ZyXEL Communications MES3500-24F User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. MES3500-24F
  6. User manual

ZyXEL Communications MES3500-24F User Manual

Layer 2 management switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

MES3500-24/24F
Layer 2 Management Switch
Default Login Details
IP Address
http://192.168.1.1
User Name
Password
Firmware Version 4.00
Edition 1, 12/2011
www.zyxel.com
www.zyxel.com
admin
1234
Copyright © 2011
ZyXEL Communications Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the MES3500-24F and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications MES3500-24F

Summary of Contents for ZyXEL Communications MES3500-24F

  • Page 1 MES3500-24/24F Layer 2 Management Switch Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 4.00 Edition 1, 12/2011 www.zyxel.com www.zyxel.com Copyright © 2011 ZyXEL Communications Corporation...

  • Page 3: About This User's Guide

    About This User's Guide About This User's Guide IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Intended Audience This manual is intended for people who want to configure the Switch using the web configurator. Related Documentation • Web Configurator Online Help The embedded Web Help contains descriptions of individual screens and supplementary information.

  • Page 4: Document Conventions

    Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.

  • Page 5: Safety Warnings

    Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
  • Page 6 Safety Warnings MES3500-24/24F User’s Guide...

  • Page 7: Table Of Contents

    Contents Overview Contents Overview User’s Guide ........................... 21 Getting to Know Your Switch ......................23 Hardware Installation and Connection ..................27 Hardware Overview ........................30 The Web Configurator ........................39 Initial Setup Example .........................49 Tutorials .............................53 Technical Reference ......................79 System Status and Port Statistics ....................81 Basic Setting ..........................86 VLAN ............................97 Static MAC Forward Setup .......................
  • Page 8 Contents Overview DHCP ............................276 Maintenance ..........................283 Access Control .........................290 Diagnostic ..........................312 Syslog ............................313 Cluster Management ........................316 MAC Table ..........................322 ARP Table ..........................325 Configure Clone ........................327 Troubleshooting ........................329 MES3500-24/24F User’s Guide...

  • Page 9: Table Of Contents

    Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions ......................4 Safety Warnings........................5 Contents Overview ........................7 Table of Contents ........................9 Part I: User’s Guide ................21 Chapter 1 Getting to Know Your Switch....................23 1.1 Introduction ..........................23 1.1.1 Backbone Application ....................23 1.1.2 Bridging Example .......................24...
  • Page 10 Table of Contents 3.1.5 Signal Slot ........................35 3.2 LEDs ...........................37 Chapter 4 The Web Configurator ......................39 4.1 Introduction ..........................39 4.2 System Login ........................39 4.3 The Web Configurator Layout ....................40 4.3.1 Change Your Password ...................44 4.4 Saving Your Configuration ....................44 4.5 Switch Lockout ........................44 4.6 Resetting the Switch ......................45...
  • Page 11 Table of Contents Part II: Technical Reference..............79 Chapter 7 System Status and Port Statistics..................81 7.1 Overview ..........................81 7.2 Port Status Summary ......................81 7.2.1 Status: Port Details ....................83 Chapter 8 Basic Setting .......................... 86 8.1 Overview ..........................86 8.2 System Information ......................86 8.3 General Setup ........................88...
  • Page 12 Table of Contents Chapter 10 Static MAC Forward Setup....................114 10.1 Overview .......................... 114 10.2 Configuring Static MAC Forwarding ................114 Chapter 11 Static Multicast Forward Setup ................... 116 11.1 Static Multicast Forwarding Overview ................116 11.2 Configuring Static Multicast Forwarding ................117 Chapter 12 Filtering..........................
  • Page 13 Table of Contents Chapter 16 Mirroring ..........................146 16.1 Port Mirroring Setup ......................146 Chapter 17 Link Aggregation ........................148 17.1 Link Aggregation Overview .....................148 17.2 Dynamic Link Aggregation ....................148 17.2.1 Link Aggregation ID ....................149 17.3 Link Aggregation Status ....................149 17.4 Link Aggregation Setting ....................151 17.5 Link Aggregation Control Protocol ................153 17.6 Static Trunking Example ....................154...
  • Page 14 Table of Contents 21.4 Policy Example .........................175 Chapter 22 Queuing Method ........................176 22.1 Queuing Method Overview ....................176 22.1.1 Strictly Priority Queuing ..................176 22.1.2 Weighted Fair Queuing ...................176 22.1.3 Weighted Round Robin Scheduling (WRR) ............177 22.2 Configuring Queuing ......................177 Chapter 23 VLAN Stacking ........................
  • Page 15 Table of Contents 25.1.1 Local User Accounts ....................201 25.1.2 RADIUS and TACACS+ ..................202 25.2 AAA Screens ........................202 25.2.1 RADIUS Server Setup ..................202 25.2.2 TACACS+ Server Setup ..................205 25.2.3 AAA Setup ......................207 25.2.4 Vendor Specific Attribute ..................209 25.2.5 Tunnel Protocol Attribute ..................210 25.3 Supported RADIUS Attributes ..................210 25.3.1 Attributes Used for Authentication ................
  • Page 16 Table of Contents 29.1 Layer 2 Protocol Tunneling Overview ................241 29.1.1 Layer-2 Protocol Tunneling Mode ................242 29.2 Configuring Layer 2 Protocol Tunneling ................243 Chapter 30 sFlow............................245 30.1 sFlow Overview ........................245 30.2 sFlow Port Configuration ....................246 30.2.1 sFlow Collector Configuration .................247 Chapter 31 PPPoE ............................
  • Page 17 Table of Contents 35.1 DiffServ Overview ......................268 35.1.1 DSCP and Per-Hop Behavior .................268 35.1.2 DiffServ Network Example ..................268 35.2 Two Rate Three Color Marker Traffic Policing ..............269 35.2.1 TRTCM-Color-blind Mode ..................270 35.2.2 TRTCM-Color-aware Mode ..................270 35.3 Activating DiffServ ......................270 35.3.1 Configuring 2-Rate 3 Color Marker Settings ............271 35.3.2 Configuring DSCP Profiles ..................273 35.4 DSCP-to-IEEE 802.1p Priority Settings .................274...
  • Page 18 Table of Contents 38.2 The Access Control Main Screen ..................290 38.3 About SNMP ........................290 38.3.1 SNMP v3 and Security ...................291 38.3.2 Supported MIBs .....................292 38.3.3 SNMP Traps ......................292 38.3.4 Configuring SNMP ....................296 38.3.5 Configuring SNMP Trap Group ................297 38.3.6 Configuring SNMP User ..................298 38.4 Setting Up Login Accounts ...................299...
  • Page 19 Table of Contents Chapter 43 ARP Table ..........................325 43.1 ARP Table Overview .......................325 43.1.1 How ARP Works .....................325 43.2 The ARP Table Screen ....................326 Chapter 44 Configure Clone........................327 44.1 Configure Clone ......................327 Chapter 45 Troubleshooting........................329 45.1 Power, Hardware Connections, and LEDs ...............329 45.2 Switch Access and Login ....................330 45.3 Switch Configuration ......................332 Appendix A Common Services ....................
  • Page 20 Table of Contents MES3500-24/24F User’s Guide...

  • Page 21: User's Guide

    User’s Guide...

  • Page 23: Getting To Know Your Switch

    The Switch is a layer-2 standalone Ethernet switch. The MES3500-24 has 24 10/100 Mbps fast Ethernet ports. The MES3500-24F has 24 100 Mbps fast Ethernet SFP slots. Both also have four GbE dual personality interfaces with each interface comprising one mini-GBIC slot and one 100/ 1000 Mbps RJ-45 port, with either port or slot active at a time.

  • Page 24: Bridging Example

    Chapter 1 Getting to Know Your Switch 1.1.2 Bridging Example In this example, the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch.

  • Page 25: Ieee 802.1Q Vlan Application Examples

    Chapter 1 Getting to Know Your Switch 1.1.4 IEEE 802.1Q VLAN Application Examples A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group. A station can belong to more than one group.

  • Page 26: Ways To Manage The Switch

    Chapter 1 Getting to Know Your Switch 1.2 Ways to Manage the Switch Use any of the following methods to manage the Switch. • Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page •...

  • Page 27: Hardware Installation And Connection

    H A PT ER Hardware Installation and Connection This chapter shows you how to install and connect the Switch. 2.1 Installation Scenarios The Switch can be placed on a desktop or rack-mounted on a standard EIA rack. Use the rubber feet in a desktop installation and the brackets in a rack-mounted installation.

  • Page 28: Attaching The Mounting Brackets To The Switch

    Chapter 2 Hardware Installation and Connection 2.3.1.1 Precautions • Make sure the rack will safely support the combined weight of all the equipment it contains. • Make sure the position of the Switch does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.

  • Page 29: Mounting The Switch On A Rack

    Chapter 2 Hardware Installation and Connection 2.3.3 Mounting the Switch on a Rack Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack. Figure 6 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack.

  • Page 30: Hardware Overview

    Figure 8 MES3500-24 Front Panel: DC Model Dual Personality Interfaces Console Port Power Switch LEDs Signal slot Power Connection Fast Ethernet Ports Figure 9 MES3500-24F Front Panel: AC Model Dual Personality Interfaces LEDs Console Port Signal slot Power Connection Fast SFP Slots MES3500-24/24F User’s Guide...

  • Page 31: Console Port

    Chapter 3 Hardware Overview Figure 10 MES3500-24F Front Panel: DC Model Dual Personality Interfaces Power Switch Console Port LEDs Signal slot Power Connection Fast SFP Slots The following table describes the port labels on the front panel. Table 1 Front Panel Connections...

  • Page 32: Ethernet Ports

    Chapter 3 Hardware Overview Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. 3.1.2 Ethernet Ports The Switch has 24 10/100 Mbps auto-negotiating, auto-crossover Ethernet ports.
  • Page 33 Chapter 3 Hardware Overview You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors. To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors.

  • Page 34: Power Connector

    Chapter 3 Hardware Overview Pull the transceiver out of the slot. Figure 13 Removing the Fiber Optic Cables Figure 14 Opening the Transceiver’s Latch Example Figure 15 Transceiver Removal Example 3.1.4 Power Connector Make sure you are using the correct power source as shown on the panel and that no objects obstruct the airflow of the fans.

  • Page 35: Signal Slot

    Chapter 3 Hardware Overview 3.1.4.2 DC Power Connection The Switch uses a single ETB series terminal block plug with four pins which allows you to connect up to two separate power supplies. If one power supply fails the system can operate on the remaining power supply.
  • Page 36 Chapter 3 Hardware Overview Use a connector to connect wires of the correct gauge to the sensor’s signal output pins. See Chapter 46 on page 333 for the wire specifications. Check the sensor’s documentation to identify its two signal output pins. Connect these two wires to any one of the following pairs of signal input pins on the Switch’s Signal connector--(4,5) (6,7) (8,9) (10,11).

  • Page 37: Leds

    The system is transmitting/receiving to/from a 100 Mbps Ethernet network. The link to a 100 Mbps Ethernet network is up. The link to an Ethernet network is down. 100 Mbps Fast SFP Ports (MES3500-24F) 1 ~ 24 Amber The port has a successfule connection.
  • Page 38 Chapter 3 Hardware Overview Table 2 LED Descriptions (continued) COLOR STATUS DESCRIPTION Green The link to this port is up. The link to this port is down. Green Blinking This port is receiving or transmitting data. 1000Base-T Ethernet Ports (in Dual Personality Interface) LNK/ACT Green Blinking...

  • Page 39: The Web Configurator

    H A PT ER The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Firefox 2.0 and later versions.

  • Page 40: The Web Configurator Layout

    Chapter 4 The Web Configurator The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. Figure 18 Web Configurator: Login Click OK to view the first web configurator screen.
  • Page 41 Chapter 4 The Web Configurator A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. B, C, D, E - These are quick links which allow you to perform certain tasks no matter which screen you are currently working in.
  • Page 42 Chapter 4 The Web Configurator The following table describes the links in the navigation panel. Table 4 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This link takes you to a screen that displays general system and hardware monitoring information. General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch.
  • Page 43 Chapter 4 The Web Configurator Table 4 Navigation Panel Links (continued) LINK DESCRIPTION This link takes you to a screen where you can configure authentication, authorization and accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access-Control System Plus).

  • Page 44: Change Your Password

    Chapter 4 The Web Configurator 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 20 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory.

  • Page 45: Resetting The Switch

    Chapter 4 The Web Configurator Disable all ports. Misconfigure the text configuration file. Forget the password and/or IP address. Prevent all services from accessing the Switch. Change a service port number but forget it. Note: Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch.

  • Page 46: Logging Out Of The Web Configurator

    Chapter 4 The Web Configurator After a configuration file upload, type atgo to restart the Switch. Figure 21 Resetting the Switch: Via the Console Port Bootbase Version: V1.00 | 11/02/2011 11:09:37 RAM: Size = 65536 Kbytes DRAM POST: Testing: 65536K DRAM Test SUCCESS ! ZyNOS Version: VMES3500-24_4.00(AABB.0)b1 | 11/04/2011 17:32:28 Press any key to enter debug mode within 3 seconds.
  • Page 47 Chapter 4 The Web Configurator MES3500-24/24F User’s Guide...
  • Page 48 Chapter 4 The Web Configurator MES3500-24/24F User’s Guide...

  • Page 49: Initial Setup Example

    H A PT ER Initial Setup Example This chapter shows how to set up the Switch for an example network. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID •...

  • Page 50: Setting Port Vid

    Chapter 5 Initial Setup Example Click Advanced Application > VLAN in the navigation panel and click the Static VLAN link. In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network.

  • Page 51: Configuring Switch Management Ip Address

    Chapter 5 Initial Setup Example In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2. Figure 24 Initial Setup Network Example: Port VID Click Advanced Applications >...
  • Page 52 Chapter 5 Initial Setup Example Connect your computer to the Switch’s port which is not in VLAN 2. Open your web browser and enter 192.168.1.1 (the default management IP address) in the address bar to access the web configurator. See Section 4.2 on page 39 for more information.

  • Page 53: Tutorials

    H A PT ER Tutorials This chapter provides some examples of using the web configurator to set up and use the Switch. The tutorials include: • How to Use DHCP Snooping on the Switch • How to Use DHCP Relay on the Switch •...
  • Page 54 Chapter 6 Tutorials Go to Advanced Application > VLAN > Static VLAN, and create a VLAN with ID of 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add.
  • Page 55 Chapter 6 Tutorials Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Click the Port link at the top right corner. The DHCP Snooping Port Configure screen appears. Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5.

  • Page 56: How To Use Dhcp Relay On The Switch

    Chapter 6 Tutorials Go to Advanced Application > IP Source Guard > DHCP snooping > Configure > VLAN, show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply. Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen. If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry.

  • Page 57: Dhcp Relay Tutorial Introduction

    Chapter 6 Tutorials 6.2.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) and gateway information to DHCP client A based on the system name, VLAN ID and port number in the DHCP request.
  • Page 58 Chapter 6 Tutorials Click Advanced Application > VLAN > Static VLAN. In the Static VLAN screen, select ACTIVE, enter a descriptive name (VALN 102 for example) in the Name field and enter 102 in the VLAN Group ID field. Select Fixed to configure port 2 to be a permanent member of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.

  • Page 59: Configuring Dhcp Relay

    Chapter 6 Tutorials Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently.

  • Page 60: Troubleshooting

    Chapter 6 Tutorials Click Apply to save your changes back to the run-time memory. Click the Save link in the upper right corner of the web configurator to save your configuration permanently. The DHCP server can then assign a specific IP address based on the DHCP request. 6.2.4 Troubleshooting Check the client A’s IP address.

  • Page 61: Configuring Switch A

    Chapter 6 Tutorials Switch B is connected to switch A. In this way, PPPoE server S can identify subscriber C and may apply different settings to it. Port 12 - Trusted Port 11 - Trusted Port 12 - Trusted Port 5 - Untrusted Note: For related information about PPPoE IA, see Section 31.3 on page 251.
  • Page 62 Chapter 6 Tutorials Select Untrusted for port 5 and enter userC as Circuit-id and 00134900000A as Remote-id. Select Trusted for port 12 and then leave the other fields empty. Click Apply. Then Click Intermediate Agent on the top of the screen. The Intermediate Agent screen appears.

  • Page 63: Configuring Switch B

    Chapter 6 Tutorials Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in this example. Click Apply. Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server.
  • Page 64 Chapter 6 Tutorials Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. Select Trusted for ports 11 and 12 and then click Apply. Then Click Intermediate Agent on the top of the screen. MES3500-24/24F User’s Guide...
  • Page 65 Chapter 6 Tutorials The Intermediate Agent screen appears. Click VLAN on the top of the screen. Enter 1 for both Start VID and End VID. Click Apply. Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server.

  • Page 66: How To Use Error Disable And Recovery On The Switch

    Chapter 6 Tutorials The settings are completed now. If you miss some settings above, subscriber C could not successfully receive an IP address assigned by the PPPoE Server. If this happens, make sure you follow the steps exactly in this tutorial. 6.4 How to Use Error Disable and Recovery on the Switch This tutorial shows you how to shut down a port when: •...
  • Page 67 Chapter 6 Tutorials Click Advanced Application > Errdisable > CPU Protection, select ARP as the reason, enter 100 as the rate limit (packets per second) for the first entry (port *) to apply the setting to all ports. Then click Apply. Click Advanced Application >...

  • Page 68: How To Set Up A Guest Vlan

    Chapter 6 Tutorials 6.5 How to Set Up a Guest VLAN All ports on the Switch are in VLAN 1 by default. Say you enable IEEE 802.1x authentication on ports 1 to 8. Clients that connect to these ports should provide the correct user name and password in order to access the ports.
  • Page 69 Chapter 6 Tutorials Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. Click Advanced Application > VLAN > Static VLAN. In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 200 for example) in the Name field and enter 200 in the VLAN Group ID field.
  • Page 70 Chapter 6 Tutorials Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen.

  • Page 71: Enabling Ieee 802.1X Port Authentication

    Chapter 6 Tutorials 10 Click Apply to save your changes back to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently. 6.5.2 Enabling IEEE 802.1x Port Authentication Follow the steps below to enable port authentication to validate access to ports 1~8 to clients based on a RADIUS server.

  • Page 72: Enabling Guest Vlan

    Chapter 6 Tutorials Select the first Active checkbox to enable 802.1x authentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply. 6.5.3 Enabling Guest VLAN Click the Guest Vlan link in the 802.1x screen. MES3500-24/24F User’s Guide...

  • Page 73: How To Do Port Isolation In A Vlan

    Chapter 6 Tutorials Select Active and enter the guest VLAN ID (200 in this example) on ports 1, 2 and 3. The Switch puts unauthenticated clients in the specified guest VLAN. Set Host-mode to Multi-Secure to have the Switch authenticate each client that connects to one of these ports, and specify the maximum number of clients that the Switch will authenticate on each of these port (5 in this example).

  • Page 74: Creating A Vlan

    Chapter 6 Tutorials do port isolation in a VLAN instead of assigning each port to a separate VLAN and creating a different IP routing domain for each individual port. Internet In this example, you put ports 2 to 4 and 25 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2, 3 and 4.
  • Page 75 Chapter 6 Tutorials Select Fixed to configure ports 2, 3, 4 and 25 to be permanent members of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. Click Add to save the settings to the run-time memory.

  • Page 76: Creating A Private Vlan Rule

    Chapter 6 Tutorials Enter 123 in the PVID field for ports 2, 3, 4 and 25 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory.
  • Page 77 Chapter 6 Tutorials In the Private VLAN screen, select Active. Enter a descriptive name (PrivateVLAN123 for example) in the Name field and enter 123 in the VLAN ID field. Click Add. Click the Save link in the upper right corner of the web configurator to save your configuration permanently.
  • Page 78 Chapter 6 Tutorials MES3500-24/24F User’s Guide...

  • Page 79: Technical Reference

    Technical Reference...

  • Page 81: System Status And Port Statistics

    H A PT ER System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
  • Page 82 Chapter 7 System Status and Port Statistics The following table describes the labels in this screen. Table 7 Status LABEL DESCRIPTION Port This identifies the Ethernet port. Click a port number to display the Port Details screen (refer to Figure 27 on page 83).

  • Page 83: Status: Port Details

    Chapter 7 System Status and Port Statistics 7.2.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 27 Status >...
  • Page 84 Chapter 7 System Status and Port Statistics Table 8 Status: Port Details (continued) LABEL DESCRIPTION Status If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port (see Section 13.1 on page 122 for more information). If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays STOP.
  • Page 85 Chapter 7 System Status and Port Statistics Table 8 Status: Port Details (continued) LABEL DESCRIPTION 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length.

  • Page 86: Basic Setting

    H A PT ER Basic Setting This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens. 8.1 Overview The System Info screen displays general Switch information (such as firmware version number) and hardware polling information (such as temperatures).
  • Page 87 Chapter 8 Basic Setting The following table describes the labels in this screen. Table 9 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the model number of the Switch. ZyNOS F/W This field displays the version number of the Switch 's current firmware including the date Version...

  • Page 88: General Setup

    Chapter 8 Basic Setting 8.3 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. Figure 29 Basic Setting > General Setup The following table describes the labels in this screen.

  • Page 89: Introduction To Vlans

    Chapter 8 Basic Setting Table 10 Basic Setting > General Setup (continued) LABEL DESCRIPTION New Time Enter the new time in hour, minute and second format. The new time then appears in the (hh:min:ss) Current Time field after you click Apply. Current Date This field displays the date you open this menu.

  • Page 90: Smart Isolation

    Chapter 8 Basic Setting VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain.

  • Page 91: Switch Setup

    Chapter 8 Basic Setting You should enable RSTP or MRSTP before you can use smart isolation on the Switch. If the network topology changes, the Switch automatically updates the isolated port list with the latest designated port information. Note: The uplink port connected to the Internet should be the root port. Otherwise, with smart isolation enabled, the isolated ports cannot access the Internet.
  • Page 92 Chapter 8 Basic Setting Table 11 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out (and must be relearned).

  • Page 93: Ip Setup

    Chapter 8 Basic Setting 8.6 IP Setup Use the IP Setup screen to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic. 8.6.1 Management IP Addresses The Switch needs an IP address for it to be managed over the network.
  • Page 94 Chapter 8 Basic Setting The following table describes the labels in this screen. Table 12 Basic Setting > IP Setup LABEL DESCRIPTION Domain Name DNS (Domain Name System) is for mapping a domain name to its corresponding IP Server address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address.

  • Page 95: Port Setup

    Chapter 8 Basic Setting Table 12 Basic Setting > IP Setup (continued) LABEL DESCRIPTION Delete Check the management IP addresses that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the selected check boxes in the Delete column. 8.7 Port Setup Use this screen to configure Switch port settings.
  • Page 96 Chapter 8 Basic Setting Table 13 Basic Setting > Port Setup (continued) LABEL DESCRIPTION Speed/Duplex Select the speed and the duplex mode of the Ethernet connection on this port. Choices are Auto, 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, 100M/Full Duplex and 1000M/Full Duplex (Gigabit connections only).

  • Page 97: Vlan

    H A PT ER VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 9.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.

  • Page 98: Automatic Vlan Registration

    Chapter 9 VLAN 9.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 9.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP.

  • Page 99: Port Vlan Trunking

    Chapter 9 VLAN 9.3 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.

  • Page 100: Vlan Status

    Chapter 9 VLAN 9.5.1 VLAN Status Section 9.1 on page 97 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 35 Advanced Application > VLAN: VLAN Status The following table describes the labels in this screen.

  • Page 101: Vlan Details

    Chapter 9 VLAN 9.5.2 VLAN Details Use this screen to view detailed port settings and status of the VLAN group. See Section 9.1 on page 97 for more information on static VLAN. Click on an index number in the VLAN Status screen to display VLAN details.

  • Page 102: Configure A Static Vlan

    Chapter 9 VLAN 9.5.3 Configure a Static VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. See Section 9.1 on page 97 for more information on static VLAN. To configure a static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next.

  • Page 103: Configure Vlan Port Settings

    Chapter 9 VLAN Table 17 Advanced Application > VLAN > Static VLAN (continued) LABEL DESCRIPTION Tagging Select TX Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 104: Subnet Based Vlans

    Chapter 9 VLAN Table 18 Advanced Application > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

  • Page 105: Configuring Subnet Based Vlan

    Chapter 9 VLAN services). All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly. That is, video services receive the highest priority and data the lowest. Figure 39 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames...
  • Page 106 Chapter 9 VLAN Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 40 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes the labels in this screen. Table 19 Advanced Application >...

  • Page 107: Protocol Based Vlans

    Chapter 9 VLAN Table 19 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Setup LABEL DESCRIPTION Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 108: Configuring Protocol Based Vlan

    Chapter 9 VLAN 9.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Figure 42 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN The following table describes the labels in this screen. Table 20 Advanced Application >...

  • Page 109: Create An Ip-Based Vlan Example

    Chapter 9 VLAN Table 20 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Index This is the index number identifying this protocol based VLAN. Click on any of these numbers to edit an existing protocol based VLAN. Active This field shows whether the protocol based VLAN is active or not.

  • Page 110: Port-Based Vlan Setup

    Chapter 9 VLAN Leave the priority set to 0 and click Add. Figure 43 Protocol Based VLAN Configuration Example EXAMPLE To add more ports to this protocol based VLAN. Click the index number of the protocol based VLAN entry. Click 1 Change the value in the Port field to the next port you want to add.

  • Page 111: Configure A Port-Based Vlan

    Chapter 9 VLAN 9.11.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the following screen. Select either All Connected or Port Isolated from the drop-down list depending on your VLAN and VLAN security requirements.
  • Page 112 Chapter 9 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration. Figure 45 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) MES3500-24/24F User’s Guide...
  • Page 113 Chapter 9 VLAN The following table describes the labels in this screen. Table 21 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Choose All connected or Port isolation. Wizard All connected means all ports can communicate with each other, that is, there are no virtual LANs.

  • Page 114: Static Mac Forward Setup

    HAPTER Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 10.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. 10.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out.
  • Page 115 Chapter 10 Static MAC Forward Setup The following table describes the labels in this screen. Table 22 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box.

  • Page 116: Static Multicast Forward Setup

    HAPTER Static Multicast Forward Setup Use these screens to configure static multicast address forwarding. 11.1 Static Multicast Forwarding Overview A multicast MAC address is the MAC address of a member of a multicast group. A static multicast address is a multicast MAC address that has been manually entered in the multicast table. Static multicast addresses do not age out.

  • Page 117: Configuring Static Multicast Forwarding

    Chapter 11 Static Multicast Forward Setup within a VLAN group. Figure 48 shows frames being forwarded to devices connected to port 3. Figure 49 shows frames being forwarded to ports 2 and 3 within VLAN group 4. Figure 47 No Static Multicast Forwarding Figure 48 Static Multicast Forwarding to A Single Port Figure 49 Static Multicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding...
  • Page 118 Chapter 11 Static Multicast Forward Setup Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown. Figure 50 Advanced Application > Static Multicast Forwarding The following table describes the labels in this screen. Table 23 Advanced Application > Static Multicast Forwarding LABEL DESCRIPTION Active...
  • Page 119 Chapter 11 Static Multicast Forward Setup Table 23 Advanced Application > Static Multicast Forwarding (continued) LABEL DESCRIPTION Port This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table.

  • Page 120: Filtering

    HAPTER Filtering This chapter discusses MAC address port filtering. 12.1 Configure a Filtering Rule Configure the Switch to filter traffic based on the traffic’s source, destination MAC addresses and/or VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.
  • Page 121 Chapter 12 Filtering Table 24 Advanced Application > FIltering (continued) LABEL DESCRIPTION Type a MAC address in a valid MAC address format, that is, six hexadecimal character pairs. Type the VLAN group identification number. Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 122: Spanning Tree Protocol

    HAPTER Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol •...

  • Page 123: How Stp Works

    Chapter 13 Spanning Tree Protocol Table 25 STP Path Costs RECOMMENDED RECOMMENDED ALLOWED LINK SPEED VALUE RANGE RANGE Path Cost 1Gbps 3 to 10 1 to 65535 Path Cost 10Gbps 1 to 5 1 to 65535 On each bridge, the bridge communicates with the root through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost).

  • Page 124: Multiple Rstp

    Chapter 13 Spanning Tree Protocol 13.1.4 Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information.
  • Page 125 Chapter 13 Spanning Tree Protocol 13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link.
  • Page 126 Chapter 13 Spanning Tree Protocol Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings. These include the following parameters: • Name of the MST region • Revision level as the unique number for the MST region •...

  • Page 127: Spanning Tree Protocol Status Screen

    Chapter 13 Spanning Tree Protocol 13.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown. Figure 57 Advanced Application >...

  • Page 128: Configure Rapid Spanning Tree Protocol

    Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 27 Advanced Application > Spanning Tree Protocol > Configuration LABEL DESCRIPTION Spanning Tree You can activate one of the STP modes on the Switch. Mode Select Rapid Spanning Tree, Multiple Rapid Spanning Tree or Multiple Spanning Tree.
  • Page 129 Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 28 Advanced Application > Spanning Tree Protocol > RSTP LABEL DESCRIPTION Status Click Status to display the RSTP Status screen (see Figure 60 on page 130).

  • Page 130: Rapid Spanning Tree Protocol Status

    Chapter 13 Spanning Tree Protocol Table 28 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost - see Table 25 on page 122 for more information.

  • Page 131: Configure Multiple Rapid Spanning Tree Protocol

    Chapter 13 Spanning Tree Protocol Table 29 Advanced Application > Spanning Tree Protocol > Status: RSTP (continued) LABEL DESCRIPTION Forwarding Delay This is the time (in seconds) the root switch will wait before changing states (second) (that is, listening to learning to forwarding). See Section 13.1.3 on page 123 information on port states.
  • Page 132 Chapter 13 Spanning Tree Protocol Table 30 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Active Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application >...

  • Page 133: Multiple Rapid Spanning Tree Protocol Status

    Chapter 13 Spanning Tree Protocol Table 30 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
  • Page 134 Chapter 13 Spanning Tree Protocol Table 31 Advanced Application > Spanning Tree Protocol > Status: MRSTP (continued) LABEL DESCRIPTION Cost to Bridge This is the path cost from the root port on this Switch to the root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree.

  • Page 135: Configure Multiple Spanning Tree Protocol

    Chapter 13 Spanning Tree Protocol 13.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. Section 13.1.5 on page 124 for more information on MSTP. Figure 63 Advanced Application > Spanning Tree Protocol > MSTP MES3500-24/24F User’s Guide...
  • Page 136 Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 32 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Port Click Port to display the MSTP Port Configuration screen (see Figure 64 on page 138).
  • Page 137 Chapter 13 Spanning Tree Protocol Table 32 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION VLAN Range Enter the start of the VLAN ID range that you want to add or remove from the VLAN range edit area in the Start field. Enter the end of the VLAN ID range that you want to add or remove from the VLAN range edit area in the End field.

  • Page 138: Multiple Spanning Tree Protocol Port Configuration

    Chapter 13 Spanning Tree Protocol 13.8.1 Multiple Spanning Tree Protocol Port Configuration To configure MSTP ports, click Port in the Advanced Application > Spanning Tree Protocol > MSTP screen. Figure 64 Advanced Application > Spanning Tree Protocol > MSTP > Port The following table describes the labels in this screen.

  • Page 139: Multiple Spanning Tree Protocol Status

    Chapter 13 Spanning Tree Protocol 13.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.1.5 on page 124 for more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch.
  • Page 140 Chapter 13 Spanning Tree Protocol Table 34 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Configuration This field displays the configuration name for this MST region.

  • Page 141: Bandwidth Control

    HAPTER Bandwidth Control This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 14.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. 14.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.

  • Page 142: Bandwidth Control Setup

    Chapter 14 Bandwidth Control 14.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 66 Advanced Application > Bandwidth Control The following table describes the related labels in this screen. Table 35 Advanced Application >...
  • Page 143 Chapter 14 Bandwidth Control Table 35 Advanced Application > Bandwidth Control (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 144: Broadcast Storm Control

    HAPTER Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 15.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
  • Page 145 Chapter 15 Broadcast Storm Control Table 36 Advanced Application > Broadcast Storm Control (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

  • Page 146: Mirroring

    HAPTER Mirroring This chapter discusses port mirroring setup screens. 16.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application >...
  • Page 147 Chapter 16 Mirroring Table 37 Advanced Application > Mirroring (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

  • Page 148: Link Aggregation

    HAPTER Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higher- bandwidth link. 17.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.

  • Page 149: Link Aggregation Id

    Chapter 17 Link Aggregation Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. 17.2.1 Link Aggregation ID LACP aggregation ID consists of the following information Table 38 Link Aggregation ID: Local Switch SYSTEM MAC ADDRESS PORT PRIORITY PORT NUMBER...
  • Page 150 Chapter 17 Link Aggregation Table 40 Advanced Application > Link Aggregation Status (continued) LABEL DESCRIPTION Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number. Refer to Section 17.2.1 on page 149 for more information on this field.

  • Page 151: Link Aggregation Setting

    Chapter 17 Link Aggregation 17.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 17.1 on page 148 for more information on link aggregation. Figure 70 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen.
  • Page 152 Chapter 17 Link Aggregation Table 41 Advanced Application > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the src- dst-mac distribution type.

  • Page 153: Link Aggregation Control Protocol

    Chapter 17 Link Aggregation 17.5 Link Aggregation Control Protocol Click in the Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 17.2 on page 148 for more information on dynamic link aggregation.

  • Page 154: Static Trunking Example

    Chapter 17 Link Aggregation Table 42 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP (continued) LABEL DESCRIPTION LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
  • Page 155 Chapter 17 Link Aggregation Configure static trunking - Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunk group T1, select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below.

  • Page 156: Port Authentication

    HAPTER Port Authentication This chapter describes the IEEE 802.1x and MAC authentication methods. 18.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: •...

  • Page 157: Mac Authentication

    Chapter 18 Port Authentication provides the login credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. Figure 74 IEEE 802.1x Authentication Process New Connection Identity Request Login Credentials Authentication Request Access Challenge...

  • Page 158: Port Authentication Configuration

    Chapter 18 Port Authentication on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 75 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied 18.2 Port Authentication Configuration...

  • Page 159: Activate Ieee 802.1X Security

    Chapter 18 Port Authentication 18.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. Figure 77 Advanced Application > Port Authentication > 802.1x The following table describes the labels in this screen.

  • Page 160: Guest Vlan

    Chapter 18 Port Authentication Table 43 Advanced Application > Port Authentication > 802.1x (continued) LABEL DESCRIPTION Reauth Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port. Reauth-period Specify the length of time required to pass before a client has to re-enter his or her username and password to stay connected to the port.
  • Page 161 Chapter 18 Port Authentication Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 79 Advanced Application > Port Authentication > 802.1x > Guest VLAN The following table describes the labels in this screen.

  • Page 162: Activate Mac Authentication

    Chapter 18 Port Authentication Table 44 Advanced Application > Port Authentication > 802.1x > Guest VLAN (continued) LABEL DESCRIPTION Host-mode Specify how the Switch authenticates users when more than one user connect to the port (using a hub). Select Multi-Host to authenticate only the first user that connects to this port. If the first user enters the correct credential, any other users are allowed to access the port without authentication.
  • Page 163 Chapter 18 Port Authentication The following table describes the labels in this screen. Table 45 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch before configuring it on each port.

  • Page 164: Port Security

    HAPTER Port Security This chapter shows you how to set up port security. 19.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
  • Page 165 Chapter 19 Port Security The following table describes the labels in this screen. Table 46 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which you want to enable port security and disable MAC address learning.

  • Page 166: Classifier

    HAPTER Classifier This chapter introduces and shows you how to configure the packet classifier on the Switch. 20.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
  • Page 167 Chapter 20 Classifier Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. Figure 82 Advanced Application > Classifier The following table describes the labels in this screen. Table 47 Advanced Application > Classifier LABEL DESCRIPTION Active...

  • Page 168: Viewing And Editing Classifier Configuration

    Chapter 20 Classifier Table 47 Advanced Application > Classifier (continued) LABEL DESCRIPTION Port Type the port number to which the rule should be applied. You may choose one port only or all ports (Any). Destination Select Any to apply the rule to all MAC addresses. Address To specify a destination, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs).
  • Page 169 Chapter 20 Classifier Note: When two rules conflict with each other, a higher layer rule has priority over a lower layer rule. Figure 83 Advanced Application > Classifier: Summary Table The following table describes the labels in this screen. Table 48 Classifier: Summary Table LABEL DESCRIPTION Index...

  • Page 170: Classifier Example

    Chapter 20 Classifier 20.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. Figure 84 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow.

  • Page 171: Policy Rule

    HAPTER Policy Rule This chapter shows you how to configure policy rules. 21.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 20 on page 166 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
  • Page 172 Chapter 21 Policy Rule Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 85 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 51 Advanced Application > Policy Rule LABEL DESCRIPTION Active...
  • Page 173 Chapter 21 Policy Rule Table 51 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION General Egress Port Type the number of an outgoing port. Priority Specify a priority level. DSCP Specify a DSCP (DiffServ Code Point) number between 0 and 63. Specify the type of service (TOS) priority level.

  • Page 174: Viewing And Editing Policy Configuration

    Chapter 21 Policy Rule 21.3 Viewing and Editing Policy Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Policy screen. To change the settings of a rule, click a number in the Index field. Figure 86 Advanced Application >...

  • Page 175: Policy Example

    Chapter 21 Policy Rule 21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 170). Figure 87 Policy Example EXAMPLE MES3500-24/24F User’s Guide...

  • Page 176: Queuing Method

    HAPTER Queuing Method This chapter introduces the queuing methods supported. 22.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.

  • Page 177: Weighted Round Robin Scheduling (Wrr)

    Chapter 22 Queuing Method 22.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port.
  • Page 178 Chapter 22 Queuing Method The following table describes the labels in this screen. Table 53 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

  • Page 179: Vlan Stacking

    HAPTER VLAN Stacking This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 23.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.

  • Page 180: Vlan Stacking Port Roles

    Chapter 23 VLAN Stacking adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. Figure 89 VLAN Stacking Example 23.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel Port (the latter is for Gigabit ports only).

  • Page 181: Vlan Tag Format

    Chapter 23 VLAN Stacking 23.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 54 VLAN Tag Format Type Priority Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information.

  • Page 182: Configuring Vlan Stacking

    Chapter 23 VLAN Stacking 23.4 Configuring VLAN Stacking Click Advanced Applications > VLAN Stacking to display the screen as shown. Figure 90 Advanced Application > VLAN Stacking The following table describes the labels in this screen. Table 57 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active...

  • Page 183: Port-Based Q-In-Q

    Chapter 23 VLAN Stacking Table 57 Advanced Application > VLAN Stacking (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 184: Selective Q-In-Q

    Chapter 23 VLAN Stacking 23.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Switch to add different outer VLAN tags to the incoming frames received on one port according to their inner VLAN tags. Note: Selective Q-in-Q rules are only applied to single-tagged frames received on the access ports.
  • Page 185 Chapter 23 VLAN Stacking Table 59 Advanced Application > VLAN Stacking > Selective QinQ (continued) LABEL DESCRIPTION Active This shows whether this rule is activated or not. Name This is the descriptive name for this rule. Port This is the port number to which this rule is applied. CVID This is the customer VLAN ID in the incoming packets.

  • Page 186: Multicast

    HAPTER Multicast This chapter shows you how to configure various multicast features. 24.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.

  • Page 187: Igmp Snooping And Vlans

    Chapter 24 Multicast 24.1.4 IGMP Snooping and VLANs The Switch can perform IGMP snooping on up to 16 VLANs. You can configure the Switch to automatically learn multicast group membership of any VLANs. The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets. This is referred to as auto mode. Alternatively, you can specify the VLANs that IGMP snooping should be performed on.

  • Page 188: Multicast Setting

    Chapter 24 Multicast 24.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 24.1 on page 186 for more information on multicasting. Figure 94 Advanced Application > Multicast > Multicast Setting The following table describes the labels in this screen.
  • Page 189 Chapter 24 Multicast Table 61 Advanced Application > Multicast > Multicast Setting (continued) LABEL DESCRIPTION Unknown Specify the action to perform when the Switch receives an unknown multicast frame. Multicast Frame Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports. Reserved The IP address range of 224.0.0.0 to 224.0.0.255 are reserved for multicasting on the Multicast Group...
  • Page 190 Chapter 24 Multicast Table 61 Advanced Application > Multicast > Multicast Setting (continued) LABEL DESCRIPTION Throttling IGMP throttling controls how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached. Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table entry is aged out.

  • Page 191: Igmp Snooping Vlan

    Chapter 24 Multicast 24.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.1.4 on page 187 for more information on IGMP Snooping VLAN.

  • Page 192: Igmp Filtering Profile

    Chapter 24 Multicast Table 62 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN (continued) LABEL DESCRIPTION Click Add to insert the entry in the summary table below and save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring.

  • Page 193: Mvr Overview

    Chapter 24 Multicast The following table describes the labels in this screen. Table 63 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range.

  • Page 194: Types Of Mvr Ports

    Chapter 24 Multicast The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. Figure 97 MVR Network Example VLAN 1 Multicast VLAN...

  • Page 195: General Mvr Configuration

    Chapter 24 Multicast port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. Figure 98 MVR Multicast Television Example VLAN 1 Multicast VLAN 24.7 General MVR Configuration...
  • Page 196 Chapter 24 Multicast Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 99 Advanced Application > Multicast > Multicast Setting > MVR The following table describes the related labels in this screen. Table 64 Advanced Application >...

  • Page 197: Mvr Group Configuration

    Chapter 24 Multicast Table 64 Advanced Application > Multicast > Multicast Setting > MVR (continued) LABEL DESCRIPTION Source Port Select this option to set this port as the MVR source port that sends and receives multicast traffic. All source ports must belong to a single multicast VLAN. Receiver Port Select this option to set this port as a receiver port that only receives multicast traffic.

  • Page 198: Mvr Configuration Example

    Chapter 24 Multicast Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. Figure 100 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration The following table describes the labels in this screen. Table 65 Advanced Application >...
  • Page 199 Chapter 24 Multicast News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN 1 are able to receive the traffic. Figure 101 MVR Configuration Example News: 224.1.4.10 ~ 224.1.4.50 Movie: 230.1.2.50 ~230.1.2.60 VLAN 1 Multicast VID 200 To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set...
  • Page 200 Chapter 24 Multicast To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 103 MVR Group Configuration Example EXAMPLE Figure 104 MVR Group Configuration Example...

  • Page 201: Aaa

    HAPTER This chapter describes how to configure authentication, authorization and accounting settings on the Switch. 25.1 Authentication, Authorization and Accounting (AAA) Authentication is the process of determining who a user is and validating access to the Switch. The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.

  • Page 202: Radius And Tacacs

    Chapter 25 AAA 25.1.2 RADIUS and TACACS+ RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device.
  • Page 203 Chapter 25 AAA authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 107 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen. Table 67 Advanced Application >...
  • Page 204 Chapter 25 AAA Table 67 Advanced Application > AAA > RADIUS Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch.

  • Page 205: Tacacs+ Server Setup

    Chapter 25 AAA 25.2.2 TACACS+ Server Setup Use this screen to configure your TACACS+ server settings. See Section 25.1.2 on page 202 more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. Figure 108 Advanced Application >...
  • Page 206 Chapter 25 AAA Table 68 Advanced Application > AAA > TACACS+ Server Setup (continued) LABEL DESCRIPTION TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch.

  • Page 207: Aaa Setup

    Chapter 25 AAA 25.2.3 AAA Setup Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 109 Advanced Application > AAA > AAA Setup The following table describes the labels in this screen.
  • Page 208 Chapter 25 AAA Table 69 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers.

  • Page 209: Vendor Specific Attribute

    Chapter 25 AAA Table 69 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Mode The Switch supports two modes of recording login events. Select: • start-stop - to have the Switch send information to the accounting server when a user begins a session, during a user’s session (if it lasts past the Update Period), and when a user ends a session.

  • Page 210: Tunnel Protocol Attribute

    Chapter 25 AAA The following table describes the VSAs supported on the Switch. Note that these attributes only work when you enable authorization (see Section 25.2.3 on page 207). Table 70 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 Assignment Vendor-Type = 1 Vendor-data =...

  • Page 211: Attributes Used For Authentication

    Chapter 25 AAA Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified.
  • Page 212 Chapter 25 AAA 25.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time 25.3.2.2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent (the difference between Console and Telnet/SSH Exec events is that the Telnet/SSH events utilize the Calling- Station-Id attribute):...
  • Page 213 Chapter 25 AAA 25.3.2.3 Attributes Used for Accounting IEEE 802.1x Events The attributes are listed in the following table along with the time of the session they are sent: Table 74 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name...

  • Page 214: Ip Source Guard

    HAPTER IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 26.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: •...
  • Page 215 Chapter 26 IP Source Guard Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns dynamic bindings from trusted ports. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.

  • Page 216: Arp Inspection Overview

    Chapter 26 IP Source Guard 26.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: •...
  • Page 217 Chapter 26 IP Source Guard • It pretends to be computer A and responds to computer B. • It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X.

  • Page 218: Ip Source Guard

    Chapter 26 IP Source Guard 26.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
  • Page 219 Chapter 26 IP Source Guard ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. Figure 113 IP Source Guard Static Binding The following table describes the labels in this screen.

  • Page 220: Dhcp Snooping

    Chapter 26 IP Source Guard 26.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 114 DHCP Snooping The following table describes the labels in this screen. Table 77 DHCP Snooping LABEL DESCRIPTION...
  • Page 221 Chapter 26 IP Source Guard Table 77 DHCP Snooping (continued) LABEL DESCRIPTION Write delay timer This field displays how long (in seconds) the Switch tries to complete a specific update in the DHCP snooping database before it gives up. Abort timer This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change.

  • Page 222: Dhcp Snooping Configure

    Chapter 26 IP Source Guard Table 77 DHCP Snooping (continued) LABEL DESCRIPTION Last ignored bindings This section displays the number of times and the reasons the Switch ignored counters bindings the last time it read bindings from the DHCP binding database. You can clear these counters by restarting the Switch or using CLI commands.
  • Page 223 Chapter 26 IP Source Guard still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 115 DHCP Snooping Configure The following table describes the labels in this screen. Table 78 DHCP Snooping Configure LABEL DESCRIPTION...

  • Page 224: Dhcp Snooping Port Configure

    Chapter 26 IP Source Guard Table 78 DHCP Snooping Configure (continued) LABEL DESCRIPTION Renew DHCP Enter the location of a DHCP snooping database, and click Renew if you want the Snooping URL Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL.

  • Page 225: Dhcp Snooping Vlan Configure

    Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 79 DHCP Snooping Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports.

  • Page 226: Arp Inspection Status

    Chapter 26 IP Source Guard Table 80 DHCP Snooping VLAN Configure (continued) LABEL DESCRIPTION End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below. This field displays the VLAN ID of each VLAN in the range specified above.

  • Page 227: Arp Inspection Vlan Status

    Chapter 26 IP Source Guard Table 81 ARP Inspection Status (continued) LABEL DESCRIPTION Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). Reason This field displays the reason the ARP packet was discarded. MAC+VLAN: The MAC address and VLAN ID were not in the binding table.

  • Page 228: Arp Inspection Log Status

    Chapter 26 IP Source Guard Table 82 ARP Inspection VLAN Status LABEL DESCRIPTION Reply This field displays the total number of ARP Reply packets received from the VLAN since the Switch last restarted. Forwarded This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted.

  • Page 229: Arp Inspection Configure

    Chapter 26 IP Source Guard Table 83 ARP Inspection Log Status (continued) LABEL DESCRIPTION Reason This field displays the reason the log message was generated. dhcp deny: An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID. static deny: An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID.

  • Page 230: Arp Inspection Port Configure

    Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 84 ARP Inspection Configure LABEL DESCRIPTION Active Select this to enable ARP inspection on the Switch. You still have to enable ARP inspection on specific VLAN and specify trusted ports. Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters.
  • Page 231 Chapter 26 IP Source Guard open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 122 ARP Inspection Port Configure The following table describes the labels in this screen. Table 85 ARP Inspection Port Configure LABEL DESCRIPTION Port...

  • Page 232: Arp Inspection Vlan Configure

    Chapter 26 IP Source Guard 26.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application >...

  • Page 233: Loop Guard

    HAPTER Loop Guard This chapter shows you how to configure the Switch to guard against loops on the edge of your network. 27.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
  • Page 234 Chapter 27 Loop Guard The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B.

  • Page 235: Loop Guard Setup

    Chapter 27 Loop Guard Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 8.7 on page 95) or via commands (see the Ethernet Switch CLI Reference Guide). 27.2 Loop Guard Setup Click Advanced Application >...
  • Page 236 Chapter 27 Loop Guard Table 87 Advanced Application > Loop Guard (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 237: Vlan Mapping

    HAPTER VLAN Mapping This chapter shows you how to configure VLAN mapping on the Switch. 28.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network. The Switch checks incoming traffic from the switch ports (non-management ports) against the VLAN mapping table first, the MAC learning table and then the VLAN table before forwarding them through the Gigabit uplink port.

  • Page 238: Enabling Vlan Mapping

    Chapter 28 VLAN Mapping 28.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown. Figure 130 VLAN Mapping The following table describes the labels in this screen. Table 88 VLAN Mapping LABEL DESCRIPTION Active...

  • Page 239: Configuring Vlan Mapping

    Chapter 28 VLAN Mapping 28.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to display the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). Figure 131 VLAN Mapping Configuration The following table describes the labels in this screen.
  • Page 240 Chapter 28 VLAN Mapping MES3500-24/24F User’s Guide...

  • Page 241: Layer 2 Protocol Tunneling

    HAPTER Layer 2 Protocol Tunneling This chapter shows you how to configure layer-2 protocol tunneling on the Switch. 29.1 Layer 2 Protocol Tunneling Overview Layer-2 protocol tunneling (L2PT) is used on the service provider's edge devices. L2PT allows edge switches (1 and 2 in the following figure) to tunnel layer-2 STP (Spanning Tree Protocol), CDP (Cisco Discovery Protocol) and VTP (VLAN Trunking Protocol) packets between customer switches (A, B and C in the following figure) connected through the service provider’s network.

  • Page 242: Layer-2 Protocol Tunneling Mode

    Chapter 29 Layer 2 Protocol Tunneling To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection). Figure 133 L2PT Network Example Service Provider's Network...

  • Page 243: Configuring Layer 2 Protocol Tunneling

    Chapter 29 Layer 2 Protocol Tunneling 29.2 Configuring Layer 2 Protocol Tunneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. Figure 134 Advanced Application > Layer 2 Protocol Tunneling The following table describes the labels in this screen. Table 90 Advanced Application >...
  • Page 244 Chapter 29 Layer 2 Protocol Tunneling Table 90 Advanced Application > Layer 2 Protocol Tunneling (continued) LABEL DESCRIPTION Select this option to have the Switch tunnel STP (Spanning Tree Protocol) packets so that STP can run properly across the service provider’s network and spanning trees can be set up based on bridge information from all (local and remote) networks.

  • Page 245: Sflow

    HAPTER sFlow This chapter shows you how to configure sFlow to have the Switch monitor traffic in a network and send information to an sFlow collector for analysis. 30.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded on a switch or router gets sample data and packet statistics from traffic forwarded through its ports.

  • Page 246: Sflow Port Configuration

    Chapter 30 sFlow 30.2 sFlow Port Configuration Click Advanced Application > sFlow in the navigation panel to display the screen as shown. Figure 136 Advanced Application > sFlow The following table describes the labels in this screen. Table 91 Advanced Application > sFlow LABEL DESCRIPTION Active...

  • Page 247: Sflow Collector Configuration

    Chapter 30 sFlow Table 91 Advanced Application > sFlow (continued) LABEL DESCRIPTION Collector Enter the IP address of the sFlow collector. Address Note: You must have the sFlow collector already configured in the sFlow > Collector screen. The sFlow collector does not need to be in the same subnet as the Switch, but it must be accessible from the Switch.
  • Page 248 Chapter 30 sFlow Table 92 Advanced Application > sFlow > Collector (continued) LABEL DESCRIPTION Clear Click Clear to clear the fields to the factory defaults. Index This field displays the index number of this entry. Collector This field displays IP address of the sFlow collector. Address UDP Port This field displays port number the Switch uses to send sFlow datagram to the collector.

  • Page 249: Pppoe

    HAPTER PPPoE This chapter describes how the Switch gives a PPPoE termination server additional information that the server can use to identify and authenticate a PPPoE client. 31.1 PPPoE Intermediate Agent Overview A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients. It helps the PPPoE server identify and authenticate clients by adding subscriber line specific information to PPPoE discovery packets from clients on a per-port or per-port-per-VLAN basis before forwarding them to the PPPoE server.

  • Page 250: Port State

    Chapter 31 PPPoE Table 95 PPPoE IA Remote ID Sub-option Format SubOpt Length Value 0x02 MAC Address or String (1 byte) (1 byte) (63 bytes) The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent Remote ID sub-option.

  • Page 251: The Pppoe Screen

    Chapter 31 PPPoE Trusted ports are connected to PPPoE servers. • If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session-confirmation), or PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE server and received on a trusted port, the Switch forwards it to all other ports. •...
  • Page 252 Chapter 31 PPPoE Click Advanced Application > PPPoE > Intermediate Agent in the navigation panel to display the screen as shown. Figure 139 Advanced Application > PPPoE > Intermediate Agent The following table describes the labels in this screen. Table 98 Advanced Application > PPPoE > Intermediate Agent LABEL DESCRIPTION Active...

  • Page 253: Pppoe Ia Per-Port

    Chapter 31 PPPoE Table 98 Advanced Application > PPPoE > Intermediate Agent (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 254: Pppoe Ia Per-Port Per-Vlan

    Chapter 31 PPPoE Table 99 Advanced Application > PPPoE > Intermediate Agent > Port (continued) LABEL DESCRIPTION Server Trusted Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). State Trusted ports are uplink ports connected to PPPoE servers. •...
  • Page 255 Chapter 31 PPPoE Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. Figure 141 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN The following table describes the labels in this screen. Table 100 Advanced Application >...

  • Page 256: Pppoe Ia For Vlan

    Chapter 31 PPPoE 31.3.3 PPPoE IA for VLAN Use this screen to set whether the PPPoE Intermediate Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown.

  • Page 257: Error Disable

    HAPTER Error Disable This chapter shows you how to configure the rate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error.

  • Page 258: The Error Disable Screen

    Chapter 32 Error Disable 32.3 The Error Disable Screen Use this screen to configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Advanced Application > Errdisable Figure 143 32.4 CPU Protection Configuration Use this screen to limit the maximum number of control packets (ARP, BPDU and/or IGMP) that the Switch can receive or transmit on a port.

  • Page 259: Error-Disable Detect Configuration

    Chapter 32 Error Disable The following table describes the labels in this screen. Table 102 Advanced Application > Errdisable > CPU protection LABEL DESCRIPTION Reason Select the type of control packet you want to configure here. Port This field displays the port number. Use this row to make the setting the same for all ports.

  • Page 260: Error-Disable Recovery Configuration

    Chapter 32 Error Disable Table 103 Advanced Application > Errdisable > Errdisable Detect (continued) LABEL DESCRIPTION Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port, set in the Advanced Application > Errdisable > CPU protection screen. •...
  • Page 261 Chapter 32 Error Disable Table 104 Advanced Application > Errdisable > Errdisable Recovery (continued) LABEL DESCRIPTION Timer Status Select this option to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port, after the error was gone. Deselect this option to turn off this rule.

  • Page 262: Private Vlan

    HAPTER Private VLAN This chapter shows you how to configure the Switch to prevent communications between ports in a VLAN. 33.1 Private VLAN Overview Private VLAN allows you to do port isolation within a VLAN in a simple way. If you enable a private VLAN rule for a VLAN on the Switch, the Switch automatically adds all ports (except the uplink port(s)) in this VLAN to the isolated port list and blocks traffic between the isolated ports.

  • Page 263: Configuring Private Vlan

    Chapter 33 Private VLAN 33.2 Configuring Private VLAN Click Advanced Application > Private VLAN in the navigation panel to display the screen as shown. Figure 148 Advanced Application > Private VLAN The following table describes the labels in this screen. Table 105 Advanced Application >...
  • Page 264 Chapter 33 Private VLAN MES3500-24/24F User’s Guide...

  • Page 265: Static Route

    HAPTER Static Route This chapter shows you how to configure static routes. 34.1 Static Routing Overview The Switch uses IP for communication with management computers, for example using HTTP, Telnet, SSH, or SNMP. Use IP static routes to have the Switch respond to remote management stations that are not reachable through the default gateway.

  • Page 266: Configuring Static Routing

    Chapter 34 Static Route 34.2 Configuring Static Routing Click IP Application > Static Routing in the navigation panel to display the screen as shown. Figure 150 IP Application > Static Routing The following table describes the related labels you use to create a static route. Table 106 IP Application >...
  • Page 267 Chapter 34 Static Route Table 106 IP Application > Static Routing (continued) LABEL DESCRIPTION Name This field displays the descriptive name for this route. This is for identification purposes only. Destination This field displays the IP network address of the final destination. Address Subnet Mask This field displays the subnet mask for this destination.

  • Page 268: Differentiated Services

    HAPTER Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 35.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.

  • Page 269: Two Rate Three Color Marker Traffic Policing

    Chapter 35 Differentiated Services various traffic policies to the traffic flows. An example traffic policy, is to give higher drop precedence to one traffic flow over others. In our example, packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network.

  • Page 270: Trtcm-Color-Blind Mode

    Chapter 35 Differentiated Services 35.2.1 TRTCM-Color-blind Mode All packets are evaluated against the PIR. If a packet exceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green.

  • Page 271: Configuring 2-Rate 3 Color Marker Settings

    Chapter 35 Differentiated Services Click IP Application > DiffServ in the navigation panel to display the screen as shown. Figure 155 IP Application > DiffServ The following table describes the labels in this screen. Table 107 IP Application > DiffServ LABEL DESCRIPTION Active...
  • Page 272 Chapter 35 Differentiated Services Note: You cannot enable both TRTCM and Bandwidth Control at the same time. Figure 156 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen. Table 108 IP Application > DiffServ > 2-rate 3 Color Marker LABEL DESCRIPTION Active...

  • Page 273: Configuring Dscp Profiles

    Chapter 35 Differentiated Services Table 108 IP Application > DiffServ > 2-rate 3 Color Marker (continued) LABEL DESCRIPTION Commit Specify the Commit Information Rate (CIR) for this port. Rate Peak Specify the Peak Information Rate (PIR) for this port. Rate DSCP Select the DSCP profile that you want to apply to packets on this port.

  • Page 274: Dscp-To-Ieee 802.1P Priority Settings

    Chapter 35 Differentiated Services Table 109 IP Application > DiffServ > 2-rate 3 Color Marker > DSCP Profile (continued) LABEL DESCRIPTION Green This field displays the DSCP value to use for packets with low packet loss priority in this profile. Yellow This field displays the DSCP value to use for packets with medium packet loss priority in this profile.
  • Page 275 Chapter 35 Differentiated Services The following table describes the labels in this screen. Table 111 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the Switch’s run-time memory.

  • Page 276: Dhcp

    HAPTER DHCP This chapter shows you how to configure the DHCP feature. 36.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the Switch as a DHCP server or a DHCP relay agent.

  • Page 277: Dhcp Relay

    Chapter 36 DHCP The following table describes the labels in this screen. Table 112 IP Application > DHCP LABEL DESCRIPTION Relay Mode This field displays: • None: if the Switch is not configured as a DHCP relay agent. • Global: if the Switch is configured as a DHCP relay agent only. •...

  • Page 278: Configuring Dhcp Global Relay

    Chapter 36 DHCP 36.3.2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 160 IP Application > DHCP > Global The following table describes the labels in this screen.

  • Page 279: Global Dhcp Relay Configuration Example

    Chapter 36 DHCP 36.3.3 Global DHCP Relay Configuration Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains.

  • Page 280: Configuring Dhcp Vlan Settings

    Chapter 36 DHCP 36.4 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.

  • Page 281: Example: Dhcp Relay For Two Vlans

    Chapter 36 DHCP Table 115 IP Application > DHCP > VLAN (continued) LABEL DESCRIPTION Delete Select the configuration entries you want to remove and click Delete to remove them. Cancel Click Cancel to clear the Delete check boxes. 36.4.1 Example: DHCP Relay for Two VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network.
  • Page 282 Chapter 36 DHCP MES3500-24/24F User’s Guide...

  • Page 283: Maintenance

    HAPTER Maintenance This chapter explains how to configure the screens that let you maintain the firmware and configuration files. 37.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Figure 166 Management >...

  • Page 284: Load Factory Default

    Chapter 37 Maintenance 37.2 Load Factory Default Follow the steps below to reset the Switch back to the factory defaults. In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch configuration information you configured and return to the factory defaults. Click OK to reset all Switch configurations to the factory defaults.

  • Page 285: Firmware Upgrade

    Chapter 37 Maintenance In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one. The following screen displays. Figure 168 Reboot System: Confirmation Click OK again and then wait for the Switch to restart. This takes up to two minutes. This does not affect the Switch’s configuration.

  • Page 286: Restore A Configuration File

    Chapter 37 Maintenance 37.6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 170 Management > Maintenance > Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to locate it.

  • Page 287: Ftp Command Line

    Chapter 37 Maintenance 37.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. 37.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on.

  • Page 288: Ftp Command Line Procedure

    Chapter 37 Maintenance Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. 37.8.2 FTP Command Line Procedure Launch the FTP client on your computer. Enter open, followed by a space and the IP address of your Switch. Press [ENTER] when prompted for a username.
  • Page 289 Chapter 37 Maintenance • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MES3500-24/24F User’s Guide...

  • Page 290: Access Control

    HAPTER Access Control This chapter describes how to control access to the Switch. 38.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed.

  • Page 291: Snmp V3 And Security

    Chapter 38 Access Control SNMP version 3. The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 173 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed switch (the Switch).

  • Page 292: Supported Mibs

    An OID (Object ID) that begins with “1.3.6.1.4.1.890.1.5.8” is defined in private MIBs. Otherwise, it is a standard MIB OID. The OIDs beginning with “1.3.6.1.4.1.890.1.5.8.68” are specific to the MES3500-24 switch. The OIDs beginning with “1.3.6.1.4.1.890.1.5.8.57” are specific to the MES3500-24F switch. Table 120 SNMP System Traps OPTION...
  • Page 293 Chapter 38 Access Control Table 120 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION reset UncontrolledResetEventO 1.3.6.1.4.1.890.1.5.8.68.27.2.1 This trap is sent when the Switch automatically resets. 1.3.6.1.4.1.890.1.5.8.57.27.2.1 ControlledResetEventOn 1.3.6.1.4.1.890.1.5.8.68.27.2.1 This trap is sent when the Switch resets by an administrator through a management 1.3.6.1.4.1.890.1.5.8.57.27.2.1 interface.
  • Page 294 Chapter 38 Access Control Table 121 SNMP Interface Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION lldp LLDPRemoteTopologyChange 1.0.8802.1.1.2.0.0.1 This trap is sent when the LLDP (Link Layer Discovery Protocol) remote topology changes. transceiver transceiverddmiEventOn 1.3.6.1.4.1.890.1.5.8.68.27.2.1 This trap is sent when one of the device -ddmi operating parameters (such as transceiver 1.3.6.1.4.1.890.1.5.8.57.27.2.1...
  • Page 295 Chapter 38 Access Control Table 124 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION STPNewRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP root switch changes. MRSTPNewRoot 1.3.6.1.4.1.890.1.5.8.68.36.2.1 This trap is sent when the MRSTP root switch changes. 1.3.6.1.4.1.890.1.5.8.57.36.2.1 MSTPNewRoot 1.3.6.1.4.1.890.1.5.8.68.107.70.1 This trap is sent when the MSTP root switch...

  • Page 296: Configuring Snmp

    Chapter 38 Access Control 38.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. Figure 174 Management > Access Control > SNMP The following table describes the labels in this screen. Table 125 Management >...

  • Page 297: Configuring Snmp Trap Group

    Chapter 38 Access Control Table 125 Management > Access Control > SNMP (continued) LABEL DESCRIPTION Enter the IP addresses of up to four managers to send your SNMP traps to. Port Enter the port number upon which the manager listens for SNMP traps. Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap.

  • Page 298: Configuring Snmp User

    Chapter 38 Access Control Table 126 Management > Access Control > SNMP > Trap Group (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 299: Setting Up Login Accounts

    Chapter 38 Access Control Table 127 Management > Access Control > SNMP > User (continued) LABEL DESCRIPTION Authentication Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower.
  • Page 300 Chapter 38 Access Control Note: It is highly recommended that you change the default administrator password (1234). • A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. Click Management > Access Control > Logins to view the screen as shown next. Figure 177 Management >...

  • Page 301: Ssh Overview

    Chapter 38 Access Control Table 128 Management > Access Control > Logins (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

  • Page 302: How Ssh Works

    Chapter 38 Access Control 38.6 How SSH works The following table summarizes how a secure connection is established between two remote hosts. Figure 179 How SSH Works Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key.

  • Page 303: Ssh Implementation On The Switch

    Chapter 38 Access Control 38.7 SSH Implementation on the Switch Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on port 22.

  • Page 304: Https Example

    Chapter 38 Access Control Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 38.9 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https:// Switch IP Address/”...
  • Page 305 Chapter 38 Access Control 38.9.1.2 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server, a screen with the message "There is a problem with this website's security certificate." may display. If that is the case, click Continue to this website (not recommended) to proceed to the web configurator login screen.
  • Page 306 Chapter 38 Access Control Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser. Figure 184 Certificate (Internet Explorer 7 or 8) MES3500-24/24F User’s Guide...

  • Page 307: Mozilla Firefox Warning Messages

    Chapter 38 Access Control 38.9.2 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Unstructed screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button.

  • Page 308: The Main Screen

    Chapter 38 Access Control Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. Figure 186 Security Alert (Mozilla Firefox) EXAMPLE 38.9.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears.

  • Page 309: Service Port Access Control

    Chapter 38 Access Control Mozilla Firefox) or next to the address bar (in 7 or 8) denotes a secure Internet Explorer connection. Figure 187 Example: Lock Denoting a Secure Connection EXAMPLE 38.10 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)”...

  • Page 310: Remote Management

    Chapter 38 Access Control the Remote Management screen (discussed later). Click Management > Access Control > Service Access Control to view the screen as shown. Figure 188 Management > Access Control > Service Access Control The following table describes the fields in this screen. Table 129 Management >...
  • Page 311 Chapter 38 Access Control You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen. Figure 189 Management > Access Control > Remote Management The following table describes the labels in this screen.

  • Page 312: Diagnostic

    HAPTER Diagnostic This chapter explains the Diagnostic screen. 39.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 190 Management > Diagnostic The following table describes the labels in this screen.

  • Page 313: Syslog

    HAPTER Syslog This chapter explains the syslog screens. 40.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.

  • Page 314: Syslog Setup

    Chapter 40 Syslog 40.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. Figure 191 Management > Syslog The following table describes the labels in this screen.

  • Page 315: Syslog Server Setup

    Chapter 40 Syslog 40.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to view the screen as shown next. Use this screen to configure a list of external syslog servers. Figure 192 Management > Syslog > Syslog Server Setup The following table describes the labels in this screen.

  • Page 316: Cluster Management

    HAPTER Cluster Management This chapter introduces cluster management. 41.1 Cluster Management Status Overview Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.

  • Page 317: Cluster Management Status

    Chapter 41 Cluster Management 41.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 194 Management > Cluster Management: Status The following table describes the labels in this screen. Table 136 Management >...

  • Page 318: Cluster Member Switch Management

    Chapter 41 Cluster Management 41.2.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page.
  • Page 319 Chapter 41 Cluster Management The following table explains some of the FTP parameters. Table 137 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION Enter “admin”. User The web configurator password default is 1234. Password Enter this command to list the name of cluster member switch’s firmware and configuration file.

  • Page 320: Clustering Management Configuration

    Chapter 41 Cluster Management 41.3 Clustering Management Configuration Use this screen to configure clustering management. Click Management > Cluster Management > Configuration to display the next screen. Figure 197 Management > Cluster Management > Configuration The following table describes the labels in this screen. Table 138 Management >...
  • Page 321 Chapter 41 Cluster Management Table 138 Management > Cluster Management > Configuration (continued) LABEL DESCRIPTION This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster. Switches that are not in the same VLAN group are not visible in the Clustering Candidates list.

  • Page 322: Mac Table

    HAPTER MAC Table This chapter introduces the MAC Table screen. 42.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).

  • Page 323: Viewing The Mac Table

    Chapter 42 MAC Table 42.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 199 Management > MAC Table The following table describes the labels in this screen. Table 139 Management > MAC Table LABEL DESCRIPTION Condition...
  • Page 324 Chapter 42 MAC Table Table 139 Management > MAC Table (continued) LABEL DESCRIPTION Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries. They also display in the Static MAC Forwarding screen.

  • Page 325: Arp Table

    HAPTER ARP Table This chapter introduces ARP Table. 43.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.

  • Page 326: The Arp Table Screen

    Chapter 43 ARP Table 43.2 The ARP Table Screen Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries. Figure 200 Management > ARP Table The following table describes the labels in this screen.

  • Page 327: Configure Clone

    HAPTER Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 44.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
  • Page 328 Chapter 44 Configure Clone The following table describes the labels in this screen. Table 141 Management > Configure Clone LABEL DESCRIPTION Source/ Enter the source port under the Source label. This port’s attributes are copied. Destination Enter the destination port or ports under the Destination label. These are the ports which Port are going to have the same attributes as the source port.

  • Page 329: Troubleshooting

    HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Switch Access and Login • Switch Configuration 45.1 Power, Hardware Connections, and LEDs The Switch does not turn on.

  • Page 330: Switch Access And Login

    Chapter 45 Troubleshooting One of the LEDs does not behave as expected. Make sure you understand the normal behavior of the LED. See Section 3.2 on page Check the hardware connections. See Section 3.1 on page Inspect your cables for damage. Contact the vendor to replace any damaged cables. Turn the Switch off and on (in DC models or if the DC power supply is connected in AC/DC models).
  • Page 331 Chapter 45 Troubleshooting • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for forgot the IP address for the Switch. Check the hardware connections, and make sure the LEDs are behaving as expected. See Section 3.2 on page Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java...

  • Page 332: Switch Configuration

    Chapter 45 Troubleshooting I cannot see some of Advanced Application submenus at the bottom of the navigation panel. The recommended screen resolution is 1024 by 768 pixels. Adjust the value in your computer and then you should see the rest of Advanced Application submenus at the bottom of the navigation panel.

  • Page 333: Appendix A Common Services

    PP EN D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
  • Page 334 Appendix A Common Services Table 142 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTP Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICMP User-Defined Internet Control Message Protocol is often used for diagnostic or routing purposes.
  • Page 335 Appendix A Common Services Table 142 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP Simple Mail Transfer Protocol is the message- exchange standard for the Internet. SMTP enables you to move messages from one e- mail server to another. SNMP TCP/UDP Simple Network Management Program.
  • Page 336 Appendix A Common Services MES3500-24/24F User’s Guide...

  • Page 337: Appendix B Legal Information

    This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 338 Appendix B Legal Information CE Mark Warning: This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning: Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
  • Page 339 Appendix B Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
  • Page 340 Appendix B Legal Information ENGLISH DEUTSCH ESPAÑOL Green Product Declaration Green Product Declaration Declaración de Producto Ecológico RoHS Directive 2002/95/EC RoHS Directive 2002/95/EC Directiva RoHS 2002/95/EC WEEE Directive 2002/96/EC WEEE Directive 2002/96/EC Directiva REEE 2002/96/EC (WEEE: Waste Electrical and Electronic (WEEE: Waste Electrical and Electronic (REEE : Residuos de Equipos Equipment)

  • Page 341: Index

    Index Index auto-crossover Numbers automatic VLAN registration 802.1P priority back up, configuration file basic settings access control limitations basic setup tutorial login account binding remote management binding table service port building SNMP BPDUs (Bridge Protocol Data Units) accounting Bridge Protocol Data Units (BPDUs) setup address learning, MAC 105, 108...
  • Page 342 Index cluster member firmware upgrade DHCP relay option 82 network example trusted ports setup untrusted ports specification DHCP snooping database status diagnostics switch models Ethernet port test ping web configurator system log cluster manager Differentiated Service (DiffServ) cluster member DiffServ Common and Internal Spanning Tree (CIST) activate Common and Internal Spanning Tree, See...
  • Page 343 Index filtering HTTPS example rules filtering database, MAC table firmware upgrade 285, 318 flow control IEEE 802.1p, priority back pressure IEEE 802.1x IEEE802.3x activate 159, 162, 205 forwarding reauthentication delay IEEE 802.1x, port authentication frames IGMP tagged version untagged IGMP (Internet Group Management Protocol) front panel IGMP filtering profile...
  • Page 344 Index loop guard, vs STP L2PT access port configuration MAC (Media Access Control) encapsulation MAC address 87, 325 LACP maximum number per port MAC address MAC address learning 91, 105, 108, 114, 165 mode specify limit overview MAC authentication PAgP aging time point to point MAC filter...
  • Page 345 Index mounting brackets MST Instance, See MSTI MST region network applications MSTI network management system (NMS) MST ID NTP (RFC-1305) MSTI (Multiple Spanning Tree Instance) MSTP 122, 124 bridge ID 139, 140 configuration 135, 138 configuration digest PAGP forwarding delay password Hello Time administrator...
  • Page 346 Index port status port VLAN trunking queuing method 176, 178 port-based VLAN all connected port isolation settings wizard ports rack-mounting “standby” RADIUS diagnostics advantages mirroring and authentication speed/duplex Network example power connector server power module settings current rating setup power wire Rapid Spanning Tree Protocol, See RSTP.
  • Page 347 Index sFlow agent port port details sFlow collector power Simple Network Management Protocol, see SNMP 130, 133, 139 VLAN Small Form-factor Pluggable (SFP) 122, 244 SNMP bridge ID 130, 133 agent bridge priority 129, 132 and MIB configuration 128, 131, 135 and security designated bridge authentication...
  • Page 348 Index tagged VLAN PPPoE IA temperature indicator user profiles terminal emulation time current time zone Time (RFC-868) Vendor Specific Attribute See VSA time server ventilation time service protocol 97, 100, 101, 181 format number of possible VIDs trademarks priority frame transceiver MultiSource Agreement (MSA) VID (VLAN Identifier) transceivers...
  • Page 349 Index priority selective Q-in-Q VLAN Trunking Protocol, see VTP VLAN, protocol based, See protocol based VLAN VLAN, subnet based, See subnet based VLANs VT100 warranty note web configurator getting help layout login logout navigation panel weight, queuing Weighted Round Robin Scheduling (WRR) WRR (Weighted Round Robin Scheduling) ZyNOS (ZyXEL Network Operating System) MES3500-24/24F User’s Guide...

This manual is also suitable for:

Mes3500-24

Table of Contents