCRIPTION Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 38.3 VRRP Configuration Examples The following sections show two VRRP configuration examples on the switch. 38.3.1 One Subnet Network Example The figure below shows a simple VRRP network with only one virtual router VR1 (VRID =1) and two switches.
Page 287 Chapter 38 VRRP You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 140 VRRP Example 1: VRRP Parameter Settings on Switch A Figure 141 VRRP Example 1: VRRP Parameter Settings on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next.
Page 288: Two Subnets Example
Chapter 38 VRRP 38.3.2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic. Hosts in the two network groups use different default gateways. Each switch is configured to backup a virtual router using VRRP. You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2.
Page 289 Chapter 38 VRRP screen for virtual router VR2 on each switch. Configure the VRRP parameters on the switches as shown in the figures below. Figure 145 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A Figure 146 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next.
Page 290 Chapter 38 VRRP MS-7206 User’s Guide...
Page 291: Manage
Manage Maintenance (293) Access Control (301) Diagnostic (321) Syslog (323) Cluster Management (327) MAC Table (335) IP Table (339) ARP Table (343) Routing Table (345) Configure Clone (347)
Page 293: Maintenance
H A P T E R Maintenance This chapter explains how to configure the maintenance screens that let you maintain the firmware and configuration files. 39.1 Maintenance Use this screen to manage firmware and the configuration. To open this screen, click Management >...
Page 294: Firmware Upgrade
Chapter 39 Maintenance Table 100 Maintenance (continued) LABEL DESCRIPTION Load Factory Follow these steps to reset the configuration to the factory default Default settings. 1. Click Click Here. The switch prompts you for confirmation. 2. Click OK to confirm. 3. In the main screen, click Save to make the changes take effect. If you want to access the switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default IP address (192.168.0.1).
Page 295 Chapter 39 Maintenance Use this screen to upload new firmware to the switch. You have to restart the switch (or slot for interface modules) before the new firmware starts running. To open this screen, click Management > Maintenance > Firmware Upgrade. Figure 150 Firmware Upgrade The following table describes the labels in this screen.
Page 296: Restore Configuration
Chapter 39 Maintenance Table 101 Firmware Upgrade (continued) LABEL DESCRIPTION File Path Type the path and file name of the firmware file you wish to upload to the switch in the File Path text box or click Browse to locate it. Upgrade Click this to upload the specified firmware to the specified card.
Page 297: Ftp Command Line
Chapter 39 Maintenance your system from which you may restore at a later date. To open this screen, click Management > Maintenance > Backup Configuration. Figure 152 Backup Configuration Follow the steps below to back up the current switch configuration to your computer.
Page 298: Example Ftp Commands
Chapter 39 Maintenance ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension. Table 102 Filename Conventions INTERNAL EXTERNAL FILE TYPE DESCRIPTION NAME NAME Configuration config This is the configuration filename on the File switch.
Page 299: Ftp Command Line Procedure
Chapter 39 Maintenance This is a sample FTP session showing the transfer of the computer file "firmware.bin" to the switch. ftp> get config config.cfg This is a sample FTP session saving the current configuration to a file called “config.cfg” on your computer. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them first as the switch only recognizes the names in...
Page 300: Gui-Based Ftp Clients
Chapter 39 Maintenance 39.2.3 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI- based FTP clients. Table 103 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous.
Page 301: Access Control
H A P T E R Access Control This chapter describes how to control access to the switch. 40.1 Access Control Use this screen to control access to the switch. A console port access control session and Telnet access control session cannot coexist when multi-login is disabled.
Page 302 Chapter 40 Access Control The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 154 SNMP Management Model A SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (the switch).
Page 303: Snmp V3 And Security
Chapter 40 Access Control 40.2.1 SNMP v3 and Security SNMP v3 enhances security for SNMP management. SNMP managers can be required to authenticate with agents before conducting SNMP management sessions. Security can be further enhanced by encrypting the SNMP messages sent from the managers.
Page 304 Chapter 40 Access Control Table 105 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION fanspeed FanSpeedEventOn 1.3.6.1.4.1.890.1.5.8.34.35. This trap is sent when the fan speed goes above or below the normal operating range. FanSpeedEventClear 1.3.6.1.4.1.890.1.5.8.34.35. This trap is sent when the fan speed returns to the normal operating range.
Page 305 Chapter 40 Access Control Table 106 SNMP Interface Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION linkup linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up. LinkDownEventClear 1.3.6.1.4.1.890.1.5.8.34.35 This trap is sent when the .2.2 Ethernet link is up. linkdown linkDown 1.3.6.1.6.3.1.1.5.3...
Page 306 Chapter 40 Access Control Table 107 AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION authentication authenticationFailure 1.3.6.1.6.3.1.1.5.5 This trap is sent when authentication fails due to incorrect user name and/ or password. AuthenticationFailureEve 1.3.6.1.4.1.890.1.5.8.34.35 This trap is sent when ntOn .2.1 authentication fails due to incorrect user name and/...
Page 307 Chapter 40 Access Control Table 109 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION STPNewRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP root switch changes. MRSTPNewRoot 1.3.6.1.4.1.890.1.5.8.34.36. This trap is sent when the MRSTP root switch changes. MSTPNewRoot 1.3.6.1.4.1.890.1.5.8.34.10 This trap is sent when the 7.70.1...
Page 308: Snmp
Chapter 40 Access Control 40.2.4 SNMP Use this screen to configure SNMP on the switch. To open this screen, click Management > Access Control > SNMP. Figure 155 SNMP The following table describes the labels in this screen. Table 110 SNMP LABEL DESCRIPTION General Setting...
Page 309 Chapter 40 Access Control Table 110 SNMP (continued) LABEL DESCRIPTION Set Community Enter the Set Community, which is the password for incoming Set- requests from the management station. The Set Community string is only used by SNMP managers using SNMP version 2c or lower. Trap Community Enter the Trap Community string, which is the password sent with each trap to the SNMP manager.
Page 310: Configuring Snmp Trap Group
Chapter 40 Access Control Table 110 SNMP (continued) LABEL DESCRIPTION Privacy Specify the encryption method for SNMP communication from this user. You can choose one of the following: • DES - Data Encryption Standard is a widely used (but breakable) method of data encryption.
Page 311: Logins
Chapter 40 Access Control The following table describes the labels in this screen. Table 111 SNMP Trap Group LABEL DESCRIPTION Trap Select one of your configured trap destination IP addresses. These are Destination IP the IP addresses of the SNMP managers. You must first configure a trap destination IP address in the SNMP Setting screen.
Page 312 Chapter 40 Access Control Use this screen to change the administrator password and to manage non- administrator accounts. To open this screen, click Management > Access Control > Logins. Figure 157 Logins The following table describes the labels in this screen. Table 112 Logins LABEL DESCRIPTION...
Page 313: Ssh Overview
Chapter 40 Access Control 40.4 SSH Overview Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network.
Page 314: Ssh Implementation On The Switch
Chapter 40 Access Control Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys.
Page 315: Https Example
Chapter 40 Access Control HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so.
Page 316: Netscape Navigator Warning Messages
Chapter 40 Access Control You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked. Figure 161 Security Alert Dialog Box (Internet Explorer) 40.5.1.2 Netscape Navigator Warning Messages When you attempt to access the switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate.
Page 317 Chapter 40 Access Control Select Accept this certificate permanently to import the switch’s certificate into the SSL client. Figure 162 Security Certificate 1 (Netscape) example example example Figure 163 Security Certificate 2 (Netscape) example MS-7206 User’s Guide...
Page 318: The Main Screen
Chapter 40 Access Control 40.5.1.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection. Figure 164 Example: Lock Denoting a Secure Connection MS-7206 User’s Guide...
Page 319: Service Access Control
Chapter 40 Access Control 40.6 Service Access Control Use this screen to decide what services can be used to access the switch. You may also change the default service port. To open this screen, click Management > Access Control > Service Access Control. Figure 165 Service Access Control The following table describes the fields in this screen.
Page 320: Remote Management
Chapter 40 Access Control 40.7 Remote Management Use this screen to specify groups of one or more “trusted computers” from which an administrator may use one or more service to manage the switch. To open this screen, click Management > Access Control > Remote Management. Figure 166 Remote Management The following table describes the labels in this screen.
Page 321: Diagnostic
H A P T E R Diagnostic This chapter explains the Diagnostic screen. 41.1 Diagnostic Use this screen to check system logs, ping IP addresses or perform port tests. To open this screen, click Management > Diagnostic. Figure 167 Diagnostic MS-7206 User’s Guide...
Page 322 Chapter 41 Diagnostic The following table describes the labels in this screen. Table 115 Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi-line text box. Click Clear to empty the text box and reset the syslog entry. IP Ping Type the IP address of a device that you want to ping in order to test a connection.
Page 323: Syslog
H A P T E R Syslog This chapter explains the syslog screens. 42.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.
Page 324: Syslog Setup
Chapter 42 Syslog 42.2 Syslog Setup Use this screen to configure the system logging settings. The syslog feature sends logs to an external syslog server. To open this screen, click Management > Syslog. Figure 168 Syslog Setup The following table describes the labels in this screen. Table 117 Syslog Setup LABEL DESCRIPTION...
Page 325: Syslog Server Setup
Chapter 42 Syslog 42.2.1 Syslog Server Setup Use this screen to configure a list of external syslog servers. To open this screen, click Management > Syslog > Syslog Server Setup. Figure 169 Syslog Server Setup The following table describes the labels in this screen. Table 118 Syslog Server Setup LABEL DESCRIPTION...
Page 326 Chapter 42 Syslog MS-7206 User’s Guide...
Page 327: Cluster Management
The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another. Table 119 Cluster Management Specifications Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches.
Page 328: Clustering Management Status
Chapter 43 Cluster Management In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 170 Clustering Application Example 43.2 Clustering Management Status Use this screen to manage switches through one switch, called the cluster manager.
Page 329: Cluster Member Switch Management
Chapter 43 Cluster Management The following table describes the labels in this screen. Table 120 Clustering Management Status LABEL DESCRIPTION Status This field displays the role of this switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager...
Page 330: Uploading Firmware To A Cluster Member Switch
Chapter 43 Cluster Management screen, click Management > Cluster Management, and click the index number of the cluster member. Figure 172 Cluster Management: Cluster Member Web Configurator Screen example 43.2.2 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example.
Page 331 Chapter 43 Cluster Management The following table explains some of the FTP parameters. Table 121 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION Enter “admin”. User The web configurator password default is 1234. Password Enter this command to list the name of cluster member switch’s firmware and configuration file.
Page 332: Clustering Management Configuration
Chapter 43 Cluster Management 43.3 Clustering Management Configuration Use this screen to configure cluster management. To open this screen, click Management > Cluster Management > Configuration. Figure 174 Clustering Management Configuration MS-7206 User’s Guide...
Page 333 Chapter 43 Cluster Management The following table describes the labels in this screen. Table 122 Clustering Management Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to be cluster managers will not be visible in the Clustering Candidates list.
Page 334 Chapter 43 Cluster Management Table 122 Clustering Management Configuration (continued) LABEL DESCRIPTION The next summary table shows the information for the clustering members configured. Index This is the index number of a cluster member switch. MacAddr This is the cluster member switch’s hardware MAC address. Name This is the cluster member switch’s system name.
Page 335: Mac Table
H A P T E R MAC Table This chapter introduces the MAC table in the switch and then explains the MAC table screen. 44.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the switch’s ports.
Page 336: Mac Table
Chapter 44 MAC Table • If the switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 175 MAC Table Flowchart 44.2 MAC Table Use this screen to look at the MAC table in the switch.
Page 337 Chapter 44 MAC Table Table 123 MAC Table (continued) LABEL DESCRIPTION Port Click this button to display and arrange the data according to port number. Index This is the incoming frame index number. MAC Address This is the MAC address of the device from which this incoming frame came.
Page 338 Chapter 44 MAC Table MS-7206 User’s Guide...
Page 339: Ip Table
H A P T E R IP Table This chapter introduces the IP table in the switch and then explains the IP table screen. 45.1 IP Table Overview The IP Table screen shows how packets are forwarded or filtered across the switch’s ports.
Page 340: Ip Table
Chapter 45 IP Table • If the switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it filters the packet. Figure 177 IP Table Flowchart 45.2 IP Table Use this screen to look at the IP table in the switch.
Page 341 Chapter 45 IP Table Table 124 IP Table (continued) LABEL DESCRIPTION IP Address This is the IP address of the device from which the incoming packets came. This is the VLAN group to which the packet belongs. Port This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the switch.
Page 342 Chapter 45 IP Table MS-7206 User’s Guide...
Page 343: Arp Table
H A P T E R ARP Table This chapter introduces the ARP table in the switch and then explains the ARP table screen. 46.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 344: Arp Table
Chapter 46 ARP Table 46.2 ARP Table Use this screen to view IP-to-MAC address mapping(s). To open this screen, click Management > ARP Table. Figure 179 ARP Table The following table describes the labels in this screen. Table 125 ARP Table LABEL DESCRIPTION Index...
Page 345: Routing Table
H A P T E R Routing Table This chapter introduces the routing table. 47.1 Routing Table Status Use this screen to view routing table information. The routing table contains the route information to the network(s) that the switch can reach. The switch automatically updates the routing table with the RIP/OSPF information received from other Ethernet devices.
Page 346 Chapter 47 Routing Table MS-7206 User’s Guide...
Page 347: Configure Clone
H A P T E R Configure Clone This chapter shows you how to copy settings from one port or card to other ports or cards. 48.1 Configure Clone Use this screen to copy basic or advanced settings from a source port or source card to one or more destination ports or cards.
Page 348: Configure Clone
Chapter 48 Configure Clone The following table describes the labels in this screen. Table 127 Configure Clone LABEL DESCRIPTION Source/ You can copy attributes from one port to one or more ports (first radio Destination button) or from one card to one or more cards (second radio button). Select the appropriate radio button.
Page 349 Chapter 48 Configure Clone MS-7206 User’s Guide...
Page 350 Chapter 48 Configure Clone MS-7206 User’s Guide...
Page 351: Troubleshooting And Product Specifications
Troubleshooting and Product Specifications Troubleshooting (353) Product Specifications (357)
Page 353: Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • MM-7201 Access and Login 49.1 Power, Hardware Connections, and LEDs The MM-7201 does not turn on.
Page 354: Mm-7201 Access And Login
Chapter 49 Troubleshooting If the problem continues, contact the vendor. 49.2 MM-7201 Access and Login I forgot the IP address for the MM-7201. The default IP address is 192.168.0.1. Use the console port to log in to the MM-7201. I forgot the password. The default password is 1234.
Page 355 Chapter 49 Troubleshooting If you have configured more than one IP interface, make sure another administrator is NOT logged into the web configurator on a different IP interface using the same account. Try to access the MM-7201 using the console port. If you can access the MM-7201, check the settings to find out why the MM-7201 does not respond to HTTP.
Page 356 Chapter 49 Troubleshooting I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser.
Page 357: Product Specifications
H A P T E R Product Specifications The following tables summarize the MM-7201’s hardware and firmware features. Table 128 Hardware Specifications HARDWARE SPECIFICATION Dimensions (L x W x H) 276 x 396.6 x 42.5 mm Device Weight 1.7 kg Power Specification Dual AC power supply (100-240 V, 50-60 Hz) into 24 VDC Dual 48 V DC power supply (36-72 V) into 24 VDC...
Page 358: Product Specifications
Chapter 50 Product Specifications Table 128 Hardware Specifications (continued) HARDWARE SPECIFICATION Temperature Operating: 0~45 ºC (32~113 ºF) Storage: -25~70 ºC (13~158 ºF) Humidity 10-90% (non-condensing) Table 129 Feature Descriptions FEATURE DESCRIPTION IP Routing Domain An IP interface (also known as an IP routing domain) is not bound to a physical port.
Page 359 Chapter 50 Product Specifications Table 129 Feature Descriptions (continued) FEATURE DESCRIPTION Port Mirroring Port mirroring allows you to copy traffic going from one or all ports to another or all ports in order that you can examine the traffic from the mirror port (the port you copy the traffic to) without interference.
Page 360 Use the web configurator to easily configure the rich range of features on the MM-7201. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the MM-7201.
Page 361 Chapter 50 Product Specifications Table 130 General Specifications (continued) CHARACTERISTIC SPECIFICATION Switching Max. Frame size: 1522 bytes Forwarding frame: IEEE 802.3, IEEE 802.1q, Ethernet II, PPPoE Prevent the forwarding of corrupted packets RSTP/MRSTP/MSTP IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) Multiple Rapid Spanning Tree capability (4 configurable trees) Multiple Spanning Tree Protocol IEEE 802.1p...
Page 362 Chapter 50 Product Specifications Table 130 General Specifications (continued) CHARACTERISTIC SPECIFICATION Support RADIUS and TACACS+ DVMRP Default Timer Values Probe interval: 10 sec Report interval: 35 sec Route expiration time: 140 sec Prune lifetime: Variable (less than two hours) Prune retransmission time: 3 sec with exponential back off Graft retransmission time: 5 sec with exponential back off MS-7206 User’s Guide...
Page 363 Chapter 50 Product Specifications Table 131 Management Specifications FEATURE SPECIFICATION System Control Alarm/Status surveillance LED indication for alarm and system status Performance monitoring Line speed Four RMON groups (history, statistics, alarms, and events) Throughput monitoring Port mirroring and aggregation Spanning Tree Protocol IGMP snooping Firmware upgrade and download through FTP/TFTP DHCP server/relay...
Page 364 RFC 1757 Four groups of RMON RFC 2011 IP MIP RFC 2012 TCP MIB RFC 2014 UDP MIB RFC 2233 RFC 2674 Bridge MIB extension RFC 2925 ZyXEL Private MIB Cluster Maximum number of cluster members: 24 Management Table 132 Supported Standards STANDARD DESCRIPTION...
Page 365 Chapter 50 Product Specifications Table 132 Supported Standards (continued) STANDARD DESCRIPTION RFC 2131 Dynamic Host Configuration Protocol (DHCP) RFC 2132 RFC 3046 RFC 2138 Remote Authentication Dial In User Service (RADIUS) RFC 2139 RFC 3580 RFC 2338 Virtual Router Redundancy Protocol (VRRP) RFC 2698 Two Rate Three Color Marker (trTCM) RFC 3164...
Page 366: Cable Pin Assignments
Chapter 50 Product Specifications Cable Pin Assignments In a serial communications connection, generally a computer is DTE (Data Terminal Equipment) and a modem is DCE (Data Circuit-terminating Equipment). The MM-7201 is DCE when you connect a computer to the console port. Figure 182 Console/Dial Backup Port Pin Layout Table 133 Console Port Pin Assignments ASSIGNMENT...
Page 367: Appendices And Index
VIII Appendices and Index IP Addresses and Subnetting (369) Legal Information (381) Index (385)
Page 369: Appendix A Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 370: Subnet Masks
Appendix A IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 183 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 371 Appendix A IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1”...
Page 372 Appendix A IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 373 Appendix A IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 184 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
Page 374 Appendix A IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 185 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of –...
Page 375 Appendix A IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 2 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 139 Subnet 1 LAST OCTET BIT IP/SUBNET MASK...
Page 376 Appendix A IP Addresses and Subnetting Table 142 Subnet 4 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111).
Page 377: Configuring Ip Addresses
Appendix A IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 145 16-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK HOST BITS SUBNETS SUBNET 255.255.128.0 (/17) 32766...
Page 378 Appendix A IP Addresses and Subnetting you entered. You don't need to change the subnet mask computed by the MM- 7201 unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.
Page 379 Appendix A IP Addresses and Subnetting address to computer A or setting computer A to obtain an IP address automatically. Figure 186 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks, it must have interfaces using different network numbers.
Page 380 Appendix A IP Addresses and Subnetting The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 188 Conflicting Computer and Router IP Addresses Example MS-7206 User’s Guide...
Page 381: Appendix B Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 382 Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. Viewing Certifications Go to http://www.zyxel.com. Select your product on the ZyXEL home page to go to that product's page. Select the certification you wish to view from this page. MS-7206 User’s Guide...
Page 383: Zyxel Limited Warranty
Appendix B Legal Information ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should...
Page 384 Appendix B Legal Information MS-7206 User’s Guide...
Page 385: Index
Index Index Authentication, Authorization and Accounting, Numerics see AAA authorization 802.1P priority privilege levels setup automatic VLAN registration Autonomous System and OSPF Autonomous System, see AS access control login account remote management service port back up, configuration file SNMP Backbone Router, see BR accounting backbone, routing setup...
Page 386 Index example server overview status setup VLAN setting 155, 158 cloning a port See port cloning DHCP relay option 82 cluster management DHCP snooping 327, 328 207, 208 and switch passwords configuring cluster manager DHCP relay option 82 327, 333 cluster member trusted ports 327, 333...
Page 387 Index threshold GARP timer 70, 87 Dynamic Host Configuration Protocol, see DHCP general setup dynamic link aggregation Generic Attribute Registration Protocol, see GARP getting help GMT (Greenwich Mean Time) GVRP 87, 93, 94 and port assignment Ethernet broadcast address GVRP (GARP VLAN Registration Protocol) Ethernet port test external authentication server hardware overview...
Page 388 Index interface number of and OSPF login password interface, and OSPF loop guard Internal Router, see IR examples port shut down Internet Assigned Numbers Authority setup See IANA vs. STP interface 73, 284 routing domain setup IP source guard ARP inspection 207, 210 DHCP snooping 207, 208...
Page 389 Index supported MIBs MIB (Management Information Base) mirroring ports monitor port network management system (NMS) mrouter NTP (RFC 1305) MST ID MST Instance, See MSTI MST region MSTI MSTP Open Shortest Path First, see OSPF bridge ID OSPF configuration advantages configuration digest area forwarding delay...
Page 390 Index example overview rules port authentication and classifier and RADIUS 196, 197 Queue priority and VSA Queue weight IEEE 802.1x 143, 146 queue weight IEEE802.1x queuing MAC authentication port cloning 347, 348 advanced settings 347, 348 basic settings 347, 348 port details Queuing algorithm port mirroring...
Page 391 Index Round Robin Scheduling how it works implementation router ID SSH (Secure Shell) routing domain 73, 284 SSL (Secure Socket Layer) routing protocols standby ports routing table static bindings static MAC address static MAC forwarding RSTP 95, 98, 101 See also STP static routes 241, 242 Static VLAN...
Page 392 Index subnet based VLANs trunking subnet mask trusted ports ARP inspection subnetting DHCP snooping switch lockout switch reset tunnel protocol attribute switch setup Two Rate Three Color Marker (TRTCM) syntax conventions Type of Service, see ToS syslog 211, 323 protocol server setup settings setup...
Page 393 Index VLAN Identifier, see VID VLAN number VLAN stacking ZyNOS (ZyXEL Network Operating System) 173, 175 configuration example frame format port roles 174, 178 priority VLAN, protocol based, see protocol based VLAN VRID (Virtual Router ID) VRRP advertisement interval authentication...
Page 394 Index MS-7206 User’s Guide...

This manual is also suitable for:

Ms-7206 - manual 2 Mm-7201 Mp-7202 Ms-7206s