Download Print this page

ZyXEL Communications GS3700 Series User Manual

Gbe l2+ switch

Hide thumbs Also See for GS3700 Series:

User manual (549 pages)

,

Cli reference manual (361 pages)

,

Handbook (215 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Handbook, User Manual

GS3700/XGS3700 Series

GbE L2+ Switch

Version 4.10

Edition 3, 06/2014

Quick Start Guide

User's Guide

Default Login Details

IP Address

http://192.168.0.1 (Out-

http://192.168.1.1 (In-

www.zyxel.com

User Name

Password

of-band MGMT port)

band ports)

admin

1234

Copyright © 2014 ZyXEL Communications Corporation

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the GS3700 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications GS3700 Series

Page 1 GS3700/XGS3700 Series GbE L2+ Switch Version 4.10 Edition 3, 06/2014 Quick Start Guide User’s Guide Default Login Details IP Address http://192.168.0.1 (Out- of-band MGMT port) http://192.168.1.1 (In- www.zyxel.com band ports) User Name admin Password 1234 Copyright © 2014 ZyXEL Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Note: This guide is a reference for a series of products. Therefore some features or options in this guide may not be available in your product. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................18 Getting to Know Your Switch ........................19 Hardware Installation and Connection ....................24 Hardware Overview ..........................28 The Web Configurator ..........................35 Technical Reference ..........................44 ZON Utility, ZON Neighbor Management and Port Status ..............45 Basic Setting ............................52 VLAN ...............................81 Static MAC Forward Setup ........................99 Static Multicast Forward Setup ......................101...
Page 4 Contents Overview Policy Routing ............................301 Differentiated Services ..........................305 DHCP ..............................313 VRRP ..............................327 Load Sharing ............................336 ARP Setup ............................338 Maintenance ............................344 Access Control ............................352 Diagnostic .............................373 Syslog ..............................375 Cluster Management ..........................378 MAC Table .............................384 IP Table ..............................387 ARP Table .............................389 Routing Table ............................391 Path MTU Table ............................392 Configure Clone ............................393 Neighbor Table ............................395...
Page 5: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Part I: User’s Guide ..................18 Chapter 1 Getting to Know Your Switch......................19 1.1 Introduction ............................19 1.1.1 Bridging Example ........................20 1.1.2 High Performance Switching Example ..................20 1.1.3 Gigabit Ethernet to the Desktop ....................21 1.1.4 IEEE 802.1Q VLAN Application Example ................21 1.1.5 IPv6 Support ..........................22 1.2 Ways to Manage the Switch ......................22...
Page 6 Table of Contents Chapter 4 The Web Configurator ........................35 4.1 Introduction ............................35 4.2 System Login ..........................35 4.3 The Web Configurator Layout ......................36 4.3.1 Change Your Password ......................41 4.4 Saving Your Configuration ........................41 4.5 Switch Lockout ..........................41 4.6 Resetting the Switch ........................42 4.6.1 Reload the Configuration File ....................42 4.7 Logging Out of the Web Configurator ....................43...
Page 7 Table of Contents 6.9.6 IPv6 Global Address Setup .....................73 6.9.7 IPv6 Neighbor Discovery Setup ....................74 6.9.8 IPv6 Router Discovery Setup ....................75 6.9.9 IPv6 Prefix Setup ........................77 6.9.10 IPv6 Neighbor Setup ......................78 6.9.11 DHCPv6 Client Setup ......................79 Chapter 7 VLAN ..............................81 7.1 Introduction to IEEE 802.1Q Tagged VLANs ................81 7.1.1 Forwarding Tagged and Untagged Frames ................81...
Page 8 Table of Contents 11.1 STP/RSTP Overview ........................106 11.1.1 STP Terminology .........................106 11.1.2 How STP Works ........................107 11.1.3 STP Port States ........................107 11.1.4 Multiple RSTP ........................107 11.1.5 Multiple STP .........................108 11.2 Spanning Tree Protocol Status Screen ..................110 11.3 Spanning Tree Configuration ......................111 11.4 Configure Rapid Spanning Tree Protocol ...................
Page 9 Table of Contents 15.6 Static Trunking Example .......................143 Chapter 16 Port Authentication ..........................145 16.1 Port Authentication Overview .......................145 16.1.1 IEEE 802.1x Authentication ....................145 16.1.2 MAC Authentication ......................146 16.2 Port Authentication Configuration ....................147 16.2.1 Activate IEEE 802.1x Security ..................147 16.2.2 Guest VLAN ........................149 16.2.3 Activate MAC Authentication ....................151 Chapter 17 Port Security .............................153...
Page 10 Table of Contents 21.1 VLAN Stacking Overview ......................170 21.1.1 VLAN Stacking Example ......................170 21.2 VLAN Stacking Port Roles ......................171 21.3 VLAN Tag Format ..........................171 21.3.1 Frame Format ........................172 21.4 Configuring VLAN Stacking ......................172 21.4.1 Port-based Q-in-Q .......................174 21.4.2 Selective Q-in-Q .........................174 Chapter 22 Multicast ............................177 22.1 Multicast Overview ........................177...
Page 11 Table of Contents 23.2.1 RADIUS Server Setup .......................201 23.2.2 TACACS+ Server Setup ....................203 23.2.3 AAA Setup ...........................205 23.2.4 Vendor Specific Attribute .....................208 23.2.5 Tunnel Protocol Attribute .....................209 23.3 Supported RADIUS Attributes .......................209 23.3.1 Attributes Used for Authentication ..................210 23.3.2 Attributes Used for Accounting ....................210 Chapter 24 IP Source Guard..........................213 24.1 IP Source Guard Overview ......................213...
Page 12 Table of Contents 27.1.1 Layer-2 Protocol Tunneling Mode ..................242 27.2 Configuring Layer 2 Protocol Tunneling ..................242 Chapter 28 sFlow..............................245 28.1 sFlow Overview ..........................245 28.2 sFlow Port Configuration .......................245 28.2.1 sFlow Collector Configuration ....................247 Chapter 29 PPPoE ..............................249 29.1 PPPoE Intermediate Agent Overview ..................249 29.1.1 PPPoE Intermediate Agent Tag Format ................249 29.1.2 Sub-Option Format ......................249 29.1.3 Port State ..........................250...
Page 13 Table of Contents 33.1 Green Ethernet Overview ......................269 33.2 Configuring Green Ethernet ......................269 Chapter 34 Link Layer Discovery Protocol (LLDP) ...................271 34.1 LLDP Overview ..........................271 34.2 LLDP-MED Overview ........................272 34.3 LLDP Screens ..........................273 34.4 LLDP Local Status ........................274 34.4.1 LLDP Local Port Status Detail ....................276 34.5 LLDP Remote Status ........................280 34.5.1 LLDP Remote Port Status Detail ..................281 34.6 LLDP Configuration ........................287...
Page 14 Table of Contents 37.3.2 DSCP Profile ........................310 37.4 DSCP-to-IEEE 802.1p Priority Settings ................... 311 37.4.1 Configuring DSCP Settings ....................311 Chapter 38 DHCP..............................313 38.1 DHCP Overview ...........................313 38.1.1 DHCP Modes ........................313 38.1.2 DHCP Configuration Options ....................313 38.2 DHCP Configuration ........................313 38.3 DHCPv4 Status ..........................314 38.3.1 DHCPv4 Server Status Detail .....................314 38.4 DHCPv4 Relay ..........................315...
Page 15 Table of Contents 41.1 ARP Overview ..........................338 41.1.1 How ARP Works ........................338 41.1.2 ARP Learning Mode ......................338 41.2 ARP Setup ............................340 41.2.1 ARP Learning ........................340 41.2.2 Static ARP ...........................342 Chapter 42 Maintenance ............................344 42.1 The Maintenance Screen ......................344 42.2 Load Factory Default ........................345 42.3 Save Configuration ........................345 42.4 Reboot System ..........................346 42.5 Firmware Upgrade ........................346...
Page 16 Table of Contents 43.9.2 Mozilla Firefox Warning Messages ..................368 43.9.3 The Main Screen .........................370 43.10 Service Access Control ......................370 43.11 Remote Management ......................371 Chapter 44 Diagnostic ............................373 44.1 Diagnostic ............................373 Chapter 45 Syslog ..............................375 45.1 Syslog Overview ...........................375 45.2 Syslog Setup ..........................375 45.3 Syslog Server Setup ........................376 Chapter 46 Cluster Management ........................378...
Page 17 Table of Contents Chapter 51 Path MTU Table ..........................392 51.1 Path MTU Overview ........................392 51.2 Viewing the Path MTU Table ......................392 Chapter 52 Configure Clone..........................393 52.1 Configure Clone ...........................393 Chapter 53 Neighbor Table ..........................395 53.1 IPv6 Neighbor Table Overview .....................395 53.2 Viewing the IPv6 Neighbor Table ....................395 Chapter 54 Troubleshooting..........................397...
Page 18: User's Guide
User’s Guide...
Page 19: Getting To Know Your Switch
H A PT ER Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction Your Switch is a layer 2+, Gigabit Ethernet (GbE) switch with two power slots for hot-swappable RPS300 or RPS600-HP power modules. The Switch provides four SFP or SFP+ slots for uplink. By integrating router functions, the Switch performs wire-speed layer-3 routing in addition to layer-2 switching.
Page 20: Bridging Example
Chapter 1 Getting to Know Your Switch 1.1.1 Bridging Example In this example the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch.
Page 21: Gigabit Ethernet To The Desktop
Chapter 1 Getting to Know Your Switch Figure 2 High Performance Switching 10 Gbps Trunk Branch 1.1.3 Gigabit Ethernet to the Desktop The Switch is an ideal solution for small networks which demand high bandwidth for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch.
Page 22: Ipv6 Support
Chapter 1 Getting to Know Your Switch For more information on VLANs, refer to Chapter 7 on page 1.1.4.1 Tag-based VLAN Example Ports in the same VLAN group share the same frame broadcast domain, thus increasing network performance by reducing broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re-cabling.
Page 23: Good Habits For Managing The Switch
Chapter 1 Getting to Know Your Switch • Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page • Command Line Interface. Line commands offer an alternative to the Web Configurator and may be necessary to configure advanced features.
Page 24: Hardware Installation And Connection
H A PT ER Hardware Installation and Connection This chapter shows you how to install and connect the Switch. 2.1 Freestanding Installation Make sure the Switch is clean and dry. Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and the connected cables.
Page 25: Mounting The Switch On A Rack
Chapter 2 Hardware Installation and Connection 2.2 Mounting the Switch on a Rack This section lists the rack mounting requirements and precautions and describes the installation steps of how to mount the Switch in a 19-inch rack with the included rack mounting kit. Note: ZyXEL provides extensible rear mounting brackets (RM400) to install the Switch in a 21-inch, 23-inch or 24-inch rack.
Page 26: Mounting The Switch On A Rack
Chapter 2 Hardware Installation and Connection Slide the rear bracket along the rail and set the bracket in place depending on the depth of the rack. The rear brackets can be used with a 19-inch rack. Rear Bracket Sliding Rail Front Bracket You may now mount the Switch on a rack.
Page 27: Power Module Installation
Chapter 2 Hardware Installation and Connection Rear Front 2.6 Power Module Installation There is one power module installed in the first power slot of the Switch by default. See the Power Module Hardware Installation Guide for how to install a second power module or remove the power module.
Page 28: Hardware Overview
This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel Connections The figure below shows the front panel of the Switch. Figure 6 Front Panel: GS3700 Series GS3700/XGS3700 Series User’s Guide...
Page 29: Ethernet Ports
Chapter 3 Hardware Overview Figure 7 Front Panel: XGS3700 Series The following table describes the ports. Table 2 Panel Connections CONNECTOR DESCRIPTION 24 or 48 10/ Connect these ports to a computer, a hub, an Ethernet switch or router. 100/1000Base-T RJ-45 Ethernet Ports 4 SFP or SFP+...
Page 30: Sfp/Sfp+ Slots
Chapter 3 Hardware Overview • Speed: Auto • Duplex: Auto • Flow control: Off • Dual Personality Interface: Fiber-optic module first 3.1.2 SFP/SFP+ Slots These are four slots for Small Form-Factor Pluggable (SFP) or SFP+ modules, such as an SFP/SFP+ transceiver.
Page 31: Management Port
Chapter 3 Hardware Overview Figure 9 Installed Transceiver 3.1.2.2 Transceiver Removal Use the following steps to remove a transceiver. Open the transceiver’s latch (latch styles vary). Figure 10 Opening the Transceiver’s Latch Example Pull the transceiver out of the slot. Figure 11 Transceiver Removal Example 3.1.3 Management Port The 100Base-T Ethernet MGMT (management) port is used for local management.
Page 32: Rear Panel
Chapter 3 Hardware Overview • No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. 3.2 Rear Panel The following figures show the rear panels of the Switch.
Page 33: Leds
Chapter 3 Hardware Overview Disconnect the power cord from the power outlet. Disconnect the power cord from the AC power socket. 3.3 LEDs The following table describes the LEDs. Table 3 LEDs COLOR STATUS DESCRIPTION PWR1 Green The system is receiving power from the power module in the first (Power 1) power slot.
Page 34 Chapter 3 Hardware Overview Table 3 LEDs (continued) COLOR STATUS DESCRIPTION 1-24 or 1- Green Blinking The port is receiving or transmitting data at 10 or 1000 Mbps. The port has a successful 10 or 1000 Mbps connection. LNK/ACT Amber Blinking The port is receiving or transmitting data 100 Mbps.
Page 35: The Web Configurator
H A PT ER The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Firefox 2.0 and later versions.
Page 36: The Web Configurator Layout
Chapter 4 The Web Configurator Figure 13 Web Configurator: Login Click OK to view the first web configurator screen. 4.3 The Web Configurator Layout The Status screen is the first screen that displays when you access the web configurator. This guide uses the GS3700-48HP screens as an example.
Page 37 Chapter 4 The Web Configurator Figure 14 The Web Configurator Layout A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. B, C, D, E - These are quick links which allow you to perform certain tasks no matter which screen you are currently working in.
Page 38 Chapter 4 The Web Configurator In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION The following table describes the links in the navigation panel. Table 5 Navigation Panel Links LINK DESCRIPTION...
Page 39 Chapter 4 The Web Configurator Table 5 Navigation Panel Links (continued) LINK DESCRIPTION IPv6 This link takes you to a screen where you can enable an IPv6 interface and configure the IPv6 settings on the Switch. Advanced Application VLAN This link takes you to screens where you can configure port-based or 802.1Q VLAN (depending on what you configured in the Switch Setup menu).
Page 40 Chapter 4 The Web Configurator Table 5 Navigation Panel Links (continued) LINK DESCRIPTION PPPoE This link takes you to screens where you can configure how the Switch gives a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client.
Page 41: Change Your Password
Chapter 4 The Web Configurator 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 15 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory.
Page 42: Resetting The Switch
Chapter 4 The Web Configurator Filter all traffic to the CPU port. Disable all ports. Misconfigure the text configuration file. Forget the password and/or IP address. Prevent all services from accessing the Switch. Change a service port number but forget it. Note: Be careful not to lock yourself and others out of the Switch.
Page 43: Logging Out Of The Web Configurator
Chapter 4 The Web Configurator Figure 16 Resetting the Switch: Via the Console Port Bootbase Version: V1.00 | 12/11/2012 13:49:40 RAM: Size = 524288 Kbytes DRAM POST: Testing: 524288K DRAM Test SUCCESS ! ZyNOS Version: V4.10(AAGF.5)b1 | 6/5/2014 20:10:8 Press any key to enter debug mode within 3 seconds........
Page 44: Technical Reference
Technical Reference...
Page 45: Zon Utility, Zon Neighbor Management And Port Status
H A PT ER ZON Utility, ZON Neighbor Management and Port Status This chapter describes the screens for ZON Utility, ZON Neighbor Management, Port Status and Port Details. 5.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
Page 46: Chapter 5 Zon Utility, Zon Neighbor Management And Port Status
Chapter 5 ZON Utility, ZON Neighbor Management and Port Status Figure 18 ZON Utility Screen 5.3 ZON Neighbor Management Screen The ZON Neighbor Management screen allows you to view and manage the Switch’s neighboring devices more conveniently. It uses Layer Link Discovery Protocol (LLDP) to discover all neighbor devices connected to the Switch including non-ZyXEL devices.
Page 47: Port Status Summary
Chapter 5 ZON Utility, ZON Neighbor Management and Port Status The following table describes the fields in the above screen. Table 6 Status > Neighbor LABEL DESCRIPTION Local Port This shows the port number of the local device in the network. Name This shows the name of the local device in the network.
Page 48 Chapter 5 ZON Utility, ZON Neighbor Management and Port Status Figure 20 Status The following table describes the labels in this screen. Table 7 Status LABEL DESCRIPTION Port This identifies the Ethernet port. Click a port number to display the Port Details screen (refer to Figure 21 on page 49).
Page 49: Status: Port Details
Chapter 5 ZON Utility, ZON Neighbor Management and Port Status 5.4.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 21 Status: Port Details The following table describes the labels in this screen.
Page 50 Chapter 5 ZON Utility, ZON Neighbor Management and Port Status Table 8 Status > Port Details (continued) LABEL DESCRIPTION RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port. Tx KBs/s This field shows the transmission speed of data sent on this port in kilobytes per second.
Page 51 Chapter 5 ZON Utility, ZON Neighbor Management and Port Status Table 8 Status > Port Details (continued) LABEL DESCRIPTION 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length.
Page 52: Basic Setting
H A PT ER Basic Setting This chapter describes how to configure the Basic Setting screens. 6.1 System Information In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen.
Page 53 Chapter 6 Basic Setting The following table describes the labels in this screen. Table 9 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the model number of the Switch. ZyNOS F/W This field displays the version number of the Switch 's current firmware including the date Version...
Page 54: General Setup
Chapter 6 Basic Setting 6.2 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. Figure 23 Basic Setting > General Setup The following table describes the labels in this screen.
Page 55: Introduction To Vlans
Chapter 6 Basic Setting Table 10 Basic Setting > General Setup (continued) LABEL DESCRIPTION Current Time This field displays the time you open this menu (or refresh the menu). New Time Enter the new time in hour, minute and second format. The new time then appears in the (hh:min:ss) Current Time field after you click Apply.
Page 56: Switch Setup
Chapter 6 Basic Setting resources of another on the same LAN, thus a user will not see the printers and hard disks of another user on the same network. VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain.
Page 57 Chapter 6 Basic Setting Table 11 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION MAC Address MAC address learning reduces outgoing traffic broadcasts. For MAC address learning to Learning occur on a port, the port must be active. Aging Time Enter a time from 10 to 1000000 seconds.
Page 58: Ip Setup
Chapter 6 Basic Setting 6.5 IP Setup Use the IP Setup screen to configure the default gateway device, the default domain name server and add IP domains. 6.5.1 IP Interfaces The Switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1.
Page 59 Chapter 6 Basic Setting The following table describes the labels in this screen. Table 12 Basic Setting > IP Setup LABEL DESCRIPTION Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254. Domain Name DNS (Domain Name System) is for mapping a domain name to its corresponding IP address Server...
Page 60: Port Setup
Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. Figure 26 Basic Setting > Port Setup (GS3700 Series) Figure 27 Basic Setting > Port Setup (XGS3700 Series)
Page 61 Chapter 6 Basic Setting The following table describes the labels in this screen. Table 13 Basic Setting > Port Setup LABEL DESCRIPTION Port This is the port index number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 62: Poe
Chapter 6 Basic Setting Table 13 Basic Setting > Port Setup (continued) LABEL DESCRIPTION BPDU Control Configure the way to treat BPDUs received on this port. You must activate bridging control protocol transparency in the Switch Setup screen first. Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Select Tunnel to forward BPDUs received on this port.
Page 63 Chapter 6 Basic Setting Note: The PoE devices that supply or receive power and their connected Ethernet cables must all be completely indoors. To view the current amount of power that PDs are receiving from the Switch, click Basic Setting > PoE Setup.
Page 64: Poe Setup
Chapter 6 Basic Setting Table 14 Basic Setting > PoE Status LABEL DESCRIPTION State This field shows which ports can receive power from the Switch. You can set this in the Basic Setting > PoE Setup screen. • Disable - The PD connected to this port cannot get power. •...
Page 65 Chapter 6 Basic Setting Figure 30 Basic Setting > PoE Status > PoE Setup The following table describes the labels in this screen. Table 15 Basic Setting > PoE Status > PoE Setup LABEL DESCRIPTION PoE Mode Select the power management mode you want the Switch to use. •...
Page 66: Interface Setup
Chapter 6 Basic Setting Table 15 Basic Setting > PoE Status > PoE Setup LABEL DESCRIPTION Max Power (mW) Set the maximum amount of power (from 1000 to 33000) the PD could use from the Switch on this port. Otherwise, leave the field blank to allow the connected PD to use power up to the Switch’s total power budget.
Page 67: Ipv6
Chapter 6 Basic Setting The following table describes the labels in this screen. Table 16 Basic Setting > Interface Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure. The Switch supports the VLAN interface type for IPv6 at the time of writing.
Page 68: Ipv6 Interface Status
Chapter 6 Basic Setting 6.9.1 IPv6 Interface Status Use this screen to view a specific IPv6 interface status and detailed information. Click an interface index number in the Basic Setting > IPv6 screen. The following screen opens. Figure 33 Basic Setting > IPv6 Interface Status The following table describes the labels in this screen.
Page 69 Chapter 6 Basic Setting Table 18 Basic Setting > IPv6 Interface Status (continued) LABEL DESCRIPTION ICMPv6 Rate This field displays the time period (in milliseconds) during which ICMPv6 error messages of Limit Error up to the bucket size can be transmitted. 0 means no limit. Interval Stateless This field displays whether the Switch’s interface can automatically generate a link-local...
Page 70: Ipv6 Configuration
Chapter 6 Basic Setting Table 18 Basic Setting > IPv6 Interface Status (continued) LABEL DESCRIPTION This field displays the DNS server address assigned by the DHCPv6 server. Domain List This field displays the address record when the Switch queries the DNS server to resolve domain names.
Page 71: Ipv6 Global Setup
Chapter 6 Basic Setting Table 19 Basic Setting > IPv6 > IPv6 Configuration (continued) LABEL DESCRIPTION IPv6 Neighbor Setup Click the link to go to a screen where you can create a static IPv6 neighbor entry in the Switch’s IPv6 neighbor table. DHCPv6 Client Setup Click the link to go to a screen where you can configure the Switch DHCP settings.
Page 72: Ipv6 Link-Local Address Setup
Chapter 6 Basic Setting Figure 36 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup The following table describes the labels in this screen. Table 21 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure.
Page 73: Ipv6 Global Address Setup
Chapter 6 Basic Setting Figure 37 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup The following table describes the labels in this screen. Table 22 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup LABEL DESCRIPTION Interface...
Page 74: Ipv6 Neighbor Discovery Setup
Chapter 6 Basic Setting Figure 38 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup The following table describes the labels in this screen. Table 23 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup LABEL DESCRIPTION Interface...
Page 75: Ipv6 Router Discovery Setup
Chapter 6 Basic Setting Figure 39 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Discovery Setup The following table describes the labels in this screen. Table 24 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Discovery Setup LABEL DESCRIPTION Interface...
Page 76 Chapter 6 Basic Setting Figure 40 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Router Discovery Setup The following table describes the labels in this screen. Table 25 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Router Discovery Setup LABEL DESCRIPTION Interface...
Page 77: Ipv6 Prefix Setup
Chapter 6 Basic Setting Table 25 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Router Discovery Setup (continued) LABEL DESCRIPTION Flags This field displays whether IPv6 hosts use DHCPv6 to obtain IPv6 stateful addresses (M) and/or additional configuration settings (O). Minimum Interval This field displays the minimum time interval at which the Switch sends router advertisements for this interface.
Page 78: Ipv6 Neighbor Setup
Chapter 6 Basic Setting Table 26 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Prefix Setup (continued) LABEL DESCRIPTION Preferred Lifetime Specify how long (from 0 to 4294967295 seconds) that addresses generated from the prefix via stateless address autoconfiguration remain preferred. The preferred lifetime cannot exceed the valid lifetime.
Page 79: Dhcpv6 Client Setup
Chapter 6 Basic Setting The following table describes the labels in this screen. Table 27 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure. The Switch supports the VLAN interface type for IPv6 at the time of writing.
Page 80 Chapter 6 Basic Setting Figure 43 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup The following table describes the labels in this screen. Table 28 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure.
Page 81: Vlan
H A PT ER VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 7.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
Page 82: Automatic Vlan Registration
Chapter 7 VLAN 7.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 7.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP.
Page 83: Port Vlan Trunking
Chapter 7 VLAN 7.3 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.
Page 84: Vlan Status
Chapter 7 VLAN 7.5.1 VLAN Status Section 7.1 on page 81 for more information on 802.1Q VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 46 Advanced Application > VLAN: VLAN Status The following table describes the labels in this screen.
Page 85: Vlan Details
Chapter 7 VLAN 7.5.2 VLAN Details Use this screen to view detailed port settings and status of the VLAN group. See Section 7.1 on page 81 for more information on 802.1Q VLAN. Click on an index number in the VLAN Status screen to display VLAN details.
Page 86: Configure A Static Vlan Or Private Vlan
Chapter 7 VLAN 7.5.3 Configure a Static VLAN or Private VLAN Use this screen to create 802.1Q VLAN IDs and set VLAN members for Normal (static) or Private (Primary, Isolated or Community) VLANs. You must create VLAN IDs for Private (Primary, Isolated or Community) VLANs before configuring Advanced Application >...
Page 87 Chapter 7 VLAN The following table describes the related labels in this screen. Table 32 Advanced Application > VLAN > Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 64 printable characters;...
Page 88: Configure Vlan Port Settings
Chapter 7 VLAN 7.5.4 Configure VLAN Port Settings Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. Section 7.1 on page 81 for more information on 802.1Q VLAN. Click the VLAN Port Setting link in the VLAN Status screen.
Page 89: Subnet Based Vlans
Chapter 7 VLAN Table 33 Advanced Application > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION Acceptable Frame Specify the type of frames allowed on a port. Choices are All, Tag Only and Untag Type Only. Select All from the drop-down list box to accept all untagged or tagged frames on this port.
Page 90: Configuring Subnet Based Vlan
Chapter 7 VLAN Figure 50 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 7.5.5.1 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown.
Page 91: Protocol Based Vlans
Chapter 7 VLAN The following table describes the labels in this screen. Table 34 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Setup LABEL DESCRIPTION Active Select this check box to activate this subnet based VLANs on the Switch. DHCP-Vlan When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP Override...
Page 92 Chapter 7 VLAN Note: Protocol based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. For example, ports 1, 2, 3 and 4 belong to static VLAN 100, and ports 4, 5, 6, 7 belong to static VLAN 120.
Page 93 Chapter 7 VLAN The following table describes the labels in this screen. Table 35 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Active Select this check box to activate this protocol based VLAN. Port Type a port number to be included in this protocol based VLAN.
Page 94: View Private Vlan Status
Chapter 7 VLAN Leave the priority set to 0 and click Add. Figure 54 Protocol Based VLAN Configuration Example EXAMPLE To add more ports to this protocol based VLAN. Click the index number of the protocol based VLAN entry. Click 1 Change the value in the Port field to the next port you want to add.
Page 95: Port-Based Vlan Setup
Chapter 7 VLAN The following table describes the labels in this screen. Table 36 Advanced Application > VLAN > Private VLAN Status LABEL DESCRIPTION Private VLAN These fields show information for the all private VLANs. See also Advanced Application > Status Private VLAN.
Page 96 Chapter 7 VLAN Figure 56 Advanced Application > VLAN > Port Based VLAN Setup (All Connected) The following screen shows users on a port-based, port-isolated VLAN configuration. GS3700/XGS3700 Series User’s Guide...
Page 97 Chapter 7 VLAN Figure 57 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) GS3700/XGS3700 Series User’s Guide...
Page 98 Chapter 7 VLAN The following table describes the labels in this screen. Table 37 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs.
Page 99: Static Mac Forward Setup
H A PT ER Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 8.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. 8.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table.
Page 100 Chapter 8 Static MAC Forward Setup The following table describes the labels in this screen. Table 38 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box.
Page 101: Static Multicast Forward Setup
H A PT ER Static Multicast Forward Setup Use these screens to configure static multicast address forwarding. 9.1 Static Multicast Forwarding Overview A multicast MAC address is the MAC address of a member of a multicast group. A static multicast address is a multicast MAC address that has been manually entered in the multicast table.
Page 102: Configuring Static Multicast Forwarding
Chapter 9 Static Multicast Forward Setup Figure 61 Static Multicast Forwarding to Multiple Ports 9.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown.
Page 103 Chapter 9 Static Multicast Forward Setup Table 39 Advanced Application > Static Multicast Forwarding (continued) LABEL DESCRIPTION Port Enter the port(s) where frames with destination MAC address that matched the entry above are forwarded. You can enter multiple ports separated by (no space) comma (,) or hyphen (-).
Page 104: Filtering
HAPTER Filtering This chapter discusses MAC address port filtering. 10.1 Configure a Filtering Rule Configure the Switch to filter traffic based on the traffic’s source, destination MAC addresses and/or VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.
Page 105 Chapter 10 Filtering Table 40 Advanced Application > FIltering (continued) LABEL DESCRIPTION Type a MAC address in a valid MAC address format, that is, six hexadecimal character pairs. Type the VLAN group identification number. Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory.
Page 106: Spanning Tree Protocol
HAPTER Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol •...
Page 107: How Stp Works
Chapter 11 Spanning Tree Protocol Table 41 STP Path Costs RECOMMENDED RECOMMENDED LINK SPEED ALLOWED RANGE VALUE RANGE Path Cost 1Gbps 3 to 10 1 to 65535 Path Cost 10Gbps 1 to 5 1 to 65535 On each bridge, the bridge communicates with the root through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost).
Page 108: Multiple Stp
Chapter 11 Spanning Tree Protocol In the following example, there are two RSTP instances (MRSTP1 and MRSTP2) on switch A. Figure 64 MRSTP Network Example To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree.
Page 109 Chapter 11 Spanning Tree Protocol Figure 65 STP/RSTP Network Example VLAN 1 VLAN 2 With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP.
Page 110: Spanning Tree Protocol Status Screen
Chapter 11 Spanning Tree Protocol 11.1.5.3 MST Instance An MST Instance (MSTI) is a spanning tree instance. VLANs can be configured to run on a specific MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region.
Page 111: Spanning Tree Configuration
Chapter 11 Spanning Tree Protocol Figure 69 Advanced Application > Spanning Tree Protocol This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode.
Page 112: Configure Rapid Spanning Tree Protocol
Chapter 11 Spanning Tree Protocol 11.4 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see Section 11.1 on page 106 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 71 Advanced Application >...
Page 113: Rapid Spanning Tree Protocol Status
Chapter 11 Spanning Tree Protocol Table 44 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Max Age This is the maximum time (in seconds) a switch can wait without receiving a BPDU before attempting to reconfigure. All switch ports (except for designated ports) should receive BPDUs at regular intervals.
Page 114: Configure Multiple Rapid Spanning Tree Protocol
Chapter 11 Spanning Tree Protocol Figure 72 Advanced Application > Spanning Tree Protocol > Status: RSTP The following table describes the labels in this screen. Table 45 Advanced Application > Spanning Tree Protocol > Status: RSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click RSTP to edit RSTP settings on the Switch.
Page 115 Chapter 11 Spanning Tree Protocol Figure 73 Advanced Application > Spanning Tree Protocol > MRSTP The following table describes the labels in this screen. Table 46 Advanced Application > Spanning Tree Protocol > MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen (see Figure 74 on page 117).
Page 116: Multiple Rapid Spanning Tree Protocol Status
Chapter 11 Spanning Tree Protocol Table 46 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Forwarding Delay This is the maximum time (in seconds) a switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames.
Page 117: Configure Multiple Spanning Tree Protocol
Chapter 11 Spanning Tree Protocol Figure 74 Advanced Application > Spanning Tree Protocol > Status: MRSTP The following table describes the labels in this screen. Table 47 Advanced Application > Spanning Tree Protocol > Status: MRSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MRSTP to edit MRSTP settings on the Switch.
Page 118 Chapter 11 Spanning Tree Protocol Figure 75 Advanced Application > Spanning Tree Protocol > MSTP GS3700/XGS3700 Series User’s Guide...
Page 119 Chapter 11 Spanning Tree Protocol The following table describes the labels in this screen. Table 48 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 77 on page 122).
Page 120: Multiple Spanning Tree Protocol Port Configuration
Chapter 11 Spanning Tree Protocol Table 48 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION Enabled VLAN(s) This field displays which VLAN(s) are mapped to this MST instance. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 121 Chapter 11 Spanning Tree Protocol Figure 76 Advanced Application > Spanning Tree Protocol > MSTP > Port The following table describes the labels in this screen. Table 49 Advanced Application > Spanning Tree Protocol > MSTP > Port LABEL DESCRIPTION Port This field displays the port number.
Page 122: Multiple Spanning Tree Protocol Status
Chapter 11 Spanning Tree Protocol 11.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1.5 on page 108 for more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch.
Page 123 Chapter 11 Spanning Tree Protocol Table 50 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Configuration This field displays the configuration name for this MST region.
Page 124: Bandwidth Control
HAPTER Bandwidth Control This chapter shows you how to cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Page 125 Chapter 12 Bandwidth Control Figure 78 Advanced Application > Bandwidth Control The following table describes the related labels in this screen. Table 51 Advanced Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number.
Page 126: Broadcast Storm Control
HAPTER Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 13.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Page 127 Chapter 13 Broadcast Storm Control The following table describes the labels in this screen. Table 52 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature.
Page 128: Mirroring
HAPTER Mirroring This chapter discusses port mirroring setup screens. 14.1 Port Mirroring Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. The Switch supports both local port mirroring and remote port mirroring.
Page 129 Chapter 14 Mirroring Single-Destination RMirror If the mirrored traffic is forwarded to one single destination switch, you can disable the reflector port. The Switch adds RMirror VLAN tag and forwards mirrored traffic from the mirroring port to the connected port directly. Source Intermediate Destination...
Page 130 Chapter 14 Mirroring Port Rules in Port Mirroring The following table shows the rule for a port in remote port mirroring. For example, a port on the source device can be a mirroring port in both RMirror VLAN 1 and RMirror VLAN 2. But when the port is the source device’s mirroring port in RMirror VLAN 1, it cannot be the reflector port or monitor port in another RMirror VLAN.
Page 131: Local Port Mirroring
Chapter 14 Mirroring 14.1.1 Local Port Mirroring Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 80 Advanced Application >...
Page 132: Remote Port Mirroring
Chapter 14 Mirroring Table 55 Advanced Application > Mirroring (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 133 Chapter 14 Mirroring Click the Source link in the RMirror screen. The following screen opens. Figure 82 Advanced Application > Mirroring > RMirror > Source The following table describes the labels in this screen. Table 57 Advanced Application > Mirroring > RMirror > Source LABEL DESCRIPTION RMirror VLAN ID...
Page 134: Destination
Chapter 14 Mirroring Table 57 Advanced Application > Mirroring > RMirror > Source (continued) LABEL DESCRIPTION Direction Specify the direction of the traffic to mirror by selecting from the drop-down list box. Choices are Egress (outgoing), Ingress (incoming) and Both. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 135: Connected Port
Chapter 14 Mirroring Table 58 Advanced Application > Mirroring > RMirror > Destination (continued) LABEL DESCRIPTION Tagging Select whether to add the RMirror VLAN tag to mirrored traffic on the monitor port. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring.
Page 136 Chapter 14 Mirroring The following table describes the labels in this screen. Table 59 Advanced Application > Mirroring > RMirror > Connected Port LABEL DESCRIPTION RMirror VLAN ID Select the RMirror VLAN over which the mirrored traffic is forwarded. Port This field displays the port number.
Page 137: Link Aggregation
HAPTER Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higher- bandwidth link. 15.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
Page 138: Link Aggregation Id
Chapter 15 Link Aggregation Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. 15.2.1 Link Aggregation ID LACP aggregation ID consists of the following information Table 60 Link Aggregation ID: Local Switch SYSTEM MAC ADDRESS PORT PRIORITY...
Page 139: Link Aggregation Setting
Chapter 15 Link Aggregation The following table describes the labels in this screen. Table 62 Advanced Application > Link Aggregation Status LABEL DESCRIPTION Group ID This field displays the group ID to identify a trunk group, that is, one logical link containing multiple ports.
Page 140 Chapter 15 Link Aggregation Figure 86 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen. Table 63 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID...
Page 141: Link Aggregation Control Protocol
Chapter 15 Link Aggregation Table 63 Advanced Application > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the src-dst-mac distribution type.
Page 142 Chapter 15 Link Aggregation Figure 87 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP The following table describes the labels in this screen. Table 64 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable dynamic link aggregation.
Page 143: Static Trunking Example
Chapter 15 Link Aggregation Table 64 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP (continued) LABEL DESCRIPTION LACP Active Select this option to enable LACP for a trunk. Port This field displays the port number. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Page 144 Chapter 15 Link Aggregation Figure 89 Trunking Example - Configuration Screen EXAMPLE Your trunk group 1 (T1) configuration is now complete. GS3700/XGS3700 Series User’s Guide...
Page 145: Port Authentication
HAPTER Port Authentication This chapter describes the IEEE 802.1x and MAC authentication methods. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: •...
Page 146: Mac Authentication
Chapter 16 Port Authentication Figure 90 IEEE 802.1x Authentication Process New Connection Identity Request Login Credentials Authentication Request Access Challenge Challenge Request Challenge Response Access Request Authentication Reply Session Granted/Denied 16.1.2 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials.
Page 147: Port Authentication Configuration
Chapter 16 Port Authentication Figure 91 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied 16.2 Port Authentication Configuration To enable port authentication, first activate the port authentication method(s) you want to use (both on the Switch and the port(s)), then configure the RADIUS server settings in the AAA > Radius Server Setup screen.
Page 148 Chapter 16 Port Authentication Figure 93 Advanced Application > Port Authentication > 802.1x The following table describes the labels in this screen. Table 65 Advanced Application > Port Authentication > 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch before configuring it on each port.
Page 149: Guest Vlan
Chapter 16 Port Authentication Table 65 Advanced Application > Port Authentication > 802.1x (continued) LABEL DESCRIPTION Quiet-period Specify the number of seconds the port remains in the HELD state and rejects further authentication requests from the connected client after a failed authentication exchange. Tx-period Specify the number of seconds the Switch waits for client’s response before re-sending an identity request to the client.
Page 150 Chapter 16 Port Authentication Figure 95 Advanced Application > Port Authentication > 802.1x > Guest VLAN The following table describes the labels in this screen. Table 66 Advanced Application > Port Authentication > 802.1x > Guest VLAN LABEL DESCRIPTION Port This field displays a port number.
Page 151: Activate Mac Authentication
Chapter 16 Port Authentication Table 66 Advanced Application > Port Authentication > 802.1x > Guest VLAN (continued) LABEL DESCRIPTION Multi-Secure If you set Host-mode to Multi-Secure, specify the maximum number of users (between 1 and 24) that the Switch will authenticate on this port. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 152 Chapter 16 Port Authentication Table 67 Advanced Application > Port Authentication > MAC Authentication (continued) LABEL DESCRIPTION Timeout Specify the amount of time before the Switch allows a client MAC address that fails authentication to try and authenticate again. Maximum time is 3000 seconds. When a client fails MAC authentication, its MAC address is learned by the MAC address table with a status of denied.
Page 153: Port Security
HAPTER Port Security This chapter shows you how to set up port security. 17.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 32K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 32K.
Page 154: Vlan Mac Address Limit
Chapter 17 Port Security The following table describes the labels in this screen. Table 68 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which you want to enable port security and disable MAC address learning.
Page 155 Chapter 17 Port Security Figure 98 Advanced Application > Port Security > VLAN MAC Address Limit The following table describes the labels in this screen. Table 69 Advanced Application > Port Security > VLAN MAC Address Limit LABEL DESCRIPTION Active Select this option to activate this rule.
Page 156: Classifier
HAPTER Classifier This chapter introduces and shows you how to configure the packet classifier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth.
Page 157 Chapter 18 Classifier Figure 99 Advanced Application > Classifier The following table describes the labels in this screen. Table 70 Advanced Application > Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Packet Specify the format of the packet.
Page 158 Chapter 18 Classifier Table 70 Advanced Application > Classifier (continued) LABEL DESCRIPTION Layer 2 Specify the fields below to configure a layer-2 classifier. VLAN Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided.
Page 159: Viewing And Editing Classifier Configuration
Chapter 18 Classifier Table 70 Advanced Application > Classifier (continued) LABEL DESCRIPTION Socket Note: You must select either UDP or TCP in the IP Protocol field before you configure the Number socket numbers. Select Any to apply the rule to all TCP/UDP protocol port numbers or select the second option and enter a TCP/UDP protocol port number.
Page 160: Classifier Example
Chapter 18 Classifier The following table shows some other common Ethernet types and the corresponding protocol number. Table 72 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804...
Page 161 Chapter 18 Classifier Figure 101 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 19 on page 162 for information on configuring a policy rule. GS3700/XGS3700 Series User’s Guide...
Page 162: Policy Rule
HAPTER Policy Rule This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 18 on page 156 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network.
Page 163 Chapter 19 Policy Rule Click Advanced Application > Policy Rule in the navigation panel to display the screen as shown. Figure 102 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 74 Advanced Application > Policy Rule LABEL DESCRIPTION Active...
Page 164 Chapter 19 Policy Rule Table 74 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Classifier(s) This field displays the active classifier(s) you configure in the Classifier screen. Select the classifier(s) to which this policy rule applies. To select more than one classifier, press [SHIFT] and select the choices at the same time.
Page 165: Viewing And Editing Policy Configuration
Chapter 19 Policy Rule Table 74 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Out-of-profile Select the action(s) to be performed for out-of-profile traffic. action Select Drop the packet to discard the out-of-profile traffic. Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field.
Page 166 Chapter 19 Policy Rule Figure 104 Policy Example EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 167: Queuing Method
HAPTER Queuing Method This chapter introduces the queuing methods supported. 20.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
Page 168: Weighted Round Robin Scheduling (Wrr)
Chapter 20 Queuing Method 20.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is given an amount of bandwidth irrespective of the incoming traffic on that port.
Page 169 Chapter 20 Queuing Method The following table describes the labels in this screen. Table 76 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 170: Vlan Stacking
HAPTER VLAN Stacking This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network.
Page 171: Vlan Stacking Port Roles
Chapter 21 VLAN Stacking Figure 106 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel Port (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. •...
Page 172: Frame Format
Chapter 21 VLAN Stacking Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information. SP TPID (Service Provider Tag Protocol Identifier) is the service provider VLAN stacking tag type. Many vendors use 0x8100 or 0x9100. TPID (Tag Protocol Identifier) is the customer IEEE 802.1Q tag.
Page 173 Chapter 21 VLAN Stacking Figure 107 Advanced Application > VLAN Stacking The following table describes the labels in this screen. Table 80 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the Switch. Port The port number identifies the port you are configuring.
Page 174: Port-Based Q-In-Q
Chapter 21 VLAN Stacking 21.4.1 Port-based Q-in-Q Port-based Q-in-Q lets the Switch treat all frames received on the same port as the same VLAN flows and add the same outer VLAN tag to them, even they have different customer VLAN IDs. Click Port-based QinQ in the Advanced Application >...
Page 175 Chapter 21 VLAN Stacking Click Selective QinQ in the Advanced Application > VLAN Stacking screen to display the screen as shown. Figure 109 Advanced Application > VLAN Stacking > Selective QinQ The following table describes the labels in this screen. Table 82 Advanced Application >...
Page 176 Chapter 21 VLAN Stacking Table 82 Advanced Application > VLAN Stacking > Selective QinQ (continued) LABEL DESCRIPTION Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 177: Multicast
HAPTER Multicast This chapter shows you how to configure various multicast features. 22.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
Page 178: Igmp Snooping
Chapter 22 Multicast 22.1.3 IGMP Snooping The Switch can passively snoop on IGMP packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them.
Page 179: Mld Messages
Chapter 22 Multicast one query from a router (X) or MLD Done or Report message from any upstream port, it will be broadcast to all connected upstream ports. Query Report Done 22.1.6 MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding table.
Page 180: Ipv4 Multicast Status
Chapter 22 Multicast The following table describes the labels in this screen. Table 83 Advanced Application > Multicast Setup LABEL DESCRIPTION IPv4 Multicast Click the link to open screens where you can configure IGMP snooping and IGMP filtering for IPv4. IPv6 Multicast Click the link to open screens where you can configure MLD snooping and MLD filtering for IPv6.
Page 181 Chapter 22 Multicast Figure 112 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping The following table describes the labels in this screen. Table 85 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP snooping.
Page 182 Chapter 22 Multicast Table 85 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION Reserved The IP address range of 224.0.0.0 to 224.0.0.255 are reserved for multicasting on the Multicast Group local network only. For example, 224.0.0.1 is for all hosts on a local network segment and 224.0.0.9 is used to send RIP routing information to all RIP v2 routers on the same network segment.
Page 183: Igmp Snooping Vlan
Chapter 22 Multicast Table 85 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION IGMP Filtering Select the name of the IGMP filtering profile to use for this port. Otherwise, select Profile Default to prohibit the port from joining any multicast group. You can create IGMP filtering profiles in the Multicast >...
Page 184: Igmp Filtering Profile
Chapter 22 Multicast The following table describes the labels in this screen. Table 86 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically.
Page 185 Chapter 22 Multicast Figure 114 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile The following table describes the labels in this screen. Table 87 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile LABEL DESCRIPTION...
Page 186: Ipv6 Multicast Status
Chapter 22 Multicast 22.4 IPv6 Multicast Status Click Advanced Application > Multicast > IPv6 Multicast to display the screen as shown. This screen shows the IPv6 multicast group information. See Section 22.1 on page 177 for more information on multicasting. Figure 115 Advanced Application >...
Page 187: Mld Snooping-Proxy Vlan
Chapter 22 Multicast 22.4.2 MLD Snooping-proxy VLAN Click the MLD Snooping-proxy link and then the VLAN link in the Advanced Application > Multicast > IPv6 Multicast screen to display the screen as shown. See Section 22.1 on page 177 for more information on multicasting. Figure 117 Advanced Application >...
Page 188: Mld Snooping-Proxy Vlan Port Role Setting
Chapter 22 Multicast Table 90 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN LABEL DESCRIPTION Robustness Enter the number of queries. A multicast address entry (learned only on an upstream port Variable by snooping) is removed from the forwarding table when there is no response to the configured number of queries sent by the router connected to the upstream port.
Page 189 Chapter 22 Multicast Figure 118 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting The following table describes the labels in this screen. Table 91 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting LABEL DESCRIPTION...
Page 190: Mld Snooping-Proxy Filtering
Chapter 22 Multicast Table 91 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting (continued) LABEL DESCRIPTION Leave Timeout Enter the MLD snooping normal leave timeout (in milliseconds) the Switch uses to update the forwarding table for the specified downstream port(s).
Page 191: Mld Snooping-Proxy Filtering Profile
Chapter 22 Multicast The following table describes the labels in this screen. Table 92 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering LABEL DESCRIPTION Active Select this option to enable MLD filtering on the Switch. Port This field displays the port number.
Page 192: Mvr Overview
Chapter 22 Multicast The following table describes the labels in this screen. Table 93 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range.
Page 193: Types Of Mvr Ports
Chapter 22 Multicast Figure 121 MVR Network Example VLAN 1 Multicast VLAN VLAN 2 VLAN 3 22.5.1 Types of MVR Ports In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic.
Page 194: General Mvr Configuration
Chapter 22 Multicast Figure 122 MVR Multicast Television Example VLAN 1 Multicast VLAN 22.6 General MVR Configuration Use the MVR screen to create multicast VLANs and select the receiver port(s) and a source port for each multicast VLAN. Click Advanced Application > Multicast > Multicast Setup > MVR to display the screen as shown next.
Page 195 Chapter 22 Multicast Figure 123 Advanced Application > Multicast > Multicast Setup > MVR The following table describes the related labels in this screen. Table 94 Advanced Application > Multicast > Multicast Setting > MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one single multicast VLAN to be shared among different subscriber VLANs on the network.
Page 196: Mvr Group Configuration
Chapter 22 Multicast Table 94 Advanced Application > Multicast > Multicast Setting > MVR (continued) LABEL DESCRIPTION Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Page 197 Chapter 22 Multicast Figure 124 Advanced Application > Multicast > Multicast Setup > MVR > Group Configuration The following table describes the labels in this screen. Table 95 Advanced Application > Multicast > Multicast Setup > MVR > Group Configuration LABEL DESCRIPTION Multicast VLAN...
Page 198: Mvr Configuration Example
Chapter 22 Multicast 22.6.2 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the Switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S.
Page 199 Chapter 22 Multicast Figure 127 MVR Group Configuration Example EXAMPLE Figure 128 MVR Group Configuration Example EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 200: Aaa
HAPTER This chapter describes how to configure authentication, authorization and accounting settings on the Switch. 23.1 Authentication, Authorization and Accounting (AAA) Authentication is the process of determining who a user is and validating access to the Switch. The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.
Page 201: Radius And Tacacs
Chapter 23 AAA 23.1.2 RADIUS and TACACS+ RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device.
Page 202 Chapter 23 AAA Figure 131 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen. Table 97 Advanced Application > AAA > RADIUS Server Setup LABEL DESCRIPTION Authentication Use this section to configure your RADIUS authentication settings. Server Mode This field only applies if you configure multiple RADIUS servers.
Page 203: Tacacs+ Server Setup
Chapter 23 AAA Table 97 Advanced Application > AAA > RADIUS Server Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 204 Chapter 23 AAA Figure 132 Advanced Application > AAA > TACACS+ Server Setup The following table describes the labels in this screen. Table 98 Advanced Application > AAA > TACACS+ Server Setup LABEL DESCRIPTION Authentication Use this section to configure your TACACS+ authentication settings. Server Mode This field is only valid if you configure multiple TACACS+ servers.
Page 205: Aaa Setup
Chapter 23 AAA Table 98 Advanced Application > AAA > TACACS+ Server Setup (continued) LABEL DESCRIPTION Delete Check this box if you want to remove an existing TACACS+ server entry from the Switch. This entry is deleted when you click Apply. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 206 Chapter 23 AAA Figure 133 Advanced Application > AAA > AAA Setup The following table describes the labels in this screen. Table 99 Advanced Application > AAA > AAA Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch. Privilege Enable These fields specify which database the Switch should use (first, second and third) to authenticate access privilege level for administrator accounts (users for Switch...
Page 207 Chapter 23 AAA Table 99 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers.
Page 208: Vendor Specific Attribute
Chapter 23 AAA Table 99 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Mode The Switch supports two modes of recording login events. Select: • start-stop - to have the Switch send information to the accounting server when a user begins a session, during a user’s session (if it lasts past the Update Period), and when a user ends a session.
Page 209: Tunnel Protocol Attribute
Chapter 23 AAA The following table describes the VSAs supported on the Switch. Note that these attributes only work when you enable authorization (see Section 23.2.3 on page 205). Table 100 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 Assignment Vendor-Type = 1 ingress rate (Kbps in decimal format)
Page 210: Attributes Used For Authentication
Chapter 23 AAA Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified.
Page 211 Chapter 23 AAA 23.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time 23.3.2.2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent (the difference between Console and Telnet/SSH Exec events is that the Telnet/SSH events utilize the Calling- Station-Id attribute):...
Page 212 Chapter 23 AAA 23.3.2.3 Attributes Used for Accounting IEEE 802.1x Events The attributes are listed in the following table along with the time of the session they are sent: Table 104 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name...
Page 213: Ip Source Guard
HAPTER IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 24.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: •...
Page 214 Chapter 24 IP Source Guard Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns dynamic bindings from trusted ports. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
Page 215: Arp Inspection Overview
Chapter 24 IP Source Guard 24.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: •...
Page 216 Chapter 24 IP Source Guard • It pretends to be computer A and responds to computer B. • It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X.
Page 217: Ip Source Guard
Chapter 24 IP Source Guard 24.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings).
Page 218 Chapter 24 IP Source Guard Figure 137 IP Source Guard > Static Binding The following table describes the labels in this screen. Table 106 IP Source Guard > Static Binding LABEL DESCRIPTION ARP Freeze ARP Freeze allows you to automatically create static bindings from the current ARP entries (either dynamically learned or static ARP entries) until the Switch’s binding table is full.
Page 219: Dhcp Snooping
Chapter 24 IP Source Guard Table 106 IP Source Guard > Static Binding (continued) LABEL DESCRIPTION Port Specify the port(s) in the binding. If this binding has one port, select the first radio button and enter the port number in the field to the right. If this binding applies to all ports, select Any.
Page 220 Chapter 24 IP Source Guard Figure 138 IP Source Guard > DHCP Snooping The following table describes the labels in this screen. Table 107 IP Source Guard > DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database. You can configure them in the DHCP Snooping Configure screen.
Page 221 Chapter 24 IP Source Guard Table 107 IP Source Guard > DHCP Snooping (continued) LABEL DESCRIPTION Agent running This field displays the status of the current update or access of the DHCP snooping database. none: The Switch is not accessing the DHCP snooping database. read: The Switch is loading dynamic bindings from the DHCP snooping database.
Page 222: Dhcp Snooping Configure
Chapter 24 IP Source Guard Table 107 IP Source Guard > DHCP Snooping (continued) LABEL DESCRIPTION Parse failures This field displays the number of bindings the Switch ignored because the Switch was unable to understand the binding in the DHCP binding database. Expired leases This field displays the number of bindings the Switch ignored because the lease time had already expired.
Page 223 Chapter 24 IP Source Guard Figure 139 IP Source Guard > DHCP Snooping > Configure The following table describes the labels in this screen. Table 108 IP Source Guard > DHCP Snooping > Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLAN and specify trusted ports.
Page 224: Dhcp Snooping Port Configure
Chapter 24 IP Source Guard Table 108 IP Source Guard > DHCP Snooping > Configure (continued) LABEL DESCRIPTION Renew DHCP Enter the location of a DHCP snooping database, and click Renew if you want the Snooping URL Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL.
Page 225: Dhcp Snooping Vlan Configure
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 109 IP Source Guard > DHCP Snooping Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports.
Page 226: Dhcp Snooping Vlan Port Configure
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 110 IP Source Guard > DHCP Snooping VLAN Configure LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below.
Page 227: Arp Inspection Status
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 111 IP Source Guard > DHCP Snooping VLAN Port Configure LABEL DESCRIPTION Enter the ID number of the VLAN you want to configure here. Port Enter the number of port(s) to which you want to apply the specified DHCP option 82 profile.
Page 228: Arp Inspection Vlan Status
Chapter 24 IP Source Guard Figure 143 IP Source Guard > ARP Inspection Status The following table describes the labels in this screen. Table 112 IP Source Guard > ARP Inspection Status LABEL DESCRIPTION Total number of This field displays the current number of MAC address filters that were created because filters the Switch identified unauthorized ARP packets.
Page 229: Arp Inspection Log Status
Chapter 24 IP Source Guard Figure 144 IP Source Guard > ARP Inspection VLAN Status The following table describes the labels in this screen. Table 113 IP Source Guard > ARP Inspection VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VLANs you want to look at in the section below. Enabled VLAN Select this to look at all the VLANs on which ARP inspection is enabled in the section below.
Page 230 Chapter 24 IP Source Guard Figure 145 IP Source Guard > ARP Inspection Log Status The following table describes the labels in this screen. Table 114 IP Source Guard > ARP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet.
Page 231: Arp Inspection Configure
Chapter 24 IP Source Guard 24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application >...
Page 232: Arp Inspection Port Configure
Chapter 24 IP Source Guard Table 115 IP Source Guard > ARP Inspection Configure (continued) LABEL DESCRIPTION Syslog rate Type the maximum number of syslog messages the Switch can send to the syslog server in one batch. This number is expressed as a rate because the batch frequency is determined by the Log Interval.
Page 233: Arp Inspection Vlan Configure
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 116 IP Source Guard > ARP Inspection Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports.
Page 234 Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 117 IP Source Guard > ARP Inspection VLAN Configure LABEL DESCRIPTION VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below.
Page 235: Loop Guard
HAPTER Loop Guard This chapter shows you how to configure the Switch to guard against loops on the edge of your network. 25.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
Page 236 Chapter 25 Loop Guard Figure 150 Switch in Loop State The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop state. This is accomplished by periodically sending a probe packet and seeing if the packet returns on the same port.
Page 237: Loop Guard Setup
Chapter 25 Loop Guard 25.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled.
Page 238: Vlan Mapping
HAPTER VLAN Mapping This chapter shows you how to configure VLAN mapping on the Switch. 26.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network. The Switch checks incoming traffic from the switch ports (non-management ports) against the VLAN mapping table first, the MAC learning table and then the VLAN table before forwarding them through the Gigabit uplink port.
Page 239: Configuring Vlan Mapping
Chapter 26 VLAN Mapping Figure 155 VLAN Mapping The following table describes the labels in this screen. Table 119 VLAN Mapping LABEL DESCRIPTION Active Select this option to enable VLAN mapping on the Switch. Port This field displays the port number. Use this row to make the setting the same for all ports.
Page 240 Chapter 26 VLAN Mapping Figure 156 VLAN Mapping Configuration The following table describes the labels in this screen. Table 120 VLAN Mapping Configuration LABEL DESCRIPTION Active Check this box to activate this rule. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. Port Type a port to be included in this rule.
Page 241: Layer 2 Protocol Tunneling
HAPTER Layer 2 Protocol Tunneling This chapter shows you how to configure layer-2 protocol tunneling on the Switch. 27.1 Layer 2 Protocol Tunneling Overview Layer-2 protocol tunneling (L2PT) is used on the service provider's edge devices. L2PT allows edge switches (1 and 2 in the following figure) to tunnel layer-2 STP (Spanning Tree Protocol), CDP (Cisco Discovery Protocol) and VTP (VLAN Trunking Protocol) packets between customer switches (A, B and C in the following figure) connected through the service provider’s network.
Page 242: Layer-2 Protocol Tunneling Mode
Chapter 27 Layer 2 Protocol Tunneling Figure 158 L2PT Network Example Service Provider's Network 27.1.1 Layer-2 Protocol Tunneling Mode Each port can have two layer-2 protocol tunneling modes, Access and Tunnel. • The Access port is an ingress port on the service provider's edge device (1 or 2 in Figure 158 on page 242) and connected to a customer switch (A or B).
Page 243 Chapter 27 Layer 2 Protocol Tunneling Figure 159 Advanced Application > Layer 2 Protocol Tunneling The following table describes the labels in this screen. Table 121 Advanced Application > Layer 2 Protocol Tunneling LABEL DESCRIPTION Active Select this to enable layer-2 protocol tunneling on the Switch. Destination Specify an MAC address with which the Switch uses to encapsulate the layer-2 protocol MAC Address...
Page 244 Chapter 27 Layer 2 Protocol Tunneling Table 121 Advanced Application > Layer 2 Protocol Tunneling (continued) LABEL DESCRIPTION Point to Point The Switch supports PAgP (Port Aggregation Protocol), LACP (Link Aggregation Control Protocol) and UDLD (UniDirectional Link Detection) tunneling for a point-to-point topology. Both PAgP and UDLD are Cisco’s proprietary data link layer protocols.
Page 245: Sflow
HAPTER sFlow This chapter shows you how to configure sFlow to have the Switch monitor traffic in a network and send information to an sFlow collector for analysis. 28.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded on a switch or router gets sample data and packet statistics from traffic forwarded through its ports.
Page 246 Chapter 28 sFlow Figure 161 Advanced Application > sFlow The following table describes the labels in this screen. Table 122 Advanced Application > sFlow LABEL DESCRIPTION Active Select this to enable the sFlow agent on the Switch. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 247: Sflow Collector Configuration
Chapter 28 sFlow Table 122 Advanced Application > sFlow (continued) LABEL DESCRIPTION Collector Enter the IP address of the sFlow collector. Address Note: You must have the sFlow collector already configured in the sFlow > Collector screen. The sFlow collector does not need to be in the same subnet as the Switch, but it must be accessible from the Switch.
Page 248 Chapter 28 sFlow Table 123 Advanced Application > sFlow > Collector (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the fields to your previous configuration. Clear Click Clear to reset the fields to the factory defaults. Index This field displays the index number of this entry. Click on an index number to change the settings.
Page 249: Pppoe
HAPTER PPPoE This chapter describes how the Switch gives a PPPoE termination server additional information that the server can use to identify and authenticate a PPPoE client. 29.1 PPPoE Intermediate Agent Overview A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients. It helps the PPPoE server identify and authenticate clients by adding subscriber line specific information to PPPoE discovery packets from clients on a per-port or per-port-per-VLAN basis before forwarding them to the PPPoE server.
Page 250: Port State
Chapter 29 PPPoE Table 126 PPPoE IA Remote ID Sub-option Format SubOpt Length Value 0x02 MAC Address or String (1 byte) (1 byte) (63 bytes) The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent Remote ID sub-option.
Page 251: The Pppoe Screen
Chapter 29 PPPoE Trusted ports are connected to PPPoE servers. • If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session-confirmation), or PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE server and received on a trusted port, the Switch forwards it to all other ports. •...
Page 252 Chapter 29 PPPoE Figure 164 Advanced Application > PPPoE > Intermediate Agent The following table describes the labels in this screen. Table 129 Advanced Application > PPPoE > Intermediate Agent LABEL DESCRIPTION Active Select this option to enable the PPPoE intermediate agent globally on the Switch. access-node- Enter up to 20 ASCII characters to identify the PPPoE intermediate agent.
Page 253: Pppoe Ia Per-Port
Chapter 29 PPPoE Table 129 Advanced Application > PPPoE > Intermediate Agent (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 254: Pppoe Ia Per-Port Per-Vlan
Chapter 29 PPPoE Table 130 Advanced Application > PPPoE > Intermediate Agent > Port (continued) LABEL DESCRIPTION Server Trusted Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). State Trusted ports are uplink ports connected to PPPoE servers. •...
Page 255 Chapter 29 PPPoE Figure 166 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN The following table describes the labels in this screen. Table 131 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN LABEL DESCRIPTION Show Port Enter a port number to show the PPPoE Intermediate Agent settings for the specified VLAN(s) on the port.
Page 256: Pppoe Ia For Vlan
Chapter 29 PPPoE 29.3.3 PPPoE IA for VLAN Use this screen to set whether the PPPoE Intermediate Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown.
Page 257: Error Disable
HAPTER Error Disable This chapter shows you how to configure the rate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error.
Page 258: Error-Disable Status
Chapter 30 Error Disable Advanced Application > Errdisable Figure 168 30.4 Error-Disable Status Use this screen to view whether the Switch detected that control packets exceeded the rate limit configured for a port and related information. Click the Click here link next to Errdisable Status in the Advanced Application >...
Page 259: Cpu Protection Configuration
Chapter 30 Error Disable The following table describes the labels in this screen. Table 133 Advanced Application > Errdisable > Errdisable Status LABEL DESCRIPTION Inactive-reason mode reset Port List Enter the number of the port(s) (separated by a comma) on which you want to reset inactive-reason status.
Page 260: Error-Disable Detect Configuration
Chapter 30 Error Disable Figure 170 Advanced Application > Errdisable > CPU protection The following table describes the labels in this screen. Table 134 Advanced Application > Errdisable > CPU protection LABEL DESCRIPTION Reason Select the type of control packet you want to configure here. Port This field displays the port number.
Page 261: Error-Disable Recovery Configuration
Chapter 30 Error Disable Figure 171 Advanced Application > Errdisable > Errdisable Detect The following table describes the labels in this screen. Table 135 Advanced Application > Errdisable > Errdisable Detect LABEL DESCRIPTION Cause This field displays the types of control packet that may cause CPU overload. Use this row to make the setting the same for all entries.
Page 262 Chapter 30 Error Disable Figure 172 Advanced Application > Errdisable > Errdisable Recovery The following table describes the labels in this screen. Table 136 Advanced Application > Errdisable > Errdisable Recovery LABEL DESCRIPTION Active Select this option to turn on the error-disable recovery function on the Switch. Reason This field displays the supported features that allow the Switch to shut down a port or discard packets on a port according to the feature requirements and what action you...
Page 263: Mac Pinning
HAPTER MAC Pinning This chapter shows you how to configure MAC pinning on the Switch. 31.1 MAC Pinning Overview When the Switch obtains a connected device’s MAC address, it adds an entry in the MAC address forwarding table and uses the table to determine how to forward frames. In addition to the source MAC address of a received frame, the Switch also learns the VLAN to which the device belongs and the port on which the frame is received.
Page 264 Chapter 31 MAC Pinning Figure 173 Advanced Application > MAC Pinning The following table describes the labels in this screen. Table 137 Advanced Application > MAC Pinning LABEL DESCRIPTION Active Select this option to turn on the MAC pinning function on the Switch. Port This field displays the port number.
Page 265: Private Vlan
HAPTER Private VLAN 32.1 Private VLAN Overview Use private VLAN if you want you to block traffic between ports in the same VLAN. Community and Isolated VLANs are secondary private VLANs that must be associated with a Primary private VLAN. •...
Page 266 Chapter 32 Private VLAN Table 138 PVLAN Graphic Key (continued) LABEL DESCRIPTION C-VLAN 101 Community private VLAN I-VLAN 102 Isolated private VLAN Tagged Private VLANs can span switches but trunking ports must be VLAN-trunking ports - see Advanced > VLAN > VLAN Port Setting. Table 139 Spanning PVLAN Graphic Key LABEL DESCRIPTION...
Page 267: Configuration
Chapter 32 Private VLAN Note: Isolation in VLAN > VLAN Port Setting (see Section 7.5.4 on page 88) has a higher priority than private VLAN settings, so promiscuous ports with Isolation in VLAN > VLAN Port Setting enabled will not be able to communicate with each other.
Page 268 Chapter 32 Private VLAN The following table describes the labels in this screen. Table 140 Advanced Application > Private VLAN LABEL DESCRIPTION Port Use the * row to make the setting the same for all entries. Use this row first and then make adjustments to each entry if necessary.
Page 269: Green Ethernet
HAPTER Green Ethernet This chapter shows you how to configure the Switch to reduce the power consumed by switch ports. 33.1 Green Ethernet Overview Green Ethernet reduces switch port power consumption in the following ways. • IEEE 802.3az Energy Efficient Ethernet (EEE) If EEE is enabled, both sides of a link support EEE and there is no traffic, the port enters Low Power Idle (LPI) mode.
Page 270 Chapter 33 Green Ethernet Figure 175 Advanced Application > Green Ethernet The following table describes the labels in this screen. Table 141 Advanced Application > Green Ethernet LABEL DESCRIPTION Select this to activate Energy Efficient Ethernet globally. Auto Power Down Select this to activate Auto Power Down globally.
Page 271: Link Layer Discovery Protocol (Lldp)
HAPTER Link Layer Discovery Protocol (LLDP) 34.1 LLDP Overview The LLDP (Link Layer Discovery Protocol) is a layer 2 protocol. It allows a network device to advertise its identity and capabilities on the local network. It also allows the device to maintain and store information from adjacent devices which are directly connected to the network device.
Page 272: Lldp-Med Overview
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 176 LLDP Overview 34.2 LLDP-MED Overview LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) is an extension to the standard LLDP developed by the Telecommunications Industry Association (TIA) TR-41.4 subcommittee which defines the enhanced discovery capabilities, such as VoIP applications, to enable network administrators manage their network topology application more efficiently.
Page 273: Lldp Screens
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 177 LLDP-MED Overview 34.3 LLDP Screens Click Advanced Application > LLDP in the navigation panel to display the screen as shown next. Figure 178 Advanced Application > LLDP The following table describes the labels in this screen. Table 142 Advanced Application >...
Page 274: Lldp Local Status
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 142 Advanced Application > LLDP (continued) LABEL DESCRIPTION LLDP Click here to show a screen to configure LLDP parameters. Configuration LLDP-MED LLDP-MED Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for Configuration Media Endpoint Devices) parameters.
Page 275 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 179 Advanced Application > LLDP > LLDP Local Status The following table describes the labels in this screen. Table 143 Advanced Application > LLDP > LLDP Local Status LABEL DESCRIPTION Basic TLV Chassis ID TLV This displays the chassis ID of the local Switch, that is the Switch you’re configuring.
Page 276: Lldp Local Port Status Detail
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 143 Advanced Application > LLDP > LLDP Local Status LABEL DESCRIPTION Management The Management Address TLV identifies an address associated with the local LLDP agent Address TLV that may be used to reach higher layer entities to assist discovery by network management.
Page 277 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 180 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (Basic TLV) GS3700/XGS3700 Series User’s Guide...
Page 278 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 181 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (MED TLV) GS3700/XGS3700 Series User’s Guide...
Page 279 Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 144 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail LABEL DESCRIPTION Basic TLV These are the Basic TLV flags Port ID TLV The port ID TLV identifies the specific port that transmitted the LLDP frame.
Page 280: Lldp Remote Status
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 144 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail LABEL DESCRIPTION Network Policy This displays a network policy for the specified application. • Voice • Voice-Signaling •...
Page 281: Lldp Remote Port Status Detail
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 145 Advanced Application > LLDP > LLDP Remote Status LABEL DESCRIPTION System Name This displays the system name of the remote device. Management This displays the management address of the remote device. It could be the MAC Address address or IP address.
Page 282 Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in Basic TLV part of the screen. Table 146 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Basic TLV) LABEL DESCRIPTION Basic TLV Chassis ID TLV •...
Page 283 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 184 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail> (Dot 1 and Dot3 TLV) The following table describes the labels in the Dot1 and Dot3 parts of the screen. Table 147 Advanced Application >...
Page 284 Chapter 34 Link Layer Discovery Protocol (LLDP) Table 147 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Dot1 and Dot3 TLV) LABEL DESCRIPTION Protocol The Protocol Identity TLV allows the Switch to advertise the particular protocols that are Identity TLV accessible through its port.
Page 285 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 185 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) GS3700/XGS3700 Series User’s Guide...
Page 286 Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in the MED TLV part of the screen. Table 148 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) LABEL DESCRIPTION MED TLV LLDP Media Endpoint Discovery (MED) is an extension of LLDP that provides additional...
Page 287: Lldp Configuration
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 148 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) LABEL DESCRIPTION Inventory TLV The majority of IP Phones lack support of management protocols such as SNMP, so LLDP- MED inventory TLVs are used to provide their inventory information to the Network Connectivity Devices such as the Switch.
Page 288 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 186 Advanced Application > LLDP > LLDP Configuration The following table describes the labels in this screen. Table 149 Advanced Application > LLDP > LLDP Configuration LABEL DESCRIPTION Active Select to enable LLDP on the Switch. It is enabled by default. Transmit Interval Enter how many seconds the Switch waits before sending LLDP packets.
Page 289: Lldp Configuration Basic Tlv Setting
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 149 Advanced Application > LLDP > LLDP Configuration LABEL DESCRIPTION Admin Status Select whether LLDP transmission and/or reception is allowed on this port. • Disable - not allowed • Tx-Only - transmit only •...
Page 290: Lldp Configuration Basic Org-Specific Tlv Setting
Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 150 Advanced Application > LLDP > LLDP Configuration > Basic TLV Setting LABEL DESCRIPTION Port This displays the port number on which you’re configuring LLDP. Select check boxes in the * row to configure all ports simultaneously.
Page 291: Lldp-Med Configuration
Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 151 Advanced Application > LLDP > LLDP Configuration > Org-specific TLV Setting LABEL DESCRIPTION Port This displays the port number on which you’re configuring LLDP. Select check boxes in the * row to configure all ports simultaneously.
Page 292: Lldp-Med Network Policy
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 189 Advanced Application > LLDP > LLDP-MED Configuration The following table describes the labels in this screen. Table 152 Advanced Application > LLDP > LLDP-MED Configuration LABEL DESCRIPTION Port This displays the port number on which you’re configuring LLDP-MED. Select * to configure all ports simultaneously.
Page 293 Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 190 Advanced Application > LLDP > LLDP-MED Network Policy The following table describes the labels in this screen. Table 153 Advanced Application > LLDP > LLDP-MED Network Policy LABEL DESCRIPTION Port Enter the port number to set up the LLDP-MED network policy. Application Type Select the type of application used in the network policy.
Page 294: Lldp-Med Location
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 153 Advanced Application > LLDP > LLDP-MED Network Policy LABEL DESCRIPTION Delete Check the rules that you want to remove in the delete column, then click the Delete button. Cancel Click Cancel to clear the selected checkboxes in the Delete column. 34.9 LLDP-MED Location Click Advanced Application >...
Page 295 Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 154 Advanced Application > LLDP > LLDP-MED Location LABEL DESCRIPTION Port Enter the port number you want to set up the location within the LLDP-MED network. Location The LLDP-MED uses geographical coordinates and Civic Address to set the location Coordinates...
Page 296 Chapter 34 Link Layer Discovery Protocol (LLDP) Table 154 Advanced Application > LLDP > LLDP-MED Location LABEL DESCRIPTION ELIN Number Enter a numerical digit string, corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The valid length is from 10 characters to 25 characters.
Page 297: Static Route
HAPTER Static Route This chapter shows you how to configure static routes. 35.1 Static Routing Overview The Switch usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Switch send data to devices not reachable through the default gateway, use static routes.
Page 298: Configuring Ipv4 Static Routing
Chapter 35 Static Route Figure 193 IP Application > Static Routing 35.3 Configuring IPv4 Static Routing Click the link next to IPv4 Static Route in the IP Application > Static Routing screen to display the screen as shown. Figure 194 IP Application > Static Routing > IPv4 Static Route The following table describes the related labels you use to create a static route.
Page 299: Configuring Ipv6 Static Routing
Chapter 35 Static Route Table 155 IP Application > Static Routing > IPv4 Static Route (continued) LABEL DESCRIPTION Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link.
Page 300 Chapter 35 Static Route Figure 195 IP Application > Static Routing > IPv6 Static Route The following table describes the related labels you use to create a static route. Table 156 IP Application > Static Routing > IPv6 Static Route LABEL DESCRIPTION Route...
Page 301: Policy Routing
HAPTER Policy Routing This chapter shows you how to configure policy routing rules. 36.1 Policy Route Overview Traditionally, routing is based on the destination address only and the Switch takes the shortest path to forward a packet. Policy routing provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 302: Policy Routing Rule Configuration
Chapter 36 Policy Routing Figure 196 IP Application > Policy Routing The following table describes the labels in this screen. Table 157 IP Application > Policy Routing LABEL DESCRIPTION Active This field allows you to activate/deactivate this policy routing profile and rules in the profile. Profile Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Page 303 Chapter 36 Policy Routing Click Rule Configuration in the IP Application > Policy Routing screen to display the screen as shown. Figure 197 IP Application > Policy Routing > Rule Configuration The following table describes the labels in this screen. Table 158 IP Application >...
Page 304 Chapter 36 Policy Routing Table 158 IP Application > Policy Routing > Rule Configuration (continued) LABEL DESCRIPTION Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 305: Differentiated Services
HAPTER Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 37.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Page 306: Two Rate Three Color Marker Traffic Policing
Chapter 37 Differentiated Services various traffic policies to the traffic flows. For example, one traffic policy would be to give higher drop precedence to one traffic flow over others. In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network.
Page 307: Trtcm - Color-Blind Mode
Chapter 37 Differentiated Services 37.2.1 TRTCM - Color-blind Mode All packets are evaluated against the PIR. If a packet exceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green.
Page 308: Configuring 2-Rate 3 Color Marker Settings
Chapter 37 Differentiated Services Figure 202 IP Application > DiffServ The following table describes the labels in this screen. Table 159 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch. Port This field displays the index number of a port on the Switch. Settings in this row apply to all ports.
Page 309 Chapter 37 Differentiated Services Figure 203 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen. Table 160 IP Application > DiffServ > 2-rate 3 Color Marker LABEL DESCRIPTION Active Select this to activate TRTCM (Two Rate Three Color Marker) on the Switch. The Switch evaluates and marks the packets based on the TRTCM settings.
Page 310: Dscp Profile
Chapter 37 Differentiated Services Table 160 IP Application > DiffServ > 2-rate 3 Color Marker (continued) LABEL DESCRIPTION DSCP Select a pre-defined DSCP profile. The Switch assigns the DSCP values defined in the profile to packets based on the color they are marked via TRTCM. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 311: Dscp-To-Ieee 802.1P Priority Settings
Chapter 37 Differentiated Services Table 161 IP Application > DiffServ > 2-rate 3 Color Marker > DSCP Profile (continued) LABEL DESCRIPTION Yellow This field displays the DSCP value to use for packets with medium packet loss priority. This field displays the DSCP value to use for packets with high packet loss priority. Delete Profile Select the entry(ies) that you want to remove in the Delete Profile column.
Page 312 Chapter 37 Differentiated Services The following table describes the labels in this screen. Table 163 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the Switch’s run-time memory.
Page 313: Dhcp
HAPTER DHCP This chapter shows you how to configure the DHCP feature. 38.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the Switch as a DHCP server or a DHCP relay agent.
Page 314: Dhcpv4 Status
Chapter 38 DHCP and create option 82 profiles. Click the link next to DHCPv6 to open a screen where you can configure DHCPv6 relay settings. Figure 206 IP Application > DHCP 38.3 DHCPv4 Status Click IP Application > DHCP > DHCPv4 in the navigation panel. The DHCP Status screen displays.
Page 315: Dhcpv4 Relay
Chapter 38 DHCP Figure 208 IP Application > DHCP > DHCPv4 > Server Status Detail The following table describes the labels in this screen. Table 165 IP Application > DHCP > DHCPv4 > Server Status Detail LABEL DESCRIPTION Start IP Address This field displays the starting IP address of the IP address pool configured for this DHCP server instance.
Page 316: Dhcpv4 Relay Agent Information
Chapter 38 DHCP The Switch can be configured as a global DHCP relay. This means that the Switch forwards all DHCP requests from all domains to the same DHCP server. You can also configure the Switch to relay DHCP information based on the VLAN membership of the DHCP clients. 38.4.1 DHCPv4 Relay Agent Information The Switch can add information about the source of client DHCP requests that it relays to a DHCP server by adding Relay Agent Information.
Page 317 Chapter 38 DHCP Figure 209 IP Application > DHCP > DHCPv4 > Option 82 Profile The following table describes the labels in this screen. Table 169 IP Application > DHCP > DHCPv4 > Option 82 Profile LABEL DESCRIPTION Name Enter a descriptive name for the profile for identification purposes. You can use up to 32 ASCII characters.
Page 318: Configuring Dhcpv4 Global Relay
Chapter 38 DHCP Table 169 IP Application > DHCP > DHCPv4 > Option 82 Profile (continued) LABEL DESCRIPTION Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 319: Dhcpv4 Global Relay Port Configure
Chapter 38 DHCP Table 170 IP Application > DHCP > DHCPv4 > Global (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 320: Global Dhcp Relay Configuration Example
Chapter 38 DHCP Table 171 IP Application > DHCP > DHCPv4 > Global > Port (continued) LABEL DESCRIPTION Profile Name This field displays the DHCP option 82 profile that the Switch applies to the port(s). Delete Select the entry(ies) that you want to remove in the Delete column, then click the Delete button to remove the selected entry(ies) from the table.
Page 321: Configuring Dhcp Vlan Settings
Chapter 38 DHCP 38.5 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP > DHCPv4 in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.
Page 322: Dhcpv4 Vlan Port Configure
Chapter 38 DHCP Table 172 IP Application > DHCP > DHCPv4 > VLAN (continued) LABEL DESCRIPTION Size of Client Specify the size, or count of the IP address pool. The Switch can issue from 1 to 253 IP IP Pool addresses to DHCP clients.
Page 323 Chapter 38 DHCP Figure 215 IP Application > DHCP > DHCPv4 > VLAN > Port The following table describes the labels in this screen. Table 173 IP Application > DHCP > DHCPv4 > VLAN > Port LABEL DESCRIPTION Enter the ID number of the VLAN you want to configure here. Port Enter the number of port(s) to which you want to apply the specified DHCP option 82 profile.
Page 324: Example: Dhcp Relay For Two Vlans
Chapter 38 DHCP 38.5.2 Example: DHCP Relay for Two VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.168.1.100.
Page 325: Dhcpv6 Relay
Chapter 38 DHCP 38.6 DHCPv6 Relay A DHCPv6 relay agent is on the same network as the DHCPv6 clients and helps forward messages between the DHCPv6 server and clients. When a client cannot use its link-local address and a well- known multicast address to locate a DHCPv6 server on its network, it then needs a DHCPv6 relay agent to send a message to a DHCPv6 server that is not attached to the same network.
Page 326 Chapter 38 DHCP Table 174 IP Application > DHCP > DHCPv6 (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to reset the fields to the factory defaults. This field displays the VLAN ID number. Click the VLAN ID to change the settings. Helper Address This field displays the IPv6 address of the remote DHCPv6 server for this VLAN.
Page 327: Vrrp
HAPTER VRRP This chapter shows you how to configure and monitor the Virtual Router Redundancy Protocol (VRRP) on the Switch. 39.1 VRRP Overview Each host on a network is configured to send packets to a statically configured default gateway (this Switch). The default gateway can become a single point of failure. Virtual Router Redundancy Protocol (VRRP), defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.
Page 328: Vrrp Status
Chapter 39 VRRP 39.2 VRRP Status Click IP Application > VRRP in the navigation panel to display the VRRP Status screen as shown next. Figure 220 IP Application > VRRP Status The following table describes the labels in this screen. Table 175 IP Application >...
Page 329 Chapter 39 VRRP Click IP Application, VRRP and click the Configuration link to display the VRRP Configuration screen as shown next. Note: You can only configure VRRP on interfaces with unique VLAN IDs. Note: Routing domains with the same VLAN ID are not displayed in the table indicated. Figure 221 IP Application >...
Page 330: Vrrp Parameters
Chapter 39 VRRP Table 176 IP Application > VRRP Configuration: IP Interface (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 331 Chapter 39 VRRP Figure 222 IP Application > VRRP Configuration: VRRP Parameters The following table describes the labels in this screen. Table 177 IP Application > VRRP Configuration: VRRP Parameters LABEL DESCRIPTION Active Select this option to enable this VRRP entry. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Page 332: Viewing Vrrp Summary
Chapter 39 VRRP 39.3.4 Viewing VRRP Summary View the VRRP configuration summary at the bottom of the screen. Figure 223 IP Application > VRRP Configuration: Summary The following table describes the labels in this screen. Table 178 IP Application > VRRP Configuration: Summary LABEL DESCRIPTION Index...
Page 333 Chapter 39 VRRP Figure 224 VRRP Configuration Example: One Virtual Router Network 172.16.1.1 172.16.1.100 172.16.1.10 You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 225 VRRP Example 1: VRRP Parameter Settings on Switch A EXAMPLE Figure 226 VRRP Example 1: VRRP Parameter Settings on Switch B...
Page 334: Two Subnets Example
Chapter 39 VRRP Figure 227 VRRP Example 1: VRRP Status on Switch A EXAMPLE Figure 228 VRRP Example 1: VRRP Status on Switch B EXAMPLE 39.4.2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic. Hosts in the two network groups use different default gateways.
Page 335 Chapter 39 VRRP Figure 230 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch A EXAMPLE Figure 231 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B EXAMPLE After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next.
Page 336: Load Sharing
HAPTER Load Sharing 40.1 Load Sharing Overview The Switch learns the next-hop(s) using ARP and determines routing path(s) for a destination. The Switch supports Equal-Cost MultiPath (ECMP) to forward packets destined to the same device (A for example) through different routing paths (1, 2 and 3) of equal path cost. This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next-hop.
Page 337 Chapter 40 Load Sharing The following table describes the labels in this screen. Table 179 IP Application > Load Sharing LABEL DESCRIPTION Active Select this option to enable Equal-Cost MultiPath (ECMP) routing on the Switch. Criteria Select the criteria the Switch uses to determine the routing path for a packet. Select src-ip to have the Switch use a hash algorithm to convert a packet’s source IP address into a hash value which acts as an index to a route path.
Page 338: Arp Setup
HAPTER ARP Setup 41.1 ARP Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
Page 339 Chapter 41 ARP Setup ICMP reply from host B, it sends out an ARP request to get host A’s MAC address and updates the ARP table with host A’s ARP reply. The Switch then can forward host B’s ICMP reply to host A. ARP Request ARP Reply ICMP Request...
Page 340: Arp Setup
Chapter 41 ARP Setup Therefore in the following example, the Switch can learn host A’s MAC address from the ARP request sent by host A. The Switch then forwards host B’s ICMP reply to host A right after getting host B’s MAC address and ICMP reply. ARP Request ARP Reply ICMP Request...
Page 341 Chapter 41 ARP Setup Figure 236 IP Application > ARP Setup > ARP Learning The following table describes the labels in this screen. Table 180 IP Application > ARP Setup > ARP Learning LABEL DESCRIPTION Port This field displays the port number. Settings in this row apply to all ports.
Page 342: Static Arp
Chapter 41 ARP Setup 41.2.2 Static ARP Use this screen to create static ARP entries that will display in the Management > ARP Table screen and will not age out. Click the link next to Static ARP in the IP Application > ARP Setup screen to display the screen as shown.
Page 343 Chapter 41 ARP Setup Table 181 IP Application > ARP Setup > Static ARP (continued) LABEL DESCRIPTION MAC Address This is the MAC address of the device with the corresponding IP address above. This field displays the VLAN to which the device belongs. Port This field displays the port to which the device connects.
Page 344: Maintenance
HAPTER Maintenance This chapter explains how to configure the maintenance screens that let you maintain the firmware and configuration files. 42.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Management >...
Page 345: Load Factory Default
Chapter 42 Maintenance Table 182 Management > Maintenance (continued) LABEL DESCRIPTION Reboot Click Config 1 to reboot the system and load Configuration 1 on the Switch. System Click Config 2 to reboot the system and load Configuration 2 on the Switch. Note: Make sure to click the Save button in any screen to save your settings to the current configuration on the Switch.
Page 346: Reboot System
Chapter 42 Maintenance 42.4 Reboot System Reboot System allows you to restart the Switch without physically turning the power off. It also allows you to load configuration one (Config 1) or configuration two (Config 2) when you reboot. Follow the steps below to reboot the Switch. In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one.
Page 347: Restore A Configuration File
Chapter 42 Maintenance 42.6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 242 Management > Maintenance > Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to display the Choose File screen from which you can locate it.
Page 348: Tech-Support
Chapter 42 Maintenance 42.8 Tech-Support The Tech-Support feature is a log enhancement tool that logs useful information such as CPU utilization history, memory and Mbuf (Memory Buffer) log and crash reports for issue analysis by customer support should you have difficulty with your Switch. The Tech Support menu eases your effort in obtaining reports and it is also available in CLI command by typing “Show tech-support”...
Page 349: Ftp Command Line
Chapter 42 Maintenance Table 183 Management > Maintenance > Tech-Support LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 350: Ftp Command Line Procedure
Chapter 42 Maintenance • Run the boot image <1|2> command to specify which image is updated when firmware is loaded using the web configurator and to specify which image is loaded when the Switch starts up. • You can also use FTP commands to upload firmware to any image. The Switch supports dual firmware images, ras-0 and ras-1.
Page 351: Gui-Based Ftp Clients
Chapter 42 Maintenance 42.9.3 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 185 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous.
Page 352: Access Control
HAPTER Access Control This chapter describes how to control access to the Switch. 43.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
Page 353: Snmp V3 And Security
Chapter 43 Access Control SNMP version 3. The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 246 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed Switch (the Switch).
Page 354: Supported Mibs
Chapter 43 Access Control 43.3.2 Supported MIBs MIBs let administrators collect statistics and monitor status and performance. The Switch supports the following MIBs: • SNMP MIB II (RFC 1213) • RFC 1157 SNMP v1 • RFC 1493 Bridge MIBs • RFC 1643 Ethernet MIBs •...
Page 355 Chapter 43 Access Control Table 188 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION reset zySysMgmtUncontrolledSyste 1.3.6.1.4.1.890.1.15.3.49.2.1 This trap is sent when the Switch mReset automatically resets. zySysMgmtControlledSystem 1.3.6.1.4.1.890.1.15.3.49.2.2 This trap is sent when the Switch resets Reset by an administrator through a management interface.
Page 356 Chapter 43 Access Control Table 189 SNMP InterfaceTraps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION transceiver- zyTransceiverDdmiTemperature 1.3.6.1.4.1.890.1.15.3.84.3.1 This trap is sent when the OutOfRange transceiver temperature is above or below the normal operating range. zyTransceiverDdmiTxPowerOutO 1.3.6.1.4.1.890.1.15.3.84.3.2 This trap is sent when the fRange transmitted optical power is above or below the normal operating range.
Page 357: Configuring Snmp
Chapter 43 Access Control Table 191 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1.3.6.1.2.1.80.0.1 This trap is sent when a single ping probe fails. pingTestFailed 1.3.6.1.2.1.80.0.2 This trap is sent when a ping test (consisting of a series of ping probes) fails. pingTestCompleted 1.3.6.1.2.1.80.0.3 This trap is sent when a ping test is...
Page 358 Chapter 43 Access Control Figure 247 Management > Access Control > SNMP The following table describes the labels in this screen. Table 193 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch.
Page 359: Configuring Snmp Trap Group
Chapter 43 Access Control Table 193 Management > Access Control > SNMP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Page 360: Enabling/Disabling Sending Of Snmp Traps On A Port
Chapter 43 Access Control 43.3.6 Enabling/Disabling Sending of SNMP Traps on a Port From the SNMP > Trap Group screen, click Port to view the screen as shown. Use this screen to set whether a trap received on the port(s) would be sent to the SNMP manager. Figure 249 Management >...
Page 361: Configuring Snmp User
Chapter 43 Access Control 43.3.7 Configuring SNMP User From the SNMP screen, click User to view the screen as shown. Use the User screen to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups. An SNMP user is an SNMP manager.
Page 362: Setting Up Login Accounts
Chapter 43 Access Control Table 196 Management > Access Control > SNMP > User (continued) LABEL DESCRIPTION Password Enter the password of up to 32 ASCII characters for encrypting SNMP packets. Group SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP managers in one group are assigned common access rights to MIBs.
Page 363 Chapter 43 Access Control Figure 251 Management > Access Control > Logins The following table describes the labels in this screen. Table 197 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name.
Page 364: Ssh Overview
Chapter 43 Access Control Table 197 Management > Access Control > Logins (continued) LABEL DESCRIPTION Privilege Type the privilege level for this user. At the time of writing, users may have a privilege level of 0, 3, 13, or 14 representing different configuration rights as shown below. •...
Page 365: Ssh Implementation On The Switch
Chapter 43 Access Control Figure 253 How SSH Works Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server.
Page 366: Requirements For Using Ssh
Chapter 43 Access Control 43.7.1 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. 43.8 Introduction to HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
Page 367: Https Example
Chapter 43 Access Control 43.9 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https:// Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access.
Page 368: Mozilla Firefox Warning Messages
Chapter 43 Access Control After you log in, you will see the red address bar with the message Certificate Error. Click on Certificate Error next to the address bar and click View certificates. Figure 257 Certificate Error (Internet Explorer 7 or 8) EXAMPLE Click Install Certificate...
Page 369 Chapter 43 Access Control Figure 259 Security Alert (Mozilla Firefox) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. Figure 260 Security Alert (Mozilla Firefox) EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 370: The Main Screen
Chapter 43 Access Control 43.9.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen Internet Explorer appears. The lock displayed in the bottom right of the browser status bar (in 6 or Internet Explorer Mozilla Firefox) or next to the address bar (in...
Page 371: Remote Management
Chapter 43 Access Control Figure 262 Management > Access Control > Service Access Control The following table describes the fields in this screen. Table 198 Management > Access Control > Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here. Active Select this option for the corresponding services that you want to allow to access the Switch.
Page 372 Chapter 43 Access Control Figure 263 Management > Access Control > Remote Management The following table describes the labels in this screen. Table 199 Management > Access Control > Remote Management LABEL DESCRIPTION Entry This is the client set index number. A “client set” is a group of one or more “trusted computers”...
Page 373: Diagnostic
HAPTER Diagnostic This chapter explains the Diagnostic screen. 44.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 264 Management > Diagnostic The following table describes the labels in this screen.
Page 374 Chapter 44 Diagnostic Table 200 Management > Diagnostic (continued) LABEL DESCRIPTION IPv4 Select this option if you want to ping an IPv4 address, and select which traffic flow (in- band or out-of-band) the Switch is to send ping frames. If you select in-band, the Switch sends the frames to all ports except the management port (labelled MGMT).
Page 375: Syslog
HAPTER Syslog This chapter explains the syslog screens. 45.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server.
Page 376: Syslog Server Setup
Chapter 45 Syslog Figure 265 Management > Syslog The following table describes the labels in this screen. Table 202 Management > Syslog LABEL DESCRIPTION Syslog Select Active to turn on syslog (system logging) and then configure the syslog setting Logging Type This column displays the names of the categories of logs that the device can generate.
Page 377 Chapter 45 Syslog Figure 266 Management > Syslog > Server Setup The following table describes the labels in this screen. Table 203 Management > Syslog > Server Setup LABEL DESCRIPTION Active Select this check box to have the device send logs to this syslog server. Clear the check box if you want to create a syslog server entry but not have the device send logs to it (you can edit the entry later).
Page 378: Cluster Management
HAPTER Cluster Management This chapter introduces cluster management. 46.1 Clustering Management Status Overview Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Page 379: Cluster Management Status
Chapter 46 Cluster Management Figure 267 Clustering Application Example 46.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 268 Management > Cluster Management GS3700/XGS3700 Series User’s Guide...
Page 380: Cluster Member Switch Management
Chapter 46 Cluster Management The following table describes the labels in this screen. Table 205 Management > Cluster Management LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager...
Page 381: Uploading Firmware To A Cluster Member Switch
Chapter 46 Cluster Management Figure 269 Cluster Management: Cluster Member Web Configurator Screen EXAMPLE EXAMPLE 46.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example.
Page 382: Clustering Management Configuration
Chapter 46 Cluster Management The following table explains some of the FTP parameters. Table 206 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION Enter “admin”. User The web configurator password default is 1234. Password Enter this command to list the name of cluster member switch’s firmware and configuration file.
Page 383 Chapter 46 Cluster Management The following table describes the labels in this screen. Table 207 Management > Clustering Management > Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch. A cluster can only have one manager.
Page 384: Mac Table
HAPTER MAC Table This chapter introduces the MAC Table screen. 47.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch, the MAC address of the device is shown on the Switch’s MAC Table.
Page 385: Viewing The Mac Table
Chapter 47 MAC Table 47.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Use this screen to search specific MAC addresses. You can also directly add dynamic MAC address(es) into the static MAC forwarding table or MAC filtering table from the MAC table using this screen.
Page 386 Chapter 47 MAC Table Table 208 Management > MAC Table (continued) LABEL DESCRIPTION Index This is the incoming frame index number. MAC Address This is the MAC address of the device from which this incoming frame came. This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned.
Page 387: Ip Table
HAPTER IP Table This chapter introduces the IP table. 48.1 IP Table Overview The IP Table screen shows how packets are forwarded or filtered across the Switch’s ports. When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch, the IP address of the device is shown on the Switch’s IP Table.
Page 388: Viewing The Ip Table
Chapter 48 IP Table 48.2 Viewing the IP Table Click Management > IP Table in the navigation panel to display the following screen. Figure 275 Management > IP Table The following table describes the labels in this screen. Table 209 Management > IP Table LABEL DESCRIPTION Sort by...
Page 389: Arp Table
HAPTER ARP Table This chapter introduces ARP Table. 49.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 390 Chapter 49 ARP Table Figure 276 Management > ARP Table The following table describes the labels in this screen. Table 210 Management > ARP Table LABEL DESCRIPTION Condition Specify how you want the Switch to remove ARP entries when you click Flush. Select All to remove all of the dynamic entries from the ARP table.
Page 391: Routing Table
HAPTER Routing Table This chapter introduces the routing table. 50.1 Overview The routing table contains the route information to the network(s) that the Switch can reach. 50.2 Viewing the Routing Table Status Use this screen to view routing table information. Click Management > Routing Table in the navigation panel to display the screen as shown.
Page 392: Path Mtu Table
HAPTER Path MTU Table This chapter introduces the IPv6 Path MTU table. 51.1 Path MTU Overview The largest size (in bytes) of a packet that can be transferred over a data link is called the maximum transmission unit (MTU). The Switch uses Path MTU Discovery to discover Path MTU (PMTU), that is, the minimum link MTU of all the links in a path to the destination.
Page 393: Configure Clone
HAPTER Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 52.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
Page 394 Chapter 52 Configure Clone The following table describes the labels in this screen. Table 213 Management > Configure Clone LABEL DESCRIPTION Source/ Enter the source port under the Source label. This port’s attributes are copied. Destination Enter the destination port or ports under the Destination label. These are the ports which Port are going to have the same attributes as the source port.
Page 395: Neighbor Table
HAPTER Neighbor Table This chapter introduces the IPv6 neighbor table. 53.1 IPv6 Neighbor Table Overview An IPv6 host is required to have a neighbor table. If there is an address to be resolved or verified, the Switch sends out a neighbor solicitation message. When the Switch receives a neighbor advertisement in response, it stores the neighbor’s link-layer address in the neighbor table.
Page 396 Chapter 53 Neighbor Table Table 214 Management > Neighbor Table (continued) LABEL DESCRIPTION Status This field displays whether the neighbor IPv6 interface is reachable. In IPv6, “reachable” means an IPv6 packet can be correctly forwarded to a neighbor node (host or router) and the neighbor can successfully receive and handle the packet.
Page 397: Troubleshooting
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Switch Access and Login • Switch Configuration 54.1 Power, Hardware Connections, and LEDs The Switch does not turn on.
Page 398: Switch Access And Login
Chapter 54 Troubleshooting One of the LEDs does not behave as expected. Make sure you understand the normal behavior of the LED. See Section 3.3 on page Check the hardware connections. See Section 3.1 on page Inspect your cables for damage. Contact the vendor to replace any damaged cables. Turn the Switch off and on (in DC models or if the DC power supply is connected in AC/DC models).
Page 399 Chapter 54 Troubleshooting • If you changed the IP address, use the new IP address. • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for forgot the IP address for the Switch. Check the hardware connections, and make sure the LEDs are behaving as expected. See Section 3.3 on page Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java...
Page 400: Switch Configuration
Chapter 54 Troubleshooting I cannot see some of Advanced Application submenus at the bottom of the navigation panel. The recommended screen resolution is 1024 by 768 pixels. Adjust the value in your computer and then you should see the rest of Advanced Application submenus at the bottom of the navigation panel.
Page 401: Appendix A Common Services
PP EN D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 402 Appendix A Common Services Table 215 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTPS HTTPS is a secured http session often used in e- commerce. ICMP User-Defined Internet Control Message Protocol is often used for diagnostic or routing purposes. 4000 This is a popular Internet chat program.
Page 403 Appendix A Common Services Table 215 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. TCP/UDP Secure Shell Remote Login Program.
Page 404: Appendix B Ipv6
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
Page 405: Loopback Address
Appendix B IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
Page 406 Appendix B IPv6 Table 218 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Page 407 Appendix B IPv6 combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients.
Page 408 Appendix B IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent.
Page 409 Appendix B IPv6 determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the Switch determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the Switch looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
Page 410 Appendix B IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 411 Appendix B IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 412 Appendix B IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
Page 413: Appendix C Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 414 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de Belarus • ZyXEL BY • http://www.zyxel.by...
Page 415 Appendix C Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications •...
Page 416 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
Page 417 Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ GS3700/XGS3700 Series User’s Guide...
Page 418 Appendix C Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za GS3700/XGS3700 Series User’s Guide...
Page 419: Appendix D Legal Information
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 420: Zyxel Limited Warranty
Appendix D Legal Information ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase. The Warranty Period varies by region. Check with your vendor and/or the authorized ZyXEL local distributor for details about the Warranty Period of this product.
Page 421 Appendix D Legal Information Environmental Product Declaration GS3700/XGS3700 Series User’s Guide...
Page 422: Index
Index Index setup Numbers automatic VLAN registration 802.1P priority 802.3az back up, configuration file basic settings binding access control limitations binding table login account building remote management BPDUs (Bridge Protocol Data Units) service port Bridge Protocol Data Units (BPDUs) SNMP accounting setup address learning, MAC...
Page 423 Index network example setup setup DHCP (Dynamic Host Configuration Protocol) specification DHCP relay option 82 status DHCP snooping switch models configuring DHCP relay option 82 web configurator trusted ports cluster manager untrusted ports cluster member DHCP snooping database command interface diagnostics Common and Internal Spanning Tree (CIST) Ethernet port test...
Page 424 Index Ethernet ports and port assignment default settings GVRP (GARP VLAN Registration Protocol) external authentication server hardware installation Fan Module hardware monitor fan speed hardware overview FCC interference statement hello time file transfer using FTP hops command example HTTPS filename convention, configuration certificates configuration implementation...
Page 425 Index introduction timeout Layer 2 protocol tunneling, see L2PT interface LEDs 58, 328 routing domain limit MAC address learning setup Link Aggregate Control Protocol (LACP) IP source guard link aggregation ARP inspection 213, 215 dynamic DHCP snooping ID information static bindings setup 139, 141 IP table...
Page 426 Index and ARP inspection MSTI (Multiple Spanning Tree Instance) MAC freeze MSTP 106, 108 bridge ID MAC table 122, 123 configuration how it works 117, 120 configuration digest viewing forwarding delay maintanence Hello Time configuration backup hello time firmware Max Age restoring configuration max age maintenance...
Page 427 Index port security address learning limit MAC address learning other documentation MAC address learning overview setup 153, 237, 242 port setup port status PAGP port VLAN trunking password port-based VLAN administrator all connected Path MTU port isolation settings wizard Path MTU Discovery ports PHB (Per-Hop Behavior) “standby”...
Page 428 Index queuing save configuration 41, 345 Secure Shell See SSH queuing method 167, 169 service access control service port sFlow collector configuration datagram RADIUS overview advantages poll interval and authentication sample rate Network example UDP port server settings sFlow agent setup sFlow collector Rapid Spanning Tree Protocol, See RSTP.
Page 429 Index static MAC address server setup settings static MAC forwarding 90, 92, 99 setup static multicast address severity levels static multicast forwarding system information static route system log overview system reboot static routes static trunking example Static VLAN static VLAN control tagging TACACS+...
Page 430 Index Two Rate Three Color Marker, see TRTCM VLAN (Virtual Local Area Network) Type of Service (ToS) VLAN mapping activating configuration example priority level tagged UDLD traffic flow UniDirectional Link Detection, see UDLD untagged VLAN ID untrusted ports ARP inspection VLAN number DHCP snooping VLAN stacking...
Page 431 Index warranty note web configurator 23, 35 getting help layout login logout navigation panel weight, queuing Weighted Round Robin Scheduling (WRR) WFQ (Weighted Fair Queuing) WRR (Weighted Round Robin Scheduling ZON Neighbor Management ZON Utility ZyNOS (ZyXEL Network Operating System) GS3700/XGS3700 Series User’s Guide...

This manual is also suitable for:

Xgs3700 series