Download Print this page

ZyXEL Communications CX4800-56F User Manual

48-port 10g/25g l3 aggregation fiber switch with 8 100g uplinks

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

User's Guide

CX4800-56F

48-port 10G/25G L3 Aggregation Fiber Switch with 8 100G Uplinks

Default Login Details

LAN IP Address

User Name

Password

Copyright © 2025 Zyxel and/or its affiliates. All Rights Reserved.

https://setup.zyxel or

https://DHCP-assigned IP or

https://192.168.1.1

admin

On the back label on the Switch or

Local Credential Password (Cloud Mode)

Version 1.00 Edition 2, 03/2025

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the CX4800-56F and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications CX4800-56F

Page 1 User’s Guide CX4800-56F 48-port 10G/25G L3 Aggregation Fiber Switch with 8 100G Uplinks Default Login Details Version 1.00 Edition 2, 03/2025 LAN IP Address https://setup.zyxel or https://DHCP-assigned IP or https://192.168.1.1 User Name admin Password On the back label on the Switch or Local Credential Password (Cloud Mode) Copyright ©...
Page 2 • Nebula Control Center (NCC) User’s Guide Go to nebula.zyxel.com support.zyxel.com to get this User’s Guide on how to configure the Switch using Nebula. • More Information Go to https://community.zyxel.com/en for product discussions. Go to support.zyxel.com to find other information on the Switch. CX4800-56F User’s Guide...
Page 3: Warnings And Notes
Figures in this user guide may use the following generic icons. The Switch icon is not an exact representation of your device. Switch Generic Router Wireless Router / Access Point Generic Switch Smart TV Desktop Laptop IP Camera Printer Server CX4800-56F User’s Guide...
Page 4: Table Of Contents
Link Aggregation ..........................172 Link Layer Discovery Protocol (LLDP) ....................180 Port Setup ............................202 SWITCHING ............................206 Loop Guard ............................207 Mirroring ............................... 210 Multicast .............................. 213 Static Multicast Forwarding ....................... 231 Private VLAN ............................234 CX4800-56F User’s Guide...
Page 5 Error-Disable ............................389 IP Source Guard ..........................395 DHCP Snooping ..........................400 ARP Inspection ............................ 412 Port Authentication ..........................420 Port Security ............................432 MAINTENANCE ............................ 436 Networked AV Mode ......................... 466 Troubleshooting and Appendices ....................525 Troubleshooting ..........................526 CX4800-56F User’s Guide...
Page 6: Table Of Contents
2.3.3 Attaching the Mounting Brackets to the Switch ............... 34 2.3.4 Mounting the Switch on a Rack ..................35 Chapter 3 Hardware Panels..........................37 3.1 Switch Hardware Features ......................37 3.2 Front Panel Connections ....................... 37 3.2.1 SFP28 / QSFP28 Slots ......................38 CX4800-56F User’s Guide...
Page 7 5.4 Create a VLAN ..........................84 5.5 Set Port VID ............................85 5.5.1 Configure Switch Management IP Address ............... 86 5.6 How to Use DHCPv4 Relay on the Switch ..................88 5.6.1 DHCP Relay Tutorial Introduction ..................88 CX4800-56F User’s Guide...
Page 8 10.1.1 What You Can Do ......................109 10.1.2 What You Need to Know ....................109 10.2 Viewing the MAC Table ......................110 Chapter 11 Neighbor ............................112 11.1 Neighbor Overview ........................112 11.1.1 What You Can Do ......................112 11.2 Neighbor ............................112 CX4800-56F User’s Guide...
Page 9 17.2 Nebula Center Control Discovery .................... 131 Chapter 18 General Setup ..........................133 18.1 General Setup ..........................133 18.2 Hardware Monitor Setup ......................135 Chapter 19 IP Setup .............................137 19.1 IP Setup Overview ........................137 19.1.1 What You Can Do ......................137 CX4800-56F User’s Guide...
Page 10 23.2.1 Add/Edit a Syslog Server ....................164 Chapter 24 Time Range............................165 24.1 Time Range Overview ........................ 165 24.1.1 What You Can Do ......................165 24.2 Configure a Time Range ......................165 24.2.1 Add/Edit Time Range ....................... 166 CX4800-56F User’s Guide...
Page 11 28.7 Org-specific TLV Setting ......................195 28.8 LLDP-MED Setup .......................... 196 28.9 LLDP-MED Network Policy ......................197 28.9.1 Add/Edit LLDP-MED Network Policy ................197 28.10 LLDP-MED Location ........................198 28.10.1 Add/Edit LLDP-MED Location ..................199 Chapter 29 Port Setup............................202 CX4800-56F User’s Guide...
Page 12 33.6 MVR Configuration ........................225 33.6.1 Add/Edit MVR ........................225 33.7 MVR Group Setup ........................227 33.7.1 Add/Edit MVR Group ......................228 33.7.2 MVR Configuration Example ................... 228 Chapter 34 Static Multicast Forwarding......................231 34.1 Static Multicast Forwarding Overview ..................231 CX4800-56F User’s Guide...
Page 13 39.2 sFlow Port Configuration ......................247 39.3 sFlow Collector Configuration ....................249 39.3.1 Add/Edit sFlow Collector ....................249 Chapter 40 Spanning Tree Protocol ........................251 40.1 Spanning Tree Protocol Overview .................... 251 40.1.1 What You Can Do ......................251 CX4800-56F User’s Guide...
Page 14 43.2 Introduction to IEEE 802.1Q Tagged VLANs ................278 43.3 VLAN Status ..........................281 43.3.1 VLAN Details ........................282 43.4 Private VLAN Status ........................283 43.5 Configure a Static VLAN ......................284 43.5.1 Add/Edit a Static VLAN ....................285 43.6 VLAN Port Setup .......................... 286 CX4800-56F User’s Guide...
Page 15 WoL Relay ............................308 46.1 WoL Relay Overview ........................308 46.2 WoL Relay ............................ 308 46.2.1 Add/Edit WoL Relay ......................309 Chapter 47 NETWORKING............................310 Chapter 48 ARP Setup............................311 48.1 ARP Overview ..........................311 48.1.1 What You Can Do ......................311 CX4800-56F User’s Guide...
Page 16 Chapter 51 SECURITY ............................337 Chapter 52 AAA ..............................338 52.1 Authentication, Authorization and Accounting (AAA) ............338 52.1.1 What You Can Do ......................338 52.1.2 What You Need to Know ....................338 52.2 RADIUS Server Setup ........................339 CX4800-56F User’s Guide...
Page 17 55.1.1 What You Can Do ......................372 55.1.2 DiffServ ..........................372 55.1.3 DSCP and Per-Hop Behavior ................... 372 55.2 Policy Rules ..........................373 55.2.1 Add/Edit a Policy Rule ...................... 373 55.3 Policy Example ..........................376 Chapter 56 Anti-Arpscan ............................378 CX4800-56F User’s Guide...
Page 18 60.1 IP Source Guard Overview ......................395 60.1.1 What You Can Do ......................396 60.2 IPv4 Source Guard ........................396 60.3 IPv4 Source Guard Static Binding ..................... 397 60.3.1 Add/Edit IPv4 Source Guard Static Binding ..............398 Chapter 61 DHCP Snooping ..........................400 CX4800-56F User’s Guide...
Page 19 63.6.3 EAP (Extensible Authentication Protocol) Authentication ........... 430 63.6.4 EAPOL (EAP over LAN) ...................... 431 Chapter 64 Port Security............................432 64.1 Port Security Overview ....................... 432 64.2 About Port Security ........................432 64.3 Port Security Setup ........................432 CX4800-56F User’s Guide...
Page 20 65.17.1 Generate the SSH Authorized Keys ................457 65.18 SSH Host Keys ..........................463 65.19 Tech-Support ..........................463 65.19.1 Tech-Support Download ....................465 Chapter 66 Networked AV Mode........................466 66.1 Overview ............................. 466 66.2 Help .............................. 466 66.3 Summary ............................466 66.4 MONITOR ............................. 469 CX4800-56F User’s Guide...
Page 21 66.33.2 What You Need to Know ....................507 66.34 VLAN Status ..........................510 66.34.1 VLAN Details ........................511 66.35 Configure a Static VLAN ......................511 66.35.1 Add/Edit a Static VLAN ....................512 66.36 VLAN Port Setup ........................514 CX4800-56F User’s Guide...
Page 22 67.3 Switch Configuration ........................529 67.4 Nebula Registration ........................531 Appendix A Customer Support ..................... 532 Appendix B Common Services ...................... 537 Appendix C IPv6..........................540 Appendix D Importing a Certificate ..................... 548 Appendix E Legal Information ....................... 561 Index ..............................566 CX4800-56F User’s Guide...
Page 23: User's Guide
User’s Guide...
Page 24: Getting To Know Your Switch
This User Guide is for the platform version listed on the cover. This chapter introduces the main features and applications of the Switch. CX4800-56F is referred to as the “Switch” in this guide. Your Switch is a layer-3 100G managed fiber Switch. By integrating router functions, the Switch performs wire-speed layer-3 routing in addition to layer-2 switching.
Page 25: Backbone Example Application
Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 3 Bridging with Fiber Optic Uplink Example Application CX4800-56F User’s Guide...
Page 26: High Performance Switching Example
Ports in the same VLAN group share the same frame broadcast domain thereby increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re-cabling. CX4800-56F User’s Guide...
Page 27: Ways To Manage The Switch
The Switch can operate in either standalone or Nebula cloud management mode. When the Switch is in standalone mode, it can be configured and managed by the Web Configurator. When the Switch is in Nebula cloud management mode, it can be managed and provisioned by the Zyxel Nebula Control Center (NCC). CX4800-56F User’s Guide...
Page 28 Note: See the Switch’s datasheet for the feature differences between standalone and Nebula cloud management modes. You can find the Switch’s datasheet at the Zyxel website. See the NCC User’s Guide for how to configure the Switch using Nebula. CX4800-56F User’s Guide...
Page 29: Mode Changing
Select a site and scan the Switch's QR code or manually enter the information to add it to the site. You can find the QR code: • On a label on the Switch or • On its box or • In the Web Configurator at SYSTEM > Cloud Management. CX4800-56F User’s Guide...
Page 30 ACCESS LOGIN USER NAME LOGIN PASSWORD DOMAIN NAME Cloud mode NCC (Nebula Zyxel Account email Zyxel Account https://nebula.zyxel.com Control Center) password portal admin Local credentials https://setup.zyxel Configurator password (Local GUI) https://DHCP-assigned IP a configured static IP address CX4800-56F User’s Guide...
Page 31: Zon Utility
You can download the ZON Utility at www.zyxel.com and install it on a PC (Windows operation system). For more information on ZON Utility see Section 4.3 on page CX4800-56F User’s Guide...
Page 32: Web Configurator Networked Av Mode
Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. CX4800-56F User’s Guide...
Page 33: Hardware Installation And Connection
Remove the adhesive backing from the rubber feet. Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. CX4800-56F User’s Guide...
Page 34: Mount The Switch On A Rack
2.3.3 Attaching the Mounting Brackets to the Switch Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch. CX4800-56F User’s Guide...
Page 35: Mounting The Switch On A Rack
Adjust the rails to fit the rack. Align the two screw holes on a mounting bracket onto the rack. Then, screw the rail onto the rack at the back of the Switch. Repeat for the second mounting bracket on the other side of the Switch. CX4800-56F User’s Guide...
Page 36 Chapter 2 Hardware Installation and Connection CX4800-56F User’s Guide...
Page 37: Hardware Panels
1/10/25 Gbps SFP28 Interface 25/100 Gbps QSFP28 Interface Smart FAN Console Port RJ-45 Rack-mount Management Port Device back 3.2 Front Panel Connections The following figure shows the front panel of the Switch. Figure 11 Front Panel: CX4800-56F CX4800-56F User’s Guide...
Page 38: Sfp28 / Qsfp28 Slots
Chapter 3 Hardware Panels The following table describes the ports. Table 3 CX4800-56F Panel Connections CONNECTOR DESCRIPTION Port 1 - 48 Use SFP28 transceivers in these ports for high-bandwidth backbone connections. 1G/10G/25G SFP28 Slots Port 49 - 56 Use QSFP28 transceivers in these ports for high-bandwidth backbone connections.
Page 39: Transceiver Removal
If unsuccessful, contact Zyxel Support to prevent damage to your Switch and transceiver. Insert the dust plug into the ports on the transceiver and the cables. CX4800-56F User’s Guide...
Page 40: Management Port
• VT100 terminal emulation • 115200 bps • No parity, 8 data bits, 1 stop bit • No flow control 3.3 Rear Panel The following figures show the rear panel of the Switch. The rear panel contains: CX4800-56F User’s Guide...
Page 41: Grounding
Chapter 3 Hardware Panels Figure 18 Rear Panel: CX4800-56F (AC model) Figure 19 Rear Panel: CX4800-56F (DC model) 3.3.1 Grounding Grounding is a safety measure to direct excess electric charge to the ground. It prevents damage to the Switch, and protects you from electrocution. Use the grounding screw on the rear panel and the ground wire of the AC power supply to ground the Switch.
Page 42: Power Module Installation And Removal
The Switch uses two power supply modules, one of which is redundant, so if one power module fails the system can operate on the remaining module. It is recommended to replace the faulty power module promptly to prevent potential risks. Note: Use the included power cord for the power connection. CX4800-56F User’s Guide...
Page 43 Disconnect the power cord from the power outlet, then from the power module. Press the latch (1) on the power module and gently pull (2) the power module out of the slot. Figure 23 Removing the AC Power Module CX4800-56F User’s Guide...
Page 44: Ac Power Connection (Ac Models Only)
Note: The current rating of the power wires must be greater than 16 AWG. The power supply to which the Switch connects must have a built-in circuit breaker or switch to toggle the power. CX4800-56F User’s Guide...
Page 45: Fan Installation And Removal
Switch. Find the fan module on the rear panel of the Switch. Press the latch (1) on the fan module and gently pull (2) the fan module out of the slot. CX4800-56F User’s Guide...
Page 46: Leds
Figure 25 Removing the Fan Module 3.4 LEDs After you connect the power to the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting. Table 4 CX4800-56F LED Descriptions COLOR STATUS DESCRIPTION...
Page 47 Chapter 3 Hardware Panels Table 4 CX4800-56F LED Descriptions (continued) COLOR STATUS DESCRIPTION CLOUD Green The Switch has successfully connected to the NCC (Nebula Control Center). Blinking The Switch cannot connect to the NCC because it is not registered. Amber The Switch is registered at NCC but cannot connect to the NCC.
Page 48: Technical Reference
Technical Reference...
Page 49: Web Configurator
Also, you can use the ZON Utility to check your Switch’s IP address. See Section 4.3 on page 56 for more information on the ZON utility. CX4800-56F User’s Guide...
Page 50 Note: If you see this warning page, it indicates that your browser has failed to verify the Secure Sockets Layer (SSL) certificate, which opens an encrypted connection. You can ignore this message and proceed to the login IP address. Figure 26 Unsafe Login Warning The Login screen appears. CX4800-56F User’s Guide...
Page 51 Chapter 4 Web Configurator Figure 27 Web Configurator: Login (Standalone mode) Figure 28 Web Configurator: Login (Cloud mode) CX4800-56F User’s Guide...
Page 52 Note: The allowed string length is 4 to 32 for the new password and should not contain [ ? ], [ | ], [ ' ], [ " ], [ , ], [ [ ], [ ] ], or [ space ]. CX4800-56F User’s Guide...
Page 53 Figure 32 Select Mode Select the Web Configurator in Standard Mode that has a complete set of configuration for network installation. Or select the Web Configurator in Networked AV Mode that has a set of menus specifically CX4800-56F User’s Guide...
Page 54: Snmp Setting
Configurator. Click SNMP to open a screen where you can change the SNMP community string, see Section 21.2 on page 147 for more information. Otherwise, click Ignore to close it. SNMP Setting Figure 33 Web Configurator: Warning CX4800-56F User’s Guide...
Page 55 Otherwise, click the Exit button. If you want to open the Setup Wizard screen later, click the Wizard icon in the upper right hand corner of the Web Configurator in Networked AV mode. Figure 35 Web Configurator: Wizard CX4800-56F User’s Guide...
Page 56: Zyxel One Network (Zon) Utility
• 2 GB RAM • 100 MB free hard disk • WXGA (Wide XGA 1280 by 800) 4.3.2 Run the ZON Utility Double-click the ZON Utility to run it. Select a network adapter to which your supported devices are connected. CX4800-56F User’s Guide...
Page 57 Select a device and then use the icons to perform actions. Some functions may not be available for your devices. Note: You must know the selected device admin password before taking actions on the device using the ZON Utility icons. CX4800-56F User’s Guide...
Page 58 This field displays an icon of the kind of device discovered. Model This field displays the model name of the discovered device. Firmware Version This field displays the firmware version of the discovered device. MAC Address This field displays the MAC address of the discovered device. CX4800-56F User’s Guide...
Page 59: Networked Av Mode Wizard
• When the Switch is in its factory-default state, selecting Networked AV mode will automatically access the Setup Wizard. • When in Networked AV mode, click the Wizard link to access the Setup Wizard. Figure 41 Wizard Link in Networked AV Mode The Setup Wizard contains the following parts: CX4800-56F User’s Guide...
Page 60: Basic Settings
The Switch needs an IP address for it to be managed over the network. IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254. CX4800-56F User’s Guide...
Page 61 Re-enter your new system password for confirmation. password SNMP SNMP Select Enabled to let the Switch act as an SNMP agent, which allows a manager station to manage and monitor the Switch through the network. Select Disabled to turn this feature off. CX4800-56F User’s Guide...
Page 62 Click Previous to show the previous screen. Next Click Next to show the next screen. Cancel Click Cancel to exit this screen without saving. After clicking Next, the Networked AV screen appears. Figure 44 Wizard > Basic Settings > Step 3 Networked AV CX4800-56F User’s Guide...
Page 63 This field displays whether the WAN interface is using a DHCP IP address or a static IP address. This field displays the VLAN ID. IP Address This field displays the Switch’s IP address for it to be managed over the network. CX4800-56F User’s Guide...
Page 64 Section 34.1 on page 231 for more information on Static Multicast Forwarding. Previous Click Previous to show the previous screen. Finish Review the information and click Finish to create the task. Cancel Click Cancel to exit this screen without saving. CX4800-56F User’s Guide...
Page 65: Advanced Settings
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and so forth. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address. CX4800-56F User’s Guide...
Page 66 Re-enter your new system password for confirmation. password SNMP SNMP Select Enabled to let the Switch act as an SNMP agent, which allows a manager station to manage and monitor the Switch through the network. Select Disabled to turn this feature off. CX4800-56F User’s Guide...
Page 67 Click Previous to show the previous screen. Next Click Next to show the next screen. Cancel Click Cancel to exit this screen without saving. After clicking Next, the Networked AV screen appears. Figure 48 Wizard > Advanced Settings > Step 3 Networked AV CX4800-56F User’s Guide...
Page 68 Link aggregation (trunking) is the grouping of physical ports into one logical higher- capacity link. Previous Click Previous to show the previous screen. Next Click Next to show the next screen. Cancel Click Cancel to exit this screen without saving. After clicking Next, the Summary screen appears. CX4800-56F User’s Guide...
Page 69 This field displays the Get Community string. Set Community This field displays the Set Community string. Trap Community This field displays the Trap Community string. Networked AV – Advanced Settings Networked AV This field displays the VLAN ID for the AVoIP network. VLAN CX4800-56F User’s Guide...
Page 70: Web Configurator Layout
Click Cancel to exit this screen without saving. 4.5 Web Configurator Layout The DASHBOARD screen is the first screen that displays when you access the Web Configurator. The following figure shows the navigating components of a Web Configurator screen. CX4800-56F User’s Guide...
Page 71 If a status circle turns Orange, it means the Switch is unable to connect to NCC. Hover the mouse over the status circle to check the diagnostic message. You can also click the ON/OFF switch to CX4800-56F User’s Guide...
Page 72 This link takes you to a screen where you can set up global Switch parameters such as VLAN type. Syslog Setup This link takes you to a screen where you can configure the Switch’s system logging settings and configure a list of external syslog servers. CX4800-56F User’s Guide...
Page 73 This link takes you to a screen where you can configure the MRSTP (Multiple Rapid Spanning Tree Protocol) settings on the Switch. MSTP This link takes you to a screen where you can configure the MSTP (Multiple Spanning Tree Proto- col) settings on the Switch. CX4800-56F User’s Guide...
Page 74 Switch should forward traffic by destination IP address and subnet mask. SECURITY Click the link to unfold the following sub-link menu. RADIUS This link takes you to a screen where you can configure your RADIUS (Remote Authentication Dial- Server In User Service) server settings for authentication. Setup CX4800-56F User’s Guide...
Page 75 802.1x authentication or MAC authentication, or pass both IEEE 802.1x authentication and MAC tion Mode authentication. Port Security This link takes you to a screen where you can activate MAC address learning and set the maximum number of MAC addresses to learn on a port. CX4800-56F User’s Guide...
Page 76 (Nebula Control Center). The screen also has a QR code containing the Switch’s serial number and MAC address for handy registration of the Switch at NCC. General Setup This link takes you to a screen where you can configure general identification information about the Switch. CX4800-56F User’s Guide...
Page 77 This link takes you to a screen to reboot the Switch without turning the power off. Tech-Support This link takes you to a screen where you can download related log reports for issue analysis. Log reports include CPU history and utilization, crash and memory. CX4800-56F User’s Guide...
Page 78: Tables And Lists
When viewing a list, you can click on an index number to view more details about the entry. If the list has more than one page, click the arrow button to navigate to different pages of entries. CX4800-56F User’s Guide...
Page 79: Save Your Configuration
Delete all port-based VLANs with the CPU port as a member. The “CPU port” is the management port of the Switch. Filter all traffic to the CPU port. Disable all ports. Misconfigure the text configuration file. Forget the password and/or IP address. CX4800-56F User’s Guide...
Page 80: Restoring The Switch To The Factory Defaults
In debug mode, enter ‘atrf’. The Switch will restart and load the factory-default configurations. 4.8.1 Reboot the Switch Press the RESET button to reboot the Switch without turning the power off. See Section 3.4 on page 46 more information about the LED behavior. CX4800-56F User’s Guide...
Page 81: Log Out Of The Web Configurator
The Web Configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help icon on a Web Configurator screen to view an online help description (shown as below) of that screen. Figure 54 Online Web Help CX4800-56F User’s Guide...
Page 82: Initial Setup Example
If the Switch fails to obtain an IP address from a DHCP server, the Switch will use 192.168.1.1 as the management IP address. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. Figure 55 Getting Started: Management IP Address CX4800-56F User’s Guide...
Page 83 Switch. Go to the SYSTEM > IP Setup > IP Setup screen. Click Add/Edit. The following screen appears. For the VLAN2 network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask. CX4800-56F User’s Guide...
Page 84: Change The Administrator Login Password
Go to the SWITCHING > VLAN > Static VLAN screen. Click Add/Edit. The following screen appears. Click the switch to set this VLAN to Active, enter a descriptive name in the Name field and enter “2” in the VLAN Group ID field for the VLAN2 network. CX4800-56F User’s Guide...
Page 85: Set Port Vid
VLAN group that the tag defines. In the example network, configure 2 as the port VID (PVID) on port 1 (P1) so that any untagged frames received on that port get sent to VLAN 1. CX4800-56F User’s Guide...
Page 86: Configure Switch Management Ip Address
If the Switch fails to obtain an IP address from a DHCP server, the Switch will use 192.168.1.1 as the management IP address. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. CX4800-56F User’s Guide...
Page 87 Switch is using a DHCP-assigned IP or static IP address. This requires your PC to be directly connected to the Switch. Go to the SYSTEM > IP Setup > IP Setup screen. Click Add/Edit. The following screen appears. CX4800-56F User’s Guide...
Page 88: How To Use Dhcpv4 Relay On The Switch
IP address (say 172.16.1.18) to DHCP client A based on the system name, VLAN ID and port number in the DHCP request. Client A connects to the Switch’s port 2 (P2) in VLAN 102. Figure 59 Getting Started: DHCP Relay Scenario CX4800-56F User’s Guide...
Page 89: Create A Vlan
Go to SWITCHING > VLAN > VLAN Setup > Static VLAN. Click Add/Edit. The following screen appears. Enable the switch button to set this VLAN to Active. Enter a descriptive name (VLAN 102 for example) in the Name field and enter “102” in the VLAN Group ID field. CX4800-56F User’s Guide...
Page 90 Go to VLAN > VLAN Setup > VLAN Port Setup. Enter “102” in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. Click Apply to save your changes back to the run-time memory. CX4800-56F User’s Guide...
Page 91: Configure Dhcpv4 Relay
Client A is connected to the Switch’s port 2 in VLAN 102. You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. You clicked the Save link on the Switch to have your settings take effect. CX4800-56F User’s Guide...
Page 92: How To Use Auto Configuration Through A Dhcp Server On The Switch
Enable the switch button in the Active field to enable auto configuration. Select DHCP in the Mode field, and enter the VLAN ID where the DHCP server belongs to in the DHCP VLAN ID field. Click Apply to save your changes. CX4800-56F User’s Guide...
Page 93 You need to save the current configuration in a configuration file, so the Switch will load the auto configuration file from the TFTP server automatically when rebooting. Go to the MAINTENANCE > Configuration > Save Configuration > Save Configuration screen. Click the Config 1, Config 2, or Custom Default button. CX4800-56F User’s Guide...
Page 94: How To Back Up The Configuration
If it is, click Save at the top right corner of the Web Configurator to save the configuration permanently. 5.8 How to Back Up the Configuration This section shows you how to back up the configuration. You should regularly back up your configuration especially before you make major configuration changes. CX4800-56F User’s Guide...
Page 95: How To Restore The Configuration
This section shows you how to restore a previously saved configuration file from your computer to the Switch. Log into the Web Configurator. Go to MAINTENANCE > Configuration > Restore Configuration > Restore Configuration. Click Choose File and select the previously saved configuration file. Click Restore. CX4800-56F User’s Guide...
Page 96: How To Upgrade The Firmware
The Availability of the Switch is Upgrade available when a newer firmware is available. Select the checkbox of the Switch, then click Upgrade now. Check that the Availability of the Switch is Up to date. CX4800-56F User’s Guide...
Page 97: Firmware Upgrade Through The Web Configurator
Select the firmware you want to upgrade from the drop-down list. In this tutorial, you want to upload the downloaded firmware to Firmware 1 on the Switch. Select 1. Click Choose File and select the downloaded, unzipped firmware file. CX4800-56F User’s Guide...
Page 98 Unplug the power cable and then plug it back into the Switch. Close the current window of the Web Configurator, then log into the Web Configurator with a new window. Go to MAINTENANCE > Firmware Upgrade > Firmware Upgrade. Check that the Running firmware is the same as Firmware 1 version. CX4800-56F User’s Guide...
Page 99: Dashboard
Find the latest release notes in: Download Library. 6.2 DASHBOARD This screen displays general device information, system status, system resource usage, and port status. Click DASHBOARD in the navigation panel to open the following screen. CX4800-56F User’s Guide...
Page 100 This field displays the serial number of this Switch. The serial number is used for device tracking Number and control. Hardware This field displays the hardware version of the Switch. Version System MAC This field displays the MAC address of the Switch. Address CX4800-56F User’s Guide...
Page 101 The Switch has temperature sensors that are capable of detecting and reporting if the temperature rises above the threshold. This displays the Switch’s current device temperature level. Click to go to the MONITOR > System Information > System Information screen to check the detailed information. CX4800-56F User’s Guide...
Page 102: Port Status
The quick links in the Quick Link section provide shortcuts to specific configuration screens. You can use the quick links to directly access the screens that you would frequently use. You can also decide which quick links to be put on the DASHBOARD screen using the Edit button. CX4800-56F User’s Guide...
Page 103 The setup panel displays after you click the Edit button. Figure 64 Quick Link Selection Select the quick links you want and click Apply. The selected quick links will be displayed in the Quick Link section on the DASHBOARD screen. CX4800-56F User’s Guide...
Page 104: Monitor
The following chapters introduces the configurations of the links under the MONITOR navigation panel. Quick links to chapters: • ARP Table • IP Table • MAC Table • Neighbor • Port Status • Routing Table • System Information • System Log CX4800-56F User’s Guide...
Page 105: Arp Table
8.2 Viewing the ARP Table Use the ARP table to view IP-to-MAC address mappings and remove specific dynamic ARP entries. Click MONITOR > ARP Table > ARP Table in the navigation panel to open the following screen. CX4800-56F User’s Guide...
Page 106 This shows 0 for a static entry. Type This shows whether the IP address is dynamic (learned by the Switch) or static (manually configured in SYSTEM > IP Setup > IP Setup or NETWORKING > ARP Setup > Static ARP). CX4800-56F User’s Guide...
Page 107: Ip Table
• If the Switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it filters the packet. Figure 66 IP Table Flowchart CX4800-56F User’s Guide...
Page 108: Viewing The Ip Table
Click this button to display and arrange the data according to IP address. Click this button to display and arrange the data according to VLAN group. Port Click this button to display and arrange the data according to port number. CX4800-56F User’s Guide...
Page 109: Mac Table
MAC address. The Switch then learns the port that replies with the MAC address. • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. CX4800-56F User’s Guide...
Page 110: Viewing The Mac Table
MAC forwarding table or MAC filtering table from the MAC table using this screen. Click MONITOR > MAC Table > MAC Table in the navigation panel to display the following screen. Figure 69 MONITOR > MAC Table > MAC Table CX4800-56F User’s Guide...
Page 111 This is the port where the above MAC address is forwarded. Type This shows whether the MAC address is Dynamic (learned by the Switch) or Static (manually entered in the SWITCHING > Static MAC Forwarding > Static MAC Forwarding screen). CX4800-56F User’s Guide...
Page 112: Neighbor
Use the Neighbor Details screen (Section 11.2.1 on page 113) to view more detailed information on the Switch’s neighbor devices. 11.2 Neighbor Click MONITOR > Neighbor > Neighbor to see the following screen. Figure 70 MONITOR > Neighbor > Neighbor CX4800-56F User’s Guide...
Page 113: Neighbor Details
When the maximum number of neighboring device records per Ethernet port is reached, new device records automatically overwrite existing offline device records, starting with the oldest existing offline device record first. Click MONITOR > Neighbor > Neighbor Details to see the following screen. CX4800-56F User’s Guide...
Page 114 ZON utility. This shows the MAC address of the neighbor device. Firmware This shows the firmware version of the neighbor device. This field will show “–” for devices that do not support the ZON utility. CX4800-56F User’s Guide...
Page 115 Web Configurator. Flush Click the Flush button on the port tab to remove information about neighbors learned on a specific ports. Flush All Click the Flush All button to remove information about neighbors learned on all ports. CX4800-56F User’s Guide...
Page 116: Port Status
MONITOR > Port Status > Port Status to display the Port Status screen as shown next. You can also click the Port Status link in the Quick Link section of the DASHBOARD screen to see the following screen. Figure 72 MONITOR > Port Status > Port Status CX4800-56F User’s Guide...
Page 117: Port Details
Click an index in the Port column in the MONITOR > Port Status > Port Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 73 MONITOR > Port Status > Port Status > Port Details CX4800-56F User’s Guide...
Page 118 This field shows the number of good Multicast packets received. Broadcast This field shows the number of good broadcast packets received. Pause This field shows the number of 802.3x pause packets received. TX Collision The following fields display information on collisions while transmitting. CX4800-56F User’s Guide...
Page 119: Ddmi
DDMI to see the following screen. Alternatively, click DASHBOARD from any Web Configurator screen and then the Port Status link in the Quick Link section of the DASHBOARD screen to display the Port Status screen and then click the DDMI link tab. CX4800-56F User’s Guide...
Page 120: Ddmi Details
SFP port. The parameters include, for example, transmitting and receiving power, and module temperature. Click an index in the Port column in the DDMI screen to view current transceivers’ status. Figure 75 MONITOR > Port Status > DDMI > DDMI Details CX4800-56F User’s Guide...
Page 121: Port Utilization
Alternatively, click DASHBOARD from any Web Configurator screen and then the Port Status link in the Quick Link section of the DASHBOARD screen to display the Port Status screen and then click the Port Utilization link tab. CX4800-56F User’s Guide...
Page 122 This field shows the transmission speed of data received on this port in kilobytes per second. Rx Utilization% This field shows the percentage of actual received frames on this port as a percentage of the Link speed. CX4800-56F User’s Guide...
Page 123: Routing Table
This field displays the destination IP routing domain. Gateway This field displays the IP address of the gateway device. Interface This field displays the IP address of the IPv4 Interface. Metric This field displays the cost of the route. CX4800-56F User’s Guide...
Page 124 STATIC – added as a static entry. LOCAL – added as a local interface entry. Uptime This field displays how long the route has been running since the Switch learned the route and added an entry in the routing table. CX4800-56F User’s Guide...
Page 125: System Information
125) to view general system information and hardware status of the Switch. 14.1 System Information In the navigation panel, click MONITOR > System Information > System Information to display the screen as shown. Use this screen to view general system information. CX4800-56F User’s Guide...
Page 126 This displays the version number of the Switch 's current firmware including the date created. Version Ethernet This refers to the Ethernet MAC (Media Access Control) address of the Switch. Address This displays the current percentage of CPU utilization. Utilization Current (%) CX4800-56F User’s Guide...
Page 127 This is the current voltage reading. This field displays the maximum voltage measured at this point. This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. CX4800-56F User’s Guide...
Page 128 Absent is displayed when there is no power module connected to the Switch. Error indicates that this power module is functioning below the power requirement. Or, the fan in this power module is not working. CX4800-56F User’s Guide...
Page 129: System Log
The summary table shows the time the log message was recorded and the reason the log message was generated. Click Refresh to update this screen. Click Clear to clear the whole log, regardless of what is currently displayed on the screen. Click Download to save the log to your computer. CX4800-56F User’s Guide...
Page 130: System
The following chapters introduces the configurations of the links under the SYSTEM navigation panel. Quick links to chapters: • Cloud Management • General Setup • Hardware Monitor Setup • IP Setup • Logins • SNMP • Switch Setup • Syslog Setup • Time Range CX4800-56F User’s Guide...
Page 131: Cloud Management
• The Nebula Control Center (NCC) Discovery feature is enabled. • It has been registered in the NCC. 17.2 Nebula Center Control Discovery Click SYSTEM > Cloud Management > Cloud Management to display this screen. Figure 80 SYSTEM > Cloud Management > Cloud Management CX4800-56F User’s Guide...
Page 132 Follow the wizard in the Nebula Mobile app to scan the QR code to register the Switch on NCC and add the Switch into a site. If Nebula Control Center (NCC) Discovery is disabled, the Switch will NOT discover the NCC and remain in Standalone mode. CX4800-56F User’s Guide...
Page 133: General Setup
Enter the geographic location of your Switch. You can use up to 128 printable ASCII characters; spaces are allowed. Contact Person's Enter the name of the person in charge of this Switch. You can use up to 32 printable ASCII Name characters; spaces are allowed. CX4800-56F User’s Guide...
Page 134 UTC). So in the European Union you would select Last, Sunday, October and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). CX4800-56F User’s Guide...
Page 135: Hardware Monitor Setup
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 136 Chapter 18 General Setup You will see SFP warning icons next to the FANs in the MONITOR > System Information screen when SFP Detect has triggered the fans. Figure 83 Hardware Monitor: SFP Module Temperature Warning CX4800-56F User’s Guide...
Page 137: Ip Setup
VLANs. Note: You must configure a VLAN first before adding a management IP address. Each VLAN can have multiple management IP addresses, and you can log into the Switch through different management IP addresses simultaneously. CX4800-56F User’s Guide...
Page 138: Ip Status
Click this to release the dynamic IP address. 19.2.1 IP Status Details Use this screen to view IP status details. Click a number in the Index column in the SYSTEM > IP Setup > IP Status screen to display the screen as shown next. CX4800-56F User’s Guide...
Page 139 This is the IP subnet mask of your Switch in dotted decimal notation for example 255.255.255.0. Lease Time This displays the length of time in seconds that this interface can use the current dynamic IP address from the DHCP server. CX4800-56F User’s Guide...
Page 140: Ip Setup
Note: The Switch allows you to set a static IP interface in the same subnet that already has a DHCP-assigned IP interface on the Switch. The Switch will use the static IP you set and the DHCP-assigned IP will be set to 0.0.0.0. CX4800-56F User’s Guide...
Page 141 Click Cancel to reset the fields to your previous configuration. Out-of-band Management IP Address Use these fields to set the settings for the out-of-band management port. IP Address Enter the out-of-band management IP address of your Switch in dotted decimal notation. For example, 192.168.0.1. CX4800-56F User’s Guide...
Page 142: Add/Edit Ip Interfaces
Use this screen to add or edit IP interfaces. Click Add/Edit, or select an entry and click Add/Edit in the SYSTEM > IP Setup > IP Setup screen to display this screen. Figure 88 SYSTEM > IP Setup > IP Setup > Add/Edit CX4800-56F User’s Guide...
Page 143: Network Proxy Configuration
131). Use this screen to enable communication between the Switch and NCC through the proxy server (P). Figure 89 Network Proxy Configuration Application As of this writing, this setting only allows communication between the Switch and the NCC. CX4800-56F User’s Guide...
Page 144 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. CX4800-56F User’s Guide...
Page 145: Logins
• A non-administrator (user name is something other than admin) is someone who can view and/or configure Switch settings. The configuration right varies depending on the user’s privilege level. Click SYSTEM > Logins > Logins to view the screen as shown. Figure 91 SYSTEM > Logins > Logins CX4800-56F User’s Guide...
Page 146 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 147: Snmp
• Use the SNMP Trap Port screen (Section 21.5 on page 152) to enable/disable sending SNMP traps on a port. 21.2 Configure SNMP Use this screen to configure your SNMP settings. Click SYSTEM > SNMP > SNMP to view the screen as shown. CX4800-56F User’s Guide...
Page 148 Use this section to configure where to send SNMP traps from the Switch. Index This is the index of a trap destination. Version Specify the version of the SNMP trap messages. Enter the IP addresses of up to four managers to send your SNMP traps to. CX4800-56F User’s Guide...
Page 149: Configure Snmp User
Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. Add/Edit Click Add/Edit to add a new entry or edit a selected one. Delete Click Delete to remove the selected entries. CX4800-56F User’s Guide...
Page 150: Add/Edit Snmp User
Enter the password of up to 32 printable ASCII characters (except [ ? ], [ | ], [ ' ], [ " ], [ space ], [ , ], [ [ ], or [ ] ]) for encrypting SNMP packets. CX4800-56F User’s Guide...
Page 151: Snmp Trap Group
Use this screen to specify the types of SNMP traps that should be sent to each SNMP manager. Click SYSTEM > SNMP > SNMP Trap Group to view the screen as shown. Figure 95 SYSTEM > SNMP > SNMP Trap Group CX4800-56F User’s Guide...
Page 152: Enable Or Disable Sending Of Snmp Traps On A Port
Click SYSTEM > SNMP > SNMP Trap Port to view the screen as shown. Use this screen to set whether a trap received on the ports would be sent to the SNMP manager. Figure 96 SYSTEM > SNMP > SNMP Trap Port CX4800-56F User’s Guide...
Page 153: Technical Reference
An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed Switch (the Switch). An agent translates the local management information from the managed Switch into a form compatible with CX4800-56F User’s Guide...
Page 154: Snmp V3 And Security
To get the private MIBs supported by your Switch, download (and unzip) the correct model MIB from www.zyxel.com (Support > Download Library > MIB File). SNMP Traps The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the SNMP traps by category. CX4800-56F User’s Guide...
Page 155 1.3.6.1.4.1.890.1.15 This trap is sent when the power source ormal .3.26.2.10 status has an abnormal change. zyHwMonitorPowerSourceAbn 1.3.6.1.4.1.890.1.15 This trap is sent when the power source ormalRecovered .3.26.2.11 status is changed to normal. CX4800-56F User’s Guide...
Page 156 This trap is sent when the transmitter laser Range 3.84.3.5 bias current is above or below the normal operating range. zyTransceiverDdmiTemperatur 1.3.6.1.4.1.890.1.15. This trap is sent when the transceiver eOutOfRangeRecovered 3.84.3.6 temperature is recovered from the out of normal operating range. CX4800-56F User’s Guide...
Page 157 This trap is sent when there is a response erNotReachableRecovered .3.71.2.4 message from the previously unreachable RADIUS accounting server. zyTacacsServerAccountingServ 1.3.6.1.4.1.890.1.15 This trap is sent when there is a response er UnreachableRecovered .3.83.2.4 message from the previously unreachable TACACS+ accounting server. CX4800-56F User’s Guide...
Page 158 This trap is sent when a variable goes over the RMON "rising" threshold. RmonFallingAlarm 1.3.6.1.2.1.16.0.2 This trap is sent when the variable falls below the RMON "falling" threshold. classifier zyAclV2ClassifierLogNotificatio 1.3.6.1.4.1.890.1.15 This trap is sent when the Switch detects .3.105.4.1 classifier log information. CX4800-56F User’s Guide...
Page 159: Switch Setup
Click SYSTEM > Switch Setup > Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. CX4800-56F User’s Guide...
Page 160 Leave Timer sets the duration of the Leave Period timer for GVRP in milliseconds. Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 milliseconds. CX4800-56F User’s Guide...
Page 161 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 162: Syslog Setup
The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings and configure a list of external syslog servers. Click SYSTEM > Syslog Setup > Syslog Setup in the navigation panel to display this screen. CX4800-56F User’s Guide...
Page 163 Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. Add/Edit Click Add/Edit to add a new entry or edit a selected one. Delete Click Delete to remove the selected entries. CX4800-56F User’s Guide...
Page 164: Add/Edit A Syslog Server
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 165: Time Range
This field displays the descriptive name for this rule. This is for identification purpose only. You can enter up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ], [ " ], or [ , ]. CX4800-56F User’s Guide...
Page 166: Add/Edit Time Range
Alternatively, select Periodic to create a recurring schedule. Recurring schedules begin at a specific start time and end at a specific stop time on selected days of the week (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, and Saturday). Recurring schedules are useful for defining the workday and off-work hours. CX4800-56F User’s Guide...
Page 167 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 168: Port
H A P T E R PORT The following chapters introduces the configurations of the links under the PORT navigation panel. Quick links to chapters: • Flex Link • Link Aggregation • Link Layer Discovery Protocol (LLDP) • Port Setup CX4800-56F User’s Guide...
Page 169: Flex Link
170) to configure flex links for back up links on the Switch. 26.2 Flex Link Status Click PORT > Flex Link > Flex Link Status to display this screen. Figure 103 PORT > Flex Link > Flex Link Status CX4800-56F User’s Guide...
Page 170: Flex Link Setup
BLOCKING state and the primary port will go into FORWARDING state after the Preemption Delay Time interval. Preemption Delay This displays the preemption delay time configured for this flex link pair. Time CX4800-56F User’s Guide...
Page 171: Add/Edit Flex Link
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 172: Link Aggregation
When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that is, if an CX4800-56F User’s Guide...
Page 173: Link Aggregation Status
Click PORT > Link Aggregation > Link Aggregation Status in the navigation panel to display the screen as shown. See Section 27.1 on page 172 for more information. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. CX4800-56F User’s Guide...
Page 174 This field displays how these ports were added to the trunk group. It displays: • Static – if the ports are configured as static members of a trunk group. • LACP – if the ports are configured to join a trunk group through LACP. CX4800-56F User’s Guide...
Page 175: Link Aggregation Setting
This is the only screen you need to configure to enable static link aggregation. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this to activate a trunk group. CX4800-56F User’s Guide...
Page 176: Link Aggregation Control Protocol
Click PORT > Link Aggregation > Link Aggregation Control Protocol to display the screen shown next. See Dynamic Link Aggregation on page 172 for more information on dynamic link aggregation. Note: Do NOT configure this screen unless you want to enable dynamic link aggregation. CX4800-56F User’s Guide...
Page 177 The field identifies the link aggregation group, that is, one logical link containing multiple ports. LACP Active Select this option to enable LACP for a trunk. Use this section to configure LACP timeout on ports. Port This field displays the port number. CX4800-56F User’s Guide...
Page 178: Technical Reference
Click PORT > Link Aggregation > Link Aggregation Setting. In this screen – activate trunk group T1, select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. CX4800-56F User’s Guide...
Page 179 Chapter 27 Link Aggregation Figure 110 Trunking Example – Configuration Screen Your trunk group 1 (T1) configuration is now complete. CX4800-56F User’s Guide...
Page 180: Link Layer Discovery Protocol (Lldp)
IEEE 802.3 specific TLVs: • MAC/PHY Configuration/Status TLV (optional) • Link Aggregation TLV (optional) • Maximum Frame Size TLV (optional) The optional TLVs are inserted between the Time To Live TLV and the End of LLDPDU TLV. CX4800-56F User’s Guide...
Page 181: Lldp-Med Overview
Since LLDPDU updates status and configuration information periodically, network managers may check the result of provision through remote status. The remote status is updated by receiving LLDP-MED TLVs from endpoint devices. CX4800-56F User’s Guide...
Page 182: What You Can Do - Lldp
Discovery Protocol for Media Endpoint Devices) location parameters. 28.3 LLDP Local Status This screen displays a summary of LLDP status on this Switch. Click PORT > LLDP > LLDP > LLDP Local Status to display the screen as shown next. CX4800-56F User’s Guide...
Page 183 System Description – This shows the firmware version of the Switch. Description TLV System This shows the System Capabilities enabled and supported on the local Switch. Capabilities TLV • System Capabilities Supported – Bridge • System Capabilities Enabled – Bridge CX4800-56F User’s Guide...
Page 184: Lldp Local Port Status Details
This screen displays detailed LLDP status for each port on this Switch. Click PORT > LLDP > LLDP > LLDP Local Status and then, click a port number, for example 1 in the local port column to display the screen as shown next. CX4800-56F User’s Guide...
Page 185 Chapter 28 Link Layer Discovery Protocol (LLDP) Figure 114 PORT > LLDP > LLDP > LLDP Local Status > LLDP Local Port Status Detail CX4800-56F User’s Guide...
Page 186 Capabilities TLV This field displays which LLDP-MED TLV are capable to transmit on the Switch. • Network Policy • Location • Extend Power via MDI PSE • Extend Power via MDI PD • Inventory Management CX4800-56F User’s Guide...
Page 187: Lldp Remote Status
This is an alpha-numeric string that contains the specific identifier for the port from which this LLDPDU was transmitted. The port ID is identified by the port ID subtype. Port Description This displays a description for the port from which this LLDPDU was transmitted. CX4800-56F User’s Guide...
Page 188: Lldp Remote Port Status Details
TTL expires. The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval. Port Description Port Description – This displays the remote port description. System Name System Name – This displays the system name of the remote device. CX4800-56F User’s Guide...
Page 189 Management Address Subtype • Management Address • Interface Number Subtype • Interface Number • Object Identifier Figure 117 PORT > LLDP > LLDP > LLDP Remote Status > LLDP Remote Port Status Details (Dot1 and Dot3 TLV) CX4800-56F User’s Guide...
Page 190 The Power Via MDI TLV allows network management to advertise and discover the MDI power support capabilities of the sending port on the remote device. • Port Class • MDI Supported • MDI Enabled • Pair Controllable • PSE Power Pairs • Power Class CX4800-56F User’s Guide...
Page 191 Location • Extend Power via MDI PSE • Extend Power via MDI PD • Inventory Management Device Type LLDP-MED endpoint device classes: • Endpoint Class I • Endpoint Class II • Endpoint Class III • Network Connectivity CX4800-56F User’s Guide...
Page 192: Lldp Setup
Manufacturer • Serial Number • Asset ID 28.5 LLDP Setup Use this screen to configure global LLDP settings on the Switch. Click PORT > LLDP > LLDP > LLDP Setup to display the screen as shown next. CX4800-56F User’s Guide...
Page 193 Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary. Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 194: Basic Tlv Setting
System Description Select the checkboxes to enable or to disable the sending of System Description TLVs on the ports. System Name Select the checkboxes to enable or to disable the sending of System Name TLVs on the ports. CX4800-56F User’s Guide...
Page 195: Org-Specific Tlv Setting
Select the checkboxes to enable or disable the sending of IEEE 802.1 Port VLAN ID TLVs on the ports. All checkboxes in this column are enabled by default. Dot3 TLV Link Select the checkboxes to enable or disable the sending of IEEE 802.3 Link Aggregation TLVs Aggregation on the ports. CX4800-56F User’s Guide...
Page 196: Lldp-Med Setup
Changes in this row are copied to all the ports as soon as you make them. Notification Topology Select to enable LLDP-MED topology change traps on this port. Change MED TLV Setting Location Select to enable transmitting LLDP-MED location TLV. CX4800-56F User’s Guide...
Page 197: Lldp-Med Network Policy
Delete Select the rules that you want to remove, then click Delete. 28.9.1 Add/Edit LLDP-MED Network Policy To access this screen, click the Add/Edit button or select an entry from the list and click the Add/Edit button. CX4800-56F User’s Guide...
Page 198: Lldp-Med Location
Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. 28.10 LLDP-MED Location Click PORT > LLDP > LLDP MED > LLDP-MED Location to display the screen as shown next. CX4800-56F User’s Guide...
Page 199: Add/Edit Lldp-Med Location
Click Add/Edit to add a new location or edit a selected one. Delete Select the locations that you want to remove, then click Delete. 28.10.1 Add/Edit LLDP-MED Location To access this screen, click the Add/Edit button or select an entry from the list and click the Add/Edit button. CX4800-56F User’s Guide...
Page 200 Geographical based coordinates includes latitude, longitude, altitude and datum. Civic Address includes Country, State, County, City, Street and other related information. Latitude Enter the latitude information. The value should be from 0º to 90º. • north • south CX4800-56F User’s Guide...
Page 201 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 202: Port Setup
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 203 Select Tunnel to forward BPDUs received on this port. Select Discard to drop any BPDU received on this port. Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU. Note: BPDU control is only available in Standalone mode. CX4800-56F User’s Guide...
Page 204: Technical Reference
CL108 Support for 25 Gbps transmission speed only. Select CL108 for applications that do not require real-time data transmission such as web browsing, emails, file transfers and software updates. CX4800-56F User’s Guide...
Page 205: Fec Types And Transceivers
None (No FEC) None (No FEC) None (No FEC) None (No FEC) CL108 CL108 None (No FEC) CL74 CL74 CL74 CL108 CL108 100 Gbps CL91 CL91 CL91 None (No FEC) None (No FEC) CL91 None (No FEC) CL91 CL91 CX4800-56F User’s Guide...
Page 206: Switching
Private VLAN • Differentiated Services • Queuing Method • Priority Queue Overview • sFlow • Spanning Tree Protocol • Static MAC Filtering • Static MAC Forwarding • VLAN • VLAN Mapping • VLAN Stacking • WoL Relay CX4800-56F User’s Guide...
Page 207: Loop Guard
The following figure shows port N on switch A connected to switch B. Switch B has two ports, X and Y, mistakenly connected to each other. It forms a loop. When broadcast or multicast packets leave port N CX4800-56F User’s Guide...
Page 208: Loop Guard Setup
Note: After resolving the loop problem on your network you can re-activate the disabled port through the Web Configurator or through commands (See the CLI Reference Guide). 31.2 Loop Guard Setup Click SWITCHING > Loop Guard > Loop Guard in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 209 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 210: Mirroring
(S) mirroring ports (MR) is sent to a reflector port (R) for VLAN tagging and copied to the connected ports (C). Traffic are then carried over the specified remote port mirroring (RMirror) VLAN and sent to the destination (D) device’s monitor port (MT) through the connected ports (C) that connect to other switches. CX4800-56F User’s Guide...
Page 211: Local Port Mirroring
32.2 Local Port Mirroring Click SWITCHING > Mirroring > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. CX4800-56F User’s Guide...
Page 212 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. CX4800-56F User’s Guide...
Page 213: Multicast
A multicast IP address represents a traffic receiving group, not individual receiving devices. IP addresses in the Class D range (224.0.0.0 to 239.255.255.255) are used for IP multicasting. Certain IP multicast numbers are reserved by IANA for special purposes (see the IANA website for more information). CX4800-56F User’s Guide...
Page 214: Igmp Filtering
The connection between ports 8 and 9 is blocked by STP to break the loop. If there is one Query from a router (X) or MLD Done or Report message from any upstream port, it will be broadcast to all connected upstream ports. CX4800-56F User’s Guide...
Page 215: Mld Messages
The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server (S). In addition, the multicast VLAN (MVLAN) information is only visible to the Switch and S. CX4800-56F User’s Guide...
Page 216: Types Of Mvr Ports
Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. CX4800-56F User’s Guide...
Page 217: Ipv4 Multicast Status
This field displays IP multicast group addresses. 33.3 IGMP Snooping Click SWITCHING > Multicast > IPv4 Multicast > IGMP Snooping to display the screen as shown. See Section 33.1 on page 213 for more information on multicasting. CX4800-56F User’s Guide...
Page 218 The Switch sends a leave message with its MAC address to the multicast router or switch only when it receives the leave message from the last host in a multicast group. CX4800-56F User’s Guide...
Page 219 Select this to set the Switch to remove this port from the multicast tree when an IGMP version 2 leave message is received on this port. Select this option if there is only one host connected to this port. CX4800-56F User’s Guide...
Page 220 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 221: Igmp Snooping Vlan
This field displays the descriptive name for this VLAN group. This field displays the ID number of the VLAN group. Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. CX4800-56F User’s Guide...
Page 222: Add/Edit Igmp Snooping Vlans
Clients connected to those ports are then able to join the multicast groups specified in the profile. Each port can be assigned a single profile. A profile can be assigned to multiple ports. Click SWITCHING > Multicast > IPv4 Multicast > IGMP Filtering Profile link to display the screen as shown. CX4800-56F User’s Guide...
Page 223: Add Igmp Filtering Profile
To access this screen, click the Add Profile button in the SWITCHING > Multicast > IPv4 Multicast > IGMP Filtering Profile screen. Figure 141 SWITCHING > Multicast > IPv4 Multicast > IGMP Filtering Profile > Add Profile CX4800-56F User’s Guide...
Page 224: Add Igmp Filtering Rule
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 225: Mvr Configuration
Use this screen to create or edit multicast VLANs and select the receiver ports and a source port for each multicast VLAN. To access this screen, click Add/Edit or select an existing entry and click Add/Edit in the SWITCHING > Multicast > MVR > MVR screen. CX4800-56F User’s Guide...
Page 226 Select this option to set this port as the MVR source port that sends and receives multicast traffic. All source ports must belong to a single multicast VLAN. Receiver Port Select this option to set this port as a receiver port that only receives multicast traffic. CX4800-56F User’s Guide...
Page 227: Mvr Group Setup
This field displays the starting IP address of the multicast group. End Address This field displays the ending IP address of the multicast group. Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. CX4800-56F User’s Guide...
Page 228: Add/Edit Mvr Group
23 belongs to the multicast group with VID 200 (MVID 200) to receive multicast traffic (the News (N) and Movie (M) channels) from the remote streaming media server (S). Computers A, B and C in VLAN 1 are able to receive the traffic. CX4800-56F User’s Guide...
Page 229 To set the Switch to forward the multicast group traffic to the subscribers, click Add/Edit in the SWITCHING > Multicast > MVR > Group Setup screen and configure multicast group settings. The following figure shows an example where two IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200. CX4800-56F User’s Guide...
Page 230 Chapter 33 Multicast Figure 149 MVR Group Configuration Example – Add Figure 150 MVR Group Configuration Example – View CX4800-56F User’s Guide...
Page 231: Static Multicast Forwarding
(manual) multicast entries. The Switch will either flood the multicast frames to all ports (default) or drop them. Figure 151 on page 232 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to ports within a VLAN group. CX4800-56F User’s Guide...
Page 232: Static Multicast Forwarding By Mac
Click Add/Edit to add a new rule or edit a selected one. Delete Click Delete to remove the selected rules. 34.2.1 Add/Edit Static Multicast Forwarding By MAC Use this screen to add a static multicast MAC address rule for ports to receive the multicast stream. CX4800-56F User’s Guide...
Page 233 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 234: Private Vlan
Primary private VLAN C-VLAN 101 Community private VLAN I-VLAN 102 Isolated private VLAN Tagged Private VLANs can span switches but trunking ports must be VLAN-trunking ports – see SWITCHING > VLAN > VLAN Setup > VLAN Port Setup. CX4800-56F User’s Guide...
Page 235: Private Vlan Configuration
35.1.1 Private VLAN Configuration You must go to the SWITCHING > VLAN > VLAN Setup > Static VLAN screen first to create VLAN IDs for Primary, Isolated or Community VLANs. Click SWITCHING > Private VLAN to display the following screen. CX4800-56F User’s Guide...
Page 236 PVID to untagged frames before sending them out. Clear this if the VLAN includes ports on this Switch only. The Switch forwards untagged frames through this port; it removes the VLAN ID from tagged frames before sending them out. CX4800-56F User’s Guide...
Page 237 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 238: Differentiated Services
ToS-enabled network device will not conflict with the DSCP mapping. The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded across the DiffServ network. Based on the marking rule different kinds of traffic can be marked for different CX4800-56F User’s Guide...
Page 239: Diffserv Network Example
Platinum traffic flow as they move across the DiffServ network. Figure 156 DiffServ Network 36.2 Activate DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected ports. Click SWITCHING > QoS > Diffserv to display the screen as shown. CX4800-56F User’s Guide...
Page 240: Dscp-To-Ieee 802.1P Priority Settings
The following table shows the default DSCP-to-IEEE802.1p mapping. Table 103 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0 – 7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE 802.1p CX4800-56F User’s Guide...
Page 241: Configure Dscp Settings
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 242: Queuing Method
Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is given an amount of bandwidth irrespective of the incoming traffic CX4800-56F User’s Guide...
Page 243: Configure Queuing
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 244 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 245: Priority Queue
245) to configure the priority level-to-physical queue mapping. 38.2 Assign Priority Queue Use this screen to assign priority level to each queue. Click SWITCHING > QoS > Priority Queue to open this screen. Figure 160 SWITCHING > QoS > Priority Queue CX4800-56F User’s Guide...
Page 246 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. CX4800-56F User’s Guide...
Page 247: Sflow
For example, you can use it to know which IP address or which type of traffic caused network congestion. Figure 161 sFlow Application 39.2 sFlow Port Configuration Click SWITCHING > sFlow in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 248 Note: Configure UDP port 6343 (the default) on a NAT router to allow port forwarding if the collector is behind a NAT router. Configure a firewall rule for UDP port 6343 (the default) to allow incoming traffic if the collector is behind a firewall. CX4800-56F User’s Guide...
Page 249: Sflow Collector Configuration
Click Delete to remove the selected entries. 39.3.1 Add/Edit sFlow Collector Click Add/Edit, or select an entry and click Add/Edit in the SWITCHING > sFlow > Collector screen to display this screen. Figure 164 SWITCHING > sFlow > Collector > Add/Edit CX4800-56F User’s Guide...
Page 250 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 251: Spanning Tree Protocol
It allows a switch to interact with other (R)STP-compliant switches in your network to ensure that only one path exists between any two stations on the network. The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster convergence of the CX4800-56F User’s Guide...
Page 252: Stp Terminology
(Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. STP Port States STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from CX4800-56F User’s Guide...
Page 253 • A VLAN can be mapped to a specific Multiple Spanning Tree Instance (MSTI). MSTI allows multiple VLANs to use the same spanning tree. • Load-balancing is possible as traffic from different VLANs can use distinct paths in a region. CX4800-56F User’s Guide...
Page 254: Spanning Tree Protocol Status
The path cost values are described in the following tables. The Switch defines the following Short mode path costs. Table 112 Auto Path Cost Mode: Short LINK SPEED AUTO PATH COST VALUE Up to 1 Gbps Up to 10 Gbps CX4800-56F User’s Guide...
Page 255 Use the this screen to activate one of the STP modes on the Switch. Click SWITCHING > Spanning Tree Protocol > Spanning Tree Setup to display the screen as shown. Figure 167 SWITCHING > Spanning Tree Protocol > Spanning Tree Setup CX4800-56F User’s Guide...
Page 256: Rapid Spanning Tree Protocol Status
Click SWITCHING > Spanning Tree Protocol > Spanning Tree Protocol Status in the navigation panel to display the status screen as shown next. See Section 40.1 on page 251 more information on RSTP. Note: This screen is only available after you activate RSTP on the Switch. CX4800-56F User’s Guide...
Page 257 This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change Port This field displays the number of the port on the Switch. CX4800-56F User’s Guide...
Page 258: Configure Rapid Spanning Tree Protocol
40.5 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see Section 40.1 on page 251 for more information on RSTP. Click SWITCHING > Spanning Tree Protocol > RSTP in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 259 LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds. CX4800-56F User’s Guide...
Page 260: Multiple Rapid Spanning Tree Protocol
Click SWITCHING > Spanning Tree Protocol > Spanning Tree Protocol Status in the navigation panel to display the status screen as shown next. See Section 40.6 on page 260 for more information on MRSTP. Note: This screen is only available after you activate MRSTP on the Switch. CX4800-56F User’s Guide...
Page 261 This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times CX4800-56F User’s Guide...
Page 262: Configure Multiple Rapid Spanning Tree Protocol
Forwarding – the Switch unblocks and allows the port to forward frames again. 40.7 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click SWITCHING > Spanning Tree Protocol > MRSTP in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 263 Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. CX4800-56F User’s Guide...
Page 264 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 265: Multiple Spanning Tree Protocol Status
Click SWITCHING > Spanning Tree Protocol > Spanning Tree Protocol Status in the navigation panel to display the status screen as shown next. Note: This screen is only available after you activate MSTP on the Switch. Figure 172 SWITCHING > Spanning Tree Protocol > Spanning Tree Protocol Status: MSTP CX4800-56F User’s Guide...
Page 266 BPDUs. • LEARNING – The port learns MAC addresses and processes BPDUs, but does not forward frames yet. • FORWARDING – The port is operating normally. It learns MAC addresses, processes BPDUs and forwards received frames. CX4800-56F User’s Guide...
Page 267: Configure Multiple Spanning Tree Protocol
Forwarding – the Switch unblocks and allows the port to forward frames again. 40.9 Configure Multiple Spanning Tree Protocol To configure MSTP, click SWITCHING > Spanning Tree Protocol > MSTP in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 268 Configuration Enter a descriptive name (up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ], [ " ], or [ , Name ]) of an MST region. CX4800-56F User’s Guide...
Page 269: Add/Edit Multiple Spanning Tree
Click Add/Edit, or select an entry and click Add/Edit in the SWITCHING > Spanning Tree Protocol > MSTP > Multiple Spanning Tree Protocol screen to display this screen. Figure 174 SWITCHING > Spanning Tree Protocol > MSTP > Multiple Spanning Tree Protocol > Add/Edit CX4800-56F User’s Guide...
Page 270: Multiple Spanning Tree Protocol Port Setup
Click Cancel to not save the configuration you make and return to the last screen. 40.10 Multiple Spanning Tree Protocol Port Setup Click SWITCHING > Spanning Tree Protocol > MSTP > MSTP Port Setup to display the screen as shown next. CX4800-56F User’s Guide...
Page 271: Technical Reference
Cancel Click Cancel to begin configuring this screen afresh. 40.11 Technical Reference This section provides technical background information on the topics discussed in this chapter. CX4800-56F User’s Guide...
Page 272: Mstp Network Example
An MST Instance (MSTI) is a spanning tree instance. VLANs can be configured to run on a specific MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Therefore an MSTI does not span across MST regions. CX4800-56F User’s Guide...
Page 273: Common And Internal Spanning Tree (Cist)
R2, R3) and single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP. In the figure below, the black connecting lines represent the physical connections. The green connecting lines represent RSTP on the link. Figure 179 MSTP and Legacy RSTP Network Example CX4800-56F User’s Guide...
Page 274: Static Mac Filtering
This field displays Discard source, Discard destination, or Discard both depending on what you configured above. Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. CX4800-56F User’s Guide...
Page 275: Add/Edit A Static Mac Filtering Rule
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 276: Static Mac Forwarding
This field displays whether this static MAC address forwarding rule is active. You may temporarily deactivate a rule without deleting it. Name This field displays the descriptive name for identification purposes for this static MAC address- forwarding rule. CX4800-56F User’s Guide...
Page 277: Add/Edit Static Mac Forwarding Rules
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 278: Vlan
A tagged frame is 4 bytes longer than an untagged frame and contains 2 bytes of TPID (Tag Protocol Identifier, residing within the type or length field of the Ethernet frame) and 2 bytes of TCI (Tag Control CX4800-56F User’s Guide...
Page 279: Forwarding Tagged And Untagged Frames
GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch. CX4800-56F User’s Guide...
Page 280 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking ports. Figure 184 Port VLAN Trunking 43.2.0.3 Select the VLAN Type Select a VLAN type in the SYSTEM > Switch Setup > Switch Setup screen. CX4800-56F User’s Guide...
Page 281: Q Static Vlan
43.3 VLAN Status Use this screen to view and search all VLAN groups. Click SWITCHING > VLAN > VLAN Status from the navigation panel to display the screen as shown next. Figure 186 SWITCHING > VLAN > VLAN Status CX4800-56F User’s Guide...
Page 282: Vlan Details
MVR – added through Multicast VLAN Registration (MVR) 43.3.1 VLAN Details Use this screen to view detailed port settings and status of the VLAN group. Click an index number in the VLAN Status screen to display VLAN details. CX4800-56F User’s Guide...
Page 283: Private Vlan Status
SWITCHING > VLAN > VLAN Setup > Static VLAN screen. 43.4 Private VLAN Status Use this screen to view all private VLANs created on the Switch. Click SWITCHING > VLAN > VLAN Status > Private VLAN Status to see the following screen. CX4800-56F User’s Guide...
Page 284: Configure A Static Vlan
This field indicates whether the VLAN settings are enabled or disabled. Name This field displays the descriptive name for this VLAN group. Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. CX4800-56F User’s Guide...
Page 285: Add/Edit A Static Vlan
Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Note: Do NOT add a VLAN ID that has been used in the SWITCHING > VLAN > Voice VLAN Setup. VLAN Type Select Normal (static) or Private. For Private VLANs, select Primary, Isolated or Community. CX4800-56F User’s Guide...
Page 286: Vlan Port Setup
Click Cancel to not save the configuration you make and return to the last screen. 43.6 VLAN Port Setup Use this screen to configure the static VLAN (IEEE 802.1Q) settings on a port. Click SWITCHING > VLAN > VLAN Setup > VLAN Port Setup to display the screen as shown. CX4800-56F User’s Guide...
Page 287 VLAN groups to pass through the Switch. Isolation Select this to allows this port to communicate only with the CPU management port and the ports on which the isolation feature is NOT enabled. CX4800-56F User’s Guide...
Page 288: Configure Gvrp
Note: Changes in this row are copied to all the ports as soon as you make them. GVRP Select this checkbox to allow GVRP on this port. CX4800-56F User’s Guide...
Page 289: Subnet Based Vlan
VID of 300 for traffic received from IP subnet 10.1.1.0/24 (data services). All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly. That is video services receive the highest priority and data the lowest. Figure 193 Subnet Based VLAN Application Example CX4800-56F User’s Guide...
Page 290: Configuring Subnet Based Vlan
Click Delete to remove the selected entry. 43.9.1 Add/Edit Subnet Based VLAN Click Add/Edit, or select an entry and click Add/Edit in the SWITCHING > VLAN > Subnet Based VLAN Setup > Subnet Based VLAN screen to display this screen. CX4800-56F User’s Guide...
Page 291: Protocol Based Vlan
You configure a protocol based VLAN A with priority 3 for ARP traffic received on port 1, 2 and 3. You also have a protocol based VLAN B with priority 2 for Apple Talk traffic received on port 6 and 7. All CX4800-56F User’s Guide...
Page 292: Configuring Protocol Based Vlan
This field shows the priority which is assigned to frames belonging to this protocol based VLAN. Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. CX4800-56F User’s Guide...
Page 293: Add/Edit A Protocol Based Vlan
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 294: Create An Ip-Based Vlan Example
If the VLAN is valid, ingress processing on the packet continues; otherwise, the packet is dropped. This feature allows users to change ports without having to reconfigure the VLAN. You can assign priority to the MAC-based VLAN and define a MAC to VLAN mapping table by entering a specified source CX4800-56F User’s Guide...
Page 295: Add/Edit A Mac Based Vlan
Enter a MAC address that is bind to the MAC-based VLAN entry. This is the source MAC address of the data packet that is looked up when untagged packets arrive at the Switch. Enter an ID (from 1 to 4094) for the VLAN that is associated with the MAC-based VLAN entry. CX4800-56F User’s Guide...
Page 296 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 297: Vlan Mapping
• Use the VLAN Mapping screen (Section 44.2 on page 298) to enable VLAN mapping on the Switch and ports. • Use the VLAN Mapping Setup screen (Section 44.3 on page 298) to enable and edit the VLAN mapping rules. CX4800-56F User’s Guide...
Page 298: Enable Vlan Mapping
Click Cancel to begin configuring this screen afresh. 44.3 VLAN Mapping Setup Click the SWITCHING > VLAN Mapping > VLAN Mapping Setup to display the screen as shown. Use this screen to view and configure the VLAN mapping rules. CX4800-56F User’s Guide...
Page 299: Add/Edit Vlan Mapping
Enable the switch button to activate this rule. Name Enter a descriptive name (up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ], [ " ], or [ , ]) for identification purposes. CX4800-56F User’s Guide...
Page 300 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 301: Vlan Stacking
VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. CX4800-56F User’s Guide...
Page 302: Vlan Stacking Port Roles
All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by the Service Provider’s (SP) VLAN ID (VID)). Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel. CX4800-56F User’s Guide...
Page 303: Vlan Tag Format
Priority Len/Etype Data Double-tagged frame Table 147 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/Etype Length and type of Ethernet frame (SP)TPID (Service Provider) Tag Protocol IDentifier Data Frame data VLAN ID Frame Check Sequence CX4800-56F User’s Guide...
Page 304: Configuring Vlan Stacking
In order to support VLAN stacking on a port, the port must be able to allow frames of 1526 Bytes (1522 Bytes + 4 Bytes for the second tag) to pass through it. CX4800-56F User’s Guide...
Page 305: Port-Based Q-In-Q
VLAN tag to them, even if they have different customer VLAN IDs. Click SWITCHING > VLAN Stacking > Port-Based QinQ to display the screen as shown. Figure 208 SWITCHING > VLAN Stacking > Port-Based QinQ CX4800-56F User’s Guide...
Page 306: Selective Q-In-Q
This shows whether this rule is activated or not. Name This is the descriptive name for this rule. Port This is the port number to which this rule is applied. CVID This is the customer VLAN ID in the incoming packets. CX4800-56F User’s Guide...
Page 307: Add/Edit Selective Q-In-Q
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 308: Wol Relay
Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. Add/Edit Click Add/Edit to add a new entry or edit a selected one. Delete Click Delete to remove the selected entries. CX4800-56F User’s Guide...
Page 309: Add/Edit Wol Relay
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 310: Networking
H A P T E R NETWORKING The following chapters introduces the configurations of the links under the NETWORKING navigation panel. Quick links to chapters: • ARP Setup • DHCP • Static Route CX4800-56F User’s Guide...
Page 311: Arp Setup
MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. 48.1.2.2 ARP Learning Mode The Switch supports three ARP learning modes: ARP-Reply, Gratuitous-ARP, and ARP-Request. CX4800-56F User’s Guide...
Page 312: Gratuitous-Arp
ARP to inform other devices in the same network to update their ARP table with the new mapping information. In Gratuitous-ARP learning mode, the Switch updates its ARP table with either an ARP reply or a gratuitous ARP request. CX4800-56F User’s Guide...
Page 313: Arp Learning
ICMP reply. 48.2 ARP Learning Use this screen to configure each port’s ARP learning mode. Click NETWORKING > ARP Setup > ARP Learning > ARP Learning in the navigation panel to display the screen as shown next. CX4800-56F User’s Guide...
Page 314: Static Arp
Use this screen to view and configure static ARP entries that will display in the MONITOR > ARP Table > ARP Table screen and will not age out. Click NETWORKING > ARP Setup > Static ARP > Static ARP to display the screen as shown. CX4800-56F User’s Guide...
Page 315: Add/Edit Static Arp
Use this screen to add/edit static ARP entries. Click Add/Edit, or select an entry and click Add/Edit in the NETWORKING > ARP Setup > Static ARP > Static ARP to display this screen. Figure 215 NETWORKING > ARP Setup > Static ARP > Static ARP > Add/Edit CX4800-56F User’s Guide...
Page 316 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 317: Dhcp Overview
If there is already a DHCP server on your network, then you can configure the Switch as a DHCP relay agent. When the Switch receives a request from a computer on your network, it contacts the DHCP server for the necessary IP information, and then relays the assigned information back to the computer. CX4800-56F User’s Guide...
Page 318: Dhcpv4 Relay Status
IP address and can connect to the network, network information renewal is done between the DHCP client and the DHCP server without the help of the Switch. The Switch can be configured as a global DHCP relay. This means that the Switch forwards all DHCP CX4800-56F User’s Guide...
Page 319: Dhcpv4 Relay Agent Information
There are two types of sub-option: “Agent Circuit ID Sub-option” and “Agent Remote ID Sub-option”. They have the following formats. Table 160 DHCP Relay Agent Circuit ID Sub-option Format SubOpt Code Length Value Slot ID, Port ID, VLAN ID, System Name or String (1 byte) (1 byte) CX4800-56F User’s Guide...
Page 320: Dhcpv4 Option 82 Profile
49.4.1 Add/Edit a DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles. Click Add/Edit, or select an entry and click Add/Edit in the NETWORKING > DHCP > DHCPv4 Relay > DHCP Option 82 Profile link to display this screen. CX4800-56F User’s Guide...
Page 321 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 322: Configure A Dhcpv4 Smart Relay
Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. Add/Edit Click Add/Edit to add a new entry or edit a selected one. Delete Click Delete to remove the selected entries. CX4800-56F User’s Guide...
Page 323: Add/Edit Dhcpv4 Global Relay Port
The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server (S) that services the DHCP clients in both domains. CX4800-56F User’s Guide...
Page 324: Dhcpv4 Vlan Setting
49.6 DHCPv4 VLAN Setting Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click NETWORKING > DHCP > DHCPv4 Relay > DHCP Relay VLAN Setting to display the screen as shown. CX4800-56F User’s Guide...
Page 325: Add/Edit Dhcpv4 Vlan Setting
Use this screen to add/edit your DHCP settings based on the VLAN domain of the DHCP clients. Click the Add/Edit button in the DHCP Relay VLAN Setting section of the NETWORKING > DHCP > DHCPv4 Relay > DHCP Relay VLAN Setting screen to access this screen. CX4800-56F User’s Guide...
Page 326: Add/Edit Dhcpv4 Vlan Port
Use this screen to apply a different DHCP option 82 profile to certain ports in a VLAN. Click the Add/Edit button in the Port section of the NETWORKING > DHCP > DHCPv4 Relay > DHCP Relay VLAN Setting screen to access this screen. CX4800-56F User’s Guide...
Page 327: Dhcpv4 Server Status
Table 169 NETWORKING > DHCP > DHCPv4 Server > DHCP Server Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch’s DHCP Server mode. Index This is the index number. Click an index number to view the server configuration details. CX4800-56F User’s Guide...
Page 328: Dhcpv4 Server Status Details
This field displays the subnet mask value sent to clients from this DHCP server instance. Default This field displays the default gateway value sent to clients from this DHCP server instance. Gateway Primary DNS This field displays the primary DNS server value sent to clients from this DHCP server instance. Server CX4800-56F User’s Guide...
Page 329: Dhcpv4 Server Setup
Size of IP Pool This field displays the IP address pool size of the DHCP server. Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. CX4800-56F User’s Guide...
Page 330: Add/Edit Dhcpv4 Server
Enter the IP address of the default gateway device. Gateway Primary/ Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along Secondary DNS with the IP address and the subnet mask. Server CX4800-56F User’s Guide...
Page 331: Example: Dhcp Relay For Two Vlans
(VLAN 2) are sent to the other DHCP server with an IP address of 172.16.10.100. Figure 230 DHCP Relay for Two VLANs For the example network, add two entries in DHCP Relay VLAN Setting section of the NETWORKING > DHCP > DHCPv4 Relay > DHCP Relay VLAN Setting screen as shown. CX4800-56F User’s Guide...
Page 332: Dhcp Server Guard
Use this screen to specify whether ports are trusted or untrusted ports for DHCP packets. Click NETWORKING > DHCP > DHCP Server Guard > DHCP Server Guard in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 333 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to their last saved values. CX4800-56F User’s Guide...
Page 334: Static Route
R3 connected to the Switch. Figure 233 Example of Static Routing Topology 50.1.1 What You Can Do Use the IPv4 Static Route screen (Section 50.2 on page 335) to configure and enable an IPv4 static route. CX4800-56F User’s Guide...
Page 335: Ipv4 Static Route
Click Add/Edit, or select an entry and click Add/Edit in the NETWORKING > Static Routing > IPv4 Static Route > IPv4 Static Route screen to display this screen. Figure 235 NETWORKING > Static Routing > IPv4 Static Route > IPv4 Static Route > Add/Edit CX4800-56F User’s Guide...
Page 336 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 337: Security
Quick links to chapters: • • Access Control • Classifier • Policy Rule • Anti-Arpscan • BPDU Guard • Storm Control • Error-Disable • IP Source Guard • DHCP Snooping • ARP Inspection • Port Authentication • Port Security CX4800-56F User’s Guide...
Page 338: Aaa
Switch itself or it can use an external server to authorize a large number of users. Accounting is the process of recording what a user is doing. The Switch can use an external server to CX4800-56F User’s Guide...
Page 339: Local User Accounts
TACACS server is encrypted. 52.2 RADIUS Server Setup Use this screen to configure your RADIUS server settings. Click SECURITY > AAA > RADIUS Server Setup > RADIUS Server Setup to view the screen as shown. CX4800-56F User’s Guide...
Page 340 Enter the IPv4 address of an external RADIUS server. UDP Port The default port of a RADIUS server for authentication is 1812. You need not change this value unless your network administrator instructs you to do so. CX4800-56F User’s Guide...
Page 341: Tacacs+ Server Setup
Click Cancel to begin configuring this screen afresh. 52.3 TACACS+ Server Setup Use this screen to configure your TACACS+ server settings. Click SECURITY > AAA > TACACS+ Server Setup > TACACS+ Server Setup to view the screen as shown. CX4800-56F User’s Guide...
Page 342 Enter the IP address of an external TACACS+ server in dotted decimal notation. TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. CX4800-56F User’s Guide...
Page 343: Aaa Setup
Click Cancel to begin configuring this screen afresh. 52.4 AAA Setup Use this screen to configure authentication, authorization and accounting settings on the Switch. Click SECURITY > AAA > AAA Setup > AAA Setup to view the screen as shown. CX4800-56F User’s Guide...
Page 344 The shared secret will be stored on the Switch in an encrypted format and displayed as ‘*’ in the SECURITY > AAA > RADIUS Server Setup > RADIUS Server Setup and SECURITY > AAA > TACACS+ Server Setup > TACACS+ Server Setup screens. CX4800-56F User’s Guide...
Page 345 Method Select whether you want to use radius or tacacs+ for authorization of specific types of events. RADIUS is the only method for IEEE 802.1x authorization. Accounting Use this section to configure accounting settings on the Switch. CX4800-56F User’s Guide...
Page 346: Technical Reference
(for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to expand the functionality of a RADIUS server. The Switch supports VSAs that allow you to perform the following actions based on user authentication: CX4800-56F User’s Guide...
Page 347 VLAN settings are fixed and untagged. This will also set the port’s VID. The following table describes the values you need to configure. Note that these attributes only work when you enable authorization (see Section 52.4 on page 343). CX4800-56F User’s Guide...
Page 348: Supported Radius Attributes
52.5.3.1 Attributes Used for Authenticating Privilege Access User-Name – The format of the User-Name attribute is $enab#$, where # is the privilege level (1 – 14). User-Password NAS-Identifier NAS-IP-Address 52.5.3.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address CX4800-56F User’s Guide...
Page 349: Attributes Used For Accounting
Table 182 RADIUS Attributes – Exec Events through Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name    NAS-Identifier    NAS-IP-Address    Service-Type    Acct-Status-Type    Acct-Delay-Time    Acct-Session-Id    Acct-Authentic    CX4800-56F User’s Guide...
Page 350  NAS-Identifier    NAS-Port-Type    Acct-Status-Type    Acct-Delay-Time    Acct-Session-Id    Acct-Authentic    Acct-Input-Octets   Acct-Output-Octets   Acct-Session-Time   Acct-Input-Packets   CX4800-56F User’s Guide...
Page 351 Table 184 RADIUS Attributes – Exec Events through Console (continued) ATTRIBUTE START INTERIM-UPDATE STOP Acct-Output-Packets   Acct-Terminate-Cause  Acct-Input-Gigawords   Acct-Output-Gigawords   CX4800-56F User’s Guide...
Page 352: Access Control
SECURITY > Access Control > Remote Management > Remote Management screen (see Section 53.3 on page 353 for more information). Click SECURITY > Access Control > Service Access Control > Service Access Control to display the following screen. CX4800-56F User’s Guide...
Page 353: Remote Management (Ipv4)
Click Cancel to begin configuring this screen afresh. 53.3 Remote Management (IPv4) Use this screen to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. CX4800-56F User’s Guide...
Page 354 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 355: Account Security
Note: The passwords will appear as encrypted text when Password Encryption is Active. Click SECURITY > Access Control > Account Security > Account Security to view the screen as shown next. Figure 242 SECURITY > Access Control > Account Security > Account Security CX4800-56F User’s Guide...
Page 356: Technical Reference
Figure 243 SSH Communication Example 53.5.1.1 How SSH Works The following table summarizes how a secure connection is established between two remote hosts, SSH server (S) and SSH client (C). CX4800-56F User’s Guide...
Page 357: Ssh Implementation On The Switch
Your Switch supports SSH version 2 using RSA authentication and the AES encryption method. The SSH server is implemented on the Switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time. CX4800-56F User’s Guide...
Page 358: Requirements For Using Ssh
If you have not changed the default HTTPS port on the Switch, then in your browser enter “https://Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access. CX4800-56F User’s Guide...
Page 359: Mozilla Firefox Warning Messages
If that is the case, click I Understand the Risks and then the Add Exception... button. Figure 246 Security Alert (Mozilla Firefox) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the Web Configurator login screen. Figure 247 Security Alert (Mozilla Firefox) CX4800-56F User’s Guide...
Page 360: Google Chrome Warning Messages
After you accept the certificate and enter the login user name and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection. CX4800-56F User’s Guide...
Page 361 Chapter 53 Access Control Figure 249 Example: Lock Denoting a Secure Connection CX4800-56F User’s Guide...
Page 362: Classifier
Configure policy rules to define actions to be performed on a classified traffic flow (refer to Chapter 55 on page 372 to configure policy rules). You can also configure policy routing to forward a classified traffic flow to a different gateway for cost savings and load sharing. CX4800-56F User’s Guide...
Page 363: Classifier Status
Use this screen to view and configure the classifiers. After you define the classifier, you can specify actions (or policy) to act upon the traffic that matches the rules. Click SECURITY > ACL > Classifier Setup to display the configuration screen as shown. CX4800-56F User’s Guide...
Page 364 In the Internet Protocol there is a field, called “Protocol”, to identify the next level protocol. The following table shows some common protocol types and the corresponding protocol number. Refer to http:// www.iana.org/assignments/protocol-numbers for a complete list. Table 192 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ICMP CX4800-56F User’s Guide...
Page 365: Add/Edit A Classifier
Use this screen to define the classifiers. After you define the classifier, you can specify actions (or policy) to act upon the traffic that matches the rules. Click Add/Edit, or select an entry and click Add/Edit in the SECURITY > ACL > Classifier > Classifier Setup screen to display this screen. CX4800-56F User’s Guide...
Page 366 Name Enter a descriptive name for this rule for identifying purposes. You can enter up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ], [ " ], or [ , ]. CX4800-56F User’s Guide...
Page 367 For example, if you set the MAC address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC address of 00:13:49:12:34:56 matches this criteria. If you leave the Mask field blank, the Switch automatically sets the mask to ff:ff:ff:ff:ff:ff. CX4800-56F User’s Guide...
Page 368 Select Any to apply the rule to all TCP/UDP protocol port numbers or select the second option and n Socket enter a TCP/UDP protocol port number. Number Note: You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers. CX4800-56F User’s Guide...
Page 369: Classifier Global Setting
(such as A and B) in the classifier name. For example, the classifier with the name of class 2, class a or class B takes priority over the classifier with the name of class 1 or class A. Logging CX4800-56F User’s Guide...
Page 370: Classifier Example
Cancel Click Cancel to begin configuring this screen afresh. 54.5 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. CX4800-56F User’s Guide...
Page 371 Chapter 54 Classifier Figure 254 Classifier: Example After you have configured a classifier, you can configure a policy (in the SECURITY > ACL > Policy Rule > Policy Rule screen) to define actions on the classified traffic flow. CX4800-56F User’s Guide...
Page 372: Policy Rule
The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. CX4800-56F User’s Guide...
Page 373: Policy Rules
You must first configure a classifier in the SECURITY > ACL > Classifier > Classifier Setup screen. Click Add/Edit, or select an entry and click Add/Edit in the SECURITY > ACL > Policy Rule > Policy Rule screen to display this screen. CX4800-56F User’s Guide...
Page 374 Enable the switch button to enable the policy. Name Enter a descriptive name for identification purposes. You can enter up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ], [ " ], or [ , ]. CX4800-56F User’s Guide...
Page 375 Select No change to forward the packets. Select Discard the packet to drop the packets. Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before. CX4800-56F User’s Guide...
Page 376: Policy Example
The figure below shows an example SECURITY > ACL > Policy Rule screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 54.5 on page 370). CX4800-56F User’s Guide...
Page 377 Chapter 55 Policy Rule Figure 257 Policy Example CX4800-56F User’s Guide...
Page 378: Anti-Arpscan
ARP-requests from a host exceed the thresholds, the trusted port will not be closed. • If a port on the Switch is closed by Anti-arpscan, and you want to recover it, then do one of the following: CX4800-56F User’s Guide...
Page 379: Anti-Arpscan Status
This field displays whether the port can forward traffic normally (Forwarding) or is disabled (Err-Disable). 56.3 Anti-Arpscan Host Status Use this screen to view blocked hosts and unblock ones connected to certain ports. To open this screen, click SECURITY > Anti-Arpscan > Anti-Arpscan Host Status. CX4800-56F User’s Guide...
Page 380: Anti-Arpscan Setup
56.4 Anti-Arpscan Setup Use this screen to enable Anti-Arpscan, set port and host thresholds as well as configure ports to be trusted or untrusted. To open this screen, click SECURITY > Anti-Arpscan > Anti-Arpscan Setup. CX4800-56F User’s Guide...
Page 381 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 382: Anti-Arpscan Trust Host
Use this screen to add/edit trusted hosts identified by IP address and subnet mask. Click Add/Edit, or select an entry and click Add/Edit in the SECURITY > Anti-Arpscan > Anti-Arpscan Trust Host screen to view this screen. CX4800-56F User’s Guide...
Page 383 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 384: Bpdu Guard
Use this screen to view whether BPDU guard is enabled on the Switch and the port status. Click SECURITY > BPDU Guard > BPDU Guard Status to view the following screen. Figure 263 SECURITY > BPDU Guard > BPDU Guard Status CX4800-56F User’s Guide...
Page 385: Bpdu Guard Setup
The following table describes the fields in the above screen. Table 204 SECURITY > BPDU Guard > BPDU Guard Setup LABEL DESCRIPTION Active Enable the switch button to enable BPDU guard on the Switch. Port This field displays the port number. CX4800-56F User’s Guide...
Page 386 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 387: Storm Control
387) to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. 58.2 Storm Control Setup Click SECURITY > Storm Control > Storm Control in the navigation panel to display the screen as shown next. CX4800-56F User’s Guide...
Page 388 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. CX4800-56F User’s Guide...
Page 389: Error-Disable
• Use the Errdisable Recovery screen (Section 59.5 on page 393) to set the Switch to automatically undo an action after the error is gone. CX4800-56F User’s Guide...
Page 390: Error-Disable Status
This is the number of the port on which you want to configure Errdisable Status. Cause This displays the type of the control packet received on the port or the feature enabled on the port and causing the Switch to take the specified action. CX4800-56F User’s Guide...
Page 391: Cpu Protection Setup
Switch can receive or transmit on a port. Click SECURITY > Errdisable > CPU Protection to display the screen as shown. Note: After you configure this screen, make sure you also enable error detection for the specific control packets in the SECURITY > Errdisable > Errdisable Detect screen. CX4800-56F User’s Guide...
Page 392: Error-Disable Detect Setup
Use this screen to have the Switch detect whether the control packets exceed the rate limit configured for a port and configure the action to take once the limit is exceeded. Click SECURITY > Errdisable > Errdisable Detect to display the screen as shown. CX4800-56F User’s Guide...
Page 393: Error-Disable Recovery Setup
Click Cancel to begin configuring this screen afresh. 59.5 Error-Disable Recovery Setup Use this screen to configure the Switch to automatically undo an action after the error is gone. Click SECURITY > Errdisable > Errdisable Recovery to display the screen as shown. CX4800-56F User’s Guide...
Page 394 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 395: Ip Source Guard
When the Switch receives an ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table. If there is a binding, the Switch forwards the packet. Otherwise, the Switch discards the packet. CX4800-56F User’s Guide...
Page 396: What You Can Do
ARP inspection to distinguish between authorized and unauthorized ARP packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings). Figure 271 SECURITY > IPv4 Source Guard > IP Source Guard > IP Source Guard CX4800-56F User’s Guide...
Page 397: Ipv4 Source Guard Static Binding
To open this screen, click SECURITY > IPv4 Source Guard > IP Source Guard > Static Binding. Figure 272 SECURITY > IPv4 Source Guard > IP Source Guard > Static Binding CX4800-56F User’s Guide...
Page 398: Add/Edit Ipv4 Source Guard Static Binding
Click Add/Edit, or select an entry and click Add/Edit in the SECURITY > IPv4 Source Guard > IP Source Guard > Static Binding screen to display this screen. CX4800-56F User’s Guide...
Page 399 Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 400: Dhcp Snooping
With DHCP snooping, the Switch blocks all DHCP server packets (DHCP OFFER/ACK) coming from the untrusted ports (UT). The Switch only forwards the DHCP server packets from the trusted port (T). This assures that DHCP clients on your network only receive IP addresses assigned by the authorized DHCP server (A). CX4800-56F User’s Guide...
Page 401: What You Can Do
82 profile to certain ports in a VLAN. 61.2 DHCP Snooping Status Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click SECURITY > IPv4 Source Guard > DHCP Snooping > DHCP Snp. Status. CX4800-56F User’s Guide...
Page 402 It displays Not Running if the current bindings have not changed since the last update. Last Succeeded This field displays the last time the Switch updated the DHCP snooping database Time successfully. Last Failed Time This field displays the last time the Switch updated the DHCP snooping database unsuccessfully. CX4800-56F User’s Guide...
Page 403 MAC address and VLAN ID. Invalid Interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore. CX4800-56F User’s Guide...
Page 404: Dhcp Snooping Setup
Enable the switch button to enable DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLAN and specify trusted ports. Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed. CX4800-56F User’s Guide...
Page 405: Dhcp Snooping Port Setup
Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. CX4800-56F User’s Guide...
Page 406 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. CX4800-56F User’s Guide...
Page 407: Dhcp Snooping Vlan Setup
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. CX4800-56F User’s Guide...
Page 408: Dhcp Snooping Vlan Port Setup
Click Add/Edit, or select an entry and click Add/Edit in the SECURITY > IPv4 Source Guard > DHCP Snooping > DHCP Snp. VLAN Port Setup screen to display this screen. Figure 280 SECURITY > IPv4 Source Guard > DHCP Snooping > DHCP Snp. VLAN Port Setup > Add/Edit CX4800-56F User’s Guide...
Page 409: Technical Reference
Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted ports in the following situations: • The packet is a DHCP server packet (for example, OFFER, ACK, or NACK). • The rate at which DHCP packets arrive is too high. CX4800-56F User’s Guide...
Page 410 You can configure this setting for each source VLAN. This setting is independent of the DHCP relay settings. 61.7.1.4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch. Enable DHCP snooping on the Switch. Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. CX4800-56F User’s Guide...
Page 411 Chapter 61 DHCP Snooping Configure trusted and untrusted ports, and specify the maximum number of DHCP packets that each port can receive per second. Configure static bindings. CX4800-56F User’s Guide...
Page 412: Arp Inspection
Select an entry’s checkbox to select a specific entry. Otherwise, select the checkbox in the table heading row to select all entries. Delete Click this to remove the selected entries. Cancel Click this to clear the Delete checkboxes above. CX4800-56F User’s Guide...
Page 413: Arp Inspection Vlan Status
Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click SECURITY > IPv4 Source Guard > ARP Inspection > ARP Insp. Log Status. CX4800-56F User’s Guide...
Page 414: Arp Inspection Setup
Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click SECURITY > IPv4 Source Guard > ARP Inspection > ARP Insp. Setup. CX4800-56F User’s Guide...
Page 415 Four invalid ARP packets per second, Syslog Rate is 5, Log Interval is 1: the Switch sends 4 syslog messages every second. • Six invalid ARP packets per second, Syslog Rate is 5, Log Interval is 2: the Switch sends 5 syslog messages every 2 seconds. CX4800-56F User’s Guide...
Page 416: Arp Inspection Port Setup
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 417: Arp Inspection Vlan Setup
ARP packets from each VLAN. To open this screen, click SECURITY > IPv4 Source Guard > ARP Inspection > ARP Insp. VLAN Setup. Figure 287 SECURITY > IPv4 Source Guard > ARP Inspection > ARP Insp. VLAN Setup CX4800-56F User’s Guide...
Page 418: Technical Reference
In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following: CX4800-56F User’s Guide...
Page 419: Configuring Arp Inspection
ARP inspection so that the Switch has enough time to build the binding table. Enable ARP inspection on each VLAN. Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. CX4800-56F User’s Guide...
Page 420: Port Authentication
425) to enable and assign a guest VLAN to a port. • Use the Compound Authentication screen (Section 63.5 on page 427) to allow network access for clients that pass either IEEE 802.1x authentication OR MAC authentication, or pass both IEEE 802.1x authentication AND MAC authentication. CX4800-56F User’s Guide...
Page 421: What You Need To Know
Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. CX4800-56F User’s Guide...
Page 422: Activate Ieee 802.1X Security
63.2 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. Click SECURITY > Port Authentication > 802.1x > 802.1x to display the configuration screen as shown. Figure 291 SECURITY > Port Authentication > 802.1x > 802.1x CX4800-56F User’s Guide...
Page 423: Activate Mac Authentication
Click Cancel to begin configuring this screen afresh. 63.3 Activate MAC Authentication Use this screen to activate MAC authentication. Click SECURITY > Port Authentication > MAC Authentication > MAC Authentication to display the configuration screen as shown. CX4800-56F User’s Guide...
Page 424 Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters except [ ? ], [ | ], [ ' ], [ " ], or [ , ]. CX4800-56F User’s Guide...
Page 425: Guest Vlan
That is, unauthenticated users can have access to limited network resources in the same guest VLAN, such as the Internet. The access granted to the Guest VLAN depends on how the network administrator configures switches or routers with the guest network feature. CX4800-56F User’s Guide...
Page 426 Changes in this row are copied to all the ports as soon as you make them. Active Select this checkbox to enable the guest VLAN feature on this port. Clients that fail authentication are placed in the guest VLAN and can receive limited services. CX4800-56F User’s Guide...
Page 427: Compound Authentication
Switch along with a password configured specifically for MAC authentication on the Switch. Click SECURITY > Port Authentication > Compound Authentication Mode > Compound Authentication Mode to display the configuration screen as shown. CX4800-56F User’s Guide...
Page 428: Technical Reference
Cancel Click Cancel to begin configuring this screen afresh. 63.6 Technical Reference This section provides technical background information on the topics discussed in this chapter. CX4800-56F User’s Guide...
Page 429: Ieee 802.1X
Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The switch sends a proper response from the user and then sends another Access-Request message. CX4800-56F User’s Guide...
Page 430: Eap (Extensible Authentication Protocol) Authentication
The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement CX4800-56F User’s Guide...
Page 431: Eapol (Eap Over Lan)
• EAPOL-Logoff This message will be sent when the wired client wants to be disconnected from the network. • EAPOL-Encapsulated-ASF-Alert This message is sent If the authentication process is not completed yet, and alerts needs to be forwarded. CX4800-56F User’s Guide...
Page 432: Port Security
By default, MAC address learning is still enabled even though the port security is not activated. 64.3 Port Security Setup Click SECURITY > Port Security > Port Security in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 433 Use this row only if you want to make some of the settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 434: Vlan Mac Address Limit
This is the maximum number of MAC addresses which a port can learn in a VLAN. Add/Edit Click Add/Edit to add a new entry or edit a selected one. Delete Click Delete to remove the selected entries. CX4800-56F User’s Guide...
Page 435: Vlan Mac Address Limit
SYSTEM > Switch Setup screen. The valid range is from “0” to “32K”. “0” means this feature is disabled. Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 436: Maintenance
463) to regenerate the Switch's SSH host key. You may want to do this to change the factory default SSH host key. • Use the Tech-Support screen (Section 65.19 on page 463) to create reports for customer support if there are problems with the Switch. CX4800-56F User’s Guide...
Page 437: Certificates
This field displays the date that the certificate expires. Select an entry’s checkbox to select a specific entry. Delete Click this button to delete the certificate (or certification request). You cannot delete a certificate that one or more features is configured to use. CX4800-56F User’s Guide...
Page 438: Install Certificates
This section provides technical background information on the topics discussed in this chapter. 65.3.1 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. CX4800-56F User’s Guide...
Page 439: Filename Conventions
Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. 65.3.3 FTP Command Line Procedure Launch the FTP client on your computer. CX4800-56F User’s Guide...
Page 440: Gui-Based Ftp Clients
• The IP addresses in the SECURITY > Access Control > Remote Management > Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. CX4800-56F User’s Guide...
Page 441: Cluster Management Overview
Use this screen to view the role of the Switch within the cluster and to access a cluster member Switch’s Web Configurator. Click MAINTENANCE > Cluster Management > Cluster Management Status in the navigation panel to display the following screen. CX4800-56F User’s Guide...
Page 442: Clustering Management Setup
Offline (the Switch is disconnected – Offline shows approximately 1.5 minutes after the link between cluster member and manager goes down) 65.6 Clustering Management Setup Use this screen to configure clustering management. Click MAINTENANCE > Cluster Management > Cluster Management Setup to display the next screen. CX4800-56F User’s Guide...
Page 443 This is the cluster member switch’s System Name. Model This is the cluster member switch’s model name. Click the Add/Edit button to open the Add/Edit screen. Use this screen to configure a clustering candidate for the Switch. CX4800-56F User’s Guide...
Page 444: Technical Reference
Index hyperlink from the list of members to go to that cluster member switch's Web Configurator home page. This cluster member Web Configurator home page and the home page that you would see if you accessed it directly are different. CX4800-56F User’s Guide...
Page 445: Uploading Firmware To A Cluster Member Switch
297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 470ACAQ0.bin fw-00-a0-c5-01-23-46 200 Port command okay 150 Opening data connection for STOR fw-00-a0-c5-01-23-46 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> CX4800-56F User’s Guide...
Page 446: Restore Configuration
Backing up your Switch configurations allows you to create various “snap shots” of your device from which you may restore at a later date. Use this screen to back up your current Switch configuration to a computer. CX4800-56F User’s Guide...
Page 447: Auto Configuration
Switch using the DHCP or HTTPS mode. This will overwrite the running configuration stored in the Switch’s RAM instead of the startup configuration stored in the Switch’s flash memory. To access this screen, click MAINTENANCE > Configuration > Auto Configuration > Auto Configuration in the navigation panel. CX4800-56F User’s Guide...
Page 448 Select HTTPS to have the Switch use the URL you specified in the HTTPS URL field to access a web server and download the auto configuration file using HTTPS. DHCP VLAN ID Enter the VLAN ID of the DHCP server that assigns the TFTP server IP address and auto configuration file name to the Switch. CX4800-56F User’s Guide...
Page 449: Erase Running-Configuration
Switch IP address (192.168.1.1 or DHCP-assigned IP). 65.12 Save Configuration To access this screen, click MAINTENANCE > Configuration > Save Configuration > Save Configuration in the navigation panel. CX4800-56F User’s Guide...
Page 450: Configure Clone
65.13 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click MAINTENANCE > Configuration > Configure Clone > Configure Clone to open the following screen. CX4800-56F User’s Guide...
Page 451 Otherwise, select the SYSTEM checkbox in the table heading row to select all features for a category. PORT Select which port features (you configured in the PORT menus) should be copied to the destination ports. Otherwise, select the PORT checkbox in the table heading row to select all features for a category. CX4800-56F User’s Guide...
Page 452: Diagnostic
Click MAINTENANCE > Diagnostic > Diagnostic in the navigation panel to open this screen. Use this screen to ping IP addresses, run a traceroute, perform port tests or show the Switch’s location between devices. Figure 315 MAINTENANCE > Diagnostic > Diagnostic CX4800-56F User’s Guide...
Page 453: Firmware Upgrade
The default time interval is 30 minutes. Click Stop to have the Switch terminate the blinking locater LED. 65.15 Firmware Upgrade You can upgrade the Switch’s firmware through Web Configurator or NCC. CX4800-56F User’s Guide...
Page 454 Click the Config Boot Image drop-down list box to select the boot image (Firmware1 or Firmware2) you want the Switch to use when rebooting, click Apply. Restart the Switch (manually or using the MAINTENANCE > Reboot System > Reboot System screen) to apply the firmware image you selected. CX4800-56F User’s Guide...
Page 455: Reboot System
Default configuration when you reboot. Follow the steps below to reboot the Switch. Note: Custom Default is only available in Standalone mode. Click MAINTENANCE > Reboot System > Reboot System to view the screen as shown next. Figure 317 MAINTENANCE > Reboot System > Reboot System CX4800-56F User’s Guide...
Page 456: Ssh Authorized Keys
Click MAINTENANCE > SSH Authorized Keys > SSH Authorized Keys to open the following screen. Use this screen to import the client computer’s public key into the Switch. Figure 319 MAINTENANCE > SSH Authorized Keys > SSH Authorized Keys CX4800-56F User’s Guide...
Page 457: Generate The Ssh Authorized Keys
Enter 2048 in the Number of bits in a generated key. SSH keys with encryption lower than 2048 are considered insecure. Then click Generate. Move the mouse back and forth over the blank area to complete the key generation. CX4800-56F User’s Guide...
Page 458 Run PuTTY for SSH Connections on Windows for more information. Click Save public key and Save private key to save the generated keys in your computer. Copy the text on the generated public key into a text editor app like Notepad. CX4800-56F User’s Guide...
Page 459 To use PuTTY to connect to the Switch through SSH, the following are the steps at the time of writing: Run PuTTY. In the Session screen, enter the IP address of the Switch and “22” for the Port. Select SSH for the Connection type. CX4800-56F User’s Guide...
Page 460 Chapter 65 MAINTENANCE In the Data screen, enter admin for Auto-login username. The Switch only supports the admin login for the SSH-authorized key. In the Credentials screen, click Browse to locate the generated private key. CX4800-56F User’s Guide...
Page 461 In the Session screen, you can save the PuTTY configuration by entering a name (for example, “Sample”) in the Saved Sessions, then click Save. Click Open to start the SSH connection. Enter the Passphrase for key if you configured the Key passphrase in step of using the PuTTY Key Generator. CX4800-56F User’s Guide...
Page 462 UserA@UbuntuClient:~$ ls –all .ssh/ ..-rw------- 1 UserA UserA 1831 Mar 25 09:46 id_rsa -rw-r--r-- 1 UserA UserA 408 Mar 25 09:46 id_rsa.pub ..“id_rsa” is the private key and “id_rsa.pub” is the public key generated in Ubuntu. CX4800-56F User’s Guide...
Page 463: Ssh Host Keys
Mbuf (Memory Buffer) log and crash reports for issue analysis by customer support should you have difficulty with your Switch. The Tech Support menu eases your effort in obtaining reports and it is also available in CLI command by entering the “Show tech-support” command. CX4800-56F User’s Guide...
Page 464 Click Download to see the CPU history log report. The 7-days log is stored in RAM and you will need to save it, otherwise it will be lost when the Switch is shutdown or during power outage. CX4800-56F User’s Guide...
Page 465: Tech-Support Download
When you click Download to save your current Switch configuration to a computer, the following screen appears. When the log report has downloaded successfully, click Back to return to the previous screen. Figure 323 MAINTENANCE > Tech-Support > Tech-Support: Download CX4800-56F User’s Guide...
Page 466: Networked Av Mode
Use the SUMMARY screen to see the Switch’s front panel port status, connected ports information, networked AV information, Nebula Cloud Control status, and a link to go to the IP Setup screen (Section 66.11 on page 476). The SUMMARY screen displays when you log into the Switch in Networked AV mode. CX4800-56F User’s Guide...
Page 467 Chapter 66 Networked AV Mode Figure 326 Summary CX4800-56F User’s Guide...
Page 468 Group-Specific Query (GSQ) message to determine whether other hosts connected to the port should remain in the specific multicast group. The Switch forwards the query message to all hosts connected to the port and waits for IGMP reports from hosts to update the forwarding table for this port. CX4800-56F User’s Guide...
Page 469: Monitor
In the navigation panel, click MONITOR > System Information > System Information to display the screen as shown. Use this screen to view general system information. You can check the firmware version number and monitor the Switch temperature. CX4800-56F User’s Guide...
Page 470 CPU utilization quantifies how busy the system is. Current (%) displays the current percentage of Current (%) CPU utilization. Memory Utilization Memory utilization shows how much DRAM memory is available and in use. It also displays the current percentage of memory utilization. CX4800-56F User’s Guide...
Page 471 Absent is displayed when there is no power module connected to the Switch. Error indicates that this power module is functioning below the power requirement. Or, the fan in this power module is not working. CX4800-56F User’s Guide...
Page 472: System
• It is connected to the Internet. • The Nebula Control Center Discovery feature is enabled. • It has been registered in the NCC. Click SYSTEM > Cloud Management > Cloud Management in the navigation panel to display this screen. CX4800-56F User’s Guide...
Page 473 Chapter 66 Networked AV Mode Figure 328 SYSTEM > Cloud Management > Cloud Management CX4800-56F User’s Guide...
Page 474: General Setup
Switch on NCC. 66.10 General Setup Use this screen to configure general settings such as the system name and time. Click SYSTEM > General Setup > General Setup in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 475 Enter the IPv4 address or domain name of your time server. The Switch searches for the first, then the second, then the third time server for around 60 seconds. Time Server Sync Enter the period in minutes between each time server synchronization. The Switch checks the Interval time server after every synchronization interval. CX4800-56F User’s Guide...
Page 476: Ip Setup
Note: The Switch allows you to set a static IP interface in the same subnet that already has a DHCP-assigned IP interface on the Switch. The Switch will use the static IP you set and the DHCP-assigned IP will be set to 0.0.0.0. CX4800-56F User’s Guide...
Page 477: Add/Edit Ip Interfaces
Note: Deleting all IP subnets locks you out of the Switch. 66.11.1 Add/Edit IP Interfaces Use this screen to add or edit IP interfaces. Click Add/Edit, or select an entry and click Add/Edit in the SYSTEM > IP Setup > IP Setup screen to display this screen. CX4800-56F User’s Guide...
Page 478: Logins
• A non-administrator (user name is something other than admin) is someone who can view and/or configure Switch settings. The configuration right varies depending on the user’s privilege level. Click SYSTEM > Logins to view the screen as shown. CX4800-56F User’s Guide...
Page 479 • [ ? ], [ | ], [ ' ], [ " ], [ , ], [ [ ], [ ] ] and space are not allowed Retype to Retype your new system password for confirmation. confirm CX4800-56F User’s Guide...
Page 480: Configure Snmp
Switch into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. CX4800-56F User’s Guide...
Page 481 Click SYSTEM> SNMP > SNMP to view the screen as shown. Figure 334 SYSTEM > SNMP > SNMP Note: The string of any field in this screen should not contain [ ? ], [ | ], [ ' ], [ " ], or [ , ]. CX4800-56F User’s Guide...
Page 482: Configure Snmp User
Use this screen to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups. An SNMP user is an SNMP manager. Click SYSTEM > SNMP > SNMP User to view the screen as shown. CX4800-56F User’s Guide...
Page 483: Add/Edit Snmp User
Add/Edit in the SYSTEM > SNMP > SNMP User screen to view this screen. Note: Use the user name and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager. Figure 336 SYSTEM > SNMP > SNMP User > Add/Edit CX4800-56F User’s Guide...
Page 484: Configure Snmp Trap Group
66.15 Configure SNMP Trap Group Use this screen to specify the types of SNMP traps that should be sent to each SNMP manager. Click SYSTEM > SNMP > SNMP Trap Group to view the screen as shown. CX4800-56F User’s Guide...
Page 485: Enable Or Disable Sending Of Snmp Traps On A Port
66.16 Enable or Disable Sending of SNMP Traps on a Port Click SYSTEM > SNMP > SNMP Trap Port to view the screen as shown. Use this screen to set whether a trap received on the ports would be sent to the SNMP manager. CX4800-56F User’s Guide...
Page 486: Port
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 66.17 PORT The following sections introduce the PORT screens. CX4800-56F User’s Guide...
Page 487: Link Aggregation
Use the Link Aggregation Status screen to view ports you have configured to be in the trunk group, ports that are currently transmitting data as one logical link in the trunk group and so on. Click PORT > Link Aggregation > Link Aggregation Status in the navigation panel to display the screen as shown. CX4800-56F User’s Guide...
Page 488 This field displays how these ports were added to the trunk group. It displays: • Static – if the ports are configured as static members of a trunk group. • LACP – if the ports are configured to join a trunk group through LACP. CX4800-56F User’s Guide...
Page 489: Link Aggregation Setting
This is the only screen you need to configure to enable static link aggregation. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this to activate a trunk group. CX4800-56F User’s Guide...
Page 490: Link Aggregation Control Protocol
“standby” ports become operational without user intervention. Click PORT > Link Aggregation > Link Aggregation Control Protocol to display the screen shown next. Note: Do NOT configure this screen unless you want to enable dynamic link aggregation. CX4800-56F User’s Guide...
Page 491 The field identifies the link aggregation group, that is, one logical link containing multiple ports. LACP Active Select this option to enable LACP for a trunk. Use this section to configure LACP timeout on ports. Port This field displays the port number. CX4800-56F User’s Guide...
Page 492: Port Setup
66.22 Port Setup Use this screen to configure Switch port settings. Click PORT > Port Setup > Port Setup in the navigation panel to display the configuration screen. Figure 343 PORT > Port Setup > Port Setup CX4800-56F User’s Guide...
Page 493 Alternatively, select None when you do not need to set the FEC type. Make sure to set the correct Speed/Duplex on this screen. 802.1p Priority This priority value is added to incoming frames without a (802.1p) tag. CX4800-56F User’s Guide...
Page 494: Switching
In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going. Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected ports. Click SWITCHING > Diffserv > Diffserv to display the screen as shown. CX4800-56F User’s Guide...
Page 495: Dscp-To-Ieee 802.1P Priority Settings
The following table shows the default DSCP-to-IEEE802.1p mapping. Table 265 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0 – 7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE 802.1p CX4800-56F User’s Guide...
Page 496: Port Mirroring
Click SWITCHING > Mirroring > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. CX4800-56F User’s Guide...
Page 497 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. CX4800-56F User’s Guide...
Page 498: Multicast
This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. CX4800-56F User’s Guide...
Page 499: Igmp Snooping
Enable the switch button to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Querier Select this to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached. CX4800-56F User’s Guide...
Page 500 IGMP query port on the specified VLANs. Use a dash to specify consecutive VLANs and a comma (no spaces) to specify non-consecutive VLANs. For example, 51–53 includes 51, 52 and 53, but 51,53 does not include 52. CX4800-56F User’s Guide...
Page 501 Max Group Enter the number of multicast groups this port is allowed to join. Once a port is registered in the Number specified number of multicast groups, any new IGMP join report frames is dropped on this port. CX4800-56F User’s Guide...
Page 502: Igmp Snooping Vlan
VLANs other than those explicitly added as an IGMP snooping VLAN. Click SWITCHING > Multicast > IPv4 Multicast > IGMP Snooping VLAN to display the screen as shown. Note: You can perform IGMP snooping on up to 16 VLANs. CX4800-56F User’s Guide...
Page 503: Add/Edit Igmp Snooping Vlans
Click Add/Edit to create a new entry or edit a selected one. Delete Click Delete to remove the selected entries. 66.30.1 Add/Edit IGMP Snooping VLANs This screen allows you to add an IGMP snooping VLAN or edit an existing one. CX4800-56F User’s Guide...
Page 504: Igmp Filtering Profile
Each port can be assigned a single profile. A profile can be assigned to multiple ports. Click SWITCHING > Multicast > IPv4 Multicast > IGMP Filtering Profile link to display the screen as shown. Figure 351 SWITCHING > Multicast > IPv4 Multicast > IGMP Filtering Profile CX4800-56F User’s Guide...
Page 505: Add Igmp Filtering Profile
Clear Click Clear to clear the fields to the factory defaults. Cancel Click Cancel to not save the configuration you make and return to the last screen. CX4800-56F User’s Guide...
Page 506: Add Igmp Filtering Rule
Click SWITCHING > Multicast > Static Multicast Forwarding By MAC > Static Multicast Forwarding By MAC to display the screen as shown next. Figure 354 SWITCHING > Multicast > Static Multicast Forwarding By MAC > Static Multicast Forwarding By CX4800-56F User’s Guide...
Page 507: Vlan
514) to configure the static VLAN (IEEE 802.1Q) settings on a port. 66.33.2 What You Need to Know Read this section to know more about VLAN and how to configure the screens. Figure 355 Shared Server Using VLAN Example CX4800-56F User’s Guide...
Page 508: Ieee 802.1Q Tagged Vlans
VID (except the ingress port itself), thus confining the broadcast to a specific domain. 66.33.2.1 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. CX4800-56F User’s Guide...
Page 509 VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are CX4800-56F User’s Guide...
Page 510: Vlan Status
This fields shows the descriptive name of the VLAN. Tagged Port This field shows the tagged ports that are participating in the VLAN. Untagged Port This field shows the untagged ports that are participating in the VLAN. CX4800-56F User’s Guide...
Page 511: Vlan Details
• sent to a VLAN group as normal depending on its VLAN tag. • sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. CX4800-56F User’s Guide...
Page 512: Add/Edit A Static Vlan
66.35.1 Add/Edit a Static VLAN Use this screen to configure a static VLAN for the Switch. Click Add/Edit, or select an entry and click Add/Edit in the SWITCHING > VLAN > Static VLAN screen to display this screen. CX4800-56F User’s Guide...
Page 513 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 514: Vlan Port Setup
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CX4800-56F User’s Guide...
Page 515: Security
A console port access control session and Telnet access control session cannot coexist when multi-login is disabled. See the CLI Reference Guide for more information on disabling multi-login. This section describes how to control access to the Switch. CX4800-56F User’s Guide...
Page 516: What You Can Do
Enter how many minutes (from 1 to 255) a management session can be left idle before the session times out. After it times out you have to log in with your password again. Very long idle timeouts may have security risks. CX4800-56F User’s Guide...
Page 517: Remote Management
Use this screen to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click SECURITY > Access Control > Remote Management to view the screen as shown next. CX4800-56F User’s Guide...
Page 518 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. CX4800-56F User’s Guide...
Page 519: Storm Control
Select this option and specify how many broadcast packets the port receives per second. Multicast (pkt/s) Select this option and specify how many multicast packets the port receives per second. DLF (pkt/s) Select this option and specify how many destination lookup failure (DLF) packets the port receives per second. CX4800-56F User’s Guide...
Page 520: Maintenance
Click MAINTENANCE > Configuration > Restore Configuration > Restore Configuration to access this screen. Figure 366 MAINTENANCE > Configuration > Restore Configuration > Restore Configuration Click Choose File or Browse to locate the configuration file you wish to restore. After you have specified the file, click Restore. CX4800-56F User’s Guide...
Page 521: Backup Configuration
File name list box. Click Save to save the configuration file to your computer. 66.46 Save Configuration To access this screen, click MAINTENANCE > Configuration > Save Configuration > Save Configuration in the navigation panel. CX4800-56F User’s Guide...
Page 522: Firmware Upgrade
Figure 370 MAINTENANCE > Firmware Upgrade > Firmware Upgrade Click Choose File or Browse to locate the firmware file you wish to upload to the Switch. Firmware upgrades are only applied after a reboot. Click Upgrade to load the new firmware. CX4800-56F User’s Guide...
Page 523: Reboot System
Figure 372 Reboot Confirmation Example: Factory Default Click YES and then wait for the Switch to restart. This takes up to 2 minutes. Click Current Configuration and follow steps 1 to 2 to reboot and load configuration one on the Switch. CX4800-56F User’s Guide...
Page 524: Tech-Support
When you click Download to save your current Switch configuration to a computer, the following screen appears. When the log report has downloaded successfully, click Back to return to the previous screen. Figure 374 MAINTENANCE > Tech-Support > Tech-Support: Download CX4800-56F User’s Guide...
Page 525: Troubleshooting And Appendices
Troubleshooting and Appendices...
Page 526: Troubleshooting
Inspect your cables for damage. Contact the vendor to replace any damaged cables. Disconnect and re-connect the power adapter or cord to the Switch (in AC models or if the AC power supply is connected in AC/DC models). If the problem continues, contact the vendor. CX4800-56F User’s Guide...
Page 527: Switch Access And Login
Nebula). Note: When your computer is directly connected to the Switch, you can always use the domain name setup.zyxel to access the Web Configurator. This requires your computer to be able to connect to a DNS server. CX4800-56F User’s Guide...
Page 528 • Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HTTP. Pop-up Windows, JavaScripts and Java Permissions CX4800-56F User’s Guide...
Page 529: Switch Configuration
Make sure you save your configuration into the Switch’s non-volatile memory each time you make changes. Click Save at the top right of the Web Configurator to save the configuration permanently. See also Section 65.12 on page 449 more information about how to save your configuration. CX4800-56F User’s Guide...
Page 530 Account, click Create account and create an account. • If you already have an account but cannot login, click Forgot Password to reset the password. Some features I set using the NCC do not work as expected. CX4800-56F User’s Guide...
Page 531: Nebula Registration
LEDs on page 46 for more information on LED behavior. This means the Switch is operating in standalone mode. Nebula Control Center Discovery is disabled in SYSTEM > Cloud Management > Nebula Control Center Discovery in the Web Configurator. CX4800-56F User’s Guide...
Page 532: Appendix A Customer Support
• Date that you received your device. • Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications (Taiwan) Co., Ltd. • https://www.zyxel.com Asia China • Zyxel Communications Corporation–China Office •...
Page 533 • https://www.zyxel.com/global/en Philippines • Zyxel Communications Corp. • https://www.zyxel.com/global/en Singapore • Zyxel Communications Corp. • https://www.zyxel.com/global/en Taiwan • Zyxel Communications (Taiwan) Co., Ltd. • https://www.zyxel.com/tw/zh Thailand • Zyxel Thailand Co., Ltd. • https://www.zyxel.com/th/th Vietnam • Zyxel Communications Corporation–Vietnam Office • https://www.zyxel.com/vn/vi...
Page 534 Appendix A Customer Support • https://www.zyxel.com/bg/bg Czech Republic • Zyxel Communications Czech s.r.o. • https://www.zyxel.com/cz/cs Denmark • Zyxel Communications A/S • https://www.zyxel.com/dk/da Finland • Zyxel Communications • https://www.zyxel.com/fi/fi France • Zyxel France • https://www.zyxel.com/fr/fr Germany • Zyxel Deutschland GmbH. • https://www.zyxel.com/de/de Hungary •...
Page 535 • Zyxel Communications A/S • https://www.zyxel.com/se/sv Switzerland • Studerus AG • https://www.zyxel.com/ch/de-ch • https://www.zyxel.com/fr/fr Turkey • Zyxel Turkey A.S. • https://www.zyxel.com/tr/tr • Zyxel Communications UK Ltd. • https://www.zyxel.com/uk/en-gb Ukraine • Zyxel Ukraine • https://www.zyxel.com/ua/uk-ua South America Argentina • Zyxel Communications Corp. • https://www.zyxel.com/co/es-co Brazil •...
Page 536 • https://www.zyxel.com/co/es-co Ecuador • Zyxel Communications Corp. • https://www.zyxel.com/co/es-co South America • Zyxel Communications Corp. • https://www.zyxel.com/co/es-co Middle East Israel • Zyxel Communications Corp. • https://il.zyxel.com North America • Zyxel Communications, Inc. – North America Headquarters • https://www.zyxel.com/us/en-us CX4800-56F User’s Guide...
Page 537: Appendix B Common Services
File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by email. H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol – a client or server protocol for the world wide web. CX4800-56F User’s Guide...
Page 538 Simple Mail Transfer Protocol is the message- exchange standard for the Internet. SMTP enables you to move messages from one email server to another. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). CX4800-56F User’s Guide...
Page 539 Its primary function is to allow users to log into remote host systems. TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. CX4800-56F User’s Guide...
Page 540: Link-Local Address
10 bits 54 bits 64 bits Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. CX4800-56F User’s Guide...
Page 541: Loopback Address
The following table describes the multicast addresses which are reserved and cannot be assigned to a multicast group. Table 291 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 CX4800-56F User’s Guide...
Page 542 IA_NA were obtained) a Renew message. If the time T2 is reached and the server does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the CX4800-56F User’s Guide...
Page 543: Dhcp Relay Agent
(from the host) with a neighbor advertisement message. • Neighbor advertisement: A response from a node to announce its link-layer address. • Router solicitation: A request from a host to locate a router that can act as the default router and CX4800-56F User’s Guide...
Page 544: Ipv6 Cache
Done message to the router or switch. The router or switch then sends a group-specific query to the port on which the Done message is received to determine if other devices connected to this port should remain in the group. CX4800-56F User’s Guide...
Page 545 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 CX4800-56F User’s Guide...
Page 546 On the left side of the Network & Internet, select Ethernet. Then select the Ethernet network you are connected to. Under IP assignment, select Edit. Under Edit IP settings, select Automatic (DHCP) or Manual. Then click Save. CX4800-56F User’s Guide...
Page 547 • When you select Automatic (DHCP), the IP address settings and DNS server address setting are set automatically by your router. • When you select Manual, you can manually set your IP address settings and DNS server address. Now your computer can obtain an IPv6 address from a DHCPv6 server. CX4800-56F User’s Guide...
Page 548: Appendix D Importing A Certificate
The Importing process is quite similar between Google Chrome and Microsoft Edge. The following procedures in Google Chrome can apply the same way in Microsoft Edge. Open the Google Chrome browser. Click the three dots on the upper right. Then choose Settings. CX4800-56F User’s Guide...
Page 549 Appendix D Importing a Certificate In Google Chrome, click Privacy and security > Security > Manage certificates. In Microsoft Edge, click Privacy, search, and services > Manage certificates. CX4800-56F User’s Guide...
Page 550 Appendix D Importing a Certificate Select the Trusted Root Certification Authorities tab and click Import. The Certificate Import Wizard screen appears. Click Next to continue. Click Browse to select a certificate already saved in your computer and click Next to continue. CX4800-56F User’s Guide...
Page 551 CA certificate or a personal certificate, and install it into the appropriate certificate store. The other option is Place all certificates in the following store. With this option, you can choose the desired folder for the certificate store. After selection, click Next. CX4800-56F User’s Guide...
Page 552 Appendix D Importing a Certificate A security warning message appears, click Yes to continue. Click Finish to exit the wizard. CX4800-56F User’s Guide...
Page 553 Remove a Certificate in Google Chrome and Microsoft Edge This section shows you how to remove a public key certificate in Google Chrome and Microsoft Edge on Windows 10. Open your web browser, click the three dots on the upper right, and click Settings. CX4800-56F User’s Guide...
Page 554 Appendix D Importing a Certificate In Google Chrome, click Privacy and security > Security > Manage certificates. In Microsoft Edge, click Privacy, search, and services > Manage certificates. CX4800-56F User’s Guide...
Page 555 The following example uses Mozilla Firefox on Windows 10. You first have to store the certificate in your computer and then install it as a Trusted Root CA. To import a certificate to the Firefox browser, do the following: CX4800-56F User’s Guide...
Page 556 Open the Firefox browser and click the Open application menu icon on the upper right. Then click Settings. Click Privacy & Security. On the Privacy & Security screen, scroll down to locate Certificates and click View Certificates. CX4800-56F User’s Guide...
Page 557 IP address or domain name. Confirm that the client's IP address or domain name aligns with the Common Name on the certificate. If all the information on the certificate is correct, close the certificate screen and click OK. CX4800-56F User’s Guide...
Page 558 To check if the import is successful, click Import to select the same certificate again to see if the alert This certificate is already installed as a certificate authority pops up. Removing a Certificate in Mozilla Firefox This section shows you how to remove a public key certificate in Mozilla Firefox. CX4800-56F User’s Guide...
Page 559 Appendix D Importing a Certificate Open the Firefox browser and click the Open application menu icon on the upper right. Then click Settings. Click Privacy & Security. On the Privacy & Security screen, locate Certificates and click View Certificates. CX4800-56F User’s Guide...
Page 560 In the Certificate Manager screen, click the Authorities tab and select the certificate you want to remove. Then, click Delete or Distrust. On the next screen, click OK. The next time you visit the web site with the public key certificate removed, a certification error will appear. CX4800-56F User’s Guide...
Page 561: Appendix E Legal Information
The following information applies if you use the product within the European Union and United Kingdom. EMC statement WARNING: This equipment is compliant with Class A of EN55032. In a residential environment this equipment may cause radio interference. CX4800-56F User’s Guide...
Page 562: Safety Warnings
Do not put the device in a place that is humid, dusty or has extreme temperatures as these conditions may harm your device. • Please refer to the device back label, datasheet, box specifications or catalog information for the power rating of the device and operating temperature. CX4800-56F User’s Guide...
Page 563: Important Safety Instructions
Symbolen innebär att enligt lokal lagstiftning ska produkten och/eller dess batteri kastas separat från hushållsavfallet. När den här produkten når slutet av sin livslängd ska du ta den till en återvinningsstation. Vid tiden för kasseringen bidrar du till en bättre miljö och mänsklig hälsa genom att göra dig av med den på ett återvinningsställe. CX4800-56F User’s Guide...
Page 564: About The Symbols
Various symbols are used in this product to ensure correct usage, to prevent danger to the user and others, and to prevent property damage. The meaning of these symbols are described below. It is important that you read these descriptions thoroughly and fully understand the contents. CX4800-56F User’s Guide...
Page 565 Register your product online at www.zyxel.com to receive email notices of firmware upgrades and related information. Trademarks The trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. CX4800-56F User’s Guide...
Page 566: Index
446, 521 host threshold binding table status build trusted hosts building applications BPDU (Bridge Protocol Data Units) backbone BPDU guard bridging and Errdisable Recovery fiber uplink port status CX4800-56F User’s Guide...
Page 567 Relay Agent Information format cluster manager DHCP (Dynamic Host Configuration Protocol) DHCP Option 82 Profile screen portal DHCP relay Common and Internal Spanning Tree, see CIST configure tutorial Config 1 DHCP relay agent Config 2 DHCP relay option 82 configuration CX4800-56F User’s Guide...
Page 568 MAC table what it does Filtering screen dual firmware images 454, 522 firmware dust plug upgrade 445, 454, 522 Dynamic Host Configuration Protocol for IPv6 ZyNOS (DHCPv6) Firmware Upgrade screen 454, 522 dynamic link aggregation forwarding delay frames CX4800-56F User’s Guide...
Page 569 IP subnet mask public keys, private keys IP table HTTPS Certificates screen how it works HTTPS example IPv6 addressing enable in Windows 10 enable in Windows 7 EUI-64 global address IANA (Internet Assigned Number Authority) interface ID CX4800-56F User’s Guide...
Page 570 LLDP and ARP inspection basic TLV MAC freeze global settings MAC table local port status display criteria organization-specific TLV how it works status of remote device sorting criteria viewing LLDP (Link Layer Discovery Protocol) MAC-based VLAN LLDP-MED CX4800-56F User’s Guide...
Page 571 32, 466 attaching overview MST Instance, see MSTI Networked AV screen MST region Wizard 62, 67 MSTI NTP (RFC-1305) 134, 475 MSTP bridge ID configuration configuration digest forwarding delay Hello Time Option 82 hello time organization Max Age CX4800-56F User’s Guide...
Page 572 450, 451 port details port mirroring queuing method 242, 244 port redundancy Quick Start Guide steps for registering the Switch Port screen DHCPv4 Global Relay port security address learning limit MAC address learning setup 432, 434 rack-mount CX4800-56F User’s Guide...
Page 573 154, 481 reset protocol operations 154, 481 security 150, 484 security level 149, 483 settings setup 147, 480 traps 151, 484 safety precautions users 149, 150, 482 using the Switch version 3 and security 154, 481 CX4800-56F User’s Guide...
Page 574 127, 471 edge port 260, 264 time forwarding delay current 134, 476 Hello BPDU daylight saving 134, 476 Hello Time 257, 259, 261, 263 format 134, 475 how it works Time (RFC-868) 134, 475 CX4800-56F User’s Guide...
Page 575 280, 509 Vendor Specific Attribute, see VSA VLAN trunking 287, 515 ventilation holes VLAN-unaware devices 143, 282, 283, 303, 477, 478, 510, 511 number of possible VIDs 279, 508 priority frame 279, 508 VID (VLAN Identifier) 279, 508 CX4800-56F User’s Guide...
Page 576 Switch IP address ZON utility use for troubleshooting Zyxel Account sign up Zyxel Account information enter Zyxel AP Configurator (ZAC) Zyxel Discovery Protocol (ZDP) Zyxel Nebula Mobile app Zyxel One Network (ZON) Utility CX4800-56F User’s Guide...