Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications MES-3528
Summary of Contents for ZyXEL Communications MES-3528
- Page 1 MES-3528 Layer 2+ Metro Ethernet Switch Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 3.90 Edition 1, 3/2009 www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
-
Page 3: About This User's Guide
Refer to the included CD for support documents. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com. - Page 4 • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it. MES-3528 User’s Guide...
-
Page 5: Document Conventions
Syntax Conventions • The MES-3528 may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font. - Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router MES-3528 User’s Guide...
-
Page 7: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. MES-3528 User’s Guide... - Page 8 Safety Warnings MES-3528 User’s Guide...
-
Page 9: Table Of Contents
VLAN Stacking ......................... 185 Multicast ..........................193 AAA ............................209 IP Source Guard ........................223 Loop Guard ..........................249 Layer 2 Protocol Tunneling ...................... 253 IP Application ........................257 Static Route ..........................259 Differentiated Services ......................263 MES-3528 User’s Guide... - Page 10 Syslog ............................309 Cluster Management ....................... 313 MAC Table ..........................321 ARP Table ..........................325 Configure Clone ........................327 Troubleshooting & Product Specifications ............... 329 Troubleshooting ........................331 Product Specifications ......................335 Appendices and Index ......................343 MES-3528 User’s Guide...
-
Page 11: Table Of Contents
2.3.2 Attaching the Mounting Brackets to the Switch ............30 2.3.3 Mounting the Switch on a Rack .................. 31 Chapter 3 Hardware Overview......................... 33 3.1 Front Panel ......................... 33 3.1.1 Console Port ......................34 3.1.2 Gigabit Ethernet Ports ....................34 3.1.3 Mini-GBIC Slots ......................35 MES-3528 User’s Guide... - Page 12 6.2.2 Creating a VLAN ......................66 6.2.3 Configuring DHCP Relay ................... 69 6.2.4 Troubleshooting ......................69 Chapter 7 System Status and Port Statistics ..................71 7.1 Overview ..........................71 7.2 Port Status Summary ...................... 72 7.2.1 Status: Port Details ....................73 MES-3528 User’s Guide...
- Page 13 9.11 Port-based VLAN Setup ....................107 9.11.1 Configure a Port-based VLAN ................108 Chapter 10 Static MAC Forward Setup ....................111 10.1 Overview ...........................111 10.2 Configuring Static MAC Forwarding ................111 Chapter 11 Static Multicast Forward Setup.................... 115 MES-3528 User’s Guide...
- Page 14 Mirroring ..........................149 16.1 Port Mirroring Setup ....................... 149 Chapter 17 Link Aggregation ........................151 17.1 Link Aggregation Overview ..................... 151 17.2 Dynamic Link Aggregation ....................151 17.2.1 Link Aggregation ID ....................152 17.3 Link Aggregation Status ....................153 MES-3528 User’s Guide...
- Page 15 22.1.3 Weighted Round Robin Scheduling (WRR) ............182 22.2 Configuring Queuing ......................183 Chapter 23 VLAN Stacking ........................185 23.1 VLAN Stacking Overview ....................185 23.1.1 VLAN Stacking Example ..................185 23.2 VLAN Stacking Port Roles ....................186 MES-3528 User’s Guide...
- Page 16 25.3.1 Attributes Used for Authentication ................220 25.3.2 Attributes Used for Accounting ................221 Chapter 26 IP Source Guard........................223 26.1 IP Source Guard Overview ....................223 26.1.1 DHCP Snooping Overview ..................224 26.1.2 ARP Inspection Overview ..................226 MES-3528 User’s Guide...
- Page 17 30.1 DiffServ Overview ......................263 30.1.1 DSCP and Per-Hop Behavior ................263 30.1.2 DiffServ Network Example ..................264 30.2 Activating DiffServ ......................264 30.3 DSCP-to-IEEE 802.1p Priority Settings ................. 265 30.3.1 Configuring DSCP Settings ..................266 Chapter 31 DHCP............................267 MES-3528 User’s Guide...
- Page 18 33.3.2 Supported MIBs ....................287 33.3.3 SNMP Traps ......................288 33.3.4 Configuring SNMP ....................292 33.3.5 Configuring SNMP Trap Group ................294 33.3.6 Setting Up Login Accounts ................. 295 33.4 SSH Overview ......................... 297 33.5 How SSH works ....................... 298 MES-3528 User’s Guide...
- Page 19 37.2 Viewing the MAC Table ....................322 Chapter 38 ARP Table ..........................325 38.1 ARP Table Overview ....................... 325 38.1.1 How ARP Works ....................325 38.2 Viewing the ARP Table ....................326 Chapter 39 Configure Clone ........................327 39.1 Configure Clone ......................327 MES-3528 User’s Guide...
- Page 20 40.3 Switch Configuration ......................334 Chapter 41 Product Specifications ......................335 Part VII: Appendices and Index ............343 Appendix A Changing a Fuse ....................345 Appendix B Common Services..................... 347 Appendix C Legal Information ....................351 Index............................355 MES-3528 User’s Guide...
-
Page 21: Introduction And Hardware
Introduction and Hardware Getting to Know Your Switch (23) Hardware Installation and Connection (29) Hardware Overview (33) -
Page 23: Getting To Know Your Switch
The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch. MES-3528 User’s Guide... -
Page 24: Bridging Example
Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 2 Bridging Application MES-3528 User’s Guide... -
Page 25: High Performance Switching Example
Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re- cabling. MES-3528 User’s Guide... -
Page 26: Metro Ethernet
In the following example, the Switch is one of many switches that connect users in the metropolitan area to the Internet. The metro ethernet is based on a star (or hub-and-spoke) topology, though other topologies, such as ring or mesh, are also MES-3528 User’s Guide... -
Page 27: Ways To Manage The Switch
• SNMP. The Switch can be monitored by an SNMP manager. See Section 33.3 on page 286. • Cluster Management. Cluster Management allows you to manage multiple switches through one switch, called the cluster manager. See Chapter 36 on page 313. MES-3528 User’s Guide... -
Page 28: Good Habits For Managing The Switch
If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. MES-3528 User’s Guide... -
Page 29: Hardware Installation And Connection
The Switch can be mounted on an EIA standard size, 19-inch rack or in a wiring closet with other equipment. Follow the steps below to mount your Switch on a standard EIA rack using a rack-mounting kit. MES-3528 User’s Guide... -
Page 30: Chapter 2 Hardware Installation And Connection
Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. Repeat steps to install the second mounting bracket on the other side of the Switch. You may now mount the Switch on a rack. Proceed to the next section. MES-3528 User’s Guide... -
Page 31: Mounting The Switch On A Rack
Figure 7 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. Repeat steps to attach the second mounting bracket on the other side of the rack. MES-3528 User’s Guide... - Page 32 Chapter 2 Hardware Installation and Connection MES-3528 User’s Guide...
-
Page 33: Hardware Overview
The following table describes the port labels on the front panel. Table 1 Front Panel Connections LABEL DESCRIPTION Power Connect an appropriate power supply to this port. Connection 24 10/100 Connect these ports to a computer, a hub, an Ethernet switch or router. Mbps RJ-45 Ethernet Ports MES-3528 User’s Guide... -
Page 34: Console Port
Mbps and the duplex mode can be half duplex or full duplex. An auto-negotiating port can detect and adjust to the optimum Ethernet speed (10/100/1000 Mbps) and duplex mode (full duplex or half duplex) of the connected device. MES-3528 User’s Guide... -
Page 35: Mini-Gbic Slots
SFF committee’s INF-8074i specification Rev 1.0 for details. You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors. MES-3528 User’s Guide... -
Page 36: Transceiver Installation
Figure 9 Transceiver Installation Example Figure 10 Connecting the Fiber Optic Cables 3.1.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). Remove the fiber optic cables from the transceiver. Open the transceiver’s latch (latch styles vary). MES-3528 User’s Guide... -
Page 37: Power Connector
This feature is in addition to the system alarm, which detects abnormal temperatures, voltage levels and fan speeds on the Switch. Your Switch can respond to an external alarm in five ways. • The ALM LED shows an alert. MES-3528 User’s Guide... - Page 38 Insert the wire and release the spring clip. Repeat the process for the sensor’s other power output wire. A total of four sensors may be connected to the ALARM connector in this way using the remaining power input pins. MES-3528 User’s Guide...
- Page 39 Use wires of the correct gauge to connect either of the power output pin pairs (1- normal close, 2-common) or (2-common, 3-normal open) on the ALARM connector to the input power pin pairs of an ALARM connector on another ZyXEL Switch. MES-3528 User’s Guide...
-
Page 40: Leds
The system is rebooting and performing self-diagnostic tests. The power is off or the system is not ready/ malfunctioning. A hardware failure is detected, or an external alarm is active. The system is functioning normally. Ethernet Ports MES-3528 User’s Guide... - Page 41 Ethernet network. The link to a 100 Mbps Ethernet network is up. The link to an Ethernet network is down. Amber The Gigabit port is negotiating in full-duplex mode. The Gigabit port is negotiating in half-duplex mode. MES-3528 User’s Guide...
- Page 42 Chapter 3 Hardware Overview MES-3528 User’s Guide...
-
Page 43: Basic Configuration
Basic Configuration The Web Configurator (45) Initial Setup Example (55) System Status and Port Statistics (71) Basic Setting (77) -
Page 45: The Web Configurator
• Java permissions (enabled by default). 4.2 System Login Start your web browser. Type “http://” and the IP address of the Switch (for example, the default management IP address is 192.168.1.1) in the Location or Address field. Press [ENTER]. MES-3528 User’s Guide... -
Page 46: The Status Screen
General Setup screen. Figure 17 Web Configurator: Login Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. MES-3528 User’s Guide... - Page 47 C - Click this link to go to the status page of the Switch. D - Click this link to logout of the web configurator. E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. MES-3528 User’s Guide...
- Page 48 This link takes you to screens where you can configure port-based or 802.1Q VLAN (depending on what you configured in the Switch Setup menu). You can also configure a protocol based VLAN or a subnet based VLAN in these screens. MES-3528 User’s Guide...
- Page 49 Layer 2 This link takes you to a screen where you can configure L2PT (Layer 2 Protocol Protocol Tunneling) settings on the Switch. Tunneling IP Application MES-3528 User’s Guide...
- Page 50 This link takes you to a screen where you can view the MAC addresses – IP address resolution table. Configure This link takes you to a screen where you can copy attributes of one port Clone to other ports. MES-3528 User’s Guide...
-
Page 51: Change Your Password
Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory. Nonvolatile memory refers to the Switch’s storage that remains even if the Switch’s power is turned off. Note: Use the Save link when you are done with a configuration session. MES-3528 User’s Guide... -
Page 52: Switch Lockout
9600 bps with 8 data bits, no parity, one stop bit and flow control set to none. The password will also be reset to “1234” and the IP address to 192.168.1.1. To upload the configuration file, do the following: Connect to the console port using a computer with terminal emulation software. MES-3528 User’s Guide... -
Page 53: Logging Out Of The Web Configurator
Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session for security reasons. Figure 21 Web Configurator: Logout Screen MES-3528 User’s Guide... -
Page 54: Help
Chapter 4 The Web Configurator 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. MES-3528 User’s Guide... -
Page 55: Initial Setup Example
You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 22 Initial Setup Network Example: VLAN MES-3528 User’s Guide... - Page 56 TX Tagging check box to set the Switch to remove VLAN tags before sending. Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MES-3528 User’s Guide...
-
Page 57: Setting Port Vid
Setting link. Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MES-3528 User’s Guide... -
Page 58: Configuring Switch Management Ip Address
In the VID field, enter the ID of the VLAN group to which you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen. MES-3528 User’s Guide... - Page 59 Chapter 5 Initial Setup Example Click Add to save your changes back to the run-time memory. Settings in the run- time memory are lost when the Switch’s power is turned off. MES-3528 User’s Guide...
- Page 60 Chapter 5 Initial Setup Example MES-3528 User’s Guide...
-
Page 61: Tutorials
The settings in this tutorial are as the following. Table 5 Tutorial: Settings in this Tutorial PORT DHCP SNOOPING HOST VLAN PVID CONNECTED PORT TRUSTED DHCP Server (A) 1 and 100 DHCP Client (B) 1 and 100 DHCP Client (C) 1 and 100 MES-3528 User’s Guide... - Page 62 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add. Figure 26 Tutorial: Create a VLAN and Add Ports to It MES-3528 User’s Guide...
- Page 63 Figure 27 Tutorial: Tag Untagged Frames Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 28 Tutorial: Specify DHCP VLAN MES-3528 User’s Guide...
- Page 64 If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry. See Section 26.1.1.3 on page 225. Figure 30 Tutorial: Enable DHCP Snooping on this VLAN MES-3528 User’s Guide...
-
Page 65: How To Use Dhcp Relay On The Switch
DHCP requests. 6.2.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) to DHCP client A based on MES-3528 User’s Guide... -
Page 66: Creating A Vlan
Access the web configurator through the Switch’s management port. Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. Figure 33 Tutorial: Set VLAN Type to 802.1Q MES-3528 User’s Guide... - Page 67 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Figure 34 Tutorial: Create a Static VLAN MES-3528 User’s Guide...
- Page 68 VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory. Figure 36 Tutorial: Add Tag for Frames Received on Port 2 MES-3528 User’s Guide...
-
Page 69: Configuring Dhcp Relay
Click the Save link in the upper right corner of the web configurator to save your configuration permanently. The DHCP server can then assign a specific IP address based on the DHCP request. 6.2.4 Troubleshooting Check the client A’s IP address. If it did not receive the IP address 172.16.1.18, make sure: MES-3528 User’s Guide... - Page 70 Client A is connected to the Switch’s port 2 in VLAN 102. You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. You clicked the Save link on the Switch to have your settings take effect. MES-3528 User’s Guide...
-
Page 71: System Status And Port Statistics
Statistics This chapter describes the system status (web configurator home page) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. MES-3528 User’s Guide... -
Page 72: Chapter 7 System Status And Port Statistics
This field shows the number of received frames on this port. Errors This field shows the number of received errors on this port. Tx KB/s This field shows the number of kilobytes per second transmitted on this port. MES-3528 User’s Guide... -
Page 73: Status: Port Details
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 39 Status > Port Details MES-3528 User’s Guide... - Page 74 Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision. Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision. MES-3528 User’s Guide...
- Page 75 This field shows the number of packets (including bad packets) received that were between 1519 octets and the maximum frame size. The maximum frame size varies depending on your switch model. See Chapter 41 on page 335. MES-3528 User’s Guide...
- Page 76 Chapter 7 System Status and Port Statistics MES-3528 User’s Guide...
-
Page 77: Basic Setting
DNS (domain name server) for management purposes. 8.2 System Information In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number. Figure 40 Basic Setting > System Info MES-3528 User’s Guide... -
Page 78: General Setup
Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. Location Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. MES-3528 User’s Guide... - Page 79 European Union you would select Last, Sunday, March and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). MES-3528 User’s Guide...
-
Page 80: Introduction To Vlans
With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. Chapter 9 on page 91 for information on port-based and 802.1Q tagged VLANs. MES-3528 User’s Guide... -
Page 81: Switch Setup Screen
Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds. Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 milliseconds. MES-3528 User’s Guide... -
Page 82: Ip Setup
Use the IP Setup screen to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic. MES-3528 User’s Guide... -
Page 83: Management Ip Addresses
You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 43 Basic Setting > IP Setup MES-3528 User’s Guide... - Page 84 This field displays the index number of the rule. Click an index number to edit the rule. IP Address This field displays the IP address. IP Subnet Mask This field displays the subnet mask. This field displays the ID number of the VLAN group. MES-3528 User’s Guide...
-
Page 85: Port Setup
Click Cancel to clear the selected check boxes in the Delete column. 8.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. Figure 44 Basic Setting > Port Setup MES-3528 User’s Guide... - Page 86 Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later. Select Flow Control to enable it. MES-3528 User’s Guide...
- Page 87 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
- Page 88 Chapter 8 Basic Setting MES-3528 User’s Guide...
-
Page 89: Advanced
Advanced VLAN (91) Layer 2 Protocol Tunneling (253) Static MAC Forward Setup (111) Filtering (119) Spanning Tree Protocol (121) Bandwidth Control (143) Broadcast Storm Control (147) Mirroring (149) Link Aggregation (151) Port Authentication (161) Port Security (165) Classifier (169) Policy Rule (175) Queuing Method (181) VLAN Stacking (185) Multicast (193) -
Page 91: Vlan
3 Bits 1 Bit 12 bits 9.1.1 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware MES-3528 User’s Guide... -
Page 92: Automatic Vlan Registration
Please refer to the following table for common IEEE 802.1Q VLAN terminology. Table 13 IEEE 802.1Q VLAN Terminology VLAN TERM DESCRIPTION PARAMETER VLAN Type Permanent VLAN This is a static VLAN created manually. Dynamic VLAN This is a VLAN configured by a GVRP registration/ deregistration process. MES-3528 User’s Guide... -
Page 93: Port Vlan Trunking
VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with MES-3528 User’s Guide... -
Page 94: Select The Vlan Type
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. MES-3528 User’s Guide... -
Page 95: Vlan Status
This is the VLAN identification number that was configured in the Static VLAN screen. Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. MES-3528 User’s Guide... -
Page 96: Vlan Details
VLAN was set up. Status This field shows how this VLAN was added to the Switch. dynamic: using GVRP static: added as a permanent entry other: added in another way such as via Multicast VLAN Registration (MVR) MES-3528 User’s Guide... -
Page 97: Configure A Static Vlan
This name consists of up to 64 printable characters. VLAN Group Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Port The port number identifies the port you are configuring. MES-3528 User’s Guide... - Page 98 This field indicates whether the VLAN settings are enabled (Yes) or disabled (No). Name This field displays the descriptive name for this VLAN group. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User’s Guide...
-
Page 99: Configure Vlan Port Settings
If this check box is selected, the Switch discards incoming frames on a port for VLANs that do not include this port in its member set. Clear this check box to disable ingress filtering. Port This field displays the port number. MES-3528 User’s Guide... -
Page 100: Subnet Based Vlans
IP subnet it came from. The untagged packets from the same IP subnet are then placed in the same subnet based VLAN. One advantage of using subnet based VLANs is that priority can be assigned to traffic from the same IP subnet. MES-3528 User’s Guide... -
Page 101: Configuring Subnet Based Vlan
Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 9.7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. MES-3528 User’s Guide... - Page 102 1’s together. Take “255.255.255.0” for example. 255 converts to eight 1s in binary. There are three 255s, so add three eights together and you get the bit number (24). MES-3528 User’s Guide...
-
Page 103: Protocol Based Vlans
ARP traffic received on port 1, 2 and 3. You also have a protocol based VLAN B with priority 2 for Apple Talk traffic received on port 6 and 7. All upstream ARP traffic from port 1, 2 and 3 will be grouped together, and all upstream Apple Talk MES-3528 User’s Guide... -
Page 104: Configuring Protocol Based Vlan
Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 54 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN MES-3528 User’s Guide... - Page 105 This field shows the priority which is assigned to frames belonging to this protocol based VLAN. Delete Click this to delete the protocol based VLANs which you marked for deletion. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 106: Create An Ip-Based Vlan Example
To add more ports to this protocol based VLAN. Click the index number of the protocol based VLAN entry. Click 1 Change the value in the Port field to the next port you want to add. Click Add. MES-3528 User’s Guide... -
Page 107: Port-Based Vlan Setup
Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. MES-3528 User’s Guide... -
Page 108: Configure A Port-Based Vlan
Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 56 Port Based VLAN Setup (All Connected) MES-3528 User’s Guide... - Page 109 Chapter 9 VLAN Figure 57 Port Based VLAN Setup (Port Isolation) MES-3528 User’s Guide...
- Page 110 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 111: Static Mac Forward Setup
Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See Chapter 19 on page for more information on port security. MES-3528 User’s Guide... - Page 112 MAC address-forwarding rule. MAC Address This field displays the MAC address that will be forwarded and the VLAN identification number to which the MAC address belongs. This field displays the ID number of the VLAN group. MES-3528 User’s Guide...
- Page 113 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User’s Guide...
- Page 114 Chapter 10 Static MAC Forward Setup MES-3528 User’s Guide...
-
Page 115: Static Multicast Forward Setup
24.3 on page 195). Figure 59 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to port(s) within a VLAN group. Figure 60 shows frames being forwarded to devices MES-3528 User’s Guide... -
Page 116: Configuring Static Multicast Forwarding
Figure 60 Static Multicast Forwarding to A Single Port Figure 61 Static Multicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). MES-3528 User’s Guide... - Page 117 Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to begin configuring this screen afresh. Index Click an index number to modify a static multicast MAC address rule for port(s). MES-3528 User’s Guide...
- Page 118 This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User’s Guide...
-
Page 119: Filtering
Make sure to select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by deselecting this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for identification only. MES-3528 User’s Guide... - Page 120 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MES-3528 User’s Guide...
-
Page 121: Spanning Tree Protocol
RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. Note: In this user’s guide, “STP” refers to both STP and RSTP. 13.1.1 STP Terminology The root bridge is the base of the spanning tree. MES-3528 User’s Guide... -
Page 122: How Stp Works
Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. MES-3528 User’s Guide... -
Page 123: Stp Port States
In the following example, there are two RSTP instances (MRSTP 1 and MRSTP2) on switch A. To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree. MES-3528 User’s Guide... -
Page 124: Multiple Stp
13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be MES-3528 User’s Guide... -
Page 125: Mst Region
MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region. MES-3528 User’s Guide... -
Page 126: Mst Instance
STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions MES-3528 User’s Guide... -
Page 127: Spanning Tree Protocol Status Screen
This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch. MES-3528 User’s Guide... -
Page 128: Spanning Tree Configuration
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide... -
Page 129: Configure Rapid Spanning Tree Protocol
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. MES-3528 User’s Guide... - Page 130 Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost-see Table 24 on page 122 for more information. MES-3528 User’s Guide...
-
Page 131: Rapid Spanning Tree Protocol Status
Bridge is this switch. This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. MES-3528 User’s Guide... - Page 132 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MES-3528 User’s Guide...
-
Page 133: Configure Multiple Rapid Spanning Tree Protocol
Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. MES-3528 User’s Guide... - Page 134 Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost-see Table 24 on page 122 for more information. MES-3528 User’s Guide...
-
Page 135: Multiple Rapid Spanning Tree Protocol Status
Click MRSTP to edit MRSTP settings on the Switch. Tree Select which STP tree configuration you want to view. Bridge Root refers to the base of the spanning tree (the root bridge). Our Bridge is this switch. This Switch may also be the root bridge. MES-3528 User’s Guide... - Page 136 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MES-3528 User’s Guide...
-
Page 137: Configure Multiple Spanning Tree Protocol
13.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 124 for more information on MSTP. Figure 75 Advanced Application > Spanning Tree Protocol > MSTP MES-3528 User’s Guide... - Page 138 Click Cancel to begin configuring this screen afresh. Instance Use this section to configure MSTI (Multiple Spanning Tree Instance) settings. Instance Enter the number you want to use to identify this MST instance on the Switch. The Switch supports instance numbers 0-15. MES-3528 User’s Guide...
- Page 139 This field displays the ID of an MST instance. VLAN This field displays the VID (or VID ranges) to which the MST instance is mapped. Active Port This field display the ports configured to participate in the MST instance. MES-3528 User’s Guide...
-
Page 140: Multiple Spanning Tree Protocol Status
See Section 13.1.5 on page 124 more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 76 Advanced Application > Spanning Tree Protocol > Status: MSTP MES-3528 User’s Guide... - Page 141 This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. MES-3528 User’s Guide...
- Page 142 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. MES-3528 User’s Guide...
-
Page 143: Bandwidth Control
This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 14.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. MES-3528 User’s Guide... -
Page 144: Bandwidth Control Setup
Select this check box to activate ingress rate limits on this port. Ingress Rate Active Select this check box to activate egress rate limits on this port. Egress Rate Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic flow on a port. MES-3528 User’s Guide... - Page 145 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3528 User’s Guide...
- Page 146 Chapter 14 Bandwidth Control MES-3528 User’s Guide...
-
Page 147: Broadcast Storm Control
DLF packets in your network. You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 78 Advanced Application > Broadcast Storm Control MES-3528 User’s Guide... - Page 148 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3528 User’s Guide...
-
Page 149: Mirroring
Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 79 Advanced Application > Mirroring MES-3528 User’s Guide... - Page 150 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MES-3528 User’s Guide...
-
Page 151: Link Aggregation
The IEEE 802.3ad standard describes the Link Aggregation Control Protocol (LACP) for dynamically creating and managing trunk groups. When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. MES-3528 User’s Guide... -
Page 152: Link Aggregation Id
Table 37 Link Aggregation ID: Peer Switch SYSTEM PORT MAC ADDRESS PORT NUMBER PRIORITY PRIORITY 0000 00-00-00-00-00-00 0000 0000 Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MES-3528 User’s Guide... -
Page 153: Link Aggregation Status
Refer to Section 17.2.1 on page 152 for more information on this field. The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group. MES-3528 User’s Guide... - Page 154 This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. MES-3528 User’s Guide...
-
Page 155: Link Aggregation Setting
This is the only screen you need to configure to enable static link Aggregation aggregation. Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. MES-3528 User’s Guide... - Page 156 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 157: Link Aggregation Control Protocol
Table 40 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable Aggregation dynamic link aggregation. Control Protocol Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). MES-3528 User’s Guide... -
Page 158: Static Trunking Example
Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 17.6 Static Trunking Example This example shows you how to create a static port trunk group for ports 2-5. MES-3528 User’s Guide... - Page 159 Click Apply when you are done. Figure 84 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete. MES-3528 User’s Guide...
- Page 160 Chapter 17 Link Aggregation MES-3528 User’s Guide...
-
Page 161: Port Authentication
When the client provides the login credentials, the Switch sends an authentication At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MES-3528 User’s Guide... -
Page 162: Port Authentication Configuration
Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen. Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Figure 86 Advanced Application > Port Authentication MES-3528 User’s Guide... -
Page 163: Activate Ieee 802.1X Security
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MES-3528 User’s Guide... - Page 164 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 165: Port Security
MAC address(es) for a port. It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. MES-3528 User’s Guide... -
Page 166: Port Security Setup
Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list. Active Select this option to enable port security on the Switch. Port This field displays the port number. MES-3528 User’s Guide... - Page 167 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
- Page 168 Chapter 19 Port Security MES-3528 User’s Guide...
-
Page 169: Classifier
Use the Classifier screen to define the classifiers. After you define the classifier, you can specify actions (or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 21 on page 175. MES-3528 User’s Guide... - Page 170 Table 45 on page 172 for information. Source Select Any to apply the rule to all MAC addresses. Address To specify a source, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs). MES-3528 User’s Guide...
- Page 171 Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. MES-3528 User’s Guide...
-
Page 172: Viewing And Editing Classifier Configuration
Table 45 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 MES-3528 User’s Guide... -
Page 173: Classifier Example
Appendix B on page 347 for information on commonly used port numbers. 20.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. MES-3528 User’s Guide... - Page 174 Chapter 20 Classifier After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. Figure 91 Classifier: Example MES-3528 User’s Guide...
-
Page 175: Policy Rule
A policy rule ensures that a traffic flow gets the requested treatment in the network. 21.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 20.2 on page 169 for more information. MES-3528 User’s Guide... - Page 176 Set the fields below for this policy. You only have to set the field(s) that is related to the action(s) you configure in the Action field. General VLAN ID Specify a VLAN ID number. Egress Type the number of an outgoing port. Port Priority Specify a priority level. MES-3528 User’s Guide...
- Page 177 Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. MES-3528 User’s Guide...
-
Page 178: Viewing And Editing Policy Configuration
This field displays the name you have assigned to this policy. Classifier(s This field displays the name(s) of the classifier to which this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User’s Guide... -
Page 179: Policy Example
21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 173). Figure 94 Policy Example MES-3528 User’s Guide... - Page 180 Chapter 21 Policy Rule MES-3528 User’s Guide...
-
Page 181: Queuing Method
By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. Guaranteed quantum is calculated as Queue Weight x 2048 bytes. MES-3528 User’s Guide... -
Page 182: Weighted Round Robin Scheduling (Wrr)
Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. MES-3528 User’s Guide... -
Page 183: Configuring Queuing
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MES-3528 User’s Guide... - Page 184 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 185: Vlan Stacking
(SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to MES-3528 User’s Guide... -
Page 186: Vlan Stacking Port Roles
SP VID is not in the SVLAN table and/or SP TPID is different to the one configured on the Switch. Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. MES-3528 User’s Guide... -
Page 187: Vlan Tag Format
VID is the VLAN ID. SP VID is the VID for the second (service provider’s) VLAN tag. 23.3.1 Frame Format The frame format for an untagged Ethernet frame, a single-tagged IEEE 802.1Q frame (customer) and a “double-tagged” 802.1Q frame (service provider) is shown next. MES-3528 User’s Guide... - Page 188 TPID Etype frame Table 53 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/ Length and type of Ethernet Etype frame (SP)TPID (Service Provider) Tag Protocol Data Frame data IDentifier VLAN ID Frame Check Sequence MES-3528 User’s Guide...
-
Page 189: Configuring Vlan Stacking
0x0000 to 0xFFFF. 0x denotes a hexadecimal number. It does not have to be typed in the Others text field. Port The port number identifies the port you are configuring. MES-3528 User’s Guide... -
Page 190: Configuring Svlan
Tunnel Port is untagged or its service provider's VLAN ID is not configured in this screen, the Switch drops the frame. Click the SVLAN link in the VLAN Stacking screen. Figure 98 Advanced Application > VLAN Stacking > SVLAN MES-3528 User’s Guide... - Page 191 This is the index number of the entry. SVLAN This is the service VLAN ID. Delete Check the entry(ies) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User’s Guide...
- Page 192 Chapter 23 VLAN Stacking MES-3528 User’s Guide...
-
Page 193: Multicast
(such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. MES-3528 User’s Guide... -
Page 194: Igmp Snooping
Figure 99 Advanced Application > Multicast The following table describes the labels in this screen. Table 56 Advanced Application > Multicast Status LABEL DESCRIPTION Index This is the index number of the entry. This field displays the multicast VLAN ID. MES-3528 User’s Guide... -
Page 195: Multicast Setting
24.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 24.1 on page 193 for more information on multicasting. Figure 100 Advanced Application > Multicast > Multicast Setting MES-3528 User’s Guide... - Page 196 Select this option to set the Switch to remove this port from the multicast tree when an IGMP version 2 leave message is received on this port. Select this option if there is only one host connected to this port. MES-3528 User’s Guide...
- Page 197 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 198: Igmp Snooping Vlan
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. MES-3528 User’s Guide... -
Page 199: Igmp Filtering Profile
(in the Multicast Setting screen). Clients connected to those ports are then able to join the multicast groups specified in the profile. Each port can be assigned a single profile. A profile can be assigned to multiple ports. MES-3528 User’s Guide... - Page 200 Click Clear to clear the fields to the factory defaults. Profile Name This field displays the descriptive name of the profile. Start Address This field displays the start of the multicast address range. End Address This field displays the end of the multicast address range. MES-3528 User’s Guide...
-
Page 201: Mvr Overview
In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group. MES-3528 User’s Guide... -
Page 202: Mvr Modes
Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. Figure 104 MVR Multicast Television Example MES-3528 User’s Guide... -
Page 203: General Mvr Configuration
Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 105 Advanced Application > Multicast > Multicast Setting > MVR MES-3528 User’s Guide... - Page 204 This field displays the descriptive name for this setting. Mode This field displays the MVR mode. Source Port This field displays the source port number(s). Receiver Port This field displays the receiver port number(s). 802.1p This field displays the priority level. MES-3528 User’s Guide...
-
Page 205: Mvr Group Configuration
Enter a descriptive name for identification purposes. Start Enter the starting IP multicast address of the multicast group in dotted Address decimal notation. Refer to Section 24.1.1 on page 193 for more information on IP multicast addresses. MES-3528 User’s Guide... -
Page 206: Mvr Configuration Example
Switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic. Figure 107 MVR Configuration Example MES-3528 User’s Guide... - Page 207 To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 108 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The MES-3528 User’s Guide...
- Page 208 Chapter 24 Multicast following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 109 MVR Group Configuration Example Figure 110 MVR Group Configuration Example MES-3528 User’s Guide...
-
Page 209: Aaa
The external servers that perform authentication, authorization and accounting functions are known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see Section 25.1.2 on page 210) and TACACS+ (Terminal Access Controller Access-Control System Plus, see Section MES-3528 User’s Guide... -
Page 210: Local User Accounts
The AAA screens allow you to enable authentication, authorization, accounting or all of them on the Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or both) and then set up the authentication priority, activate authorization and configure accounting settings. MES-3528 User’s Guide... -
Page 211: Radius Server Setup
RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 113 Advanced Application > AAA > RADIUS Server Setup MES-3528 User’s Guide... - Page 212 Enter the IP address of an external RADIUS accounting server in dotted decimal notation. UDP Port The default port of a RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so. MES-3528 User’s Guide...
-
Page 213: Tacacs+ Server Setup
Section 25.1.2 on page 210 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the AAA screen to view the screen as shown. Figure 114 Advanced Application > AAA > TACACS+ Server Setup MES-3528 User’s Guide... - Page 214 Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. TCP Port The default port of a TACACS+ server for accounting is 49. You need not change this value unless your network administrator instructs you to do MES-3528 User’s Guide...
-
Page 215: Aaa Setup
Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 115 Advanced Application > AAA > AAA Setup MES-3528 User’s Guide... - Page 216 Exec: Allow an administrator which logs in the Switch through Telnet or SSH to have different access privilege level assigned via the external server. • Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via the external server. MES-3528 User’s Guide...
- Page 217 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 218: Vendor Specific Attribute
VSAs for users authenticating via the RADIUS server. The following table describes the VSAs supported on the Switch. Table 66 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 Assignment Vendor-Type = 1 Vendor-data = ingress rate (Kbps in decimal format) MES-3528 User’s Guide... -
Page 219: Supported Radius Attributes
Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This appendix lists the RADIUS attributes supported by the Switch. MES-3528 User’s Guide... -
Page 220: Attributes Used For Authentication
25.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator MES-3528 User’s Guide... -
Page 221: Attributes Used For Accounting
Table 68 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-Identifier NAS-IP-Address Service-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Session-Time Acct-Terminate-Cause Table 69 RADIUS Attributes - Exec Events via Telnet/SSH ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-Identifier NAS-IP-Address Service-Type Calling-Station-Id Acct-Status-Type Acct-Delay-Time MES-3528 User’s Guide... - Page 222 The attributes are listed in the following table along with the time of the session they are sent: Table 70 RADIUS Attributes-Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-IP-Address NAS-Port Class Called-Station-Id Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output- Gigawords MES-3528 User’s Guide...
-
Page 223: Ip Source Guard
• ARP inspection. Use this to filter unauthorized ARP packets on the network. If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you have to enable DHCP snooping before you enable ARP inspection. MES-3528 User’s Guide... -
Page 224: Dhcp Snooping Overview
The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server. If you set up the DHCP snooping database, the Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts. MES-3528 User’s Guide... -
Page 225: Configuring Dhcp Snooping
(Chapter 31 on page 267). 26.1.1.4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch. Enable DHCP snooping on the Switch. Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. MES-3528 User’s Guide... -
Page 226: Arp Inspection Overview
These MAC address filters are different than regular MAC address filters (Chapter 12 on page 119). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. MES-3528 User’s Guide... -
Page 227: Ip Source Guard
Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns MES-3528 User’s Guide... -
Page 228: Ip Source Guard Static Binding
Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the MES-3528 User’s Guide... - Page 229 This field displays how long the binding is valid. Type This field displays how the Switch learned the binding. static: This binding was learned from information provided manually by an administrator. VLAN This field displays the source VLAN ID in the binding. MES-3528 User’s Guide...
-
Page 230: Dhcp Snooping
Click this to clear the Delete check boxes above. 26.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. MES-3528 User’s Guide... - Page 231 Chapter 26 IP Source Guard Figure 120 DHCP Snooping MES-3528 User’s Guide...
- Page 232 DHCP snooping database for any reason. Startup failures This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database. MES-3528 User’s Guide...
- Page 233 Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore. MES-3528 User’s Guide...
-
Page 234: Dhcp Snooping Configure
TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 121 DHCP Snooping Configure MES-3528 User’s Guide... - Page 235 If there is a conflict, the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen (Section 26.4 on page 230). MES-3528 User’s Guide...
-
Page 236: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 122 DHCP Snooping Port Configure MES-3528 User’s Guide... -
Page 237: Dhcp Snooping Vlan Configure
Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 31 on page 267) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To MES-3528 User’s Guide... - Page 238 The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MES-3528 User’s Guide...
-
Page 239: Arp Inspection Status
IP address was not valid. Port: The MAC address, VLAN ID, and IP address were in the binding table, but the port number was not valid. Delete Select this, and click Delete to remove the specified entry. MES-3528 User’s Guide... -
Page 240: Arp Inspection Vlan Status
This field displays the total number of ARP Request packets received from the VLAN since the Switch last restarted. Reply This field displays the total number of ARP Reply packets received from the VLAN since the Switch last restarted. MES-3528 User’s Guide... -
Page 241: Arp Inspection Log Status
The Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message. You can configure this interval in the ARP Inspection Configure screen. See Section 26.7 on page 242. MES-3528 User’s Guide... -
Page 242: Arp Inspection Configure
This field displays when the log message was generated. 26.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global MES-3528 User’s Guide... - Page 243 Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 26.6.2 on page 241. MES-3528 User’s Guide...
-
Page 244: Arp Inspection Port Configure
Click this to reset the values in this screen to their last-saved values. 26.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives MES-3528 User’s Guide... - Page 245 These settings have no effect on trusted ports. Rate (pps) Specify the maximum rate (1-2048 packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit. MES-3528 User’s Guide...
-
Page 246: Arp Inspection Vlan Configure
Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below. MES-3528 User’s Guide... - Page 247 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MES-3528 User’s Guide...
- Page 248 Chapter 26 IP Source Guard MES-3528 User’s Guide...
-
Page 249: Loop Guard
If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: • It will receive broadcast messages sent out from the switch in loop state. MES-3528 User’s Guide... - Page 250 The following figure illustrates three switches forming a loop. A sample path of the loop guard probe packet is also shown. In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on MES-3528 User’s Guide...
-
Page 251: Loop Guard Setup
Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled. Figure 134 Advanced Application > Loop Guard MES-3528 User’s Guide... - Page 252 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 253: Layer 2 Protocol Tunneling
B, C and D. Topology change information can be propagated throughout the service provider’s network. To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and MES-3528 User’s Guide... -
Page 254: Layer 2 Protocol Tunneling Mode
• The Tunnel port is an egress port at the edge of the service provider's network and connected to another service provider’s switch. Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port. MES-3528 User’s Guide... -
Page 255: Configuring Layer 2 Protocol Tunneling
MAC address does not exist in the address table of a switch on the service provider’s network. Note: All the edge switches in the service provider’s network should be set to use the same MAC address for encapsulation. MES-3528 User’s Guide... - Page 256 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 257: Ip Application
IP Application Static Route (259) Differentiated Services (263) DHCP (267) -
Page 259: Static Route
R1 which routes it back to the manager’s computer. The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2. Figure 138 Static Routing Overview SNMP Telnet MES-3528 User’s Guide... -
Page 260: Configuring Static Routing
The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. MES-3528 User’s Guide... - Page 261 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User’s Guide...
- Page 262 Chapter 29 Static Route MES-3528 User’s Guide...
-
Page 263: Differentiated Services
ToS-enabled network device will not conflict with the DSCP mapping. The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded across the DiffServ network. Based on the marking rule different MES-3528 User’s Guide... -
Page 264: Diffserv Network Example
G P P G P P G S B P - Platinum G - Gold S - Silver B - Bronze 30.2 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the Switch. MES-3528 User’s Guide... -
Page 265: Dscp-To-Ieee 802.1P Priority Settings
The following table shows the default DSCP-to-IEEE802.1p mapping. Table 87 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0 – 7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE 802.1p MES-3528 User’s Guide... -
Page 266: Configuring Dscp Settings
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide... -
Page 267: Dhcp
• Global: The Switch forwards all DHCP requests to the same DHCP server. • VLAN: The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. MES-3528 User’s Guide... -
Page 268: Dhcp Status
DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information. Please refer to RFC 3046 for more details. MES-3528 User’s Guide... -
Page 269: Configuring Dhcp Global Relay
Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 145 IP Application > DHCP > Global MES-3528 User’s Guide... -
Page 270: Global Dhcp Relay Configuration Example
Figure 146 Global DHCP Relay Network Example DHCP Server: 192.168.1.100 VLAN2 VLAN1 Configure the DHCP Relay screen as shown. Make sure you select the Option 82 check box to set the Switch to send additional information (such as the VLAN ID) MES-3528 User’s Guide... -
Page 271: Configuring Dhcp Vlan Settings
DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. MES-3528 User’s Guide... - Page 272 This field displays the ID number of the VLAN group to which this DHCP settings apply. Type This field displays the DHCP mode (Relay). DHCP Status For DHCP relay configuration, this field displays the first remote DHCP server IP address. MES-3528 User’s Guide...
-
Page 273: Example: Dhcp Relay For Two Vlans
2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 149 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 150 DHCP Relay for Two VLANs Configuration Example MES-3528 User’s Guide... - Page 274 Chapter 31 DHCP MES-3528 User’s Guide...
-
Page 275: Management
Management Maintenance (277) Access Control (285) Diagnostic (307) Syslog (309) Cluster Management (313) MAC Table (321) ARP Table (325) Configure Clone (327) -
Page 277: Maintenance
2) is currently operating on the Switch. Firmware Click Click Here to go to the Firmware Upgrade screen. Upgrade Restore Click Click Here to go to the Restore Configuration screen. Configuratio Backup Click Click Here to go to the Backup Configuration screen. Configuratio MES-3528 User’s Guide... -
Page 278: Load Factory Default
If you want to access the Switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1). MES-3528 User’s Guide... -
Page 279: Save Configuration
Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch. 32.5 Firmware Upgrade Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. MES-3528 User’s Guide... -
Page 280: Restore A Configuration File
Path text box or click Browse to locate it. After you have specified the file, click Restore. "config" is the name of the configuration file on the Switch, so your backup configuration file is automatically renamed when you restore using this screen. MES-3528 User’s Guide... -
Page 281: Backup A Configuration File
The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing. MES-3528 User’s Guide... -
Page 282: Ftp Command Line Procedure
Enter open, followed by a space and the IP address of your Switch. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter bin to set transfer mode to binary. MES-3528 User’s Guide... -
Page 283: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MES-3528 User’s Guide... - Page 284 Chapter 32 Maintenance MES-3528 User’s Guide...
-
Page 285: Access Control
See the CLI Reference Guide for more information on disabling multi-login. 33.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 157 Management > Access Control MES-3528 User’s Guide... -
Page 286: About Snmp
Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. MES-3528 User’s Guide... -
Page 287: Snmp V3 And Security
• RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c • RFC 1757 RMON • SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP MES-3528 User’s Guide... -
Page 288: Snmp Traps
Table 98 SNMP Interface Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION linkup linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up. LinkDownEventClear 1.3.6.1.4.1.890.1.5.8.51.27 This trap is sent when the .2.2 Ethernet link is up. MES-3528 User’s Guide... - Page 289 RADIUS server can be reached. TACACS+NotReachableEv 1.3.6.1.4.1.890.1.5.8.51.2 This trap is sent when there is entOn 7.2.1 no response message from the TACACS+ server. TACACS+NotReachableEv 1.3.6.1.4.1.890.1.5.8.51.2 This trap is sent when the entClear 7.2.2 TACACS+ server can be reached. MES-3528 User’s Guide...
- Page 290 1.3.6.1.2.1.81.0. This trap is sent when a path to a target changes. traceRouteTestFailed 1.3.6.1.2.1.81.0. This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0. This trap is sent when a traceroute test is completed. MES-3528 User’s Guide...
- Page 291 This trap is sent when a variable goes over the RMON "rising" threshold. RmonFallingAlarm 1.3.6.1.2.1.16.0.2 This trap is sent when the variable falls below the RMON "falling" threshold. dot1agCfmFaultAlarm 1.3.111.2.802.1.1.8.0.1 The trap is sent when the Switch detects a connectivity fault. MES-3528 User’s Guide...
-
Page 292: Configuring Snmp
Get Community Enter the Get Community string, which is the password for the incoming Get- and GetNext- requests from the management station. The Get Community string is only used by SNMP managers using SNMP version 2c or lower. MES-3528 User’s Guide... - Page 293 Switch. Authenticati Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower. MES-3528 User’s Guide...
-
Page 294: Configuring Snmp Trap Group
Click Management > Access Control > SNMP > Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP traps that should be sent to each SNMP manager. Figure 160 Management > Access Control > SNMP > Trap Group MES-3528 User’s Guide... -
Page 295: Setting Up Login Accounts
The username for the Administrator is always admin. The default administrator password is 1234. Note: It is highly recommended that you change the default administrator password (1234). • A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. MES-3528 User’s Guide... - Page 296 You can give users higher privileges via the CLI. For more information on assigning privileges see the CLI Reference Guide. User Name Set a user name (up to 32 ASCII characters long). Password Enter your new system password. Retype to Retype your new system password for confirmation confirm MES-3528 User’s Guide...
-
Page 297: Ssh Overview
Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 162 SSH Communication Example MES-3528 User’s Guide... -
Page 298: How Ssh Works
Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. MES-3528 User’s Guide... -
Page 299: Ssh Implementation On The Switch
SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch. Please refer to the following figure. MES-3528 User’s Guide... -
Page 300: Https Example
When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. Click View Certificate if you want to verify that the certificate is from the Switch. MES-3528 User’s Guide... -
Page 301: Netscape Navigator Warning Messages
Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. MES-3528 User’s Guide... - Page 302 Chapter 33 Access Control Select Accept this certificate permanently to import the Switch’s certificate into the SSL client. Figure 166 Security Certificate 1 (Netscape) example example example Figure 167 Security Certificate 2 (Netscape) example MES-3528 User’s Guide...
-
Page 303: The Main Screen
Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed MES-3528 User’s Guide... -
Page 304: Remote Management
Cancel Click Cancel to begin configuring this screen afresh. 33.10 Remote Management Click Management > Access Control > Remote Management to view the screen as shown next. MES-3528 User’s Guide... - Page 305 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
- Page 306 Chapter 33 Access Control MES-3528 User’s Guide...
-
Page 307: Diagnostic
This chapter explains the Diagnostic screen. 34.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 171 Management > Diagnostic MES-3528 User’s Guide... - Page 308 Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Enter a port number and click Port Test to perform an internal Test loopback test. MES-3528 User’s Guide...
-
Page 309: Syslog
Error: There is an error condition on the system. Warning: There is a warning condition on the system. Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. MES-3528 User’s Guide... -
Page 310: Syslog Setup
The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide... -
Page 311: Syslog Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide... - Page 312 Chapter 35 Syslog MES-3528 User’s Guide...
-
Page 313: Cluster Management
Maximum number of cluster members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches. Cluster Members The switches being managed by the cluster manager switch. MES-3528 User’s Guide... -
Page 314: Cluster Management Status
Figure 174 Clustering Application Example 36.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 175 Management > Cluster Management: Status MES-3528 User’s Guide... -
Page 315: Cluster Member Switch Management
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web MES-3528 User’s Guide... -
Page 316: Uploading Firmware To A Cluster Member Switch
297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 390BHR0.bin fw-00-a0-c5-01-23-46 200 Port command okay 150 Opening data connection for STOR fw-00-a0-c5-01-23-46 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> MES-3528 User’s Guide... - Page 317 This is the cluster member switch’s firmware name as seen fw-00-a0-c5-01-23-46 in the cluster manager switch. config-00-a0-c5-01-23-46 This is the cluster member switch’s configuration file name as seen in the cluster manager switch. MES-3528 User’s Guide...
-
Page 318: Clustering Management Configuration
Clustering Candidates list. If a switch that was previously a cluster member is later set to become a cluster manager, then its Status is displayed as Error in the Cluster Management Status screen and a warning icon ( ) appears in the member summary list below. MES-3528 User’s Guide... - Page 319 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
- Page 320 Chapter 36 Cluster Management MES-3528 User’s Guide...
-
Page 321: Mac Table
• If the Switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion. MES-3528 User’s Guide... -
Page 322: Viewing The Mac Table
Figure 179 MAC Table Flowchart 37.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 180 Management > MAC Table MES-3528 User’s Guide... - Page 323 This is the VLAN group to which this frame belongs. Port This is the port where the above MAC address is forwarded. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). MES-3528 User’s Guide...
- Page 324 Chapter 37 MAC Table MES-3528 User’s Guide...
-
Page 325: Arp Table
MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. MES-3528 User’s Guide... -
Page 326: Viewing The Arp Table
This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. This is the MAC address of the device with corresponding IP address above. Address Type This shows whether the MAC address is dynamic (learned by the Switch) or static. MES-3528 User’s Guide... -
Page 327: Configure Clone
39.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 182 Management > Configure Clone MES-3528 User’s Guide... - Page 328 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User’s Guide...
-
Page 329: Troubleshooting & Product Specifications
Troubleshooting & Product Specifications Troubleshooting (331) Product Specifications (335) -
Page 331: Troubleshooting
If the problem continues, contact the vendor. The ALM LED is on. Disconnect and re-connect the power adaptor or cord to the Switch. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. MES-3528 User’s Guide... -
Page 332: Switch Access And Login
I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. • If you changed the IP address, use the new IP address. MES-3528 User’s Guide... - Page 333 Disconnect and re-connect the cord to the Switch. If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page Pop-up Windows, JavaScripts and Java Permissions MES-3528 User’s Guide...
-
Page 334: Switch Configuration
Switch’s nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 32.3 on page 279 for more information about how to save your configuration. MES-3528 User’s Guide... -
Page 335: Product Specifications
Humidity: 10 ~ 90% (non-condensing) Storage Environment Temperature: -10º C ~ 70º C (14º F ~ 158º F) Humidity: 10 ~ 90% (non-condensing) Ground Wire Gauge 18 AWG or larger Power Wire Gauge 18 AWG or larger MES-3528 User’s Guide... - Page 336 Switch. Differentiated Services With DiffServ, the Switch marks packets so that they receive (DiffServ) specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. MES-3528 User’s Guide...
- Page 337 For security, the Switch allows authentication using IEEE Security 802.1x with an external RADIUS server and port security that allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. MES-3528 User’s Guide...
- Page 338 Max. Frame size: 9 K bytes Forwarding frame: IEEE 802.3, IEEE 802.1q, Ethernet II, PPPoE Prevent the forwarding of corrupted packets IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) Multiple Rapid Spanning Tree capability (2 configurable trees) IEEE 802.1s Multiple Spanning Tree Protocol MES-3528 User’s Guide...
- Page 339 Layer 3 IP Capability IPV4 support Features 64 Management IPs Routing Static Routing protocols IP services DHCP client DHCP relay VLAN-based DHCP relay DHCP snooping Filtering Support L2 MAC filtering, L3 IP filtering, Layer 4 TCP/UDP socket MES-3528 User’s Guide...
- Page 340 The following list, which is not exhaustive, illustrates the standards supported in the Switch. Table 121 Standards Supported STANDARD DESCRIPTION RFC 826 Address Resolution Protocol (ARP) RFC 867 Daytime Protocol RFC 868 Time Protocol RFC 894 Ethernet II Encapsulation RFC 1112 IGMP v1 RFC 1155 MES-3528 User’s Guide...
- Page 341 IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation IEEE 802.3ah Ethernet OAM (Operations, Administration and Maintenance) IEEE 802.3x Flow Control Safety UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) MES-3528 User’s Guide...
- Page 342 Chapter 41 Product Specifications MES-3528 User’s Guide...
-
Page 343: Appendices And Index
Appendices and Index Changing a Fuse (345) Common Services (347) Legal Information (351) Index (355) -
Page 345: Appendix A Changing A Fuse
Put another spare fuse in its place in order to always have one on hand. Push the replacement fuse into the fuse housing until you hear a click. Push the fuse housing back into the Switch until you hear a click. Plug the power cord back into the unit. MES-3528 User’s Guide... - Page 346 Appendix A Changing a Fuse MES-3528 User’s Guide...
-
Page 347: Appendix B Common Services
Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. MES-3528 User’s Guide... - Page 348 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING User-Defined Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. MES-3528 User’s Guide...
- Page 349 TCP/UDP Secure Shell Remote Login Program. STRM WORKS 1558 Stream Works Protocol. SYSLOG Syslog allows you to send system logs to a UNIX server. TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). MES-3528 User’s Guide...
- Page 350 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. MES-3528 User’s Guide...
-
Page 351: Appendix C Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. - Page 352 Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11. MES-3528 User’s Guide...
-
Page 353: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. MES-3528 User’s Guide... - Page 354 Appendix C Legal Information MES-3528 User’s Guide...
-
Page 355: Index
ARP inspection 223, 226 CFI (Canonical Format Indicator) and MAC filter changing the password configuring Cisco Discovery Protocol, see CDP syslog messages trusted ports CIST authentication Class of Service (CoS) setup classifier 169, 171 and QoS MES-3528 User’s Guide... - Page 356 Dynamic Host Configuration Protocol, see DHCP current date dynamic link aggregation current time egress port daylight saving time egress rate, and bandwidth control default Ethernet settings Ethernet broadcast address DHCP Ethernet port test configuration options external authentication server modes Option 82 overview MES-3528 User’s Guide...
- Page 357 Gigabit ports install GMT (Greenwich Mean Time) fuse GVRP 92, 99, 100 installation and port assignment desktop GVRP (GARP VLAN Registration Protocol) precautions rack-mounting transceivers installation scenarios MES-3528 User’s Guide...
- Page 358 ID information restoring configuration setup 155, 157 status Management Information Base (MIB) traffic distribution algorithm management port traffic distribution type managing the device trunk group good habits Link Aggregation Control Protocol (LACP) MES-3528 User’s Guide...
- Page 359 IGMP throttling port cloning 327, 328 IP addresses advanced settings 327, 328 overview basic settings 327, 328 setup 195, 196 port details multicast group port isolation multicast VLAN port mirroring 149, 150, 338 Multiple Rapid Spanning Tree Protocol MES-3528 User’s Guide...
- Page 360 Round Robin Scheduling priority routing protocols un-tagged packets RSTP PVID PVID (Priority Frame) safety certifications safety warnings Q-in-Q, see VLAN stacking save configuration 51, 279 and classifier security queue weight service access control service port queuing MES-3528 User’s Guide...
- Page 361 Static VLAN static VLAN control tagging TACACS+ status 209, 210 46, 72 setup link aggregation TACACS+ (Terminal Access Controller Access- MSTP Control System Plus) port MES-3528 User’s Guide...
- Page 362 VLAN tag untrusted ports VLAN tag format ARP inspection DHCP snooping VLAN tag user profiles VLAN tag format VLAN Trunking Protocol, see VTP VLAN, protocol based, See protocol based VLAN VT100 Vendor Specific Attribute, See VSA ventilation MES-3528 User’s Guide...
- Page 363 Index warranty note web configurator getting help home login logout navigation panel weight, queuing Weighted Round Robin Scheduling (WRR) WRR (Weighted Round Robin Scheduling) ZyNOS (ZyXEL Network Operating System) MES-3528 User’s Guide...
- Page 364 Index MES-3528 User’s Guide...
Need help?
Do you have a question about the MES-3528 and is the answer not in the manual?
Questions and answers