Page 1 ES3500 Series Intelligent L2 switch Version 4.00 Edition 3, 06/2012 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com Copyright © 2012 ZyXEL Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ........................... 17 Getting to Know Your Switch ......................19 Hardware Installation and Connection ..................25 Hardware Overview ........................28 The Web Configurator ........................37 Initial Setup Example .........................47 Tutorials .............................52 Technical Reference ......................77 System Status and Port Statistics ....................79 Basic Setting ..........................84 VLAN ............................99 Static MAC Forward Setup .......................
Page 4 Contents Overview Differentiated Services ......................270 DHCP ............................278 Maintenance ..........................285 Access Control .........................292 Diagnostic ..........................317 Syslog ............................318 Cluster Management ........................321 MAC Table ..........................327 ARP Table ..........................330 Configure Clone ........................332 Troubleshooting ........................335 ES3500 Series User’s Guide...
Page 5: Table Of Contents
Table of Contents Table of Contents Contents Overview ........................3 Table of Contents ........................5 Part I: User’s Guide ................17 Chapter 1 Getting to Know Your Switch....................19 1.1 Introduction ..........................19 1.1.1 Backbone Application ....................19 1.1.2 Bridging Example .......................20 1.1.3 High Performance Switching Example ...............20 1.1.4 IEEE 802.1Q VLAN Application Examples ..............21 1.1.5 IPv6 Support .......................22 1.2 Ways to Manage the Switch ....................22...
Page 6 Table of Contents 4.2 System Login ........................37 4.3 The Web Configurator Layout .....................38 4.3.1 Change Your Password ...................43 4.4 Saving Your Configuration ....................43 4.5 Switch Lockout ........................43 4.6 Resetting the Switch ......................44 4.6.1 Reload the Configuration File ..................44 4.7 Logging Out of the Web Configurator .................45 4.8 Help .............................45 Chapter 5 Initial Setup Example......................
Page 7 Table of Contents 7.1 Overview ..........................79 7.2 Port Status Summary ......................79 7.2.1 Status: Port Details ....................81 Chapter 8 Basic Setting .......................... 84 8.1 Overview ..........................84 8.2 System Information ......................84 8.3 General Setup ........................86 8.4 Introduction to VLANs ......................87 8.4.1 Smart Isolation ......................88 8.5 Switch Setup ........................89 8.6 IP Setup ..........................91...
Page 8 Table of Contents 10.2 Configuring Static MAC Forwarding ................116 Chapter 11 Static Multicast Forward Setup ................... 118 11.1 Static Multicast Forwarding Overview ................118 11.2 Configuring Static Multicast Forwarding ................119 Chapter 12 Filtering..........................122 12.1 Configure a Filtering Rule ....................122 Chapter 13 Spanning Tree Protocol......................
Page 9 Table of Contents Chapter 17 Link Aggregation ........................149 17.1 Link Aggregation Overview .....................149 17.2 Dynamic Link Aggregation ....................149 17.2.1 Link Aggregation ID ....................150 17.3 Link Aggregation Status ....................150 17.4 Link Aggregation Setting ....................152 17.5 Link Aggregation Control Protocol ................154 17.6 Static Trunking Example ....................155 Chapter 18 Port Authentication ......................
Page 10 Table of Contents 22.1 Queuing Method Overview ....................177 22.1.1 Strictly Priority Queuing ..................177 22.1.2 Weighted Fair Queuing ...................177 22.1.3 Weighted Round Robin Scheduling (WRR) ............178 22.2 Configuring Queuing ......................178 Chapter 23 VLAN Stacking ........................180 23.1 VLAN Stacking Overview ....................180 23.1.1 VLAN Stacking Example ..................180 23.2 VLAN Stacking Port Roles ....................181 23.3 VLAN Tag Format ......................182...
Page 11 Table of Contents 25.2.2 TACACS+ Server Setup ..................206 25.2.3 AAA Setup ......................208 25.2.4 Vendor Specific Attribute ..................210 25.2.5 Tunnel Protocol Attribute ..................211 25.3 Supported RADIUS Attributes ..................211 25.3.1 Attributes Used for Authentication ................212 25.3.2 Attributes Used for Accounting ................212 Chapter 26 IP Source Guard........................
Page 12 Table of Contents Chapter 30 sFlow............................246 30.1 sFlow Overview ........................246 30.2 sFlow Port Configuration ....................247 30.2.1 sFlow Collector Configuration .................248 Chapter 31 PPPoE ............................ 250 31.1 PPPoE Intermediate Agent Overview ................250 31.1.1 PPPoE Intermediate Agent Tag Format ..............250 31.1.2 Sub-Option Format ....................250 31.1.3 Port State ........................251 31.2 The PPPoE Screen ......................252 31.3 PPPoE Intermediate Agent .....................252...
Page 13 Table of Contents Chapter 36 Differentiated Services......................270 36.1 DiffServ Overview ......................270 36.1.1 DSCP and Per-Hop Behavior .................270 36.1.2 DiffServ Network Example ..................270 36.2 Two Rate Three Color Marker Traffic Policing ..............271 36.2.1 TRTCM-Color-blind Mode ..................272 36.2.2 TRTCM-Color-aware Mode ..................272 36.3 Activating DiffServ ......................272 36.3.1 Configuring 2-Rate 3 Color Marker Settings ............273 36.3.2 Configuring DSCP Profiles ..................275...
Page 14 Table of Contents Chapter 39 Access Control ........................292 39.1 Access Control Overview .....................292 39.2 The Access Control Main Screen ..................292 39.3 About SNMP ........................292 39.3.1 SNMP v3 and Security ...................293 39.3.2 Supported MIBs .....................294 39.3.3 SNMP Traps ......................294 39.3.4 Configuring SNMP ....................301 39.3.5 Configuring SNMP Trap Group ................302 39.3.6 Configuring SNMP User...
Page 15 Table of Contents 43.1 MAC Table Overview .......................327 43.2 Viewing the MAC Table ....................328 Chapter 44 ARP Table ..........................330 44.1 ARP Table Overview .......................330 44.1.1 How ARP Works .....................330 44.2 The ARP Table Screen ....................331 Chapter 45 Configure Clone........................332 45.1 Configure Clone ......................332 Chapter 46 Troubleshooting........................
Page 16 Table of Contents ES3500 Series User’s Guide...
Page 17: User's Guide
User’s Guide...
Page 19: Getting To Know Your Switch
The Switch is a layer-2 standalone Ethernet switch. There are three models of the Switch. Table 1 Switch models and features MODEL DISTINGUISHING FEATURES ES3500-24 24 10/100 Ethernet ports 4 dual-personality interfaces - 10/100/1000 Mbps Ethernet or 1000 Mbps Fiber.
Page 20: Bridging Example
Chapter 1 Getting to Know Your Switch In this example, all computers can share high-speed applications on the server. To expand the network, simply add more networking devices such as switches, routers, computers, print servers etc. Figure 1 Backbone Application 1.1.2 Bridging Example In this example, the Switch connects different company departments (RD and Sales) to the corporate backbone.
Page 21: Ieee 802.1Q Vlan Application Examples
Chapter 1 Getting to Know Your Switch Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance. The Switch can provide the same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches.
Page 22: Ipv6 Support
Chapter 1 Getting to Know Your Switch Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too.
Page 23: Good Habits For Managing The Switch
Chapter 1 Getting to Know Your Switch • Cluster Management. Cluster Management allows you to manage multiple switches through one switch, called the cluster manager. See Chapter 42 on page 321. 1.3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively.
Page 24 Chapter 1 Getting to Know Your Switch ES3500 Series User’s Guide...
Page 25: Hardware Installation And Connection
The Switch can be placed on a desktop or rack-mounted on a standard EIA rack. Use the rubber feet in a desktop installation and the brackets in a rack-mounted installation. The following table shows how each model can be mounted. Table 2 Installation Scenarios MODEL MOUNTING TYPE ES3500-24 19” rack-mounted ES3500-24HP 19” rack-mounted ES3500-8PD Desktop (rack-mountable) Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch.
Page 26: Rack-Mounted Installation Requirements
Chapter 2 Hardware Installation and Connection 2.3.1 Rack-mounted Installation Requirements • Two mounting brackets. • Eight M3 flat head screws and a #2 Philips screwdriver. • Four M5 flat head screws and a #2 Philips screwdriver. Failure to use the proper screws may damage the unit. 2.3.1.1 Precautions •...
Page 27: Mounting The Switch On A Rack
Chapter 2 Hardware Installation and Connection 2.3.3 Mounting the Switch on a Rack Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack. Figure 7 Mounting the Switch on a Rack (non-desktop models) Figure 8 Mounting the Switch on a Rack (desktop models) Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes...
Page 28: Hardware Overview
This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front and Rear Panels The following figures show the front and rear panels of the Switch. Figure 9 ES3500-24 Front Panel LEDs Dual-personality Interfaces Ethernet Ports...
Page 29 Chapter 3 Hardware Overview Figure 12 ES3500-24HP Rear Panel AC Power Connection Figure 13 ES3500-8PD Front Panel LEDs Dual-personality Interfaces Ethernet Ports PoE In Console Port Figure 14 ES3500-8PD Rear Panel DC Power Connection The following table describes the connectors on the front and rear panels. Table 3 Front and Rear Panel Connections LABEL DESCRIPTION...
Page 30: Console Port
Chapter 3 Hardware Overview 3.1.1 Console Port For local management, you can use a computer with terminal emulation software configured to the following parameters: • VT100 • Terminal emulation • 9600 bps • No parity, 8 data bits, 1 stop bit •...
Page 31: Transceiver Slots
Chapter 3 Hardware Overview 3.1.2.2 Auto-crossover All ports are auto-crossover, that is auto-MDIX ports (Media Dependent Interface Crossover), so you may use either a straight-through Ethernet cable or crossover Ethernet cable for all Gigabit port connections. Auto-crossover ports automatically sense whether they need to function as crossover or straight ports, so crossover cables can connect both computers and switches/hubs.
Page 32 Chapter 3 Hardware Overview Connect the fiber optic cables to the transceiver. Figure 15 Transceiver Installation Example Figure 16 Connecting the Fiber Optic Cables 3.1.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). Remove the fiber optic cables from the transceiver. Open the transceiver’s latch (latch styles vary).
Page 33: Power Connector
Switch and then connect the power adaptor to a power outlet. 3.2 LEDs After you connect the power to the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting. Table 4 ES3500-24 LED Descriptions COLOR STATUS DESCRIPTION Green The system is turned on.
Page 34 Chapter 3 Hardware Overview Table 4 ES3500-24 LED Descriptions (continued) COLOR STATUS DESCRIPTION LNK/ACT Green Blinking The system is transmitting/receiving to/from a 1000 Mbps Ethernet network. The link to a 1000 Mbps Ethernet network is up. Amber Blinking The system is transmitting/receiving to/from a 10 Mbps or a 100 Mbps Ethernet network.
Page 35 Chapter 3 Hardware Overview Table 5 ES3500-24HP LED Descriptions (continued) COLOR STATUS DESCRIPTION LNK/ACT Green Blinking The system is transmitting/receiving to/from a 10/1000 Mbps Ethernet network. The link to a 10/1000 Mbps Ethernet network is up. Amber Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network.
Page 36 Chapter 3 Hardware Overview ES3500 Series User’s Guide...
Page 37: The Web Configurator
H A PT ER The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Firefox 2.0 and later versions.
Page 38: The Web Configurator Layout
Chapter 4 The Web Configurator The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. Figure 20 Web Configurator: Login Click OK to view the first web configurator screen.
Page 39 Chapter 4 The Web Configurator The following figure shows the navigating components of a web configurator screen. Figure 21 The Web Configurator Layout A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.
Page 40 Chapter 4 The Web Configurator In the navigation panel, click a main link to reveal a list of submenu links. Table 7 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION Note: Only the ES3500-24HP has a PoE menu. Note: Only the ES3500-8PD has a Green Ethernet menu.
Page 41 Chapter 4 The Web Configurator Table 8 Navigation Panel Links (continued) LINK DESCRIPTION This link takes you to a screen where you can configure the Switch to supply power over Ethernet. Advanced Application VLAN This link takes you to screens where you can configure port-based or 802.1Q VLAN (depending on what you configured in the Switch Setup menu).
Page 42 Chapter 4 The Web Configurator Table 8 Navigation Panel Links (continued) LINK DESCRIPTION sFlow This link takes you to screens where you can configure sFlow settings on the Switch. PPPoE This link takes you to screens where you can configure how the Switch gives a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client.
Page 43: Change Your Password
Chapter 4 The Web Configurator 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 22 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory.
Page 44: Resetting The Switch
Chapter 4 The Web Configurator Disable all ports. Misconfigure the text configuration file. Forget the password and/or IP address. Prevent all services from accessing the Switch. Change a service port number but forget it. Note: Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch.
Page 45: Logging Out Of The Web Configurator
Chapter 4 The Web Configurator After a configuration file upload, type atgo to restart the Switch. Figure 23 Resetting the Switch: Via the Console Port Bootbase Version: V1.05 | 03/02/2011 09:42:05 RAM: Size = 65536 Kbytes DRAM POST: Testing: 65536K FLASH: AMD 128M *1 ZyNOS Version: ES3500-24_4.00(AABR.0) | 11/01/2011 14:14:51 Press any key to enter debug mode within 3 seconds.
Page 46 Chapter 4 The Web Configurator ES3500 Series User’s Guide...
Page 47: Initial Setup Example
H A PT ER Initial Setup Example This chapter shows how to set up the Switch for an example network. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID •...
Page 48 Chapter 5 Initial Setup Example Click Advanced Application > VLAN in the navigation panel and click the Static VLAN link. In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID.
Page 49: Setting Port Vid
Chapter 5 Initial Setup Example Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. 5.1.2 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.
Page 50: Configuring Switch Management Ip Address
Chapter 5 Initial Setup Example 5.2 Configuring Switch Management IP Address The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. Figure 27 Initial Setup Example: Management IP Address Connect your computer to the Switch’s port which is not in VLAN 2.
Page 51 Chapter 5 Initial Setup Example For the VLAN2 network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask. In the VID field, enter the ID of the VLAN group to which you want this management IP address to belong.
Page 52: Tutorials
H A PT ER Tutorials This chapter provides some examples of using the web configurator to set up and use the Switch. The tutorials include: • How to Use DHCP Snooping on the Switch • How to Use DHCP Relay on the Switch •...
Page 53 Chapter 6 Tutorials Go to Advanced Application > VLAN > Static VLAN, and create a VLAN with ID of 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add.
Page 54 Chapter 6 Tutorials Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Click the Port link at the top right corner. The DHCP Snooping Port Configure screen appears. Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5.
Page 55: How To Use Dhcp Relay On The Switch
Chapter 6 Tutorials Go to Advanced Application > IP Source Guard > DHCP snooping > Configure > VLAN, show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply. Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen. If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry.
Page 56: Dhcp Relay Tutorial Introduction
Chapter 6 Tutorials 6.2.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) and gateway information to DHCP client A based on the system name, VLAN ID and port number in the DHCP request.
Page 57 Chapter 6 Tutorials Click Advanced Application > VLAN > Static VLAN. In the Static VLAN screen, select ACTIVE, enter a descriptive name (VALN 102 for example) in the Name field and enter 102 in the VLAN Group ID field. Select Fixed to configure port 2 to be a permanent member of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.
Page 58: Configuring Dhcp Relay
Chapter 6 Tutorials Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently.
Page 59: Troubleshooting
Chapter 6 Tutorials Click Apply to save your changes back to the run-time memory. Click the Save link in the upper right corner of the web configurator to save your configuration permanently. The DHCP server can then assign a specific IP address based on the DHCP request. 6.2.4 Troubleshooting Check the client A’s IP address.
Page 60: Configuring Switch A
Chapter 6 Tutorials Switch B is connected to switch A. In this way, PPPoE server S can identify subscriber C and may apply different settings to it. Port 12 - Trusted Port 11 - Trusted Port 12 - Trusted Port 5 - Untrusted Note: For related information about PPPoE IA, see Section 31.3 on page 252.
Page 61 Chapter 6 Tutorials Select Untrusted for port 5 and enter userC as Circuit-id and 00134900000A as Remote-id. Select Trusted for port 12 and then leave the other fields empty. Click Apply. Then Click Intermediate Agent on the top of the screen. The Intermediate Agent screen appears.
Page 62: Configuring Switch B
Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server. Click Apply. 6.3.2 Configuring Switch B The example uses another ES3500-24 as switch B. ES3500 Series User’s Guide...
Page 63 Chapter 6 Tutorials Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. Select Trusted for ports 11 and 12 and then click Apply. Then Click Intermediate Agent on the top of the screen. ES3500 Series User’s Guide...
Page 64 Chapter 6 Tutorials The Intermediate Agent screen appears. Click VLAN on the top of the screen. Enter 1 for both Start VID and End VID. Click Apply. Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server.
Page 65: How To Use Error Disable And Recovery On The Switch
Chapter 6 Tutorials The settings are completed now. If you miss some settings above, subscriber C could not successfully receive an IP address assigned by the PPPoE Server. If this happens, make sure you follow the steps exactly in this tutorial. 6.4 How to Use Error Disable and Recovery on the Switch This tutorial shows you how to shut down a port when: •...
Page 66 Chapter 6 Tutorials Click Advanced Application > Errdisable > CPU Protection, select ARP as the reason, enter 100 as the rate limit (packets per second) for the first entry (port *) to apply the setting to all ports. Then click Apply. Click Advanced Application >...
Page 67: How To Set Up A Guest Vlan
Chapter 6 Tutorials 6.5 How to Set Up a Guest VLAN All ports on the Switch are in VLAN 1 by default. Say you enable IEEE 802.1x authentication on ports 1 to 8. Clients that connect to these ports should provide the correct user name and password in order to access the ports.
Page 68 Chapter 6 Tutorials Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. Click Advanced Application > VLAN > Static VLAN. In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 200 for example) in the Name field and enter 200 in the VLAN Group ID field.
Page 69 Chapter 6 Tutorials Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen.
Page 70: Enabling Ieee 802.1X Port Authentication
Chapter 6 Tutorials 10 Click Apply to save your changes back to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently. 6.5.2 Enabling IEEE 802.1x Port Authentication Follow the steps below to enable port authentication to validate access to ports 1~8 to clients based on a RADIUS server.
Page 71: Enabling Guest Vlan
Chapter 6 Tutorials Select the first Active checkbox to enable 802.1x authentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply. 6.5.3 Enabling Guest VLAN Click the Guest Vlan link in the 802.1x screen. ES3500 Series User’s Guide...
Page 72: How To Do Port Isolation In A Vlan
Chapter 6 Tutorials Select Active and enter the guest VLAN ID (200 in this example) on ports 1, 2 and 3. The Switch puts unauthenticated clients in the specified guest VLAN. Set Host-mode to Multi-Secure to have the Switch authenticate each client that connects to one of these ports, and specify the maximum number of clients that the Switch will authenticate on each of these port (5 in this example).
Page 73: Creating A Vlan
Chapter 6 Tutorials do port isolation in a VLAN instead of assigning each port to a separate VLAN and creating a different IP routing domain for each individual port. Internet In this example, you put ports 2 to 4 and 25 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2, 3 and 4.
Page 74 Chapter 6 Tutorials Select Fixed to configure ports 2, 3, 4 and 25 to be permanent members of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. Click Add to save the settings to the run-time memory.
Page 75: Creating A Private Vlan Rule
Chapter 6 Tutorials Enter 123 in the PVID field for ports 2, 3, 4 and 25 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory.
Page 76 Chapter 6 Tutorials In the Private VLAN screen, select Active. Enter a descriptive name (PrivateVLAN123 for example) in the Name field and enter 123 in the VLAN ID field. Click Add. Click the Save link in the upper right corner of the web configurator to save your configuration permanently.
Page 77: Technical Reference
Technical Reference...
Page 79: System Status And Port Statistics
H A PT ER System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
Page 80 Chapter 7 System Status and Port Statistics The following table describes the labels in this screen. Table 11 Status LABEL DESCRIPTION Port This identifies the Ethernet port. Click a port number to display the Port Details screen (refer to Figure 29 on page 81).
Page 81: Status: Port Details
Chapter 7 System Status and Port Statistics 7.2.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 29 Status >...
Page 82 Chapter 7 System Status and Port Statistics Table 12 Status: Port Details (continued) LABEL DESCRIPTION Link For Ethernet ports, this field displays the speed (10M for 10Mbps or 100M for 100Mbps) and duplex (F for full duplex or H for half) settings. For dual-personality interfaces with the RJ-45 port active, this field displays the speed (10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps), duplex (F for full duplex or H for half) and media type (Copper) settings.
Page 83 Chapter 7 System Status and Port Statistics Table 12 Status: Port Details (continued) LABEL DESCRIPTION RX CRC This field shows the number of packets received with CRC (Cyclic Redundant Check) error(s). Length This field shows the number of packets received with a length that was out of range. Runt This field shows the number of packets received that were too short (shorter than 64 octets), including the ones with CRC errors.
Page 84: Basic Setting
H A PT ER Basic Setting This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens. 8.1 Overview The System Info screen displays general Switch information (such as firmware version number) and hardware polling information (such as temperatures).
Page 85 Chapter 8 Basic Setting The following table describes the labels in this screen. Table 13 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the model number of the Switch. ZyNOS F/W This field displays the version number of the Switch 's current firmware including the date Version...
Page 86: General Setup
Chapter 8 Basic Setting 8.3 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. Figure 31 Basic Setting > General Setup The following table describes the labels in this screen.
Page 87: Introduction To Vlans
Chapter 8 Basic Setting Table 14 Basic Setting > General Setup (continued) LABEL DESCRIPTION New Time Enter the new time in hour, minute and second format. The new time then appears in the (hh:min:ss) Current Time field after you click Apply. Current Date This field displays the date you open this menu.
Page 88: Smart Isolation
Chapter 8 Basic Setting VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain.
Page 89: Switch Setup
Chapter 8 Basic Setting You should enable RSTP or MRSTP before you can use smart isolation on the Switch. If the network topology changes, the Switch automatically updates the isolated port list with the latest designated port information. Note: The uplink port connected to the Internet should be the root port. Otherwise, with smart isolation enabled, the isolated ports cannot access the Internet.
Page 90 Chapter 8 Basic Setting Table 15 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out (and must be relearned). GARP Timer: Switches join VLANs by making a declaration.
Page 91: Ip Setup
Chapter 8 Basic Setting 8.6 IP Setup Use the IP Setup screen to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic. 8.6.1 Management IP Addresses The Switch needs an IP address for it to be managed over the network.
Page 92 Chapter 8 Basic Setting The following table describes the labels in this screen. Table 16 Basic Setting > IP Setup LABEL DESCRIPTION Domain Name DNS (Domain Name System) is for mapping a domain name to its corresponding IP Server address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address.
Page 93: Port Setup
Chapter 8 Basic Setting Table 16 Basic Setting > IP Setup (continued) LABEL DESCRIPTION Delete Check the management IP addresses that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the selected check boxes in the Delete column. 8.7 Port Setup Use this screen to configure Switch port settings.
Page 94: Poe
Chapter 8 Basic Setting Table 17 Basic Setting > Port Setup (continued) LABEL DESCRIPTION Speed/Duplex Select the speed and the duplex mode of the Ethernet connection on this port. Choices are Auto, 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, 100M/Full Duplex and 1000M/Full Duplex (Gigabit connections only).
Page 95 Chapter 8 Basic Setting In the figure below, the IP camera and IP phone get their power directly from the Switch. Aside from minimizing the need for cables and wires, PoE removes the hassle of trying to find a nearby electric outlet to power up devices.
Page 96: Poe Setup
Chapter 8 Basic Setting Table 18 Basic Setting > PoE Status LABEL DESCRIPTION Consuming Power (W) This field displays the total amount of power the Switch is currently supplying to the connected PoE-enabled devices. Allocated Power (W) This field displays the total amount of power the Switch has reserved for PoE after negotiating with the connected PoE device(s).
Page 97 Chapter 8 Basic Setting Click the PoE Setup link in the Basic Setting > PoE Status screen. The following screen opens. Figure 37 Basic Setting > PoE Setup The following table describes the labels in this screen. Table 19 Basic Setting > PoE Setup LABEL DESCRIPTION PoE Mode...
Page 98 Chapter 8 Basic Setting Note: If the priority settings for two or more PoE ports are the same, the ports will shut down randomly when the power budget is not enough. We strongly recommend you set the priority for each PoE port to make sure the high priority ports get power. Note: In classification mode, up to five ports can be active.
Page 99: Vlan
H A PT ER VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 9.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
Page 100: Automatic Vlan Registration
Chapter 9 VLAN 9.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 9.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP.
Page 101: Port Vlan Trunking
Chapter 9 VLAN 9.3 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.
Page 102: Vlan Status
Chapter 9 VLAN 9.5.1 VLAN Status Section 9.1 on page 99 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 40 Advanced Application > VLAN: VLAN Status The following table describes the labels in this screen.
Page 103: Vlan Details
Chapter 9 VLAN 9.5.2 VLAN Details Use this screen to view detailed port settings and status of the VLAN group. See Section 9.1 on page 99 for more information on static VLAN. Click on an index number in the VLAN Status screen to display VLAN details.
Page 104: Configure A Static Vlan
Chapter 9 VLAN 9.5.3 Configure a Static VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. See Section 9.1 on page 99 for more information on static VLAN. To configure a static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next.
Page 105: Configure Vlan Port Settings
Chapter 9 VLAN Table 23 Advanced Application > VLAN > Static VLAN (continued) LABEL DESCRIPTION Tagging Select TX Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 106: Subnet Based Vlans
Chapter 9 VLAN Table 24 Advanced Application > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 107: Configuring Subnet Based Vlan
Chapter 9 VLAN services). All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly. That is, video services receive the highest priority and data the lowest. Figure 44 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames...
Page 108 Chapter 9 VLAN Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 45 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes the labels in this screen. Table 25 Advanced Application >...
Page 109: Protocol Based Vlans
Chapter 9 VLAN Table 25 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Setup LABEL DESCRIPTION Index This is the index number identifying this subnet based VLAN. Click on any of these numbers to edit an existing subnet based VLAN. Active This field shows whether the subnet based VLAN is active or not.
Page 110: Configuring Protocol Based Vlan
Chapter 9 VLAN 9.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Figure 47 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN The following table describes the labels in this screen. Table 26 Advanced Application >...
Page 111: Create An Ip-Based Vlan Example
Chapter 9 VLAN Table 26 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Active This field shows whether the protocol based VLAN is active or not. Port This field shows which port belongs to this protocol based VLAN. Name This field shows the name the protocol based VLAN.
Page 112: Port-Based Vlan Setup
Chapter 9 VLAN Click the index number of the protocol based VLAN entry. Click 1. Change the value in the Port field to the next port you want to add. Click Add. 9.11 Port-based VLAN Setup Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.
Page 113 Chapter 9 VLAN The following screen shows users on a port-based, all-connected VLAN configuration. Figure 49 Advanced Application > VLAN > Port Based VLAN Setup (All Connected) ES3500 Series User’s Guide...
Page 114 Chapter 9 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration. Figure 50 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) ES3500 Series User’s Guide...
Page 115 Chapter 9 VLAN The following table describes the labels in this screen. Table 27 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Choose All connected or Port isolation. Wizard All connected means all ports can communicate with each other, that is, there are no virtual LANs.
Page 116: Static Mac Forward Setup
HAPTER Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 10.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. 10.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out.
Page 117 Chapter 10 Static MAC Forward Setup The following table describes the labels in this screen. Table 28 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this.
Page 118: Static Multicast Forward Setup
HAPTER Static Multicast Forward Setup Use these screens to configure static multicast address forwarding. 11.1 Static Multicast Forwarding Overview A multicast MAC address is the MAC address of a member of a multicast group. A static multicast address is a multicast MAC address that has been manually entered in the multicast table. Static multicast addresses do not age out.
Page 119: Configuring Static Multicast Forwarding
Chapter 11 Static Multicast Forward Setup within a VLAN group. Figure 53 shows frames being forwarded to devices connected to port 3. Figure 54 shows frames being forwarded to ports 2 and 3 within VLAN group 4. Figure 52 No Static Multicast Forwarding Figure 53 Static Multicast Forwarding to A Single Port Figure 54 Static Multicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding...
Page 120 Chapter 11 Static Multicast Forward Setup Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown. Figure 55 Advanced Application > Static Multicast Forwarding The following table describes the labels in this screen. Table 29 Advanced Application > Static Multicast Forwarding LABEL DESCRIPTION Active...
Page 121 Chapter 11 Static Multicast Forward Setup Table 29 Advanced Application > Static Multicast Forwarding (continued) LABEL DESCRIPTION Port This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table.
Page 122: Filtering
HAPTER Filtering This chapter discusses MAC address port filtering. 12.1 Configure a Filtering Rule Configure the Switch to filter traffic based on the traffic’s source, destination MAC addresses and/or VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.
Page 123 Chapter 12 Filtering Table 30 Advanced Application > FIltering (continued) LABEL DESCRIPTION Type a MAC address in a valid MAC address format, that is, six hexadecimal character pairs. Type the VLAN group identification number. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 124: Spanning Tree Protocol
HAPTER Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol •...
Page 125: How Stp Works
Chapter 13 Spanning Tree Protocol Table 31 STP Path Costs RECOMMENDED RECOMMENDED ALLOWED LINK SPEED VALUE RANGE RANGE Path Cost 1Gbps 3 to 10 1 to 65535 Path Cost 10Gbps 1 to 5 1 to 65535 On each bridge, the bridge communicates with the root through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost).
Page 126: Multiple Rstp
Chapter 13 Spanning Tree Protocol 13.1.4 Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
Page 127 Chapter 13 Spanning Tree Protocol 13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link.
Page 128 Chapter 13 Spanning Tree Protocol Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings. These include the following parameters: • Name of the MST region • Revision level as the unique number for the MST region •...
Page 129: Spanning Tree Protocol Status Screen
Chapter 13 Spanning Tree Protocol 13.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. Figure 62 Advanced Application >...
Page 130: Configure Rapid Spanning Tree Protocol
Chapter 13 Spanning Tree Protocol Table 33 Advanced Application > Spanning Tree Protocol > Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 131 Chapter 13 Spanning Tree Protocol Table 34 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch.
Page 132: Rapid Spanning Tree Protocol Status
Chapter 13 Spanning Tree Protocol 13.5 Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.1 on page 124 for more information on RSTP. Note: This screen is only available after you activate RSTP on the Switch.
Page 133: Configure Multiple Rapid Spanning Tree Protocol
Chapter 13 Spanning Tree Protocol 13.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1 on page 124 for more information on MRSTP. Figure 66 Advanced Application > Spanning Tree Protocol > MRSTP The following table describes the labels in this screen.
Page 134: Multiple Rapid Spanning Tree Protocol Status
Chapter 13 Spanning Tree Protocol Table 36 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Max Age This is the maximum time (in seconds) a switch can wait without receiving a BPDU before attempting to reconfigure. All switch ports (except for designated ports) should receive BPDUs at regular intervals.
Page 135 Chapter 13 Spanning Tree Protocol Note: This screen is only available after you activate MRSTP on the Switch. Figure 67 Advanced Application > Spanning Tree Protocol > Status: MRSTP The following table describes the labels in this screen. Table 37 Advanced Application > Spanning Tree Protocol > Status: MRSTP LABEL DESCRIPTION Configuration...
Page 136: Configure Multiple Spanning Tree Protocol
Chapter 13 Spanning Tree Protocol 13.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. Section 13.1.5 on page 126 for more information on MSTP. Figure 68 Advanced Application > Spanning Tree Protocol > MSTP ES3500 Series User’s Guide...
Page 137 Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 38 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Port Click Port to display the MSTP Port Configuration screen (see Figure 69 on page 139).
Page 138 Chapter 13 Spanning Tree Protocol Table 38 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION VLAN Range Enter the start of the VLAN ID range that you want to add or remove from the VLAN range edit area in the Start field. Enter the end of the VLAN ID range that you want to add or remove from the VLAN range edit area in the End field.
Page 139: Multiple Spanning Tree Protocol Port Configuration
Chapter 13 Spanning Tree Protocol 13.8.1 Multiple Spanning Tree Protocol Port Configuration To configure MSTP ports, click Port in the Advanced Application > Spanning Tree Protocol > MSTP screen. Figure 69 Advanced Application > Spanning Tree Protocol > MSTP > Port The following table describes the labels in this screen.
Page 140: Multiple Spanning Tree Protocol Status
Chapter 13 Spanning Tree Protocol 13.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.1.5 on page 126 for more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch.
Page 141 Chapter 13 Spanning Tree Protocol Table 40 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Configuration This field displays the configuration name for this MST region.
Page 142: Bandwidth Control
HAPTER Bandwidth Control This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 14.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. 14.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Page 143: Bandwidth Control Setup
Chapter 14 Bandwidth Control 14.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 71 Advanced Application > Bandwidth Control The following table describes the related labels in this screen. Table 41 Advanced Application >...
Page 144 Chapter 14 Bandwidth Control Table 41 Advanced Application > Bandwidth Control (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 145: Broadcast Storm Control
HAPTER Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 15.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Page 146 Chapter 15 Broadcast Storm Control Table 42 Advanced Application > Broadcast Storm Control (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 147: Mirroring
HAPTER Mirroring This chapter discusses port mirroring setup screens. 16.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application >...
Page 148 Chapter 16 Mirroring Table 43 Advanced Application > Mirroring (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 149: Link Aggregation
HAPTER Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higher- bandwidth link. 17.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
Page 150: Link Aggregation Id
Chapter 17 Link Aggregation Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. 17.2.1 Link Aggregation ID LACP aggregation ID consists of the following information Table 44 Link Aggregation ID: Local Switch SYSTEM MAC ADDRESS PORT PRIORITY PORT NUMBER...
Page 151 Chapter 17 Link Aggregation Table 46 Advanced Application > Link Aggregation Status (continued) LABEL DESCRIPTION Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number. Refer to Section 17.2.1 on page 150 for more information on this field.
Page 152: Link Aggregation Setting
Chapter 17 Link Aggregation 17.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 17.1 on page 149 for more information on link aggregation. Figure 75 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen.
Page 153 Chapter 17 Link Aggregation Table 47 Advanced Application > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the src- dst-mac distribution type.
Page 154: Link Aggregation Control Protocol
Chapter 17 Link Aggregation 17.5 Link Aggregation Control Protocol Click in the Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 17.2 on page 149 for more information on dynamic link aggregation.
Page 155: Static Trunking Example
Chapter 17 Link Aggregation Table 48 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP (continued) LABEL DESCRIPTION LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 156 Chapter 17 Link Aggregation Configure static trunking - Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunk group T1, select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below.
Page 157: Port Authentication
HAPTER Port Authentication This chapter describes the IEEE 802.1x and MAC authentication methods. 18.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: •...
Page 158: Mac Authentication
Chapter 18 Port Authentication provides the login credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. Figure 79 IEEE 802.1x Authentication Process New Connection Identity Request Login Credentials Authentication Request Access Challenge...
Page 159: Port Authentication Configuration
Chapter 18 Port Authentication on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 80 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied 18.2 Port Authentication Configuration...
Page 160: Activate Ieee 802.1X Security
Chapter 18 Port Authentication 18.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. Figure 82 Advanced Application > Port Authentication > 802.1x The following table describes the labels in this screen.
Page 161: Guest Vlan
Chapter 18 Port Authentication Table 49 Advanced Application > Port Authentication > 802.1x (continued) LABEL DESCRIPTION Reauth Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port. Reauth-period Specify the length of time required to pass before a client has to re-enter his or her username and password to stay connected to the port.
Page 162 Chapter 18 Port Authentication Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 84 Advanced Application > Port Authentication > 802.1x > Guest VLAN The following table describes the labels in this screen.
Page 163: Activate Mac Authentication
Chapter 18 Port Authentication Table 50 Advanced Application > Port Authentication > 802.1x > Guest VLAN (continued) LABEL DESCRIPTION Host-mode Specify how the Switch authenticates users when more than one user connect to the port (using a hub). Select Multi-Host to authenticate only the first user that connects to this port. If the first user enters the correct credential, any other users are allowed to access the port without authentication.
Page 164 Chapter 18 Port Authentication The following table describes the labels in this screen. Table 51 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch before configuring it on each port.
Page 165: Port Security
HAPTER Port Security This chapter shows you how to set up port security. 19.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
Page 166 Chapter 19 Port Security The following table describes the labels in this screen. Table 52 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which you want to enable port security and disable MAC address learning.
Page 167: Classifier
HAPTER Classifier This chapter introduces and shows you how to configure the packet classifier on the Switch. 20.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Page 168 Chapter 20 Classifier Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. Figure 87 Advanced Application > Classifier The following table describes the labels in this screen. Table 53 Advanced Application > Classifier LABEL DESCRIPTION Active...
Page 169: Viewing And Editing Classifier Configuration
Chapter 20 Classifier Table 53 Advanced Application > Classifier (continued) LABEL DESCRIPTION Port Type the port number to which the rule should be applied. You may choose one port only or all ports (Any). Destination Select Any to apply the rule to all MAC addresses. Address To specify a destination, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs).
Page 170 Chapter 20 Classifier Note: When two rules conflict with each other, a higher layer rule has priority over a lower layer rule. Figure 88 Advanced Application > Classifier: Summary Table The following table describes the labels in this screen. Table 54 Classifier: Summary Table LABEL DESCRIPTION Index...
Page 171: Classifier Example
Chapter 20 Classifier 20.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. Figure 89 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow.
Page 172: Policy Rule
HAPTER Policy Rule This chapter shows you how to configure policy rules. 21.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 20 on page 167 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
Page 173 Chapter 21 Policy Rule Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 90 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 57 Advanced Application > Policy Rule LABEL DESCRIPTION Active...
Page 174 Chapter 21 Policy Rule Table 57 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION General Egress Port Type the number of an outgoing port. Priority Specify a priority level. DSCP Specify a DSCP (DiffServ Code Point) number between 0 and 63. Specify the type of service (TOS) priority level.
Page 175: Viewing And Editing Policy Configuration
Chapter 21 Policy Rule 21.3 Viewing and Editing Policy Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Policy screen. To change the settings of a rule, click a number in the Index field. Figure 91 Advanced Application >...
Page 176: Policy Example
Chapter 21 Policy Rule 21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 171). Figure 92 Policy Example EXAMPLE ES3500 Series User’s Guide...
Page 177: Queuing Method
HAPTER Queuing Method This chapter introduces the queuing methods supported. 22.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
Page 178: Weighted Round Robin Scheduling (Wrr)
Chapter 22 Queuing Method 22.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port.
Page 179 Chapter 22 Queuing Method The following table describes the labels in this screen. Table 59 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 180: Vlan Stacking
HAPTER VLAN Stacking This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 23.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 181: Vlan Stacking Port Roles
Chapter 23 VLAN Stacking adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. Figure 94 VLAN Stacking Example 23.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel Port (the latter is for Gigabit ports only).
Page 182: Vlan Tag Format
Chapter 23 VLAN Stacking 23.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 60 VLAN Tag Format Type Priority Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information.
Page 183: Configuring Vlan Stacking
Chapter 23 VLAN Stacking 23.4 Configuring VLAN Stacking Click Advanced Applications > VLAN Stacking to display the screen as shown. Figure 95 Advanced Application > VLAN Stacking The following table describes the labels in this screen. Table 63 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active...
Page 184: Port-Based Q-In-Q
Chapter 23 VLAN Stacking Table 63 Advanced Application > VLAN Stacking (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 185: Selective Q-In-Q
Chapter 23 VLAN Stacking 23.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Switch to add different outer VLAN tags to the incoming frames received on one port according to their inner VLAN tags. Note: Selective Q-in-Q rules are only applied to single-tagged frames received on the access ports.
Page 186 Chapter 23 VLAN Stacking Table 65 Advanced Application > VLAN Stacking > Selective QinQ (continued) LABEL DESCRIPTION Active This shows whether this rule is activated or not. Name This is the descriptive name for this rule. Port This is the port number to which this rule is applied. CVID This is the customer VLAN ID in the incoming packets.
Page 187: Multicast
HAPTER Multicast This chapter shows you how to configure various multicast features. 24.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
Page 188: Igmp Snooping And Vlans
Chapter 24 Multicast 24.1.4 IGMP Snooping and VLANs The Switch can perform IGMP snooping on up to 16 VLANs. You can configure the Switch to automatically learn multicast group membership of any VLANs. The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets. This is referred to as auto mode. Alternatively, you can specify the VLANs that IGMP snooping should be performed on.
Page 189: Multicast Setting
Chapter 24 Multicast 24.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 24.1 on page 187 for more information on multicasting. Figure 99 Advanced Application > Multicast > Multicast Setting The following table describes the labels in this screen.
Page 190 Chapter 24 Multicast Table 67 Advanced Application > Multicast > Multicast Setting (continued) LABEL DESCRIPTION Unknown Specify the action to perform when the Switch receives an unknown multicast frame. Multicast Frame Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports. Reserved The IP address range of 224.0.0.0 to 224.0.0.255 are reserved for multicasting on the Multicast Group...
Page 191 Chapter 24 Multicast Table 67 Advanced Application > Multicast > Multicast Setting (continued) LABEL DESCRIPTION Throttling IGMP throttling controls how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached. Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table entry is aged out.
Page 192: Igmp Snooping Vlan
Chapter 24 Multicast 24.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.1.4 on page 188 for more information on IGMP Snooping VLAN.
Page 193: Igmp Filtering Profile
Chapter 24 Multicast Table 68 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN (continued) LABEL DESCRIPTION Click Add to insert the entry in the summary table below and save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.
Page 194: Mvr Overview
Chapter 24 Multicast The following table describes the labels in this screen. Table 69 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range.
Page 195: Types Of Mvr Ports
Chapter 24 Multicast The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. Figure 102 MVR Network Example VLAN 1 Multicast VLAN...
Page 196: General Mvr Configuration
Chapter 24 Multicast port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. Figure 103 MVR Multicast Television Example VLAN 1 Multicast VLAN 24.7 General MVR Configuration...
Page 197 Chapter 24 Multicast Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 104 Advanced Application > Multicast > Multicast Setting > MVR The following table describes the related labels in this screen. Table 70 Advanced Application >...
Page 198: Mvr Group Configuration
Chapter 24 Multicast Table 70 Advanced Application > Multicast > Multicast Setting > MVR (continued) LABEL DESCRIPTION Source Port Select this option to set this port as the MVR source port that sends and receives multicast traffic. All source ports must belong to a single multicast VLAN. Receiver Port Select this option to set this port as a receiver port that only receives multicast traffic.
Page 199: Mvr Configuration Example
Chapter 24 Multicast Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. Figure 105 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration The following table describes the labels in this screen. Table 71 Advanced Application >...
Page 200 Chapter 24 Multicast News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN 1 are able to receive the traffic. Figure 106 MVR Configuration Example News: 224.1.4.10 ~ 224.1.4.50 Movie: 230.1.2.50 ~230.1.2.60 VLAN 1 Multicast VID 200 To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set...
Page 201 Chapter 24 Multicast To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 108 MVR Group Configuration Example EXAMPLE Figure 109 MVR Group Configuration Example...
Page 202: Aaa
HAPTER This chapter describes how to configure authentication, authorization and accounting settings on the Switch. 25.1 Authentication, Authorization and Accounting (AAA) Authentication is the process of determining who a user is and validating access to the Switch. The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.
Page 203: Radius And Tacacs
Chapter 25 AAA 25.1.2 RADIUS and TACACS+ RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device.
Page 204 Chapter 25 AAA authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 112 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen. Table 73 Advanced Application >...
Page 205 Chapter 25 AAA Table 73 Advanced Application > AAA > RADIUS Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch.
Page 206: Tacacs+ Server Setup
Chapter 25 AAA 25.2.2 TACACS+ Server Setup Use this screen to configure your TACACS+ server settings. See Section 25.1.2 on page 203 more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. Figure 113 Advanced Application >...
Page 207 Chapter 25 AAA Table 74 Advanced Application > AAA > TACACS+ Server Setup (continued) LABEL DESCRIPTION TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch.
Page 208: Aaa Setup
Chapter 25 AAA 25.2.3 AAA Setup Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 114 Advanced Application > AAA > AAA Setup The following table describes the labels in this screen.
Page 209 Chapter 25 AAA Table 75 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers.
Page 210: Vendor Specific Attribute
Chapter 25 AAA Table 75 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Mode The Switch supports two modes of recording login events. Select: • start-stop - to have the Switch send information to the accounting server when a user begins a session, during a user’s session (if it lasts past the Update Period), and when a user ends a session.
Page 211: Tunnel Protocol Attribute
Chapter 25 AAA The following table describes the VSAs supported on the Switch. Note that these attributes only work when you enable authorization (see Section 25.2.3 on page 208). Table 76 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 Assignment Vendor-Type = 1 Vendor-data =...
Page 212: Attributes Used For Authentication
Chapter 25 AAA Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified.
Page 213 Chapter 25 AAA 25.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time 25.3.2.2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent (the difference between Console and Telnet/SSH Exec events is that the Telnet/SSH events utilize the Calling- Station-Id attribute):...
Page 214 Chapter 25 AAA 25.3.2.3 Attributes Used for Accounting IEEE 802.1x Events The attributes are listed in the following table along with the time of the session they are sent: Table 80 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name...
Page 215: Ip Source Guard
HAPTER IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 26.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: •...
Page 216 Chapter 26 IP Source Guard Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns dynamic bindings from trusted ports. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
Page 217: Arp Inspection Overview
Chapter 26 IP Source Guard 26.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: •...
Page 218 Chapter 26 IP Source Guard • It pretends to be computer A and responds to computer B. • It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X.
Page 219: Ip Source Guard
Chapter 26 IP Source Guard 26.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
Page 220 Chapter 26 IP Source Guard ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. Figure 118 IP Source Guard Static Binding The following table describes the labels in this screen.
Page 221: Dhcp Snooping
Chapter 26 IP Source Guard 26.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 119 DHCP Snooping The following table describes the labels in this screen. Table 83 DHCP Snooping LABEL DESCRIPTION...
Page 222 Chapter 26 IP Source Guard Table 83 DHCP Snooping (continued) LABEL DESCRIPTION Write delay timer This field displays how long (in seconds) the Switch tries to complete a specific update in the DHCP snooping database before it gives up. Abort timer This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change.
Page 223: Dhcp Snooping Configure
Chapter 26 IP Source Guard Table 83 DHCP Snooping (continued) LABEL DESCRIPTION Last ignored bindings This section displays the number of times and the reasons the Switch ignored counters bindings the last time it read bindings from the DHCP binding database. You can clear these counters by restarting the Switch or using CLI commands.
Page 224 Chapter 26 IP Source Guard still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 120 DHCP Snooping Configure The following table describes the labels in this screen. Table 84 DHCP Snooping Configure LABEL DESCRIPTION...
Page 225: Dhcp Snooping Port Configure
Chapter 26 IP Source Guard Table 84 DHCP Snooping Configure (continued) LABEL DESCRIPTION Renew DHCP Enter the location of a DHCP snooping database, and click Renew if you want the Snooping URL Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL.
Page 226: Dhcp Snooping Vlan Configure
Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 85 DHCP Snooping Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports.
Page 227: Arp Inspection Status
Chapter 26 IP Source Guard Table 86 DHCP Snooping VLAN Configure (continued) LABEL DESCRIPTION End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below. This field displays the VLAN ID of each VLAN in the range specified above.
Page 228: Arp Inspection Vlan Status
Chapter 26 IP Source Guard Table 87 ARP Inspection Status (continued) LABEL DESCRIPTION Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). Reason This field displays the reason the ARP packet was discarded. MAC+VLAN: The MAC address and VLAN ID were not in the binding table.
Page 229: Arp Inspection Log Status
Chapter 26 IP Source Guard Table 88 ARP Inspection VLAN Status LABEL DESCRIPTION Reply This field displays the total number of ARP Reply packets received from the VLAN since the Switch last restarted. Forwarded This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted.
Page 230: Arp Inspection Configure
Chapter 26 IP Source Guard Table 89 ARP Inspection Log Status (continued) LABEL DESCRIPTION Reason This field displays the reason the log message was generated. dhcp deny: An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID. static deny: An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID.
Page 231: Arp Inspection Port Configure
Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 90 ARP Inspection Configure LABEL DESCRIPTION Active Select this to enable ARP inspection on the Switch. You still have to enable ARP inspection on specific VLAN and specify trusted ports. Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters.
Page 232 Chapter 26 IP Source Guard open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 127 ARP Inspection Port Configure The following table describes the labels in this screen. Table 91 ARP Inspection Port Configure LABEL DESCRIPTION Port...
Page 233: Arp Inspection Vlan Configure
Chapter 26 IP Source Guard 26.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application >...
Page 234: Loop Guard
HAPTER Loop Guard This chapter shows you how to configure the Switch to guard against loops on the edge of your network. 27.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
Page 235 Chapter 27 Loop Guard The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B.
Page 236: Loop Guard Setup
Chapter 27 Loop Guard Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 8.7 on page 93) or via commands (see the Ethernet Switch CLI Reference Guide). 27.2 Loop Guard Setup Click Advanced Application >...
Page 237 Chapter 27 Loop Guard Table 93 Advanced Application > Loop Guard (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 238: Vlan Mapping
HAPTER VLAN Mapping This chapter shows you how to configure VLAN mapping on the Switch. 28.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network. The Switch checks incoming traffic from the switch ports (non-management ports) against the VLAN mapping table first, the MAC learning table and then the VLAN table before forwarding them through the Gigabit uplink port.
Page 239: Enabling Vlan Mapping
Chapter 28 VLAN Mapping 28.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown. Figure 135 VLAN Mapping The following table describes the labels in this screen. Table 94 VLAN Mapping LABEL DESCRIPTION Active...
Page 240: Configuring Vlan Mapping
Chapter 28 VLAN Mapping 28.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to display the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). Figure 136 VLAN Mapping Configuration The following table describes the labels in this screen.
Page 241 Chapter 28 VLAN Mapping ES3500 Series User’s Guide...
Page 242: Layer 2 Protocol Tunneling
HAPTER Layer 2 Protocol Tunneling This chapter shows you how to configure layer-2 protocol tunneling on the Switch. 29.1 Layer 2 Protocol Tunneling Overview Layer-2 protocol tunneling (L2PT) is used on the service provider's edge devices. L2PT allows edge switches (1 and 2 in the following figure) to tunnel layer-2 STP (Spanning Tree Protocol), CDP (Cisco Discovery Protocol) and VTP (VLAN Trunking Protocol) packets between customer switches (A, B and C in the following figure) connected through the service provider’s network.
Page 243: Layer-2 Protocol Tunneling Mode
Chapter 29 Layer 2 Protocol Tunneling To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection). Figure 138 L2PT Network Example Service Provider's Network...
Page 244: Configuring Layer 2 Protocol Tunneling
Chapter 29 Layer 2 Protocol Tunneling 29.2 Configuring Layer 2 Protocol Tunneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. Figure 139 Advanced Application > Layer 2 Protocol Tunneling The following table describes the labels in this screen. Table 96 Advanced Application >...
Page 245 Chapter 29 Layer 2 Protocol Tunneling Table 96 Advanced Application > Layer 2 Protocol Tunneling (continued) LABEL DESCRIPTION Select this option to have the Switch tunnel STP (Spanning Tree Protocol) packets so that STP can run properly across the service provider’s network and spanning trees can be set up based on bridge information from all (local and remote) networks.
Page 246: Sflow
HAPTER sFlow This chapter shows you how to configure sFlow to have the Switch monitor traffic in a network and send information to an sFlow collector for analysis. 30.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded on a switch or router gets sample data and packet statistics from traffic forwarded through its ports.
Page 247: Sflow Port Configuration
Chapter 30 sFlow 30.2 sFlow Port Configuration Click Advanced Application > sFlow in the navigation panel to display the screen as shown. Figure 141 Advanced Application > sFlow The following table describes the labels in this screen. Table 97 Advanced Application > sFlow LABEL DESCRIPTION Active...
Page 248: Sflow Collector Configuration
Chapter 30 sFlow Table 97 Advanced Application > sFlow (continued) LABEL DESCRIPTION Collector Enter the IP address of the sFlow collector. Address Note: You must have the sFlow collector already configured in the sFlow > Collector screen. The sFlow collector does not need to be in the same subnet as the Switch, but it must be accessible from the Switch.
Page 249 Chapter 30 sFlow Table 98 Advanced Application > sFlow > Collector (continued) LABEL DESCRIPTION Clear Click Clear to clear the fields to the factory defaults. Index This field displays the index number of this entry. Collector This field displays IP address of the sFlow collector. Address UDP Port This field displays port number the Switch uses to send sFlow datagram to the collector.
Page 250: Pppoe
HAPTER PPPoE This chapter describes how the Switch gives a PPPoE termination server additional information that the server can use to identify and authenticate a PPPoE client. 31.1 PPPoE Intermediate Agent Overview A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients. It helps the PPPoE server identify and authenticate clients by adding subscriber line specific information to PPPoE discovery packets from clients on a per-port or per-port-per-VLAN basis before forwarding them to the PPPoE server.
Page 251: Port State
Chapter 31 PPPoE Table 101 PPPoE IA Remote ID Sub-option Format SubOpt Length Value 0x02 MAC Address or String (1 byte) (1 byte) (63 bytes) The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent Remote ID sub-option.
Page 252: The Pppoe Screen
Chapter 31 PPPoE Trusted ports are connected to PPPoE servers. • If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session-confirmation), or PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE server and received on a trusted port, the Switch forwards it to all other ports. •...
Page 253 Chapter 31 PPPoE Click Advanced Application > PPPoE > Intermediate Agent in the navigation panel to display the screen as shown. Figure 144 Advanced Application > PPPoE > Intermediate Agent The following table describes the labels in this screen. Table 104 Advanced Application > PPPoE > Intermediate Agent LABEL DESCRIPTION Active...
Page 254: Pppoe Ia Per-Port
Chapter 31 PPPoE Table 104 Advanced Application > PPPoE > Intermediate Agent (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 255: Pppoe Ia Per-Port Per-Vlan
Chapter 31 PPPoE Table 105 Advanced Application > PPPoE > Intermediate Agent > Port (continued) LABEL DESCRIPTION Server Trusted Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). State Trusted ports are uplink ports connected to PPPoE servers. •...
Page 256 Chapter 31 PPPoE Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. Figure 146 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN The following table describes the labels in this screen. Table 106 Advanced Application >...
Page 257: Pppoe Ia For Vlan
Chapter 31 PPPoE 31.3.3 PPPoE IA for VLAN Use this screen to set whether the PPPoE Intermediate Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown.
Page 258: Error Disable
HAPTER Error Disable This chapter shows you how to configure the rate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error.
Page 259: The Error Disable Screen
Chapter 32 Error Disable 32.3 The Error Disable Screen Use this screen to configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Advanced Application > Errdisable Figure 148 32.4 CPU Protection Configuration Use this screen to limit the maximum number of control packets (ARP, BPDU and/or IGMP) that the Switch can receive or transmit on a port.
Page 260: Error-Disable Detect Configuration
Chapter 32 Error Disable The following table describes the labels in this screen. Table 108 Advanced Application > Errdisable > CPU protection LABEL DESCRIPTION Reason Select the type of control packet you want to configure here. Port This field displays the port number. Use this row to make the setting the same for all ports.
Page 261: Error-Disable Recovery Configuration
Chapter 32 Error Disable Table 109 Advanced Application > Errdisable > Errdisable Detect (continued) LABEL DESCRIPTION Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port, set in the Advanced Application > Errdisable > CPU protection screen. •...
Page 262 Chapter 32 Error Disable Table 110 Advanced Application > Errdisable > Errdisable Recovery (continued) LABEL DESCRIPTION Interval Enter the number of seconds (from 30 to 2592000) for the time interval. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 263: Private Vlan
HAPTER Private VLAN This chapter shows you how to configure the Switch to prevent communications between ports in a VLAN. 33.1 Private VLAN Overview Private VLAN allows you to do port isolation within a VLAN in a simple way. If you enable a private VLAN rule for a VLAN on the Switch, the Switch automatically adds all ports (except the uplink port(s)) in this VLAN to the isolated port list and blocks traffic between the isolated ports.
Page 264: Configuring Private Vlan
Chapter 33 Private VLAN 33.2 Configuring Private VLAN Click Advanced Application > Private VLAN in the navigation panel to display the screen as shown. Figure 153 Advanced Application > Private VLAN The following table describes the labels in this screen. Table 111 Advanced Application >...
Page 265: Green Ethernet
Shorter cables lose less power, so Short Reach saves power by adjusting the transmit power of each port according to the length of cable attached to that port. Note: The ES3500-8PD supports Green Ethernet completely. Note: The ES3500-24 only supports EEE. ES3500 Series User’s Guide...
Page 266: Configuring Green Ethernet
Chapter 34 Green Ethernet 34.2 Configuring Green Ethernet Click Advanced Application > Green Ethernet in the navigation panel to display the screen as shown. Figure 154 Advanced Application > Green Ethernet The following table describes the labels in this screen. Table 112 Advanced Application >...
Page 267: Static Route
HAPTER Static Route This chapter shows you how to configure static routes. 35.1 Static Routing Overview The Switch uses IP for communication with management computers, for example using HTTP, Telnet, SSH, or SNMP. Use IP static routes to have the Switch respond to remote management stations that are not reachable through the default gateway.
Page 268: Configuring Static Routing
Chapter 35 Static Route 35.2 Configuring Static Routing Click IP Application > Static Routing in the navigation panel to display the screen as shown. Figure 156 IP Application > Static Routing The following table describes the related labels you use to create a static route. Table 113 IP Application >...
Page 269 Chapter 35 Static Route Table 113 IP Application > Static Routing (continued) LABEL DESCRIPTION Subnet Mask This field displays the subnet mask for this destination. Gateway This field displays the IP address of the gateway. The gateway is an immediate neighbor of Address your Switch that will forward the packet to the destination.
Page 270: Differentiated Services
HAPTER Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 36.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Page 271: Two Rate Three Color Marker Traffic Policing
Chapter 36 Differentiated Services various traffic policies to the traffic flows. An example traffic policy, is to give higher drop precedence to one traffic flow over others. In our example, packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network.
Page 272: Trtcm-Color-Blind Mode
Chapter 36 Differentiated Services 36.2.1 TRTCM-Color-blind Mode All packets are evaluated against the PIR. If a packet exceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green.
Page 273: Configuring 2-Rate 3 Color Marker Settings
Chapter 36 Differentiated Services Click IP Application > DiffServ in the navigation panel to display the screen as shown. Figure 161 IP Application > DiffServ The following table describes the labels in this screen. Table 114 IP Application > DiffServ LABEL DESCRIPTION Active...
Page 274 Chapter 36 Differentiated Services Note: You cannot enable both TRTCM and Bandwidth Control at the same time. Figure 162 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen. Table 115 IP Application > DiffServ > 2-rate 3 Color Marker LABEL DESCRIPTION Active...
Page 275: Configuring Dscp Profiles
Chapter 36 Differentiated Services Table 115 IP Application > DiffServ > 2-rate 3 Color Marker (continued) LABEL DESCRIPTION Commit Specify the Commit Information Rate (CIR) for this port. Rate Peak Specify the Peak Information Rate (PIR) for this port. Rate DSCP Select the DSCP profile that you want to apply to packets on this port.
Page 276: Dscp-To-Ieee 802.1P Priority Settings
Chapter 36 Differentiated Services Table 116 IP Application > DiffServ > 2-rate 3 Color Marker > DSCP Profile (continued) LABEL DESCRIPTION Green This field displays the DSCP value to use for packets with low packet loss priority in this profile. Yellow This field displays the DSCP value to use for packets with medium packet loss priority in this profile.
Page 277 Chapter 36 Differentiated Services The following table describes the labels in this screen. Table 118 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 278: Dhcp
HAPTER DHCP This chapter shows you how to configure the DHCP feature. 37.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the Switch as a DHCP server or a DHCP relay agent.
Page 279: Dhcp Relay
Chapter 37 DHCP The following table describes the labels in this screen. Table 119 IP Application > DHCP LABEL DESCRIPTION Relay Mode This field displays: • None: if the Switch is not configured as a DHCP relay agent. • Global: if the Switch is configured as a DHCP relay agent only. •...
Page 280: Configuring Dhcp Global Relay
Chapter 37 DHCP 37.3.2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 166 IP Application > DHCP > Global The following table describes the labels in this screen.
Page 281: Global Dhcp Relay Configuration Example
Chapter 37 DHCP 37.3.3 Global DHCP Relay Configuration Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains.
Page 282: Configuring Dhcp Vlan Settings
Chapter 37 DHCP 37.4 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.
Page 283: Example: Dhcp Relay For Two Vlans
Chapter 37 DHCP Table 122 IP Application > DHCP > VLAN (continued) LABEL DESCRIPTION Delete Select the configuration entries you want to remove and click Delete to remove them. Cancel Click Cancel to clear the Delete check boxes. 37.4.1 Example: DHCP Relay for Two VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network.
Page 284 Chapter 37 DHCP ES3500 Series User’s Guide...
Page 285: Maintenance
HAPTER Maintenance This chapter explains how to configure the screens that let you maintain the firmware and configuration files. 38.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Figure 172 Management >...
Page 286: Load Factory Default
Chapter 38 Maintenance 38.2 Load Factory Default Follow the steps below to reset the Switch back to the factory defaults. In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch configuration information you configured and return to the factory defaults. Click OK to reset all Switch configurations to the factory defaults.
Page 287: Firmware Upgrade
Chapter 38 Maintenance In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one. The following screen displays. Figure 174 Reboot System: Confirmation Click OK again and then wait for the Switch to restart. This takes up to two minutes. This does not affect the Switch’s configuration.
Page 288: Restore A Configuration File
Chapter 38 Maintenance 38.6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 176 Management > Maintenance > Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to locate it.
Page 289: Ftp Command Line
Chapter 38 Maintenance 38.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. 38.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on.
Page 290: Ftp Command Line Procedure
Chapter 38 Maintenance Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. 38.8.2 FTP Command Line Procedure Launch the FTP client on your computer. Enter open, followed by a space and the IP address of your Switch. Press [ENTER] when prompted for a username.
Page 291 Chapter 38 Maintenance • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. ES3500 Series User’s Guide...
Page 292: Access Control
HAPTER Access Control This chapter describes how to control access to the Switch. 39.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed.
Page 293: Snmp V3 And Security
Chapter 39 Access Control SNMP version 3. The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 179 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (the Switch).
Page 294: Supported Mibs
An OID (Object ID) that begins with “1.3.6.1.4.1.890.1.5.8” is defined in private MIBs. Otherwise, it is a standard MIB OID. The OIDs beginning with “1.3.6.1.4.1.890.1.5.8.61” are specific to the ES3500-24 switch. The OIDs beginning with “1.3.6.1.4.1.890.1.5.8.72” are specific to the ES3500-8PD switch.
Page 295 PsePwrFailedEventClear ES3500-24HP: This trap is sent when the power 1.3.6.1.4.1.890.1.5.8.73.27.2.2 supply of PoE returns to the normal state. temperature TemperatureEventOn ES3500-24: This trap is sent when the temperature 1.3.6.1.4.1.890.1.5.8.61.27.2.1 goes above or below the normal operating range. ES3500-8PD: 1.3.6.1.4.1.890.1.5.8.72.27.2.1 ES3500-24HP: 1.3.6.1.4.1.890.1.5.8.73.27.2.1...
Page 296 Chapter 39 Access Control Table 127 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION reset UncontrolledResetEventOn ES3500-24: This trap is sent when the Switch 1.3.6.1.4.1.890.1.5.8.61.27.2.1 automatically resets. ES3500-8PD: 1.3.6.1.4.1.890.1.5.8.72.27.2.1 ES3500-24HP: 1.3.6.1.4.1.890.1.5.8.73.27.2.1 ControlledResetEventOn ES3500-24: This trap is sent when the Switch 1.3.6.1.4.1.890.1.5.8.61.27.2.1...
Page 297 Table 127 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION errdisable errdisableDetectTrap ES3500-24: This trap is sent when an error is 1.3.6.1.4.1.890.1.5.8.61.130.4.1 detected on a port, such as a loop occurs or the rate limit for specific ES3500-8PD: control packets is exceeded.
Page 298 Chapter 39 Access Control Table 128 SNMP Interface Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION transceiver- transceiverddmiEventOn ES3500-24: This trap is sent when one of the ddmi 1.3.6.1.4.1.890.1.5.8.61.27.2.1 device operating parameters (such as transceiver temperature, laser ES3500-8PD: bias current, transmitted optical 1.3.6.1.4.1.890.1.5.8.72.27.2.1...
Page 299 Chapter 39 Access Control Table 129 AAA Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION accounting RADIUSNotReachableEventO ES3500-24: This trap is sent when there is no 1.3.6.1.4.1.890.1.5.8.61.27.2.1 response message from the RADIUS accounting server. ES3500-8PD: 1.3.6.1.4.1.890.1.5.8.72.27.2.1 ES3500-24HP: 1.3.6.1.4.1.890.1.5.8.73.27.2.1 RADIUSNotReachableEventCl ES3500-24: This trap is sent when the RADIUS 1.3.6.1.4.1.890.1.5.8.61.27.2.2...
Page 300 Table 131 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION STPNewRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP root switch changes. MRSTPNewRoot ES3500-24: This trap is sent when the MRSTP root 1.3.6.1.4.1.890.1.5.8.61.36.2.1 switch changes. ES3500-8PD: 1.3.6.1.4.1.890.1.5.8.72.36.2.1 ES3500-24HP: 1.3.6.1.4.1.890.1.5.8.73.36.2.1 MSTPNewRoot ES3500-24: This trap is sent when the MSTP root 1.3.6.1.4.1.890.1.5.8.61.107.70.1...
Page 301: Configuring Snmp
Chapter 39 Access Control Table 131 SNMP Switch Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION rmon RmonRisingAlarm 1.3.6.1.2.1.16.0.1 This trap is sent when a variable goes over the RMON "rising" threshold. RmonFallingAlarm 1.3.6.1.2.1.16.0.2 This trap is sent when the variable falls below the RMON "falling"...
Page 302: Configuring Snmp Trap Group
Chapter 39 Access Control Table 132 Management > Access Control > SNMP (continued) LABEL DESCRIPTION Set Community Enter the Set Community, which is the password for incoming Set- requests from the management station. The Set Community string is only used by SNMP managers using SNMP version 2c or lower.
Page 303: Configuring Snmp User
Chapter 39 Access Control The following table describes the labels in this screen. Table 133 Management > Access Control > SNMP > Trap Group LABEL DESCRIPTION Trap Destination IP Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers.
Page 304 Chapter 39 Access Control The following table describes the labels in this screen. Table 134 Management > Access Control > SNMP > User LABEL DESCRIPTION User Note: Use the username and password of the login accounts you specify in this screen to Information create accounts on the SNMP v3 manager.
Page 305: Setting Up Login Accounts
Chapter 39 Access Control Table 134 Management > Access Control > SNMP > User (continued) LABEL DESCRIPTION Group This field displays the SNMP group to which this user belongs. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to begin configuring this screen afresh.
Page 306: Ssh Overview
Chapter 39 Access Control The following table describes the labels in this screen. Table 135 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name.
Page 307: How Ssh Works
Chapter 39 Access Control 39.6 How SSH works The following table summarizes how a secure connection is established between two remote hosts. Figure 185 How SSH Works Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key.
Page 308: Ssh Implementation On The Switch
Chapter 39 Access Control 39.7 SSH Implementation on the Switch Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on port 22.
Page 309: Https Example
Chapter 39 Access Control Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 39.9 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https:// Switch IP Address/”...
Page 310 Chapter 39 Access Control 39.9.1.2 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server, a screen with the message "There is a problem with this website's security certificate." may display. If that is the case, click Continue to this website (not recommended) to proceed to the web configurator login screen.
Page 311 Chapter 39 Access Control Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser. Figure 190 Certificate (Internet Explorer 7 or 8) ES3500 Series User’s Guide...
Page 312: Mozilla Firefox Warning Messages
Chapter 39 Access Control 39.9.2 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Untrusted screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button.
Page 313: The Main Screen
Chapter 39 Access Control Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. Figure 192 Security Alert (Mozilla Firefox) EXAMPLE 39.9.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears.
Page 314: Service Port Access Control
Chapter 39 Access Control Mozilla Firefox) or next to the address bar (in Internet Explorer 7 or 8) denotes a secure connection. Figure 193 Example: Lock Denoting a Secure Connection EXAMPLE 39.10 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)”...
Page 315: Remote Management
Chapter 39 Access Control the Remote Management screen (discussed later). Click Management > Access Control > Service Access Control to view the screen as shown. Figure 194 Management > Access Control > Service Access Control The following table describes the fields in this screen. Table 136 Management >...
Page 316 Chapter 39 Access Control You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen. Figure 195 Management > Access Control > Remote Management The following table describes the labels in this screen.
Page 317: Diagnostic
HAPTER Diagnostic This chapter explains the Diagnostic screen. 40.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 196 Management > Diagnostic The following table describes the labels in this screen.
Page 318: Syslog
HAPTER Syslog This chapter explains the syslog screens. 41.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.
Page 319: Syslog Setup
Chapter 41 Syslog 41.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. Figure 197 Management > Syslog The following table describes the labels in this screen.
Page 320: Syslog Server Setup
Chapter 41 Syslog 41.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to view the screen as shown next. Use this screen to configure a list of external syslog servers. Figure 198 Management > Syslog > Syslog Server Setup The following table describes the labels in this screen.
Page 321: Cluster Management
HAPTER Cluster Management This chapter introduces cluster management. 42.1 Cluster Management Status Overview Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Page 322: Cluster Management Status
Chapter 42 Cluster Management 42.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 200 Management > Cluster Management: Status The following table describes the labels in this screen. Table 143 Management >...
Page 323: Cluster Member Switch Management
Chapter 42 Cluster Management 42.2.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page.
Page 324 Chapter 42 Cluster Management The following table explains some of the FTP parameters. Table 144 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION Enter “admin”. User The web configurator password default is 1234. Password Enter this command to list the name of cluster member switch’s firmware and configuration file.
Page 325: Clustering Management Configuration
Chapter 42 Cluster Management 42.3 Clustering Management Configuration Use this screen to configure clustering management. Click Management > Cluster Management > Configuration to display the next screen. Figure 203 Management > Cluster Management > Configuration The following table describes the labels in this screen. Table 145 Management >...
Page 326 Chapter 42 Cluster Management Table 145 Management > Cluster Management > Configuration (continued) LABEL DESCRIPTION This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster.
Page 327: Mac Table
HAPTER MAC Table This chapter introduces the MAC Table screen. 43.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).
Page 328: Viewing The Mac Table
Chapter 43 MAC Table 43.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 205 Management > MAC Table The following table describes the labels in this screen. Table 146 Management > MAC Table LABEL DESCRIPTION Condition...
Page 329 Chapter 43 MAC Table Table 146 Management > MAC Table (continued) LABEL DESCRIPTION Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries. They also display in the Static MAC Forwarding screen.
Page 330: Arp Table
HAPTER ARP Table This chapter introduces ARP Table. 44.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 331: The Arp Table Screen
Chapter 44 ARP Table 44.2 The ARP Table Screen Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries. Figure 206 Management > ARP Table The following table describes the labels in this screen.
Page 332: Configure Clone
Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Note: Only the ES3500-24HP supports Power over Ethernet. Note: The ES3500-8PD supports Green Ethernet completely. The ES3500-24 only supports EEE. ES3500 Series User’s Guide...
Page 333 Chapter 45 Configure Clone Figure 207 Management > Configure Clone ES3500 Series User’s Guide...
Page 334 Chapter 45 Configure Clone The following table describes the labels in this screen. Table 148 Management > Configure Clone LABEL DESCRIPTION Source/ Enter the source port under the Source label. This port’s attributes are copied. Destination Enter the destination port or ports under the Destination label. These are the ports which Port are going to have the same attributes as the source port.
Page 335: Troubleshooting
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Switch Access and Login • Switch Configuration 46.1 Power, Hardware Connections, and LEDs The Switch does not turn on.
Page 336 Chapter 46 Troubleshooting One of the LEDs does not behave as expected. Make sure you understand the normal behavior of the LED. See Section 3.2 on page Check the hardware connections. See Section 3.1 on page Inspect your cables for damage. Contact the vendor to replace any damaged cables. Turn the Switch off and on.
Page 337: Switch Access And Login
Chapter 46 Troubleshooting 46.2 Switch Access and Login I forgot the IP address for the Switch. The default management IP address is 192.168.1.1. Use the console port to log in to the Switch. If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page I forgot the username and/or password.
Page 338 Chapter 46 Troubleshooting • Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HTTP. I can see the Login screen, but I cannot log in to the Switch. Make sure you have entered the user name and password correctly.
Page 339: Switch Configuration
Chapter 46 Troubleshooting 46.3 Switch Configuration I lost my configuration settings after I restart the Switch. Make sure you save your configuration into the Switch’s nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently.
Page 340 Chapter 46 Troubleshooting ES3500 Series User’s Guide...
Page 341: Appendix A Common Services
PP EN D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 342 Appendix A Common Services Table 149 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce.
Page 343 Appendix A Common Services Table 149 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP Simple Network Management Program.
Page 344 Appendix A Common Services ES3500 Series User’s Guide...
Page 345: Appendix B Legal Information
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 346 Appendix B Legal Information CE Mark Warning: This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
Page 347 Appendix B Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
Page 348: Safety Warnings
Appendix B Legal InformationSafety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Page 349 Appendix B Legal InformationSafety Warnings ENGLISH DEUTSCH ESPAÑOL Green Product Declaration Green Product Declaration Declaración de Producto Ecológico RoHS Directive 2002/95/EC RoHS Directive 2002/95/EC Directiva RoHS 2002/95/EC WEEE Directive 2002/96/EC WEEE Directive 2002/96/EC Directiva REEE 2002/96/EC (WEEE: Waste Electrical and Electronic (WEEE: Waste Electrical and Electronic (REEE : Residuos de Equipos Equipment)
Page 350 Appendix B Legal InformationSafety Warnings ES3500 Series User’s Guide...
Page 351: Index
Index Index setup Numbers auto-crossover automatic VLAN registration 802.1P priority 802.3az back up, configuration file basic settings access control limitations basic setup tutorial login account binding remote management binding table service port building SNMP BPDUs (Bridge Protocol Data Units) accounting Bridge Protocol Data Units (BPDUs) setup address learning, MAC...
Page 352 Index and switch passwords DHCP relay option 82 cluster manager DHCP snooping 321, 325 52, 215 cluster member configuring 321, 326 cluster member firmware upgrade DHCP relay option 82 network example trusted ports setup untrusted ports specification DHCP snooping database status diagnostics switch models...
Page 353 Index external authentication server hardware installation hardware monitor hardware overview FCC interference statement hello time file transfer using FTP hops command example HTTPS filename convention, configuration certificates implementation filtering public keys, private keys rules HTTPS example filtering database, MAC table firmware upgrade 287, 323...
Page 354 Index IP source guard non-administrator ARP inspection login accounts 215, 217 DHCP snooping configuring via web configurator static bindings multiple IP subnet mask number of IPv6 login password Neighbor Discovery Protocol loop guard ping how it works port shut down probe packet loop guard, vs STP L2PT...
Page 355 Index hops configuration group configuration MDIX (Media Dependent Interface Crossover) network example MVR (Multicast VLAN Registration) and SNMP supported MIBs MIB (Management Information Base) mirroring ports monitor port mounting brackets network applications MST Instance, See MSTI network management system (NMS) MST region NTP (RFC-1305) MSTI...
Page 356 Index port details PVID (Priority Frame) port isolation port mirroring direction egress ingress port redundancy and classifier port security queue weight address learning queuing limit MAC address learning MAC address learning overview queuing method 177, 179 setup 165, 236, 244 port setup port status port VLAN trunking...
Page 357 Index standby ports static bindings static MAC address safety warnings static MAC forwarding save configuration 107, 110, 116 43, 286 static multicast address service access control service port static multicast forwarding sFlow static routes collector static trunking example configuration Static VLAN datagram static VLAN overview...
Page 358 Index setup Error Disable severity levels PPPoE IA system information Two Rate Three Color Marker (TRTCM) system log Type of Service (ToS) system reboot UDLD TACACS+ UniDirectional Link Detection, see UDLD setup untrusted ports TACACS+ (Terminal Access Controller Access- ARP inspection Control System Plus) DHCP snooping tagged VLAN...
Page 359 Index activating configuration example priority level tagged traffic flow untagged VLAN ID VLAN stacking 180, 182 configuration example frame format port roles 181, 183 port-based Q-in-Q priority selective Q-in-Q VLAN Trunking Protocol, see VTP VLAN, protocol based, See protocol based VLAN VLAN, subnet based, See subnet based VLANs VT100 warranty...
Page 360 Index ES3500 Series User’s Guide...

This manual is also suitable for:

Es3500-24hp Es3500-8pd Es3500 series

ZyXEL Communications ES3500-24 User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 7

System Status and Port Statistics

Chapter 8 Basic Setting

Chapter 9 VLAN

Chapter 10 Static MAC Forward Setup

Chapter 11 Static Multicast Forward Setup

Chapter 12 Filtering

Chapter 13 Spanning Tree Protocol

Chapter 14 Bandwidth Control

Chapter 15 Broadcast Storm Control

Chapter 16 Mirroring

Chapter 17 Link Aggregation

Chapter 18 Port Authentication

Chapter 19 Port Security

Chapter 20 Classifier

Chapter 21 Policy Rule

Chapter 22 Queuing Method

Chapter 23 VLAN Stacking

Chapter 24 Multicast

Chapter 25 AAA

Chapter 26 IP Source Guard

Chapter 27 Loop Guard

Chapter 28 VLAN Mapping

Chapter 29 Layer 2 Protocol Tunneling

Chapter 30 Sflow

Chapter 31 Pppoe

Chapter 32 Error Disable

Chapter 33 Private VLAN

Chapter 34 Green Ethernet

Chapter 35 Static Route

Chapter 36 Differentiated Services

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications ES3500-24

Summary of Contents for ZyXEL Communications ES3500-24