Page 1 GS3700/XGS3700 Series GbE L2+ Switch Version 4.10 Edition 1, 05/2013 Quick Start Guide User’s Guide Default Login Details IP Address http://192.168.0.1 (Out- of-band MGMT port) http://192.168.1.1 (In- www.zyxel.com band ports) User Name admin Password 1234 Copyright © 2013 ZyXEL Communications Corporation...
Page 2 This guide explains how to use the Command-Line Interface (CLI) to configure the Switch. Note: It is recommended you use the Web Configurator to configure the Switch. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. GS3700/XGS3700 Series User’s Guide...
Page 3: Table Of Contents
IP Source Guard ...........................222 Loop Guard ............................244 VLAN Mapping ............................248 Layer 2 Protocol Tunneling ........................252 sFlow ..............................256 PPPoE ..............................260 Error Disable ............................268 MAC Pinning ............................273 Private VLAN ............................275 Green Ethernet ............................279 Static Route ............................281 Policy Routing ............................286 GS3700/XGS3700 Series User’s Guide...
Page 4 Maintenance ............................331 Access Control ............................337 Diagnostic .............................360 Syslog ..............................362 Cluster Management ..........................365 MAC Table .............................371 IP Table ..............................374 ARP Table .............................376 Routing Table ............................378 Path MTU Table ............................379 Configure Clone ............................380 Neighbor Table ............................382 Troubleshooting ............................385 GS3700/XGS3700 Series User’s Guide...
Page 5: Table Of Contents
3.1 Front Panel Connections ........................31 3.1.1 Ethernet Ports ..........................32 3.1.2 SFP/SFP+ Slots ........................33 3.1.3 Management Port ........................34 3.1.4 Console Port ...........................34 3.2 Rear Panel ............................35 3.2.1 Removing and Installing the Fan Module ................35 3.2.2 Power Connection ........................35 3.3 LEDs .............................36 GS3700/XGS3700 Series User’s Guide...
Page 6 6.9.1 IPv6 Interface Status .......................73 6.9.2 IPv6 Configuration ........................75 6.9.3 IPv6 Global Setup ........................76 6.9.4 IPv6 Interface Setup ........................77 6.9.5 IPv6 Link-Local Address Setup ....................77 6.9.6 IPv6 Global Address Setup .....................79 6.9.7 IPv6 Neighbor Discovery Setup ....................80 GS3700/XGS3700 Series User’s Guide...
Page 7 9.1 Static Multicast Forwarding Overview .....................107 9.2 Configuring Static Multicast Forwarding ..................108 Chapter 10 Filtering.............................. 110 10.1 Configure a Filtering Rule ......................110 Chapter 11 Spanning Tree Protocol........................112 11.1 STP/RSTP Overview ........................112 11.1.1 STP Terminology ......................... 112 GS3700/XGS3700 Series User’s Guide...
Page 8 15.1 Link Aggregation Overview ......................144 15.2 Dynamic Link Aggregation ......................144 15.2.1 Link Aggregation ID ......................145 15.3 Link Aggregation Status .......................145 15.4 Link Aggregation Setting ......................147 15.5 Link Aggregation Control Protocol .....................149 15.6 Static Trunking Example .......................150 GS3700/XGS3700 Series User’s Guide...
Page 9 Queuing Method ..........................174 20.1 Queuing Method Overview ......................174 20.1.1 Strictly Priority ........................174 20.1.2 Weighted Fair Queuing ......................174 20.1.3 Weighted Round Robin Scheduling (WRR) .................175 20.2 Configuring Queuing ........................175 Chapter 21 VLAN Stacking ..........................177 21.1 VLAN Stacking Overview ......................177 GS3700/XGS3700 Series User’s Guide...
Page 10 22.6.1 MVR Group Configuration ....................204 22.6.2 MVR Configuration Example ....................206 Chapter 23 AAA ..............................209 23.1 Authentication, Authorization and Accounting (AAA) ..............209 23.1.1 Local User Accounts ......................209 23.1.2 RADIUS and TACACS+ ......................210 23.2 AAA Screens ..........................210 23.2.1 RADIUS Server Setup .......................210 GS3700/XGS3700 Series User’s Guide...
Page 11 26.1 VLAN Mapping Overview ......................248 26.1.1 VLAN Mapping Example .....................248 26.2 Enabling VLAN Mapping .......................249 26.3 Configuring VLAN Mapping ......................250 Chapter 27 Layer 2 Protocol Tunneling......................252 27.1 Layer 2 Protocol Tunneling Overview ..................252 27.1.1 Layer-2 Protocol Tunneling Mode ..................253 GS3700/XGS3700 Series User’s Guide...
Page 12 31.1 MAC Pinning Overview ........................273 31.2 MAC Pinning Configuration ......................274 Chapter 32 Private VLAN .............................275 32.1 Private VLAN Overview ........................275 32.1.1 Configuration ........................277 Chapter 33 Green Ethernet..........................279 33.1 Green Ethernet Overview ......................279 33.2 Configuring Green Ethernet ......................279 GS3700/XGS3700 Series User’s Guide...
Page 13 37.4.1 DHCPv4 Relay Agent Information ..................301 37.4.2 DHCPv4 Option 82 Profile ....................302 37.4.3 Configuring DHCPv4 Global Relay ..................303 37.4.4 DHCPv4 Global Relay Port Configure ................304 37.4.5 Global DHCP Relay Configuration Example ...............305 37.5 Configuring DHCP VLAN Settings .....................306 GS3700/XGS3700 Series User’s Guide...
Page 14 41.3 Save Configuration ........................332 41.4 Reboot System ..........................332 41.5 Firmware Upgrade ........................333 41.6 Restore a Configuration File ......................334 41.7 Backup a Configuration File ......................334 41.8 FTP Command Line ........................335 41.8.1 Filename Conventions ......................335 41.8.2 FTP Command Line Procedure ..................336 GS3700/XGS3700 Series User’s Guide...
Page 15 Syslog ..............................362 44.1 Syslog Overview ...........................362 44.2 Syslog Setup ..........................363 44.3 Syslog Server Setup ........................364 Chapter 45 Cluster Management ........................365 45.1 Clustering Management Status Overview ..................365 45.2 Cluster Management Status ......................366 45.2.1 Cluster Member Switch Management ................367 GS3700/XGS3700 Series User’s Guide...
Page 16 Neighbor Table ..........................382 52.1 IPv6 Neighbor Table Overview .....................382 52.2 Viewing the IPv6 Neighbor Table ....................382 Chapter 53 Troubleshooting..........................385 53.1 Power, Hardware Connections, and LEDs ..................385 53.2 Switch Access and Login ......................386 53.3 Switch Configuration ........................388 GS3700/XGS3700 Series User’s Guide...
Page 17 Table of Contents Appendix A Common Services ......................389 Appendix B IPv6 ..........................393 Appendix C Legal Information ......................403 Index ..............................407 GS3700/XGS3700 Series User’s Guide...
Page 18 Table of Contents GS3700/XGS3700 Series User’s Guide...
Page 19: User's Guide
User’s Guide...
Page 21: Getting To Know Your Switch
In this example the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via GS3700/XGS3700 Series User’s Guide...
Page 22: High Performance Switching Example
Trunking can be used if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link. Figure 2 High Performance Switching 10 Gbps Trunk Branch GS3700/XGS3700 Series User’s Guide...
Page 23: Gigabit Ethernet To The Desktop
Ports in the same VLAN group share the same frame broadcast domain, thus increasing network performance by reducing broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re-cabling. GS3700/XGS3700 Series User’s Guide...
Page 24: Ipv6 Support
• Command Line Interface. Line commands offer an alternative to the Web Configurator and may be necessary to configure advanced features. See the CLI Reference Guide. • FTP. Use File Transfer Protocol for firmware upgrades and configuration backup/restore. See Section 41.8 on page 335. GS3700/XGS3700 Series User’s Guide...
Page 25: Good Habits For Managing The Switch
Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. GS3700/XGS3700 Series User’s Guide...
Page 26 Chapter 1 Getting to Know Your Switch GS3700/XGS3700 Series User’s Guide...
Page 27: Hardware Installation And Connection
Note: Do NOT block the ventilation holes. Leave space between devices when stacking. Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations. GS3700/XGS3700 Series User’s Guide...
Page 28: Mounting The Switch On A Rack
Switch. Use a screwdriver to install the M4 screws with small heads through the sliding rail holes into the Switch. Repeat steps to install the second sliding rail on the other side of the Switch. GS3700/XGS3700 Series User’s Guide...
Page 29: Mounting The Switch On A Rack
Position a rear mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes at the rear of the rack. Use a screwdriver to install the rack screws through the mounting bracket holes into the rack. GS3700/XGS3700 Series User’s Guide...
Page 30: Power Module Installation
There is one power module installed in the first power slot of the Switch by default. See the Power Module Hardware Installation Guide for how to install a second power module or remove the power module. GS3700/XGS3700 Series User’s Guide...
Page 31: Hardware Overview
This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel Connections The figure below shows the front panel of the Switch. Figure 6 Front Panel: GS3700 Series GS3700/XGS3700 Series User’s Guide...
Page 32: Ethernet Ports
Chapter 3 Hardware Overview Figure 7 Front Panel: XGS3700 Series The following table describes the ports. Table 2 Panel Connections CONNECTOR DESCRIPTION 24 or 48 10/ Connect these ports to a computer, a hub, an Ethernet switch or router. 100/1000Base-T...
Page 33: Sfp/Sfp+ Slots
Use the following steps to install a transceiver. Insert the transceiver into the slot with the exposed section of PCB board facing down. Figure 8 Transceiver Installation Example Press the transceiver firmly until it clicks into place. GS3700/XGS3700 Series User’s Guide...
Page 34: Management Port
The default IP address of the management port is 192.168.0.1 with a subnet mask of 255.255.255.0. 3.1.4 Console Port For local management, you can use a computer with terminal emulation software configured to the following parameters: GS3700/XGS3700 Series User’s Guide...
Page 35: Rear Panel
Note: Use the included power cord for the AC power connection. Connect the female end of the power cord to the AC power socket. Connect the other end of the cord to a power outlet. GS3700/XGS3700 Series User’s Guide...
Page 36: Leds
The port has a successful 10 or 1000 Mbps connection. LNK/ACT Amber Blinking The port is receiving or transmitting data 100 Mbps. (Left) The port has a successful 100 Mbps connection. This link is disconnected or the port is disabled. PoE 10/100/1000Base-T Ports GS3700/XGS3700 Series User’s Guide...
Page 37 The system is transmitting or receiving to/from an Ethernet device at 100 Mbps through the MGMT port. The MGMT port is connected at 100 Mbps. The MGMT port is not connected at 100 Mbps, to an Ethernet device, or the port is disabled. GS3700/XGS3700 Series User’s Guide...
Page 38 Chapter 3 Hardware Overview GS3700/XGS3700 Series User’s Guide...
Page 39: The Web Configurator
Type “http://” and the IP address of the Switch (for example, the default management IP address is 192.168.1.1 through an in-band (non-MGMT) port and 192.168.0.1 through the MGMT port) in the Location or Address field. Press [ENTER]. GS3700/XGS3700 Series User’s Guide...
Page 40: The Web Configurator Layout
4.3 The Web Configurator Layout The Status screen is the first screen that displays when you access the web configurator. This guide uses the GS3700-48HP screens as an example. The screens may vary slightly for different models. GS3700/XGS3700 Series User’s Guide...
Page 41 C - Click this link to go to the status page of the Switch. D - Click this link to log out of the web configurator. E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. GS3700/XGS3700 Series User’s Guide...
Page 42 This link takes you to a screen where you can configure the Switch to supply power over Ethernet. Interface Setup This link takes you to a screen where you can create IPv6 interfaces on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 43 This link takes you to a screen where you can configure L2PT (Layer 2 Protocol Tunneling) Tunneling settings on the Switch. sFlow This link takes you to screens where you can configure sFlow settings on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 44 This link takes you to a screen where you can copy attributes of one port to (an)other port(s). Neighbor Table This link takes you to a screen where you can view the Switch’s IPv6 neighbor table. GS3700/XGS3700 Series User’s Guide...
Page 45: Change Your Password
Delete the management VLAN (default is VLAN 1). Delete all port-based VLANs with the CPU port as a member. The “CPU port” is the management port of the Switch. Filter all traffic to the CPU port. GS3700/XGS3700 Series User’s Guide...
Page 46: Resetting The Switch
When you see the message “Press any key to enter Debug Mode within 3 seconds ...” press any key to enter debug mode. Type atlc after the “Enter Debug Mode” message. Wait for the “Starting XMODEM upload” message before activating XMODEM upload on your terminal. GS3700/XGS3700 Series User’s Guide...
Page 47: Logging Out Of The Web Configurator
Figure 17 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. GS3700/XGS3700 Series User’s Guide...
Page 48 Chapter 4 The Web Configurator GS3700/XGS3700 Series User’s Guide...
Page 49: Technical Reference
Technical Reference...
Page 51: System Status And Port Statistics
The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 5.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 18 Status GS3700/XGS3700 Series User’s Guide...
Page 52 This field shows the total amount of time in hours, minutes and seconds the port has been Clear Counter Type a port number, select Port and then click Clear Counter to erase the recorded statistical information for that port, or select Any to clear statistics for all ports. GS3700/XGS3700 Series User’s Guide...
Page 53: Status: Port Details
If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays STOP. LACP This field shows if LACP is enabled on this port or not. TxPkts This field shows the number of transmitted frames on this port GS3700/XGS3700 Series User’s Guide...
Page 54 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. GS3700/XGS3700 Series User’s Guide...
Page 55 1024 and 1518 octets in length. Giant This field shows the number of packets (including bad packets) received that were between 1519 octets and the maximum frame size. The maximum frame size varies depending on your switch model. GS3700/XGS3700 Series User’s Guide...
Page 56: Basic Setting
In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen. Figure 20 Basic Setting > System Info GS3700/XGS3700 Series User’s Guide...
Page 57 This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. GS3700/XGS3700 Series User’s Guide...
Page 58: General Setup
Type the IP address of your timeserver. The Switch searches for the timeserver for up to Address 60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds. Please wait. GS3700/XGS3700 Series User’s Guide...
Page 59: Introduction To Vlans
In MTU (Multi-Tenant Unit) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network GS3700/XGS3700 Series User’s Guide...
Page 60: Switch Setup
Bridge Control Select Active to allow the Switch to handle bridging control protocols (STP, for example). Protocol You also need to define how to treat a BPDU in the Port Setup screen. Transparency GS3700/XGS3700 Series User’s Guide...
Page 61 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 62: Ip Setup
You can configure up to 128 IP domains which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 23 Basic Setting > IP Setup GS3700/XGS3700 Series User’s Guide...
Page 63 This field displays the VLAN identification number of the IP domain on the Switch. Delete Click Delete to remove the selected entry from the summary table. Note: Deleting all IP subnets locks you out of the Switch. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 64: Port Setup
Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. Figure 24 Basic Setting > Port Setup (GS3700 Series) Figure 25 Basic Setting > Port Setup (XGS3700 Series) GS3700/XGS3700 Series User’s Guide...
Page 65 Select Flow Control to enable it. 802.1p Priority This priority value is added to incoming frames without a (802.1p) priority queue tag. See Priority Queue Assignment in Table 10 on page 60 for more information. GS3700/XGS3700 Series User’s Guide...
Page 66: Poe
PoE removes the hassle of trying to find a nearby electric outlet to power up devices. Figure 26 Powered Device Examples You can also set priorities so that the Switch is able to reserve and allocate power to certain PDs. GS3700/XGS3700 Series User’s Guide...
Page 67 Note: The Switch must have at least 16 W of remaining power in order to supply power to a PoE device, even if the PoE device needs less than 16 W. Port This is the port index number. GS3700/XGS3700 Series User’s Guide...
Page 68: Poe Setup
This field displays the maximum amount of current drawn by the PD from the Switch on this port. 6.7.1 PoE Setup Use this screen to set the priority levels for the Switch in distributing power to PDs. GS3700/XGS3700 Series User’s Guide...
Page 69 Port This is the port index number. Select this to provide power to a PD connected to the port. If left unchecked, the PD connected to the port cannot receive power from the Switch. GS3700/XGS3700 Series User’s Guide...
Page 70: Interface Setup
An IPv6 address is configured on a per-interface basis. The interface can be a physical interface (for example, an Ethernet port) or a virtual interface (for example, a VLAN). The Switch supports the VLAN interface type for IPv6 at the time of writing. GS3700/XGS3700 Series User’s Guide...
Page 71: Ipv6
Click Cancel to clear the Delete check boxes. 6.9 IPv6 Use this screen to view the IPv6 interface status and configure Switch’s management IPv6 addresses. See Appendix B on page 393 for more information about IPv6. GS3700/XGS3700 Series User’s Guide...
Page 72 This field displays the index number of an IPv6 interface. Click on an index number to view more interface details. Interface This is the name of the IPv6 interface you created. Active This field displays whether the IPv6 interface is activated or not. GS3700/XGS3700 Series User’s Guide...
Page 73: Ipv6 Interface Status
ICMPv6 Rate This field displays the maximum number of ICMPv6 error messages which are allowed to Limit Bucket transmit in a given time interval. If the bucket is full, subsequent error messages are Size suppressed. GS3700/XGS3700 Series User’s Guide...
Page 74 This field displays the Switch’s global address which is assigned by the DHCPv6 server. Preferred This field displays how long (in seconds) that the global address remains preferred. Lifetime Valid This field displays how long (in seconds) that the global address is valid. Lifetime GS3700/XGS3700 Series User’s Guide...
Page 75: Ipv6 Configuration
Click the link to go to a screen where you can configure the IPv6 router discovery Discovery Setup settings. IPv6 Prefix Setup Click the link to go to a screen where you can configure the Switch’s IPv6 prefix list. GS3700/XGS3700 Series User’s Guide...
Page 76: Ipv6 Global Setup
Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. Clear Click Clear to reset the fields to the factory defaults. GS3700/XGS3700 Series User’s Guide...
Page 77: Ipv6 Interface Setup
A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a “private IP address” in IPv4. You can have the same link-local address on multiple interfaces on a device. A link-local unicast address has a predefined prefix of fe80::/10. GS3700/XGS3700 Series User’s Guide...
Page 78 This is the name of the IPv6 interface you created. IPv6 Link-Local This is the static IPv6 link-local address for the interface. Address IPv6 Default This is the default gateway IPv6 address for the interface. Gateway GS3700/XGS3700 Series User’s Guide...
Page 79: Ipv6 Global Address Setup
64 format. Delete Check the entry(ies) that you want to remove in the Delete column and then click Delete to remove the selected entry(ies) from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 80: Ipv6 Neighbor Discovery Setup
NS Interval This field displays the time interval (in milliseconds) at which neighbor solicitations are re-sent for this interface. Reachable Time This field displays how long (in milliseconds) a neighbor is considered reachable for this interface. GS3700/XGS3700 Series User’s Guide...
Page 81: Ipv6 Router Discovery Setup
Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. GS3700/XGS3700 Series User’s Guide...
Page 82: Ipv6 Prefix Setup
Select the IPv6 interface you want to configure. Prefix Set the IPv6 prefix that the Switch includes in router advertisements for this interface. Prefix Length Set the prefix length that the Switch includes in router advertisements for this interface. GS3700/XGS3700 Series User’s Guide...
Page 83 This field displays the preferred lifetime of an IPv6 address generated from the prefix. Delete Check the entry(ies) that you want to remove in the Delete column and then click Delete to remove the selected entry(ies) from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 84: Ipv6 Neighbor Setup
This is the interface index number. Click on an index number to change the settings. Interface This is the name of the IPv6 interface you created. Neighbor Address This field displays the IPv6 address of the neighboring device which can be reached through the interface GS3700/XGS3700 Series User’s Guide...
Page 85: Dhcpv6 Client Setup
Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. Clear Click Clear to reset the fields to the factory defaults. GS3700/XGS3700 Series User’s Guide...
Page 86 This field displays whether the Switch obtains a list of domain names from the DHCP server. Information Refresh This field displays the time interval (in seconds) at which the Switch exchanges other Minimum configuration information with a DHCPv6 server again. GS3700/XGS3700 Series User’s Guide...
Page 87: Vlan
A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain. GS3700/XGS3700 Series User’s Guide...
Page 88: Automatic Vlan Registration
You may choose to accept both tagged and untagged Type incoming frames, just tagged incoming frames or just untagged incoming frames on a port. Ingress filtering If set, the Switch discards incoming frames for VLANs that do not have this port as a member. GS3700/XGS3700 Series User’s Guide...
Page 89: Port Vlan Trunking
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. GS3700/XGS3700 Series User’s Guide...
Page 90: Vlan Status
RMirror - manually added as a remote port mirroring VLAN • MVR - added via Multicast VLAN Registration (MVR) Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. GS3700/XGS3700 Series User’s Guide...
Page 91: Vlan Details
This shows the ports mapped to the private VLAN using the Advanced Application > Private VLAN or Advanced Application > VLAN > Static VLAN screen. Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. GS3700/XGS3700 Series User’s Guide...
Page 92: Configure A Static Vlan Or Private Vlan
802.1Q VLAN. To configure a static or private VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next. Figure 46 Advanced Application > VLAN > Static VLAN GS3700/XGS3700 Series User’s Guide...
Page 93 This field displays which secondary private VLANs are associated with a primary private List VLAN configured in the top part of this screen. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 94: Configure Vlan Port Settings
VLAN group that the tag defines. Enter a number between 1 and 4094 as the port VLAN ID. GVRP Select this check box to allow GVRP on this port. GS3700/XGS3700 Series User’s Guide...
Page 95: Subnet Based Vlans
IP subnet 172.16.1.0/24 (voice services). You can also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192.168.1.0/24 (video services). Lastly, you can configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10.1.1.0/24 (data GS3700/XGS3700 Series User’s Guide...
Page 96 7.5.5.1 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Figure 49 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN GS3700/XGS3700 Series User’s Guide...
Page 97: Protocol Based Vlans
Switch checks if a tag is added already and its protocol. The untagged packets of the same protocol are then placed in the same protocol based VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol. GS3700/XGS3700 Series User’s Guide...
Page 98 7.5.6.1 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Figure 51 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN GS3700/XGS3700 Series User’s Guide...
Page 99 Give this protocol-based VLAN a descriptive name. Type IP-VLAN. Select the protocol. Leave the default value IP. Type the VLAN ID of an existing VLAN. In our example we already created a static VLAN with an ID of 5. Type 5. GS3700/XGS3700 Series User’s Guide...
Page 100: View Private Vlan Status
Use this screen to view all private VLANs created on the Switch. See also Advanced Application > Private VLAN. Click Private VLAN Status in the VLAN Status screen to display the screen as shown next. Figure 53 Advanced Application > VLAN > Private VLAN Status GS3700/XGS3700 Series User’s Guide...
Page 101: Port-Based Vlan Setup
VLAN and VLAN security requirements. If VLAN members need to communicate directly with each other, then select All Connected. Select Port Isolated if you want to restrict users from communicating directly. Click Apply to save your settings. GS3700/XGS3700 Series User’s Guide...
Page 102 Chapter 7 VLAN The following screen shows users on a port-based, all-connected VLAN configuration. Figure 54 Advanced Application > VLAN > Port Based VLAN Setup (All Connected) GS3700/XGS3700 Series User’s Guide...
Page 103 Chapter 7 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration. Figure 55 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) GS3700/XGS3700 Series User’s Guide...
Page 104 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 105: Static Mac Forward Setup
Chapter 17 on page 160 for more information on port security. Click Advanced Application > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. Figure 56 Advanced Application > Static MAC Forwarding GS3700/XGS3700 Series User’s Guide...
Page 106 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 107: Static Multicast Forward Setup
3. Figure 59 shows frames being forwarded to ports 2 and 3 within VLAN group 4. Figure 57 No Static Multicast Forwarding Figure 58 Static Multicast Forwarding to A Single Port GS3700/XGS3700 Series User’s Guide...
Page 108: Configuring Static Multicast Forwarding
MAC address must be 1. For example, the first octet pair 00000001 is 01 and 00000011 is 03 in hexadecimal, so 01:00:5e:00:00:0A and 03:00:5e:00:00:27 are valid multicast MAC addresses. GS3700/XGS3700 Series User’s Guide...
Page 109 This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 110: Filtering
Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The Switch can still receive frames originating from the MAC address. Select Discard source and Discard destination to block traffic to/from the MAC address specified in the MAC field. GS3700/XGS3700 Series User’s Guide...
Page 111 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. GS3700/XGS3700 Series User’s Guide...
Page 112: Spanning Tree Protocol
Path Cost 4Mbps 100 to 1000 1 to 65535 Path Cost 10Mbps 50 to 600 1 to 65535 Path Cost 16Mbps 40 to 400 1 to 65535 Path Cost 100Mbps 10 to 60 1 to 65535 GS3700/XGS3700 Series User’s Guide...
Page 113: How Stp Works
MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information. GS3700/XGS3700 Series User’s Guide...
Page 114: Multiple Stp
• A VLAN can be mapped to a specific Multiple Spanning Tree Instance (MSTI). MSTI allows multiple VLANs to use the same spanning tree. • Load-balancing is possible as traffic from different VLANs can use distinct paths in a region. GS3700/XGS3700 Series User’s Guide...
Page 115 Each MSTP-enabled device can only belong to one MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region. GS3700/XGS3700 Series User’s Guide...
Page 116 MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions and single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP. Figure 66 MSTP and Legacy RSTP Network Example GS3700/XGS3700 Series User’s Guide...
Page 117: Spanning Tree Protocol Status Screen
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 118: Configure Rapid Spanning Tree Protocol
Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. GS3700/XGS3700 Series User’s Guide...
Page 119: Rapid Spanning Tree Protocol Status
11.5 Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 112 for more information on RSTP. GS3700/XGS3700 Series User’s Guide...
Page 120 Spanning Tree. Topology Changed This is the number of times the spanning tree has been reconfigured. Times Time Since Last This is the time since the spanning tree was last reconfigured. Change GS3700/XGS3700 Series User’s Guide...
Page 121: Configure Multiple Rapid Spanning Tree Protocol
Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. GS3700/XGS3700 Series User’s Guide...
Page 122: Multiple Rapid Spanning Tree Protocol Status
11.7 Multiple Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 112 for more information on MRSTP. GS3700/XGS3700 Series User’s Guide...
Page 123 Spanning Tree. Topology Changed This is the number of times the spanning tree has been reconfigured. Times Time Since Last This is the time since the spanning tree was last reconfigured. Change GS3700/XGS3700 Series User’s Guide...
Page 124: Configure Multiple Spanning Tree Protocol
11.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. Section 11.1.5 on page 114 for more information on MSTP. Figure 73 Advanced Application > Spanning Tree Protocol > MSTP GS3700/XGS3700 Series User’s Guide...
Page 125 Add - to add this range of VLAN(s) to be mapped to the MST instance. • Remove - to remove this range of VLAN(s) from being mapped to the MST instance. • Clear - to remove all VLAN(s) from being mapped to this MST instance. GS3700/XGS3700 Series User’s Guide...
Page 126 This field display the ports configured to participate in the MST instance. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 127: Multiple Spanning Tree Protocol Port Configuration
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 128: Multiple Spanning Tree Protocol Status
This is the time (in seconds) the root switch will wait before changing states (that is, (second) listening to learning to forwarding). Cost to Bridge This is the path cost from the root port on this Switch to the root switch. GS3700/XGS3700 Series User’s Guide...
Page 129 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. GS3700/XGS3700 Series User’s Guide...
Page 130: Bandwidth Control
CIR will be marked for drop. Note: The CIR should be less than the PIR. Note: The sum of CIRs cannot be greater than or equal to the uplink bandwidth. GS3700/XGS3700 Series User’s Guide...
Page 131: Bandwidth Control Setup
Active Select this check box to activate egress rate limits on this port. Egress Rate Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic flow on a port. GS3700/XGS3700 Series User’s Guide...
Page 132 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 133: Broadcast Storm Control
You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 77 Advanced Application > Broadcast Storm Control GS3700/XGS3700 Series User’s Guide...
Page 134 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 135: Mirroring
Source Destination Intermediate Reflector port Monitor port Connected port Connected port Connected port Mirroring port Connected port Remote Port Mirroring (RMirror) VLAN GS3700/XGS3700 Series User’s Guide...
Page 136 Connected port Connected port Monitor port Source Reflector port Mirroring port Connected ports Destination B Intermediate B Connected port Monitor port Connected port Connected port Destination C Monitor port Connected port Remote Port Mirroring (RMirror) VLAN GS3700/XGS3700 Series User’s Guide...
Page 137 Table 53 Port Rules between Remote and Local Port Mirroring RMirror Source Source Source Connected Connected Destination Mirroring Reflector Port in Single- Port Monitor Port Port Port Destination RMirror Mirroring Local Port Port Monitor Mirroring Port GS3700/XGS3700 Series User’s Guide...
Page 138: Local Port Mirroring
Note: Changes in this row are copied to all the ports as soon as you make them. Mirrored Select this option to mirror the traffic on a port. Direction Specify the direction of the traffic to mirror by selecting from the drop-down list box. Choices are Egress (outgoing), Ingress (incoming) and Both. GS3700/XGS3700 Series User’s Guide...
Page 139: Remote Port Mirroring
Click Cancel to begin configuring this screen afresh. 14.1.3 Source Use this screen to configure the reflector port and specify the traffic flow to be copied to the monitor port when the Switch is the source device in remote port mirroring. GS3700/XGS3700 Series User’s Guide...
Page 140 Note: Changes in this row are copied to all the ports as soon as you make them. Mirrored Select this option to mirror the traffic on a port. GS3700/XGS3700 Series User’s Guide...
Page 141: Destination
Select the RMirror VLAN over which the mirrored traffic is forwarded. Monitor Port Specify the port to which you copy the traffic in order to examine it in more detail without interfering with the traffic flow on the original port(s). GS3700/XGS3700 Series User’s Guide...
Page 142: Connected Port
RMirror VLAN. Click the Connected Port link in the RMirror screen. The following screen opens. Figure 82 Advanced Application > Mirroring > RMirror > Connected Port GS3700/XGS3700 Series User’s Guide...
Page 143 VLAN This field displays the ID number of port mirroring VLAN over which the mirrored traffic is forwarded. Connected Port This field displays the number of port(s) that helps forward mirrored traffic to other connected switches. GS3700/XGS3700 Series User’s Guide...
Page 144: Link Aggregation
• You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. GS3700/XGS3700 Series User’s Guide...
Page 145: Link Aggregation Id
Section 15.1 on page 144 for more information. Figure 83 Advanced Application > Link Aggregation Status Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. GS3700/XGS3700 Series User’s Guide...
Page 146 This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. GS3700/XGS3700 Series User’s Guide...
Page 147: Link Aggregation Setting
This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. GS3700/XGS3700 Series User’s Guide...
Page 148 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 149: Link Aggregation Control Protocol
Table 63 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable dynamic link aggregation. Aggregation Control Protocol Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). GS3700/XGS3700 Series User’s Guide...
Page 150: Static Trunking Example
Make your physical connections - make sure that the ports that you want to belong to the trunk group are connected to the same destination. The following figure shows ports 2-5 on switch A connected to switch B. Figure 86 Trunking Example - Physical Connections GS3700/XGS3700 Series User’s Guide...
Page 151 Click Apply when you are done. Figure 87 Trunking Example - Configuration Screen EXAMPLE Your trunk group 1 (T1) configuration is now complete. GS3700/XGS3700 Series User’s Guide...
Page 152: Port Authentication
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. GS3700/XGS3700 Series User’s Guide...
Page 153: Mac Authentication
Session Granted/Denied 16.1.2 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based GS3700/XGS3700 Series User’s Guide...
Page 154: Port Authentication Configuration
Radius Server Setup screen. To activate a port authentication method, click Advanced Application > Port Authentication in the navigation panel. Select a port authentication method in the screen that appears. Figure 90 Advanced Application > Port Authentication GS3700/XGS3700 Series User’s Guide...
Page 155: Activate Ieee 802.1X Security
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this checkbox to permit 802.1x authentication on this port. You must first allow 802.1x authentication on the Switch before configuring it on each port. GS3700/XGS3700 Series User’s Guide...
Page 156: Guest Vlan
VLAN, such as the Internet. The rights granted to the Guest VLAN depends on how the network administrator configures switches or routers with the guest network feature. Figure 92 Guest VLAN Example VLAN 100 VLAN 102 Internet GS3700/XGS3700 Series User’s Guide...
Page 157 Switch. You must also enable IEEE 802.1x authentication on the Switch and the associated ports. Enter the number that identifies the guest VLAN. Make sure this is a VLAN recognized in your network. GS3700/XGS3700 Series User’s Guide...
Page 158: Activate Mac Authentication
16.2.3 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. Figure 94 Advanced Application > Port Authentication > MAC Authentication GS3700/XGS3700 Series User’s Guide...
Page 159 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 160: Port Security
17.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. Figure 95 Advanced Application > Port Security GS3700/XGS3700 Series User’s Guide...
Page 161 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 162: Vlan Mac Address Limit
This is the maximum number of MAC addresses which a port can learn in a VLAN. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. GS3700/XGS3700 Series User’s Guide...
Page 163: Classifier
Use the Classifier screen to define the classifiers. After you define the classifier, you can specify actions (or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 19 on page 169. GS3700/XGS3700 Series User’s Guide...
Page 164 The following table describes the labels in this screen. Table 69 Advanced Application > Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. GS3700/XGS3700 Series User’s Guide...
Page 165 Note: You must select either UDP or TCP in the IP Protocol field before you configure the Number socket numbers. Select Any to apply the rule to all TCP/UDP protocol port numbers or select the second option and enter a TCP/UDP protocol port number. GS3700/XGS3700 Series User’s Guide...
Page 166: Viewing And Editing Classifier Configuration
This field displays the descriptive name for this rule. This is for identification purposes only. Rule This field displays a summary of the classifier rule’s settings. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 167 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Some of the most common IP ports are: Table 72 Common IP Ports PORT NUMBER PORT NAME Telnet SMTP HTTP POP3 GS3700/XGS3700 Series User’s Guide...
Page 168: Classifier Example
Figure 99 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 19 on page 169 for information on configuring a policy rule. GS3700/XGS3700 Series User’s Guide...
Page 169: Policy Rule
Resources can then be allocated according to the DSCP values and the configured policies. 19.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 18.2 on page 163 more information. GS3700/XGS3700 Series User’s Guide...
Page 170 Figure 100 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 73 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. GS3700/XGS3700 Series User’s Guide...
Page 171 Select Send the packet to the egress port to send the packet to the egress port. Metering Select Enable to activate bandwidth limitation on the traffic flow(s) then set the actions to be taken on out-of-profile packets. GS3700/XGS3700 Series User’s Guide...
Page 172: Viewing And Editing Policy Configuration
This field displays the name you have assigned to this policy. Classifier(s) This field displays the name(s) of the classifier to which this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 173: Policy Example
The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page 168). Figure 102 Policy Example EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 174: Queuing Method
The weights range from 1 to 15 and the actual guaranteed bandwidth is calculated as follows: Weight x 2 KB If the weight setting is 5, the actual quantum guaranteed to the associated queue would be as follows: 5 x 2KB = 10 KB GS3700/XGS3700 Series User’s Guide...
Page 175: Weighted Round Robin Scheduling (Wrr)
This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. 20.2 Configuring Queuing Click Advanced Application > Queuing Method in the navigation panel. Figure 103 Advanced Application > Queuing Method GS3700/XGS3700 Series User’s Guide...
Page 176 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 177: Vlan Stacking
In the following example figure, both A and B are Service Provider’s Network (SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by GS3700/XGS3700 Series User’s Guide...
Page 178: Vlan Stacking Port Roles
All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by the Service Provider’s (SP) VLAN ID (VID)). Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. GS3700/XGS3700 Series User’s Guide...
Page 179: Vlan Tag Format
Len/Etype Data Double-tagged frame Table 78 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/Etype Length and type of Ethernet frame (SP)TPID (Service Provider) Tag Protocol IDentifier Data Frame data VLAN ID Frame Check Sequence GS3700/XGS3700 Series User’s Guide...
Page 180: Configuring Vlan Stacking
The value of this field is 0x8100 as defined in IEEE 802.1Q. If the Switch needs to communicate with other vendors’ devices, they should use the same TPID. Note: You can define up to four different tunnel TPIDs (including 8100) in this screen at a time. GS3700/XGS3700 Series User’s Guide...
Page 181: Port-Based Q-In-Q
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 182: Selective Q-In-Q
Cancel Click Cancel to begin configuring this screen afresh. Index This is the number of the selective VLAN stacking rule. Click on an index number to change the settings. GS3700/XGS3700 Series User’s Guide...
Page 183 This is the service provider’s priority level in the packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 184: Multicast
You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. GS3700/XGS3700 Series User’s Guide...
Page 185: Igmp Snooping
In the following MLD snooping-proxy example, all connected upstream ports (1 ~7) are treated as one interface. The connection between ports 8 and 9 is blocked by STP to break the loop. If there is GS3700/XGS3700 Series User’s Guide...
Page 186: Mld Messages
22.2 Multicast Setup Use this screen to configure IGMP for IPv4 or MLD for IPv6 and set up multicast VLANs. Click Advanced Application > Multicast in the navigation panel. Figure 108 Advanced Application > Multicast Setup GS3700/XGS3700 Series User’s Guide...
Page 187: Ipv4 Multicast Status
This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. GS3700/XGS3700 Series User’s Guide...
Page 188: Igmp Snooping
IGMP group membership entry if it does not receive report messages from the port. 802.1p Priority Select a priority level (0-7) to which the Switch changes the priority in outgoing IGMP control packets. Otherwise, select No-Change to not replace the priority. GS3700/XGS3700 Series User’s Guide...
Page 189 Max Group Num. Enter the number of multicast groups this port is allowed to join. Once a port is registered in the specified number of multicast groups, any new IGMP join report frame(s) is dropped on this port. GS3700/XGS3700 Series User’s Guide...
Page 190 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 191: Igmp Snooping Vlan
Click Cancel to begin configuring this screen afresh. VLAN Use this section of the screen to add VLANs upon which the Switch is to perform IGMP snooping. Name Enter the descriptive name of the VLAN for identification purposes. GS3700/XGS3700 Series User’s Guide...
Page 192: Igmp Filtering Profile
Click Advanced Application > Multicast > IPv4 Multicast in the navigation panel. Click the IGMP Snooping link and then the IGMP Filtering Profile link to display the screen as shown. Figure 112 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile GS3700/XGS3700 Series User’s Guide...
Page 193: Ipv6 Multicast Status
Table 87 Advanced Application > Multicast > IPv6 Multicast LABEL DESCRIPTION Index This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. GS3700/XGS3700 Series User’s Guide...
Page 194: Mld Snooping-Proxy
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 195: Mld Snooping-Proxy Vlan
T = (QI*RV) + MRD, where T = Timeout, QI = Query Interval, RV = Robustness Variable, and MRD = Maximum Response Delay. When an MLD Done message is received, the Switch sets the entry’s lifetime to be the product of Last Member Query Interval and Robustness Variable GS3700/XGS3700 Series User’s Guide...
Page 196 This field displays the ID number of the VLAN group. Delete Check the entry(ies) that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 197: Mld Snooping-Proxy Vlan Port Role Setting
Report or Done messages when receiving queries from a multicast router. Otherwise, select None if the port is not joining a multicast group or does not belong to this VLAN. GS3700/XGS3700 Series User’s Guide...
Page 198: Mld Snooping-Proxy Filtering
Click Cancel to reset the fields to your previous configuration. 22.4.4 MLD Snooping-proxy Filtering Use this screen to configure the Switch’s MLD filtering settings. Click the MLD Snooping-proxy link and then the Filtering link in the Advanced Application > Multicast > IPv6 Multicast GS3700/XGS3700 Series User’s Guide...
Page 199 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. GS3700/XGS3700 Series User’s Guide...
Page 200: Mld Snooping-Proxy Filtering Profile
Profile Name This field displays the descriptive name of the profile. Start Address This field displays the start of the multicast IPv6 address range. End Address This field displays the end of the multicast IPv6 address range. GS3700/XGS3700 Series User’s Guide...
Page 201: Mvr Overview
You can set your Switch to operate in either dynamic or compatible mode. In dynamic mode, the Switch sends IGMP leave and join reports to the other multicast devices (such as multicast routers or servers) in the multicast VLAN. This allows the multicast devices to GS3700/XGS3700 Series User’s Guide...
Page 202: How Mvr Works
VLAN. Click Advanced Application > Multicast > Multicast Setup > MVR to display the screen as shown next. Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 203 Select Dynamic to send IGMP reports or MLD messages to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports or MLD messages. Port This field displays the port number on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 204: Mvr Group Configuration
All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Use this screen to configure MVR IP multicast group address(es). Click the Group Configuration link in the MVR screen. GS3700/XGS3700 Series User’s Guide...
Page 205 Group Name This field displays the descriptive name for this setting. Start Address This field displays the starting IP address of the multicast group. End Address This field displays the ending IP address of the multicast group. GS3700/XGS3700 Series User’s Guide...
Page 206: Mvr Configuration Example
News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN 1 are able to receive the traffic. Figure 123 MVR Configuration Example News: 224.1.4.10 ~ 224.1.4.50 Movie: 230.1.2.50 ~230.1.2.60 VLAN 1 Multicast VID 200 GS3700/XGS3700 Series User’s Guide...
Page 207 Chapter 22 Multicast To configure the MVR settings on the Switch, create a multicast VLAN in the MVR screen and set the receiver and source ports. Figure 124 MVR Configuration Example EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 208 Group Configuration screen. The following figure shows an example where two IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 125 MVR Group Configuration Example EXAMPLE Figure 126 MVR Group Configuration Example EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 209: Aaa
By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Chapter 42 on page 337). GS3700/XGS3700 Series User’s Guide...
Page 210: Radius And Tacacs
23.2.1 RADIUS Server Setup Use this screen to configure your RADIUS server settings. See Section 23.1.2 on page 210 for more information on RADIUS servers and Section 23.3 on page 218 for RADIUS attributes utilized by the GS3700/XGS3700 Series User’s Guide...
Page 211 Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch. GS3700/XGS3700 Series User’s Guide...
Page 212 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 213: Tacacs+ Server Setup
TACACS+ server for 15 seconds and then tries the second TACACS+ server. Index This is a read-only number representing a TACACS+ server entry. IP Address Enter the IP address of an external TACACS+ server in dotted decimal notation. GS3700/XGS3700 Series User’s Guide...
Page 214 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 215: Aaa Setup
Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. GS3700/XGS3700 Series User’s Guide...
Page 216 If you don’t select this and you have two accounting servers set up, then the Switch sends information to the first accounting server and if it doesn’t get a response from the accounting server then it tries the second accounting server. GS3700/XGS3700 Series User’s Guide...
Page 217: Vendor Specific Attribute
• Vendor-Type: A vendor specified attribute, identifying the setting you want to modify. • Vendor-data: A value you want to assign to the setting. Note: Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server. GS3700/XGS3700 Series User’s Guide...
Page 218: Tunnel Protocol Attribute
Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This section lists the RADIUS attributes supported by the Switch. GS3700/XGS3700 Series User’s Guide...
Page 219: Attributes Used For Authentication
- This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 23.3.2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. GS3700/XGS3700 Series User’s Guide...
Page 220    NAS-IP-Address    Service-Type    Calling-Station-Id    Acct-Status-Type    Acct-Delay-Time    Acct-Session-Id    Acct-Authentic    Acct-Session-Time   Acct-Terminate-Cause  GS3700/XGS3700 Series User’s Guide...
Page 221  Acct-Delay-Time    Acct-Session-Id    Acct-Authentic    Acct-Input-Octets   Acct-Output-Octets   Acct-Session-Time   Acct-Input-Packets   Acct-Output-Packets   Acct-Terminate-Cause  Acct-Input-Gigawords   Acct-Output-Gigawords   GS3700/XGS3700 Series User’s Guide...
Page 222: Ip Source Guard
Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. GS3700/XGS3700 Series User’s Guide...
Page 223 Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the file, that binding and all others after it are ignored. GS3700/XGS3700 Series User’s Guide...
Page 224: Arp Inspection Overview
In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things: GS3700/XGS3700 Series User’s Guide...
Page 225 ARP inspection so that the Switch has enough time to build the binding table. Enable ARP inspection on each VLAN. Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. GS3700/XGS3700 Series User’s Guide...
Page 226: Ip Source Guard
MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN GS3700/XGS3700 Series User’s Guide...
Page 227 ARP entries for the specified VLAN(s) are added to the static bindings table after you click ARP Freeze. Static Binding MAC Address Enter the source MAC address in the binding. IP Address Enter the IP address assigned to the MAC address in the binding. GS3700/XGS3700 Series User’s Guide...
Page 228 Delete Select the entry(ies) that you want to remove in the Delete column, then click the Delete button to remove the selected entry(ies) from the table. Cancel Click this to clear the Delete check boxes above. GS3700/XGS3700 Series User’s Guide...
Page 229: Dhcp Snooping
This section displays the current settings for the DHCP snooping database. You can configure them in the DHCP Snooping Configure screen. See Section 24.5 on page 231. Agent URL This field displays the location of the DHCP snooping database. GS3700/XGS3700 Series User’s Guide...
Page 230 This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database. Database detail First successful access This field displays the first time the Switch accessed the DHCP snooping database for any reason. GS3700/XGS3700 Series User’s Guide...
Page 231: Dhcp Snooping Configure
Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database. The DHCP snooping database stores the current bindings on a secure, external TFTP server so that they are GS3700/XGS3700 Series User’s Guide...
Page 232 Enter how long (10-65535 seconds) the Switch waits to update the DHCP snooping interval database the first time the current bindings change after an update. Once the next update is scheduled, additional changes in current bindings are automatically included in the next update. GS3700/XGS3700 Series User’s Guide...
Page 233: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 138 IP Source Guard > DHCP Snooping Port Configure GS3700/XGS3700 Series User’s Guide...
Page 234: Dhcp Snooping Vlan Configure
Switch relays to a DHCP server for each VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN. Figure 139 IP Source Guard > DHCP Snooping VLAN Configure GS3700/XGS3700 Series User’s Guide...
Page 235: Dhcp Snooping Vlan Port Configure
Use this screen to apply a different DHCP option 82 profile to certain ports in a VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN > Port. Figure 140 IP Source Guard > DHCP Snooping VLAN Port Configure GS3700/XGS3700 Series User’s Guide...
Page 236: Arp Inspection Status
Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address GS3700/XGS3700 Series User’s Guide...
Page 237 Click this to remove the selected entries. Cancel Click this to clear the Delete check boxes above. Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. GS3700/XGS3700 Series User’s Guide...
Page 238: Arp Inspection Vlan Status
This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted. Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted. GS3700/XGS3700 Series User’s Guide...
Page 239: Arp Inspection Log Status
In the ARP Inspection VLAN Configure screen, you can configure the Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See Section 24.7.2 on page 242. Time This field displays when the log message was generated. GS3700/XGS3700 Series User’s Guide...
Page 240: Arp Inspection Configure
Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 24.6.2 on page 239. GS3700/XGS3700 Series User’s Guide...
Page 241: Arp Inspection Port Configure
Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 145 IP Source Guard > ARP Inspection Port Configure GS3700/XGS3700 Series User’s Guide...
Page 242: Arp Inspection Vlan Configure
ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN. Figure 146 IP Source Guard > ARP Inspection VLAN Configure GS3700/XGS3700 Series User’s Guide...
Page 243 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS3700/XGS3700 Series User’s Guide...
Page 244: Loop Guard
• It will receive broadcast messages sent out from the switch in loop state. • It will receive its own broadcast messages that it sends out as they loop back. It will then re- broadcast those messages again. GS3700/XGS3700 Series User’s Guide...
Page 245 In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 150 Loop Guard - Network Loop GS3700/XGS3700 Series User’s Guide...
Page 246: Loop Guard Setup
Switch it is connected to is in loop state. If the Switch that this port is connected is in loop state the Switch will shut down this port. Clear this check box to disable the loop guard feature. GS3700/XGS3700 Series User’s Guide...
Page 247 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 248: Vlan Mapping
VLAN mapping rule. The Switch translates the VLAN ID from 12 into 123 before forwarding the packets. Any packets carrying a VLAN tag other than 12 (such as 10) and received on port 3 will be dropped. Figure 152 VLAN mapping example Service Provider Network Port 3 GS3700/XGS3700 Series User’s Guide...
Page 249: Enabling Vlan Mapping
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 250: Configuring Vlan Mapping
This is the customer VLAN ID in the incoming packets. Translated VID This is the VLAN ID that replaces the customer VLAN ID in the tagged packets. Priority This is the priority level that replaces the customer priority level in the tagged packets. GS3700/XGS3700 Series User’s Guide...
Page 251 Table 119 VLAN Mapping Configuration (continued) LABEL DESCRIPTION Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 252: Layer 2 Protocol Tunneling
In the following example, if you enable L2PT for STP, you can have switches A, B, C and D in the same spanning tree, even though switch A is not directly connected to switches B, C and D. Topology change information can be propagated throughout the service provider’s network. GS3700/XGS3700 Series User’s Guide...
Page 253: Layer-2 Protocol Tunneling Mode
• The Tunnel port is an egress port at the edge of the service provider's network and connected to another service provider’s switch. Incoming encapsulated layer-2 protocol packets received on a tunnel port are decapsulated and sent to an access port. GS3700/XGS3700 Series User’s Guide...
Page 254: Configuring Layer 2 Protocol Tunneling
Note: Changes in this row are copied to all the ports as soon as you make them. Select this option to have the Switch tunnel CDP (Cisco Discovery Protocol) packets so that other Cisco devices can be discovered through the service provider’s network. GS3700/XGS3700 Series User’s Guide...
Page 255 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 256: Sflow
For example, you can use it to know which IP address or which type of traffic caused network congestion. Figure 158 sFlow Application sFlow Agent sFlow Collector GS3700/XGS3700 Series User’s Guide...
Page 257: Sflow Port Configuration
Enter a number (N) from 256 to 65535. The Switch captures every one out of N packets for this port and creates sFlow datagram. poll-interval Specify a time interval (from 20 to 120 in seconds) the Switch waits before sending the sFlow datagram and packet counters for this port to the collector. GS3700/XGS3700 Series User’s Guide...
Page 258: Sflow Collector Configuration
This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. GS3700/XGS3700 Series User’s Guide...
Page 259 This field displays port number the Switch uses to send sFlow datagram to the collector. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 260: Pppoe
There are two types of sub-option: “Agent Circuit ID Sub-option” and “Agent Remote ID Sub- option”. They have the following formats. Table 124 PPPoE IA Circuit ID Sub-option Format: User-defined String SubOpt Length Value 0x01 String (1 byte) (1 byte) (63 bytes) GS3700/XGS3700 Series User’s Guide...
Page 261: Port State
DHCP snooping or ARP inspection. You can also specify the agent sub-options (circuit ID and remote ID) that the Switch adds to PADI and PADR packets from PPPoE clients. GS3700/XGS3700 Series User’s Guide...
Page 262: The Pppoe Screen
Figure 161 Advanced Application > PPPoE Intermediate Agent 29.3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client. GS3700/XGS3700 Series User’s Guide...
Page 263 Select a delimiter to separate the identifier-string, slot ID, port number and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. GS3700/XGS3700 Series User’s Guide...
Page 264: Pppoe Ia Per-Port
Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS3700/XGS3700 Series User’s Guide...
Page 265: Pppoe Ia Per-Port Per-Vlan
Cancel Click Cancel to begin configuring this screen afresh. 29.3.2 PPPoE IA Per-Port Per-VLAN Use this screen to configure PPPoE IA settings that apply to a specific VLAN on a port. GS3700/XGS3700 Series User’s Guide...
Page 266 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 267: Pppoe Ia For Vlan
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 268: Error Disable
After that, you need to enable the port(s) or allow the packets on a port manually via the web configurator or the commands. With error-disable recovery, you can set the disabled port(s) to become active or start receiving the packets again after the time interval you specify. GS3700/XGS3700 Series User’s Guide...
Page 269: The Error Disable Screen
Note: After you configure this screen, make sure you also enable error detection for the specific control packets in the Advanced Application > Errdisable > Errdisable Detect screen. Figure 167 Advanced Application > Errdisable > CPU protection GS3700/XGS3700 Series User’s Guide...
Page 270: Error-Disable Detect Configuration
Note: Changes in this row are copied to all the entries as soon as you make them. Active Select this option to have the Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below. GS3700/XGS3700 Series User’s Guide...
Page 271: Error-Disable Recovery Configuration
Use this row to make the setting the same for all entries. Use this row first and then make adjustments to each entry if necessary. Note: Changes in this row are copied to all the entries as soon as you make them. GS3700/XGS3700 Series User’s Guide...
Page 272 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 273: Mac Pinning
MAC address of a server (B) connected to one of the Switch’s ports, on which MAC pinning is enabled, the responses from clients will still be forwarded to the server according to the Switch’s MAC forwarding table. [MAC x, VLAN y] [MAC x, VLAN y] GS3700/XGS3700 Series User’s Guide...
Page 274: Mac Pinning Configuration
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 275: Private Vlan
Primary VLAN only. They cannot communicate with other isolated ports in the same Isolated VLAN, non-associated Primary VLAN promiscuous ports nor any community ports. Table 136 PVLAN Graphic Key LABEL DESCRIPTION P-VLAN 100 Primary private VLAN GS3700/XGS3700 Series User’s Guide...
Page 276 C-VLAN 101. They cannot communicate with isolated ports in I-VLAN 102. • Isolated ports can communicate with promiscuous ports in P-VLAN 100. They cannot communicate with other isolated ports in I-VLAN 102 nor community ports in C-VLAN 101. GS3700/XGS3700 Series User’s Guide...
Page 277: Configuration
You must go to the Static VLAN screen first (see Section 7.5.3 on page 92) to create VLAN IDs for Primary, Isolated or Community VLANs. Click Advanced Application > Private VLAN to display the following screen. Advanced Application > Private VLAN Figure 171 GS3700/XGS3700 Series User’s Guide...
Page 278 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 279: Green Ethernet
Shorter cables lose less power, so Short Reach saves power by adjusting the transmit power of each port according to the length of cable attached to that port. 33.2 Configuring Green Ethernet Click Advanced Application > Green Ethernet in the navigation panel to display the screen as shown. GS3700/XGS3700 Series User’s Guide...
Page 280 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 281: Static Route
34.2 Static Routing Click IP Application > Static Routing in the navigation panel to display the screen as shown. Click the link next to IPv4 Static Route to open a screen where you can create IPv4 static routing GS3700/XGS3700 Series User’s Guide...
Page 282: Configuring Ipv4 Static Routing
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch Address that will forward the packet to the destination. The gateway must be a router on the same segment as your Switch. GS3700/XGS3700 Series User’s Guide...
Page 283 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 284: Configuring Ipv6 Static Routing
This field displays the IPv6 subnet prefix and prefix length of the final destination. Destination/ Prefix Length Next Hop This field displays the IPv6 address of the gateway that helps forward the packet to the destination. GS3700/XGS3700 Series User’s Guide...
Page 285 Chapter 34 Static Route Table 141 IP Application > Static Routing > IPv6 Static Route (continued) LABEL DESCRIPTION Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 286: Policy Routing
• Cost Savings – Policy routing allows organizations to distribute interactive traffic on high- bandwidth, high-cost paths while using low-cost paths for batch traffic. • Load Sharing – Network administrators can use policy routing to distribute traffic among multiple paths. GS3700/XGS3700 Series User’s Guide...
Page 287: Configuring Policy Routing Profile
Section 35.2 on page 287). Use this screen to configure a policy route to override the default (shortest path) routing behavior and forward packets based on the classifier and action you specify. A policy route rule defines the GS3700/XGS3700 Series User’s Guide...
Page 288 This field displays the available active classifiers you configure in the Classifier screen (see Chapter 18 on page 163), which are not used by any policy rule or policy routing rule. Select a classifier to which this policy routing rule applies. GS3700/XGS3700 Series User’s Guide...
Page 289 This field displays the name of the classifier to which this policy applies. Rule Delete Select the policy routing rule(s) that you want to remove. Delete Click Delete to remove the selected entry(ies) from the summary table. Cancel Click Cancel to clear the Rule Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 290: Differentiated Services
The boundary node (A in Figure 180) in a DiffServ network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules. A network administrator can then apply GS3700/XGS3700 Series User’s Guide...
Page 291: Two Rate Three Color Marker Traffic Policing
In the color-aware mode, packets are marked based on both existing color and evaluation against the PIR and CIR. If the packets do not match any of colors, then the packets proceed unchanged. GS3700/XGS3700 Series User’s Guide...
Page 292: Trtcm - Color-Blind Mode
Low Packet Red? Yellow? Loss PIR? CIR? Medium Packet High Packet High Packet Medium Packet Loss Loss Loss Loss 36.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). GS3700/XGS3700 Series User’s Guide...
Page 293: Configuring 2-Rate 3 Color Marker Settings
Click Cancel to begin configuring this screen afresh. 36.3.1 Configuring 2-Rate 3 Color Marker Settings Use this screen to configure TRTCM settings. Click the 2-rate 3 Color Marker link in the DiffServ screen to display the screen as shown next. GS3700/XGS3700 Series User’s Guide...
Page 294 Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this to activate TRTCM on the port. GS3700/XGS3700 Series User’s Guide...
Page 295: Dscp Profile
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the fields to your previous configuration. GS3700/XGS3700 Series User’s Guide...
Page 296: Dscp-To-Ieee 802.1P Priority Settings
IEEE 802.1p 36.4.1 Configuring DSCP Settings To change the DSCP-IEEE 802.1p mapping, click the DSCP Setting link in the DiffServ screen to display the screen as shown next. Figure 186 IP Application > DiffServ > DSCP Setting GS3700/XGS3700 Series User’s Guide...
Page 297 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 298: Dhcp
37.2 DHCP Configuration Click IP Application > DHCP in the navigation panel to display the screen as shown. Click the link next to DHCPv4 to open screens where you can enable and configure DHCPv4 server/relay settings GS3700/XGS3700 Series User’s Guide...
Page 299: Dhcpv4 Status
Global - if the Switch is configured as a DHCP relay agent only. • VLAN - followed by a VLAN ID or multiple VLAN IDs if it is configured as a relay agent for specific VLAN(s). GS3700/XGS3700 Series User’s Guide...
Page 300: Dhcpv4 Server Status Detail
37.4 DHCPv4 Relay Configure DHCP relay on the Switch if the DHCP clients and the DHCP server are not in the same broadcast domain. During the initial IP address leasing, the Switch helps to relay network GS3700/XGS3700 Series User’s Guide...
Page 301: Dhcpv4 Relay Agent Information
(1 byte) (1 byte) The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent Remote ID sub-option. The next field specifies the length of the field. GS3700/XGS3700 Series User’s Guide...
Page 302: Dhcpv4 Option 82 Profile
Use this section to configure the Remote ID sub-option to include information that identifies the relay agent (the Switch). Enable Select this option to have the Switch append the Remote ID sub-option to the option 82 field of DHCP requests. GS3700/XGS3700 Series User’s Guide...
Page 303: Configuring Dhcpv4 Global Relay
Table 155 IP Application > DHCP > DHCPv4 > Global LABEL DESCRIPTION Active Select this check box to enable DHCPv4 relay. Remote DHCP Enter the IP address of a DHCPv4 server in dotted decimal notation. Server 1 .. 3 GS3700/XGS3700 Series User’s Guide...
Page 304: Dhcpv4 Global Relay Port Configure
Cancel Click this to reset the values above based on the last selected entry or, if not applicable, to clear the fields above. Clear Click Clear to reset the fields to the factory defaults. GS3700/XGS3700 Series User’s Guide...
Page 305: Global Dhcp Relay Configuration Example
192.168.1.100 VLAN2 VLAN1 Configure the DHCP Relay screen as shown. Make sure you select a DHCP option 82 profile (default1 in this example) to set the Switch to send additional information (such as the VLAN ID) GS3700/XGS3700 Series User’s Guide...
Page 306: Configuring Dhcp Vlan Settings
Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP > DHCPv4 in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. GS3700/XGS3700 Series User’s Guide...
Page 307 Specify the size, or count of the IP address pool. The Switch can issue from 1 to 253 IP IP Pool addresses to DHCP clients. IP Subnet Enter the subnet mask for the client IP pool. Mask Default Enter the IP address of the default gateway device. Gateway GS3700/XGS3700 Series User’s Guide...
Page 308: Dhcpv4 Vlan Port Configure
Use this screen to apply a different DHCP option 82 profile to certain ports in a VLAN. To open this screen, click IP Application > DHCP > DHCPv4 > VLAN > Port. Figure 196 IP Application > DHCP > DHCPv4 > VLAN > Port GS3700/XGS3700 Series User’s Guide...
Page 309: Example: Dhcp Relay For Two Vlans
The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.168.1.100. Requests from GS3700/XGS3700 Series User’s Guide...
Page 310 (VLAN 2) are sent to the other DHCP server with an IP address of 172.16.10.100. Figure 197 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.16.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 198 DHCP Relay for Two VLANs Configuration Example EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 311: Dhcpv6 Relay
This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. GS3700/XGS3700 Series User’s Guide...
Page 312 This field displays whether the remote-ID option is added to DHCPv6 requests from clients in this VLAN. Delete Check the entry(ies) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. GS3700/XGS3700 Series User’s Guide...
Page 313: Vrrp
Switch B, having a lower priority, is the backup router. Figure 200 VRRP: Example 1 172.16.1.1 172.16.1.100 172.16.1.10 If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B. GS3700/XGS3700 Series User’s Guide...
Page 314: Vrrp Status
The following sections describe the different parts of the VRRP Configuration screen. 38.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 6.5 on page 62 for more information). GS3700/XGS3700 Series User’s Guide...
Page 315 Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface. When you select Simple in the Authentication field, enter a password key (up to eight printable ASCII character long) in this field. GS3700/XGS3700 Series User’s Guide...
Page 316: Vrrp Parameters
Disable preempt mode to prevent this from happening. By default, a layer 3 device with the same IP address as the virtual router will become the master router regardless of the preempt mode. GS3700/XGS3700 Series User’s Guide...
Page 317: Configuring Vrrp Parameters
Enter the IP address of the primary virtual router in dotted decimal notation. Secondary Virtual IP This field is optional. Enter the IP address of a secondary virtual router in dotted decimal notation. This field is ignored when you enter 0.0.0.0. GS3700/XGS3700 Series User’s Guide...
Page 318: Viewing Vrrp Summary
Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 38.4 VRRP Configuration Examples The following sections show two VRRP configuration examples on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 319: One Subnet Network Example
You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 206 VRRP Example 1: VRRP Parameter Settings on Switch A EXAMPLE Figure 207 VRRP Example 1: VRRP Parameter Settings on Switch B EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 320: Two Subnets Example
You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2. On the other hand, switch B is the master for VR2 and a backup for VR1. Figure 210 VRRP Configuration Example: Two Virtual Router Network 172.16.1.1 172.16.1.100 172.16.1.10 GS3700/XGS3700 Series User’s Guide...
Page 321 After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 213 VRRP Example 2: VRRP Status on Switch A EXAMPLE Figure 214 VRRP Example 2: VRRP Status on Switch B EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 322: Load Sharing
With ECMP, packets are routed through the paths of equal cost according to the hash algorithm output. 39.2 Configuring Load Sharing Click IP Application > Load Sharing in the navigation panel to display the screen as shown next. Figure 215 IP Application > Load Sharing GS3700/XGS3700 Series User’s Guide...
Page 323 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 324: Arp Setup
LAN. When the Switch receives the ARP reply from host B, it updates its ARP table and also forwards host A’s ICMP request to host B. After the Switch gets the GS3700/XGS3700 Series User’s Guide...
Page 325 In Gratuitous-ARP learning mode, the Switch updates its ARP table with either an ARP reply or a gratuitous ARP request. 40.1.2.3 ARP-Request When the Switch is in ARP-Request learning mode, it updates the ARP table with both ARP replies, gratuitous ARP requests and ARP requests. GS3700/XGS3700 Series User’s Guide...
Page 326: Arp Setup
ARP Learning to open a screen where you can set the ARP learning mode for each port. Click the link next to Static ARP to open a screen where you can create static ARP entries on the Switch. Figure 216 IP Application > ARP Setup GS3700/XGS3700 Series User’s Guide...
Page 327: Arp Learning
Select Gratuitous-ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request. Select ARP-Request to have the Switch update the ARP table with both ARP replies, gratuitous ARP requests and ARP requests. GS3700/XGS3700 Series User’s Guide...
Page 328: Static Arp
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. Clear Click Clear to set the above fields back to the factory defaults. GS3700/XGS3700 Series User’s Guide...
Page 329 This field displays the VLAN to which the device belongs. Port This field displays the port to which the device connects. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS3700/XGS3700 Series User’s Guide...
Page 330 Chapter 40 ARP Setup GS3700/XGS3700 Series User’s Guide...
Page 331: Maintenance
Click Config 2 to reboot the system and load Configuration 2 on the Switch. Note: Make sure to click the Save button in any screen to save your settings to the current configuration on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 332: Load Factory Default
Reboot System allows you to restart the Switch without physically turning the power off. It also allows you to load configuration one (Config 1) or configuration two (Config 2) when you reboot. Follow the steps below to reboot the Switch. GS3700/XGS3700 Series User’s Guide...
Page 333: Firmware Upgrade
Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. After the firmware upgrade process is complete, see the System Info screen to verify your current firmware version number. GS3700/XGS3700 Series User’s Guide...
Page 334: Restore A Configuration File
Choose a location to save the file on your computer from the Save in drop-down list box and type a descriptive name for it in the File name list box. Click Save to save the configuration file to your computer. GS3700/XGS3700 Series User’s Guide...
Page 335: Ftp Command Line
If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the Switch only recognizes “config”, “ras-0”, and “ras-1”. Be sure you keep unaltered copies of both files for later use. GS3700/XGS3700 Series User’s Guide...
Page 336: Ftp Command Line Procedure
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. GS3700/XGS3700 Series User’s Guide...
Page 337: Access Control
TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the Switch through the network via SNMP version 1 (SNMPv1), SNMP version 2c or GS3700/XGS3700 Series User’s Guide...
Page 338: Snmp V3 And Security
Security can be further enhanced by encrypting the SNMP messages sent from the managers. Encryption protects the contents of the SNMP messages. When the contents of the SNMP messages are encrypted, only the intended recipients can read them. GS3700/XGS3700 Series User’s Guide...
Page 339: Supported Mibs
1.3.6.1.4.1.890.1.15.3.26.2.2 This trap is sent when the temperature OfRange goes above or below the normal operating range. voltage zyHwMonitorPowerSupplyVolt 1.3.6.1.4.1.890.1.15.3.26.2.3 This trap is sent when the voltage goes ageOutOfRange above or below the normal operating range. GS3700/XGS3700 Series User’s Guide...
Page 340 The trap is sent when entries in the remote database have any updates. Link Layer Discovery Protocol (LLDP), defined as IEEE 802.1ab, enables LAN devices that support LLDP to exchange their configured settings. This helps eliminate configuration mismatch issues. GS3700/XGS3700 Series User’s Guide...
Page 341 1.3.6.1.4.1.890.1.15.3.71.2.2 This trap is sent when there is no rNotReachable response message from the RADIUS accounting server. zyTacacsServerAccountingServe 1.3.6.1.4.1.890.1.15.3.83.2.2 This trap is sent when there is no rUnreachable response message from the TACACS+ accounting server. GS3700/XGS3700 Series User’s Guide...
Page 342 This trap is sent when a variable goes over the RMON "rising" threshold. RmonFallingAlarm 1.3.6.1.2.1.16.0.2 This trap is sent when the variable falls below the RMON "falling" threshold. dot1agCfmFaultAlarm 1.3.111.2.802.1.1.8.0.1 The trap is sent when the Switch detects a connectivity fault. GS3700/XGS3700 Series User’s Guide...
Page 343: Configuring Snmp
Specify the version of the SNMP trap messages. Enter the IP addresses of up to four managers to send your SNMP traps to. Port Enter the port number upon which the manager listens for SNMP traps. GS3700/XGS3700 Series User’s Guide...
Page 344: Configuring Snmp Trap Group
Clear the check boxes for individual traps that you do not want the Switch to send to the SNMP station. Clearing a category’s check box automatically clears all of the category’s trap check boxes (the Switch only sends traps from selected categories). GS3700/XGS3700 Series User’s Guide...
Page 345: Enabling/Disabling Sending Of Snmp Traps On A Port
Use this row only if you want to make some of the settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS3700/XGS3700 Series User’s Guide...
Page 346: Configuring Snmp User
User Information Note: Use the username and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager. Username Specify the username of a login account on the Switch. GS3700/XGS3700 Series User’s Guide...
Page 347 This field displays the encryption method used for SNMP communication with this user. Group This field displays the SNMP group to which this user belongs. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 348: Setting Up Login Accounts
You may configure passwords for up to four users. These users have read-only access. You can give users higher privileges via the CLI. For more information on assigning privileges see the Ethernet Switch CLI Reference Guide. User Name Set a user name (up to 32 ASCII characters long). GS3700/XGS3700 Series User’s Guide...
Page 349: Ssh Overview
Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 232 SSH Communication Example GS3700/XGS3700 Series User’s Guide...
Page 350: How Ssh Works
After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. GS3700/XGS3700 Series User’s Guide...
Page 351: Ssh Implementation On The Switch
HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch’s WS (web server). HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s WS (web server). Figure 234 HTTPS Implementation GS3700/XGS3700 Series User’s Guide...
Page 352: Https Example
You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked. Figure 235 Security Alert Dialog Box (Internet Explorer 6) GS3700/XGS3700 Series User’s Guide...
Page 353 After you log in, you will see the red address bar with the message Certificate Error. Click on Certificate Error next to the address bar and click View certificates. Figure 237 Certificate Error (Internet Explorer 7 or 8) EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 354 Chapter 42 Access Control Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser. Figure 238 Certificate (Internet Explorer 7 or 8) GS3700/XGS3700 Series User’s Guide...
Page 355: Mozilla Firefox Warning Messages
When you attempt to access the Switch HTTPS server, a This Connection is Unstructed screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button. Figure 239 Security Alert (Mozilla Firefox) GS3700/XGS3700 Series User’s Guide...
Page 356: The Main Screen
42.9.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar (in 6 or Internet Explorer GS3700/XGS3700 Series User’s Guide...
Page 357: Service Access Control
42.10 Service Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in GS3700/XGS3700 Series User’s Guide...
Page 358: Remote Management
Cancel Click Cancel to begin configuring this screen afresh. 42.11 Remote Management From the Access Control screen, display the Remote Management screen as shown next. GS3700/XGS3700 Series User’s Guide...
Page 359 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 360: Diagnostic
Table 184 Management > Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi-line text box. Click Clear to empty the text box and reset the syslog entry. IP Ping GS3700/XGS3700 Series User’s Guide...
Page 361 Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test. GS3700/XGS3700 Series User’s Guide...
Page 362: Syslog
Error: There is an error condition on the system. Warning: There is a warning condition on the system. Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. GS3700/XGS3700 Series User’s Guide...
Page 363: Syslog Setup
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 364: Syslog Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 365: Cluster Management
Cluster member models must be compatible with ZyXEL cluster management implementation. Cluster Manager The cluster manager is the Switch through which you manage the cluster member switches. Cluster Members Cluster members are the switches being managed by the cluster manager switch. GS3700/XGS3700 Series User’s Guide...
Page 366: Cluster Management Status
Figure 247 Clustering Application Example 45.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 248 Management > Cluster Management GS3700/XGS3700 Series User’s Guide...
Page 367: Cluster Member Switch Management
45.2.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web GS3700/XGS3700 Series User’s Guide...
Page 368: Uploading Firmware To A Cluster Member Switch
297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 410AAGB0.bin ras-00-a0-c5-01-23-46 200 Port command okay 150 Opening data connection for STOR ras-00-a0-c5-01-23-46 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> GS3700/XGS3700 Series User’s Guide...
Page 369: Clustering Management Configuration
45.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen to display the next screen. Figure 251 Management > Clustering Management > Configuration EXAMPLE GS3700/XGS3700 Series User’s Guide...
Page 370 This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 371: Mac Table
• If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 252 MAC Table Flowchart GS3700/XGS3700 Series User’s Guide...
Page 372: Viewing The Mac Table
Click this to search data in the MAC table according to your input criteria. Transfer Click this to perform the MAC address transferring you selected in the Transfer Type field. Cancel Click this to begin configuring the search criteria afresh. GS3700/XGS3700 Series User’s Guide...
Page 373 Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). GS3700/XGS3700 Series User’s Guide...
Page 374: Ip Table
• If the Switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it filters the packet. Figure 254 IP Table Flowchart GS3700/XGS3700 Series User’s Guide...
Page 375: Viewing The Ip Table
This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the Switch. Type This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). GS3700/XGS3700 Series User’s Guide...
Page 376: Arp Table
MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. GS3700/XGS3700 Series User’s Guide...
Page 377: The Arp Table Screen
This shows 0 for a static entry. Type This shows whether the IP address is dynamic (learned by the Switch) or static (manually configured in the Basic Setting > IP Setup or IP Application > ARP Setup > Static ARP screen). GS3700/XGS3700 Series User’s Guide...
Page 378: Routing Table
This field displays the IP address of the Interface. Metric This field displays the cost of the route. Type This field displays the method used to learn the route. STATIC - added as a static entry. GS3700/XGS3700 Series User’s Guide...
Page 379: Path Mtu Table
This field displays the maximum transmission unit of the links in the path. Expire This field displays how long (in minutes) an entry can still remain in the Path MTU table before it ages out and needs to be relearned. GS3700/XGS3700 Series User’s Guide...
Page 380: Configure Clone
Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 259 Management > Configure Clone GS3700/XGS3700 Series User’s Guide...
Page 381 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS3700/XGS3700 Series User’s Guide...
Page 382: Neighbor Table
This field displays the IPv6 address of the Switch or a neighboring device. Address This field displays the MAC address of the IPv6 interface on which the IPv6 address is configure or the MAC address of the neighboring device. GS3700/XGS3700 Series User’s Guide...
Page 383 • dynamic (D): The IP address to MAC address can be successfully resolved using IPv6 Neighbor Discovery protocol. Is it similar as IPv4 ARP (Address Resolution protocol). • static (S): The interface address is statically configured. GS3700/XGS3700 Series User’s Guide...
Page 384 Chapter 52 Neighbor Table GS3700/XGS3700 Series User’s Guide...
Page 385: Troubleshooting
Turn the Switch off and on (in DC models or if the DC power supply is connected in AC/DC models). Disconnect and re-connect the power adaptor or cord to the Switch (in AC models or if the AC power supply is connected in AC/DC models). If the problem continues, contact the vendor. GS3700/XGS3700 Series User’s Guide...
Page 386: Switch Access And Login
If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default in-band IP address is 192.168.1.1. GS3700/XGS3700 Series User’s Guide...
Page 387 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). GS3700/XGS3700 Series User’s Guide...
Page 388: Switch Configuration
Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 41.3 on page 332 for more information about how to save your configuration. GS3700/XGS3700 Series User’s Guide...
Page 389: Appendix A Common Services
File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/server protocol for the world wide web. GS3700/XGS3700 Series User’s Guide...
Page 390 Simple Mail Transfer Protocol is the message- exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). GS3700/XGS3700 Series User’s Guide...
Page 391 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. GS3700/XGS3700 Series User’s Guide...
Page 392 Appendix A Common Services GS3700/XGS3700 Series User’s Guide...
Page 393: Appendix B Ipv6
A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Table 200 Link-local Unicast Address Format 1111 1110 10 Interface ID 10 bits 54 bits 64 bits GS3700/XGS3700 Series User’s Guide...
Page 394: Loopback Address
The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 202 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 GS3700/XGS3700 Series User’s Guide...
Page 395 (beginning with fe80). When the interface is connected to a network with a router and the Switch is set to automatically obtain an IPv6 network prefix from the router for the interface, it generates another address which GS3700/XGS3700 Series User’s Guide...
Page 396 The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID option to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string, In IPv6, all network interfaces can be associated with several addresses. GS3700/XGS3700 Series User’s Guide...
Page 397 When the Switch needs to send a packet, it first consults the destination cache to determine the next hop. If there is no matching entry in the destination cache, the Switch uses the prefix list to GS3700/XGS3700 Series User’s Guide...
Page 398 Done message to the router or switch. The router or switch then sends a group-specific query to the port on which the Done message is received to determine if other devices connected to this port should remain in the group. GS3700/XGS3700 Series User’s Guide...
Page 399 Install Dibbler and select the DHCPv6 client option on your computer. After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client Install as service. Select Start > Control Panel > Administrative Tools > Services. GS3700/XGS3700 Series User’s Guide...
Page 400 To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. Click OK to save the change. GS3700/XGS3700 Series User’s Guide...
Page 401 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 GS3700/XGS3700 Series User’s Guide...
Page 402 Appendix B IPv6 GS3700/XGS3700 Series User’s Guide...
Page 403: Appendix C Legal Information
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 404 Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. GS3700/XGS3700 Series User’s Guide...
Page 405 Naam/titel: Raymond Huang / Quality & Customer Namn/Titel: Raymond Huang / Quality & Customer Service Division / Assistant VP. Service Division / Assistant VP. Service Division / Assistant VP. Data (aaaa/mm/gg): 2013/02/01 Datum(jjjj/mm/dd): 2013/02/01 Datum (åååå/mm/dd): 2013/02/01 GS3700/XGS3700 Series User’s Guide...
Page 406 Appendix C Legal Information GS3700/XGS3700 Series User’s Guide...
Page 407: Index
163, 166 viewing syslog messages trusted ports cloning a port See port cloning authentication cluster management and RADIUS and switch passwords setup cluster manager 365, 370 cluster member authorization 365, 370 cluster member firmware upgrade privilege levels GS3700/XGS3700 Series User’s Guide...
Page 408 IP pool error disable recovery configuration options configuration modes overview relay agent relay example Ethernet broadcast address 324, 376 server Ethernet port test setup Ethernet ports DHCP (Dynamic Host Configuration Protocol) default settings GS3700/XGS3700 Series User’s Guide...
Page 409 Installing the Fan Module getting help Internet Protocol version 6, see IPv6 GMT (Greenwich Mean Time) introduction Green Ethernet GVRP 88, 94 interface 62, 314 and port assignment routing domain GVRP (GARP VLAN Registration Protocol) GS3700/XGS3700 Series User’s Guide...
Page 410 MAC authentication aging time tunnel port MAC filter UDLD and ARP inspection MAC freeze LACP 144, 255 MAC table system priority how it works timeout viewing Layer 2 protocol tunneling, see L2PT maintanence LEDs configuration backup GS3700/XGS3700 Series User’s Guide...
Page 411 MST Instance, See MSTI NTP (RFC-1305) MST region MSTI MST ID MSTI (Multiple Spanning Tree Instance) MSTP 112, 114 bridge ID other documentation 128, 129 configuration 124, 127 configuration digest forwarding delay Hello Time hello time PAGP Max Age GS3700/XGS3700 Series User’s Guide...
Page 412 138, 141 ingress 138, 141 and classifier port redundancy queue weight port security queuing address learning limit MAC address learning MAC address learning overview queuing method 174, 176 setup 160, 246, 254 port setup port status GS3700/XGS3700 Series User’s Guide...
Page 413 MAC address static MAC forwarding 96, 98, 105 save configuration 45, 332 static multicast address Secure Shell See SSH static multicast forwarding service access control static route service port overview sFlow static routes GS3700/XGS3700 Series User’s Guide...
Page 414 Two Rate Three Color Marker, see TRTCM syslog 225, 362 Type of Service (ToS) protocol server setup settings setup severity levels system information UDLD system log UniDirectional Link Detection, see UDLD system reboot untrusted ports ARP inspection GS3700/XGS3700 Series User’s Guide...
Page 415 VLAN (Virtual Local Area Network) warranty VLAN mapping note activating web configurator 24, 39 configuration getting help example layout priority level login tagged logout traffic flow navigation panel untagged weight, queuing VLAN ID Weighted Round Robin Scheduling (WRR) VLAN number GS3700/XGS3700 Series User’s Guide...
Page 416 Index WFQ (Weighted Fair Queuing) WRR (Weighted Round Robin Scheduling ZyNOS (ZyXEL Network Operating System) GS3700/XGS3700 Series User’s Guide...

This manual is also suitable for:

Gs3700 series

ZyXEL Communications XGS3700 Series User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Overview

Chapter 4 The Web Configurator

Technical Reference

Part II: Technical Reference

Chapter 5 System Status and Port Statistics

Chapter 6 Basic Setting

Chapter 7 VLAN

Chapter 8 Static MAC Forward Setup

Chapter 9 Static Multicast Forward Setup

Chapter 10 Filtering

Chapter 11 Spanning Tree Protocol

Chapter 12 Bandwidth Control

Chapter 13 Broadcast Storm Control

Chapter 14 Mirroring

Chapter 15 Link Aggregation

Chapter 16 Port Authentication

Chapter 17 Port Security

Chapter 18 Classifier

Chapter 19 Policy Rule

Chapter 20 Queuing Method

Chapter 21 VLAN Stacking

Chapter 22 Multicast

Chapter 23 AAA

Chapter 24 IP Source Guard

Chapter 25 Loop Guard

Chapter 26 VLAN Mapping

Chapter 27 Layer 2 Protocol Tunneling

Chapter 28 Sflow

Chapter 29 Pppoe

Chapter 30 Error Disable

Chapter 31 MAC Pinning

Chapter 32 Private VLAN

Chapter 33 Green Ethernet

Chapter 34 Static Route

Quick Links

Related Manuals for ZyXEL Communications XGS3700 Series

Summary of Contents for ZyXEL Communications XGS3700 Series