Download Print this page

ZyXEL Communications MGS3700-12C User Manual

ZyXEL Communications MGS3700-12C User Manual

Metrogigabit switch

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

MGS3700-12C

MetroGigabit Switch

Default Login Details

IP Address

http://192.168.1.1

http://192.168.0.1

User Name

Password

Firmware Version 3.90

www.zyxel.com

Edition 15, 11/2012

www.zyxel.com

(Out-of-band

MGMT port)

admin

1234

Copyright © 2012

ZyXEL Communications Corporation

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the MGS3700-12C and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications MGS3700-12C

Page 1 MGS3700-12C MetroGigabit Switch Default Login Details IP Address http://192.168.1.1 http://192.168.0.1 (Out-of-band MGMT port) User Name admin Password 1234 Firmware Version 3.90 www.zyxel.com Edition 15, 11/2012 www.zyxel.com Copyright © 2012 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Refer to the included CD for support documents. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. MGS3700-12C User’s Guide...
Page 4 • Product model and serial number. • Warranty Information. • Date that you received your device. Brief description of the problem and the steps you took to solve it. MGS3700-12C User’s Guide...
Page 5: Document Conventions
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. MGS3700-12C User’s Guide...
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router MGS3700-12C User’s Guide...
Page 7: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. MGS3700-12C User’s Guide...
Page 8 Safety Warnings MGS3700-12C User’s Guide...
Page 9: Table Of Contents
Queuing Method ........................227 VLAN Stacking ......................... 231 Multicast ..........................239 AAA ............................255 IP Source Guard ........................269 Loop Guard ..........................295 VLAN Mapping ........................299 Layer 2 Protocol Tunneling ...................... 303 sFlow ............................307 Error Diable ..........................311 MGS3700-12C User’s Guide...
Page 10 Syslog ............................391 Cluster Management ....................... 395 MAC Table ..........................403 ARP Table ..........................407 Configure Clone ........................409 Troubleshooting & Product Specifications ............... 413 Troubleshooting ........................415 Product Specifications ......................419 Appendices and Index ......................429 MGS3700-12C User’s Guide...
Page 11: Table Of Contents
2.3.2 Attaching the Mounting Brackets to the Switch ............33 2.3.3 Mounting the Switch on a Rack .................. 34 Chapter 3 Hardware Overview......................... 35 3.1 Front Panel ......................... 35 3.1.1 Console Port ......................36 3.1.2 Gigabit Ethernet Ports ....................36 3.1.3 Mini-GBIC Slots ......................37 MGS3700-12C User’s Guide...
Page 12 6.4 How to Use Error Disable and Recovery on the Switch ............78 6.5 How to Set Up a Guest VLAN ..................... 80 6.5.1 Creating a Guest VLAN ....................81 6.5.2 Enabling IEEE 802.1x Port Authentication ..............83 6.5.3 Enabling Guest VLAN ....................84 MGS3700-12C User’s Guide...
Page 13 9.4 Select the VLAN Type ...................... 120 9.5 Static VLAN ........................120 9.5.1 Static VLAN Status ....................121 9.5.2 VLAN Details ......................122 9.5.3 Configure a Static VLAN ..................122 9.5.4 Configure VLAN Port Settings ................125 MGS3700-12C User’s Guide...
Page 14 13.7 Multiple Rapid Spanning Tree Protocol Status ............161 13.8 Configure Multiple Spanning Tree Protocol ..............163 13.9 Multiple Spanning Tree Protocol Status ..............166 Chapter 14 Bandwidth Control........................ 169 14.1 Bandwidth Control Overview ..................169 14.1.1 CIR and PIR ......................169 MGS3700-12C User’s Guide...
Page 15 18.2.2 Guest VLAN ......................199 18.2.3 Activate MAC Authentication ................. 202 ..............................203 Chapter 19 Port Security.......................... 205 19.1 About Port Security ......................205 19.2 Port Security Setup ......................206 19.3 VLAN MAC Address Limit ....................208 MGS3700-12C User’s Guide...
Page 16 Chapter 24 Multicast ..........................239 24.1 Multicast Overview ......................239 24.1.1 IP Multicast Addresses ................... 239 24.1.2 IGMP Filtering ......................239 24.1.3 IGMP Snooping ..................... 240 24.1.4 IGMP Snooping and VLANs ................... 240 24.2 Multicast Status ......................240 MGS3700-12C User’s Guide...
Page 17 26.6 ARP Inspection Status ..................... 285 26.6.1 ARP Inspection VLAN Status ................. 286 26.6.2 ARP Inspection Log Status ..................287 26.7 ARP Inspection Configure ....................288 26.7.1 ARP Inspection Port Configure ................290 26.7.2 ARP Inspection VLAN Configure ................292 MGS3700-12C User’s Guide...
Page 18 32.2 PPPoE Intermediate Agent Tag Format ................317 32.2.1 Sub-Option Format ....................318 32.2.2 Port State ....................... 319 32.3 PPPoE ..........................320 32.4 PPPoE Intermediate Agent ....................320 32.5 PPPoE IA Per-Port ......................321 32.5.1 PPPoE IA Per-Port Per-VLAN ................324 MGS3700-12C User’s Guide...
Page 19 37.1 DHCP Overview ......................349 37.1.1 DHCP Modes ......................349 37.1.2 DHCP Configuration Options ................. 349 37.2 DHCP Status ........................350 37.3 DHCP Relay ........................350 37.3.1 DHCP Relay Agent Information ................350 37.3.2 Configuring DHCP Global Relay ................351 MGS3700-12C User’s Guide...
Page 20 39.6.1 Requirements for Using SSH ................. 381 39.7 Introduction to HTTPS ..................... 381 39.8 HTTPS Example ......................382 39.8.1 Internet Explorer Warning Messages ..............382 39.8.2 Netscape Navigator Warning Messages ..............383 39.8.3 The Main Screen ....................385 MGS3700-12C User’s Guide...
Page 21 Chapter 45 Configure Clone ........................409 45.1 Configure Clone ......................409 Part VI: Troubleshooting & Product Specifications......413 Chapter 46 Troubleshooting........................415 46.1 Power, Hardware Connections, and LEDs ..............415 46.2 Switch Access and Login ....................416 MGS3700-12C User’s Guide...
Page 22 46.3 Switch Configuration ......................418 Chapter 47 Product Specifications ......................419 47.1 Fan Module Removal and Installation ................427 Part VII: Appendices and Index ............429 Appendix A Common Services..................... 431 Appendix B Legal Information ....................435 Index............................439 MGS3700-12C User’s Guide...
Page 23: Introduction And Hardware
Introduction and Hardware Getting to Know Your Switch (25) Hardware Installation and Connection (31) Hardware Overview (35) Tutorials (63)v3.91(AAFX.0)
Page 25: Getting To Know Your Switch
This chapter introduces the main features and applications of the Switch. 1.1 Introduction The MGS3700-12C is a layer 2 stand-alone Gigabit Ethernet (GbE) switch. The Switch has 12 GbE dual personality interfaces with each interface comprising one mini-GBIC slot and one 100/1000 Mbps RJ-45 port, with either port or slot active at a time.
Page 26: Bridging Example
Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 2 Bridging Application MGS3700-12C User’s Guide...
Page 27: High Performance Switching Example
Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re- cabling. MGS3700-12C User’s Guide...
Page 28: Ipv6 Support
• DHCPv6 client and relay • Multicast Listener Discovery (MLD) snooping and proxy For more information on IPv6, refer to the CLI Reference Guide. 1.3 Ways to Manage the Switch Use any of the following methods to manage the Switch. MGS3700-12C User’s Guide...
Page 29: Good Habits For Managing The Switch
If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. MGS3700-12C User’s Guide...
Page 30 Chapter 1 Getting to Know Your Switch MGS3700-12C User’s Guide...
Page 31: Hardware Installation And Connection
Switch and the connected cables. Make sure there is a power outlet nearby. Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord. Remove the adhesive backing from the rubber feet. MGS3700-12C User’s Guide...
Page 32: Mounting The Switch On A Rack
• Make sure the rack will safely support the combined weight of all the equipment it contains. • Make sure the position of the Switch does not make the rack unstable or top- heavy. Take all necessary precautions to anchor the rack securely before installing the unit. MGS3700-12C User’s Guide...
Page 33: Attaching The Mounting Brackets To The Switch
Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. Repeat steps to install the second mounting bracket on the other side of the Switch. You may now mount the Switch on a rack. Proceed to the next section. MGS3700-12C User’s Guide...
Page 34: Mounting The Switch On A Rack
Figure 7 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. Repeat steps to attach the second mounting bracket on the other side of the rack. MGS3700-12C User’s Guide...
Page 35: Hardware Overview
Connect these ports to high-bandwidth backbone network Ethernet switches using 1000BASE-T compatible Category 5/5e/6 copper cables. • 12 Mini-GBIC Slots: Use mini-GBIC transceivers in these slots for connections to backbone Ethernet switches. Console Port The console port is for local configuration of the Switch. MGS3700-12C User’s Guide...
Page 36: Console Port
GBIC and 1000Base-T Ethernet pair. The mini-GBIC slots have priority over the Gigabit ports. This means that if a mini-GBIC slot and the corresponding GbE port are connected at the same time, the GbE port will be disabled. MGS3700-12C User’s Guide...
Page 37: Mini-Gbic Slots
Ethernet switches with different types of fiber-optic or even copper cable connectors. To avoid possible eye injury, do not look into an operating fiber- optic module’s connectors. • Type: SFP connection interface • Connection speed: 1 Gigabit per second (Gbps) MGS3700-12C User’s Guide...
Page 38: Transceiver Installation
Figure 9 Transceiver Installation Example Figure 10 Connecting the Fiber Optic Cables 3.1.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). Remove the fiber optic cables from the transceiver. Open the transceiver’s latch (latch styles vary). MGS3700-12C User’s Guide...
Page 39: Management Port
Chapter 47 on page 419, and make sure you are using an appropriate power source. Keep the power supply switch and the Switch’s power switch in the OFF position until you come to the procedure for turning on the power. MGS3700-12C User’s Guide...
Page 40: Ac Power Connection
Connect one end of a power wire to the Switch’s -48V (input) pin and tighten the captive screw. Connect the other end of the power wire to the negative terminal on the power supply. Insert the terminal block plug in the Switch’s terminal block header. MGS3700-12C User’s Guide...
Page 41: Signal Slot
Insert the wire and release the spring clip. Repeat the process for the sensor’s other signal output wire. A total of four sensors may be connected to the Signal connector in this way using the remaining signal input pins. MGS3700-12C User’s Guide...
Page 42 Use wires of the correct gauge to connect either of the signal output pin pairs (1- normal close, 2-common) or (2-common, 3-normal open) on the Signal connector to the input signal pin pairs of an Signal connector on another ZyXEL Switch. MGS3700-12C User’s Guide...
Page 43: Rear Panel
Table 2 LED Descriptions COLOR STATU DESCRIPTION Green The backup power supply is connected and active. Blinking The system is receiving power from the backup power supply. The backup power supply is not ready or not active. MGS3700-12C User’s Guide...
Page 44: Configuring The Switch
3.4 Configuring the Switch You may use the embedded web configurator or command line interface to configure the Switch. If you’re using the web configurator, you need Internet Explorer 5.5 and later or Netscape Navigator 6 and later. MGS3700-12C User’s Guide...
Page 45 You can access the command line interface using a terminal emulation program on a computer connected to the Switch console port (see Section 3.1.1 on page or access the Switch using Telnet. The next part of this guide discusses configuring the Switch using the web configurator. MGS3700-12C User’s Guide...
Page 46 Chapter 3 Hardware Overview MGS3700-12C User’s Guide...
Page 47: The Web Configurator
Start your web browser. Type “http://” and the IP address of the Switch (the default management IP address is 192.168.1.1 through an in-band (non-MGMT) port and 192.168.0.1 through the MGMT port) in the Location or Address field. Press [ENTER]. MGS3700-12C User’s Guide...
Page 48: The Web Configurator Layout
The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 18 The Web Configurator Layout B C D E MGS3700-12C User’s Guide...
Page 49 F - This is the main window to view and/or configure settings. In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION MGS3700-12C User’s Guide...
Page 50 This link takes you to a screen where you can configure the Switch to group packets based on the specified criteria. Policy Rule This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets. MGS3700-12C User’s Guide...
Page 51 This link takes you to screens where you can perform firmware and configuration file maintenance as well as reboot the system. Access Control This link takes you to screens where you can change the system login password and configure SNMP and remote management. MGS3700-12C User’s Guide...
Page 52: Change Your Password
4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS3700-12C User’s Guide...
Page 53: Switch Lockout
Switch back to the factory defaults. 4.6.1 Reload the Configuration File Uploading the factory-default configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all MGS3700-12C User’s Guide...
Page 54 Press any key to enter debug mode within 3 seconds......Enter Debug Mode ras> atlc Starting XMODEM upload (CRC mode)..CCCCCCCCCCCCCCCC Total 393216 bytes received. Erasing..............ras> atgo The Switch is now reinitialized with a default configuration file including the default password of “1234”. MGS3700-12C User’s Guide...
Page 55: Logging Out Of The Web Configurator
Figure 21 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. MGS3700-12C User’s Guide...
Page 56 Chapter 4 The Web Configurator MGS3700-12C User’s Guide...
Page 57: Initial Setup Example
You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 22 Initial Setup Network Example: VLAN MGS3700-12C User’s Guide...
Page 58: Setting Port Vid
Switch’s power is turned off. 5.1.2 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. MGS3700-12C User’s Guide...
Page 59 Setting link. Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run- time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS3700-12C User’s Guide...
Page 60: Configuring Switch Management Ip Address
Switch. Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator. See Section 4.2 on page 47 for more information. MGS3700-12C User’s Guide...
Page 61 VLAN ID you configure in the Static VLAN screen. Click Add to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS3700-12C User’s Guide...
Page 62 Chapter 5 Initial Setup Example MGS3700-12C User’s Guide...
Page 63: Tutorials
VLAN network (V). Create a VLAN containing ports 5, 6 and 7. Connect a computer M to the Switch’s MGMT port. Figure 25 Tutorial: DHCP Snooping Tutorial Overview Note: For related information about DHCP snooping, see Section 26.1 on page 269. MGS3700-12C User’s Guide...
Page 64 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add. Figure 26 Tutorial: Create a VLAN and Add Ports to It MGS3700-12C User’s Guide...
Page 65 Figure 27 Tutorial: Tag Untagged Frames Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 28 Tutorial: Specify DHCP VLAN MGS3700-12C User’s Guide...
Page 66 If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry. See Section 26.1.1.3 on page 271. Figure 30 Tutorial: Enable DHCP Snooping on this VLAN MGS3700-12C User’s Guide...
Page 67: How To Use Dhcp Relay On The Switch
DHCP requests. 6.2.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) to DHCP client A based on MGS3700-12C User’s Guide...
Page 68: Creating A Vlan
Figure 32 Tutorial: DHCP Relay Scenario DHCP Server Port 2 192.168.2.3 PVID=102 VLAN 102 172.16.1.18 6.2.2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102. Access the web configurator through the Switch’s management port. MGS3700-12C User’s Guide...
Page 69 Name field and enter 102 in the VLAN Group ID field. Select Fixed to configure port 2 to be a permanent member of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. MGS3700-12C User’s Guide...
Page 70 Figure 35 Tutorial: Click the VLAN Port Setting Link Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. MGS3700-12C User’s Guide...
Page 71: Configuring Dhcp Relay
Click IP Application > DHCP and then the Global link to open the DHCP Relay screen. Select the Active check box. Enter the DHCP server’s IP address (192.168.2.3 in this example) in the Remote DHCP Server 1 field. Select the Option 82 and the Information check boxes. MGS3700-12C User’s Guide...
Page 72: Troubleshooting
C’s information to a PPPoE server S. There is another switch B between switch A and server S. Switch B is connected to switch A. In this way, the PPPoE server S can identify the subscriber C and may apply different settings to it. MGS3700-12C User’s Guide...
Page 73: Configuring Switch A
Port 12 (to B) Trusted Port 11 (to A) Trusted Port 12 (to S) Trusted 6.3.1 Configuring Switch A Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. MGS3700-12C User’s Guide...
Page 74 Select Trusted for port 12 and then leave the other fields empty. Click Apply. Then Click Intermediate Agent on the top of the screen. The Intermediate Agent screen appears. Click VLAN on the top of the screen. MGS3700-12C User’s Guide...
Page 75: Configuring Switch B
Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server. Click Apply. 6.3.2 Configuring Switch B The example uses another MGS-3712D as switch B. MGS3700-12C User’s Guide...
Page 76 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. Select Trusted for ports 11 and 12 and then click Apply. Then Click Intermediate Agent on the top of the screen. MGS3700-12C User’s Guide...
Page 77 The settings are completed now. If you miss some settings above, subscriber C could not successfully receive an IP address assigned by the PPPoE Server. If this happens, make sure you follow the steps exactly in this tutorial. MGS3700-12C User’s Guide...
Page 78: How To Use Error Disable And Recovery On The Switch
First, click Advanced Application > Loop Guard. Select the Active option in the first section to enable loop guard on the Switch. Then select the Active option of the first entry (port *) to enable loop guard for all ports. Click Apply. MGS3700-12C User’s Guide...
Page 79 100 as the rate limit (packets per second) for the first entry (port *) to apply the setting to all ports. Then click Apply. Click Advanced Application > Errdisable > Errdisable Detect, select Active for cause ARP and inactive-port as the mode. Then click Apply. MGS3700-12C User’s Guide...
Page 80: How To Set Up A Guest Vlan
Internet through the default gateway attached to port 10, but are not allowed to access other network resources, such as the mail server or local data base. VLAN 1 Internet Guest VLAN 200 Ports 1, 2, 3 and 10 MGS3700-12C User’s Guide...
Page 81: Creating A Guest Vlan
Select Fixed to configure ports 1, 2, 3 and 10 to be permanent members of this VLAN. Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. MGS3700-12C User’s Guide...
Page 82 Enter 200 in the PVID field for ports 1, 2, 3 and 10 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. MGS3700-12C User’s Guide...
Page 83: Enabling Ieee 802.1X Port Authentication
6.5.2 Enabling IEEE 802.1x Port Authentication Follow the steps below to enable port authentication to validate access to ports 1~8 to clients based on a RADIUS server. Click Advanced Application > Port Authentication and then the Click Here link for 802.1x. MGS3700-12C User’s Guide...
Page 84: Enabling Guest Vlan
Select the first Active checkbox to enable 802.1x authentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply. 6.5.3 Enabling Guest VLAN Click the Guest Vlan link in the 802.1x screen. MGS3700-12C User’s Guide...
Page 85: How To Do Port Isolation In A Vlan
6.6 How to Do Port Isolation in a VLAN You want to prevent communications between specific ports in a VLAN but still allow them to access the Internet or network resources in the same VLAN. You use MGS3700-12C User’s Guide...
Page 86: Creating A Vlan
Access the web configurator through the Switch’s management port. Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. Click Advanced Application > VLAN > Static VLAN. MGS3700-12C User’s Guide...
Page 87 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. MGS3700-12C User’s Guide...
Page 88 VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently. MGS3700-12C User’s Guide...
Page 89: Creating A Private Vlan Rule
Click the Save link in the upper right corner of the web configurator to save your configuration permanently. From port 2, 3, or 4, you should be able to access the device that attachs to port 5, such as a server or default gateway. MGS3700-12C User’s Guide...
Page 90 Chapter 6 Tutorials MGS3700-12C User’s Guide...
Page 91: Basic Configuration
Basic Configuration System Status and Port Statistics (93) Basic Setting (99)
Page 93: System Status And Port Statistics
Statistics This chapter describes the system status (web configurator home page) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. MGS3700-12C User’s Guide...
Page 94: Port Status Summary
This field shows the number of received errors on this port. Tx KB/s This field shows the number of kilobytes per second transmitted on this port. Rx KB/s This field shows the number of kilobytes per second received on this port. MGS3700-12C User’s Guide...
Page 95 This field shows the total amount of time in hours, minutes and seconds the port has been up. Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical information for that port, or select Any to clear statistics for all ports. MGS3700-12C User’s Guide...
Page 96: Status: Port Details
Switch. Figure 40 Status > Port Details The following table describes the labels in this screen. Table 8 Status: Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. MGS3700-12C User’s Guide...
Page 97 This field shows the number of good packets (unicast, multicast and Packet broadcast) received. Multicast This field shows the number of good multicast packets received. Broadcas This field shows the number of good broadcast packets received. Pause This field shows the number of 802.3x Pause packets received. MGS3700-12C User’s Guide...
Page 98 This field shows the number of packets (including bad packets) received that were between 1519 octets in length and the maximum frame size. The maximum frame size varies depending on your switch model. See Chapter 47 on page 419. MGS3700-12C User’s Guide...
Page 99: Basic Setting
DNS (domain name server) for management purposes. The Port Setup screen allows you to configure settings for each port, such as port activation, speed and duplex, flow control, 802.1p priority and BPDU (Bridge Protocol Data Units) control. MGS3700-12C User’s Guide...
Page 100: System Information
Your Switch supports AC Prefer which has the Switch use AC power when Source Mode both AC power and DC power are available. Once AC power is not available, the Switch automatically uses DC power and changes back when the AC power is restored. MGS3700-12C User’s Guide...
Page 101 This is the current voltage reading. This field displays the maximum voltage measured at this point. This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. MGS3700-12C User’s Guide...
Page 102: General Setup
Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. Contact Enter the name of the person in charge of this Switch. You can use up to Person's Name 32 printable ASCII characters; spaces are allowed. MGS3700-12C User’s Guide...
Page 103 European Union you would select Last, Sunday, March and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). MGS3700-12C User’s Guide...
Page 104: Introduction To Vlans
With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. Chapter 9 on page 117 for information on port-based and 802.1Q tagged VLANs. MGS3700-12C User’s Guide...
Page 105: Smart Isolation
Designated port: 8 You should enable RSTP or MRSTP before you can use smart isolation on the Switch. If the network topology changes, the Switch automatically updates the isolated port list with the latest designated port information. MGS3700-12C User’s Guide...
Page 106: Switch Setup Screen
Chapter 9 on page 117 for more information. Bridge Control Select Active to allow the Switch to handle bridging control protocols Protocol (STP for example). You also need to define how to treat a BPDU in the Transparency Port Setup screen. MGS3700-12C User’s Guide...
Page 107 Typically used for network control traffic such as router configuration messages. Level 6 Typically used for voice traffic that is especially sensitive to jitter (jitter is the variations in delay). Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter. MGS3700-12C User’s Guide...
Page 108: Ip Setup
IP address. The factory default subnet mask is 255.255.255.0. You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). MGS3700-12C User’s Guide...
Page 109 DNS (Domain Name System) is for mapping a domain name to its Server corresponding IP address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address. MGS3700-12C User’s Guide...
Page 110 The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring the fields again. MGS3700-12C User’s Guide...
Page 111 This field displays the IP address of the default gateway. Delete Check the management IP addresses that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the selected checkboxes in the Delete column. MGS3700-12C User’s Guide...
Page 112: Port Setup
Enter a descriptive name that identifies this port. You can enter up to 64 alpha-numerical characters. Note: Due to space limitation, the port name may be truncated in some web configurator screens. Type This field displays 10/100/1000M for Gigabit connections. MGS3700-12C User’s Guide...
Page 113 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 114 Chapter 8 Basic Setting MGS3700-12C User’s Guide...
Page 115: Advanced
Advanced VLAN (117) Loop Guard (295) Static MAC Forward Setup (137) VLAN Mapping (299) Static Multicast Forward Setup (141) Layer 2 Protocol Tunneling (303) Filtering (145) sFlow (307) Spanning Tree Protocol (147) Error Diable (311) Bandwidth Control (169) PPPoE (317) Broadcast Storm Control (173) Private VLAN (327) Mirroring (175)
Page 117: Vlan
VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094. TPID User Priority VLAN ID 2 Bytes 3 Bits 1 Bit 12 bits MGS3700-12C User’s Guide...
Page 118: Forwarding Tagged And Untagged Frames
9.2.2 GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch. MGS3700-12C User’s Guide...
Page 119: Port Vlan Trunking
VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with MGS3700-12C User’s Guide...
Page 120: Select The Vlan Type
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. MGS3700-12C User’s Guide...
Page 121: Static Vlan Status
GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR). Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. MGS3700-12C User’s Guide...
Page 122: Vlan Details
Multicast VLAN Registration (MVR). 9.5.3 Configure a Static VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. Section 9.1 on page 117 for more information on static VLAN. To configure a MGS3700-12C User’s Guide...
Page 123 This name consists of up to 64 printable characters. VLAN Group Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Address Enable/ Disable MAC learning per VLAN. learning Port The port number identifies the port you are configuring. MGS3700-12C User’s Guide...
Page 124 This field indicates whether the VLAN settings are enabled (Yes) or disabled (No). Name This field displays the descriptive name for this VLAN group. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 125: Configure Vlan Port Settings
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MGS3700-12C User’s Guide...
Page 126: Subnet Based Vlans
IP subnets. Traffic for voice services is designated for IP subnet 172.16.1.0/24, video for 192.168.1.0/24 and data for 10.1.1.0/24. The Switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames. MGS3700-12C User’s Guide...
Page 127: Configuring Subnet Based Vlan
Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 9.7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. MGS3700-12C User’s Guide...
Page 128 Check this box to activate the IP subnet VLAN you are creating or editing. Name Enter up to 32 alpha numeric characters to identify this subnet based VLAN. Enter the IP address of the subnet for which you want to configure this subnet based VLAN. MGS3700-12C User’s Guide...
Page 129: Protocol Based Vlans
IEEE 802.1Q tagged VLAN. For example, port 1, 2, 3 and 4 belong to static VLAN 100, and port 4, 5, 6, 7 belong to static VLAN 120. You configure a protocol based VLAN A with priority 3 MGS3700-12C User’s Guide...
Page 130: Configuring Protocol Based Vlan
Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 55 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN MGS3700-12C User’s Guide...
Page 131 This field shows the priority which is assigned to frames belonging to this protocol based VLAN. Delete Click this to delete the protocol based VLANs which you marked for deletion. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 132: Create An Ip-Based Vlan Example
Change the value in the Port field to the next port you want to add. Click Add. 9.11 Port-based VLAN Setup Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. MGS3700-12C User’s Guide...
Page 133 Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. MGS3700-12C User’s Guide...
Page 134: Configure A Port-Based Vlan
Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 57 Port Based VLAN Setup (All Connected) Figure 58 Port Based VLAN Setup (Port Isolation) MGS3700-12C User’s Guide...
Page 135 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 136 Chapter 9 VLAN MGS3700-12C User’s Guide...
Page 137: Static Mac Forward Setup
Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See Chapter 19 on page for more information on port security. MGS3700-12C User’s Guide...
Page 138 This field displays the descriptive name for identification purposes for this static MAC address-forwarding rule. MAC Address This field displays the MAC address that will be forwarded and the VLAN identification number to which the MAC address belongs. MGS3700-12C User’s Guide...
Page 139 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 140 Chapter 10 Static MAC Forward Setup MGS3700-12C User’s Guide...
Page 141: Static Multicast Forward Setup
24.3 on page 241). Figure 60 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to port(s) within a VLAN group. Figure 61 shows frames being forwarded to devices MGS3700-12C User’s Guide...
Page 142: Configuring Static Multicast Forwarding
Figure 61 Static Mutlicast Forwarding to A Single Port Figure 62 Static Mutlicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). MGS3700-12C User’s Guide...
Page 143 Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to begin configuring this screen afresh. Index Click an index number to modify a static multicast MAC address rule for port(s). MGS3700-12C User’s Guide...
Page 144 This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 145: Filtering
Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next. Figure 64 Advanced Application > Filtering MGS3700-12C User’s Guide...
Page 146 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MGS3700-12C User’s Guide...
Page 147: Spanning Tree Protocol
RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. Note: In this user’s guide, “STP” refers to both STP and RSTP. 13.1.1 STP Terminology The root bridge is the base of the spanning tree. MGS3700-12C User’s Guide...
Page 148: How Stp Works
Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. MGS3700-12C User’s Guide...
Page 149: Stp Port States
In the following example, there are two RSTP instances (MRSTP 1 and MRSTP2) on switch A. To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree. MGS3700-12C User’s Guide...
Page 150: Multiple Stp
13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be MGS3700-12C User’s Guide...
Page 151: Mst Region
MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region. MGS3700-12C User’s Guide...
Page 152: Mst Instance
STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions MGS3700-12C User’s Guide...
Page 153: Spanning Tree Protocol Status Screen
This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch. MGS3700-12C User’s Guide...
Page 154: Spanning Tree Configuration
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 155: Configure Rapid Spanning Tree Protocol
Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. MGS3700-12C User’s Guide...
Page 156 Note: An edge port becomes a non-edge port as soon as it receives a Bridge Protocol Data Unit (BPDU). MGS3700-12C User’s Guide...
Page 157: Rapid Spanning Tree Protocol Status
See Section 13.1 on page 147 more information on RSTP. Note: This screen is only available after you activate RSTP on the Switch. Figure 73 Advanced Application > Spanning Tree Protocol > Status: RSTP MGS3700-12C User’s Guide...
Page 158 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MGS3700-12C User’s Guide...
Page 159: Configure Multiple Rapid Spanning Tree Protocol
Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. MGS3700-12C User’s Guide...
Page 160 Note: An edge port becomes a non-edge port as soon as it receives a Bridge Protocol Data Unit (BPDU). MGS3700-12C User’s Guide...
Page 161: Multiple Rapid Spanning Tree Protocol Status
See Section 13.1 on page 147 more information on MRSTP. Note: This screen is only available after you activate MRSTP on the Switch. Figure 75 Advanced Application > Spanning Tree Protocol > Status: MRSTP MGS3700-12C User’s Guide...
Page 162 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change MGS3700-12C User’s Guide...
Page 163: Configure Multiple Spanning Tree Protocol
13.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 150 for more information on MSTP. Figure 76 Advanced Application > Spanning Tree Protocol > MSTP MGS3700-12C User’s Guide...
Page 164 Click Cancel to begin configuring this screen afresh. Instance Use this section to configure MSTI (Multiple Spanning Tree Instance) settings. Instance Enter the number you want to use to identify this MST instance on the Switch. The Switch supports instance numbers 0-16. MGS3700-12C User’s Guide...
Page 165 This field displays the ID of an MST instance. VLAN This field displays the VID (or VID ranges) to which the MST instance is mapped. Active Port This field display the ports configured to participate in the MST instance. MGS3700-12C User’s Guide...
Page 166: Multiple Spanning Tree Protocol Status
See Section 13.1.5 on page 150 more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 77 Advanced Application > Spanning Tree Protocol > Status: MSTP MGS3700-12C User’s Guide...
Page 167 This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. MGS3700-12C User’s Guide...
Page 168 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. MGS3700-12C User’s Guide...
Page 169: Bandwidth Control
CIR will be marked for drop. Note: The CIR should be less than the PIR. The sum of CIRs cannot be greater than or equal to the uplink bandwidth. MGS3700-12C User’s Guide...
Page 170: Bandwidth Control Setup
The sum of commit rates cannot be greater than or equal to the uplink bandwidth. Commit Specify the number of committed bits allowed to be sent per interval (Tc) to Burst conform with the target-rate (CIR) per second. MGS3700-12C User’s Guide...
Page 171 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS3700-12C User’s Guide...
Page 172 Chapter 14 Bandwidth Control MGS3700-12C User’s Guide...
Page 173: Broadcast Storm Control
DLF packets in your network. You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 79 Advanced Application > Broadcast Storm Control MGS3700-12C User’s Guide...
Page 174 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS3700-12C User’s Guide...
Page 175: Mirroring
Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 80 Advanced Application > Mirroring MGS3700-12C User’s Guide...
Page 176 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. MGS3700-12C User’s Guide...
Page 177: Rmirror
• Destination switch: Monitor traffic from source switch. The destination switch can not only be our switch device, other supplier switch device is suitable for use. MGS3700-12C User’s Guide...
Page 178: Rmirror Configuration
Learning SHOULD be disabled on VLAN • For other supplier switch device, it MUST support 802.1q for basis function on RMirror. If user wants to have fully support on RMirror, condition 2 and 3 should be considered. 16.2.2 RMirror Configuration Click Advanced Application > Mirroring >RMirror on the up right of the navigation panel to display the RMirror screen. Use this screen to active RMirror and set its VLAN MGS3700-12C User’s Guide...
Page 179: Source
VLAN. In different scenario of source switch, the configuration is different. Click Advanced Application > Mirroring > RMirror > Source on the up right of the navigation panel to display the screen shown. See the Table 39 on page 180 for more information on Source switch. MGS3700-12C User’s Guide...
Page 180 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MGS3700-12C User’s Guide...
Page 181: Destination
Click Advanced Application > Mirroring> RMirror > Destination on the up right of the navigation panel to display the screen shown. See the Table 40 on page 182 for more information on Destination switch. MGS3700-12C User’s Guide...
Page 182 This field displays the traffic form monitor-port is tagged with RMirror VLAN or not. Delete Select Delete RMirror VLAN and click Delete to remove the selected entry(ies) from the table. Cancel Select Cancel to clear the checkbox(es) in the table. MGS3700-12C User’s Guide...
Page 183: Connected Port
Click Advanced Application > Mirroring> RMirror > Connected Port on the up right of the navigation panel to display the screen shown. See the Table 41 on page 184 for more information on Connected Port. Figure 85 Advanced Application > Mirroring> RMirror > Connected Port MGS3700-12C User’s Guide...
Page 184 Note: Changes in this row are copied to all the ports as soon as you make them. Connected Port Select this option to set a connected port. This port(s) is used for switch(es) connection by RMirror VLAN. Apply Click Apply to save your changes to the Switch's run‐time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non‐volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. VLAN This field displays the VLAN ID Connected Port This field displays the connected‐port number(s). MGS3700-12C User’s Guide...
Page 185: Link Aggregation
The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking. The Switch supports the link aggregation IEEE802.3ad standard. This standard describes the Link Aggregation Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. MGS3700-12C User’s Guide...
Page 186: Link Aggregation Id
Table 43 Link Aggregation ID: Peer Switch SYSTEM PORT MAC ADDRESS PORT NUMBER PRIORITY PRIORITY 0000 00-00-00-00-00-00 0000 0000 Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MGS3700-12C User’s Guide...
Page 187: Link Aggregation Status
Refer to Section 17.2.1 on page 186 for more information on this field. The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group. MGS3700-12C User’s Guide...
Page 188 This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. MGS3700-12C User’s Guide...
Page 189: Link Aggregation Setting
This is the only screen you need to configure to enable static link Aggregation aggregation. Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. MGS3700-12C User’s Guide...
Page 190 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 191: Link Aggregation Control Protocol
Table 46 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable Aggregation dynamic link aggregation. Control Protocol Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). MGS3700-12C User’s Guide...
Page 192: Static Trunking Example
Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 17.6 Static Trunking Example This example shows you how to create a static port trunk group for ports 2-5. MGS3700-12C User’s Guide...
Page 193 Click Apply when you are done. Figure 90 Trunking Example - Configuration Screen MGS3700-12C User’s Guide...
Page 194 Chapter 17 Link Aggregation Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. MGS3700-12C User’s Guide...
Page 195: Port Authentication
When the client provides the login credentials, the Switch sends an authentication At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MGS3700-12C User’s Guide...
Page 196: Mac Authentication
MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the MGS3700-12C User’s Guide...
Page 197: Port Authentication Configuration
(both on the Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen. Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Figure 93 Advanced Application > Port Authentication MGS3700-12C User’s Guide...
Page 198: Activate Ieee 802.1X Security
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this checkbox to permit 802.1x authentication on this port. You must first allow 802.1x authentication on the Switch before configuring it on each port. MGS3700-12C User’s Guide...
Page 199: Guest Vlan
VLAN. That is, unauthenticated users can have access to limited network resources in the same guest VLAN, such as the Internet. The MGS3700-12C User’s Guide...
Page 200 Use this screen to enable and assign a Guest VLAN to a port. In the Port Authentication > 802.1x screen, click Guest Vlan to display the configuration screen as shown. Figure 96 Advanced Application > Port Authentication > 802.1x > Guest VLAN MGS3700-12C User’s Guide...
Page 201 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 202: Activate Mac Authentication
If you leave this field blank, then only the MAC address of the client is forwarded to the RADIUS server. Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters. MGS3700-12C User’s Guide...
Page 203 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 204 Chapter 18 MGS3700-12C User’s Guide...
Page 205: Port Security
MAC address(es) for a port. It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. MGS3700-12C User’s Guide...
Page 206: Port Security Setup
MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list. Port This field displays the port number. MGS3700-12C User’s Guide...
Page 207 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 208: Vlan Mac Address Limit
Click Cancel to reset the fields to your previous configuration. Clear Click Clear to clear the fields to the factory defaults. Index This field displays the index number of the rule. Click an index number to change the settings. MGS3700-12C User’s Guide...
Page 209 Alarm threshold of learned MAC address by VLAN Threshold Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MGS3700-12C User’s Guide...
Page 210 Chapter 19 Port Security MGS3700-12C User’s Guide...
Page 211: Classifier
Use the Classifier screen to define the classifiers. After you define the classifier, you can specify actions (or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 21 on page 219. MGS3700-12C User’s Guide...
Page 212 Ethernet II tagged and Ethernet II untagged. A value of 802.3 indicates that the packets are formatted according to the IEEE 802.3 standards. A value of Ethernet II indicates that the packets are formatted according to RFC 894, Ethernet II encapsulation. MGS3700-12C User’s Guide...
Page 213 Specify the address prefix by entering the number of ones in the subnet mask. Address Prefix A subnet mask can be represented in a 32-bit notation. For example, the subnet mask “255.255.255.0” can be represented as “11111111.11111111.11111111.00000000”, and counting up the number of ones in this case results in 24. MGS3700-12C User’s Guide...
Page 214: Viewing And Editing Classifier Configuration
Classifier screen. To change the settings of a rule, click a number in the Index field. Note: When two rules conflict with each other, a higher layer rule has priority over lower layer rule. Figure 101 Advanced Application > Classifier: Summary Table MGS3700-12C User’s Guide...
Page 215 The following table shows some common protocol types and the corresponding protocol number. Refer to http://www.iana.org/assignments/ protocol-numbers for a complete list. Table 55 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ICMP L2TP MGS3700-12C User’s Guide...
Page 216: Classifier Example
Appendix A on page 431 for information on commonly used port numbers. 20.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. MGS3700-12C User’s Guide...
Page 217 Chapter 20 Classifier After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. Figure 102 Classifier: Example MGS3700-12C User’s Guide...
Page 218 Chapter 20 Classifier MGS3700-12C User’s Guide...
Page 219: Policy Rule
DS field. DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. DSCP (6 bits) Unused (2 bits) MGS3700-12C User’s Guide...
Page 220: Configuring Policy Rules
DSCP values and the configured policies. 21.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 20.2 on page 211 for more information. MGS3700-12C User’s Guide...
Page 221 Figure 103 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 57 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. MGS3700-12C User’s Guide...
Page 222 Select Replace the IP TOS with the 802.1 priority value to replace the TOS field with the value you configure in the Priority field. Select Set the Diffserv Codepoint field in the frame to set the DSCP field with the value you configure in the DSCP field. MGS3700-12C User’s Guide...
Page 223: Viewing And Editing Policy Configuration
To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Policy screen. To change the settings of a rule, click a number in the Index field. Figure 104 Advanced Application > Policy Rule: Summary Table MGS3700-12C User’s Guide...
Page 224 This field displays the name you have assigned to this policy. Classifier(s This field displays the name(s) of the classifier to which this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 225: Policy Example
The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 216). Figure 105 Policy Example MGS3700-12C User’s Guide...
Page 226 Chapter 21 Policy Rule MGS3700-12C User’s Guide...
Page 227: Queuing Method
By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. Guaranteed quantum is calculated as Queue Weight x 2048 bytes. MGS3700-12C User’s Guide...
Page 228: Weighted Round Robin Scheduling (Wrr)
Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. MGS3700-12C User’s Guide...
Page 229: Configuring Queuing
Chapter 22 Queuing Method 22.2 Configuring Queuing Click Advanced Application > Queuing Method in the navigation panel. Figure 106 Advanced Application > Queuing Method MGS3700-12C User’s Guide...
Page 230 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 231: Vlan Stacking
(SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to MGS3700-12C User’s Guide...
Page 232: Vlan Stacking Port Roles
All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by SP VID). Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. MGS3700-12C User’s Guide...
Page 233: Vlan Tag Format
Configure the fields as highlighted in the Switch VLAN Stacking screen. Table 61 Single and Double Tagged 802.11Q Frame Format Len/ FCS Untagged Etype Ethernet frame Priorit Len/ FCS IEEE 802.1Q Etype customer tagged frame SA Tunne Priori Priorit Len/ FCS Double- l TPID Etype tagged frame MGS3700-12C User’s Guide...
Page 234: Configuring Vlan Stacking
The following table describes the labels in this screen. Table 63 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active Select this to enable VLAN stacking on the Switch. Port The port number identifies the port you are configuring. MGS3700-12C User’s Guide...
Page 235: Port-Based Q-In-Q
23.4.1 Port-based Q-in-Q Port-based Q-in-Q lets the Switch treat all frames received on the same port as the same VLAN flows and add the same outer VLAN tag to them, even they have different customer VLAN IDs. MGS3700-12C User’s Guide...
Page 236 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 237: Selective Q-In-Q
SPVID is the service provider’s VLAN ID (the outer VLAN tag). Enter the service provider ID (from 1 to 4094) for frames received on this port. See Chapter 9 on page 117 for more background information on VLAN ID. MGS3700-12C User’s Guide...
Page 238 This is the service provider’s priority level in the packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 239: Multicast
(such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. MGS3700-12C User’s Guide...
Page 240: Igmp Snooping
This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. MGS3700-12C User’s Guide...
Page 241: Multicast Setting
Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. Querier Select this option to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached. MGS3700-12C User’s Guide...
Page 242 This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host. MGS3700-12C User’s Guide...
Page 243 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 244: Igmp Snooping Vlan
Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.1.4 on page 240 for more information on IGMP Snooping VLAN. Figure 113 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN MGS3700-12C User’s Guide...
Page 245 This field displays the ID number of the VLAN group. Delete Check the rule(s) that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 246: Igmp Filtering Profile
Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile. If you want to add a single multicast IP address, enter it in both the Start Address and End Address fields. MGS3700-12C User’s Guide...
Page 247: Mvr Overview
The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. Figure 115 MVR Network Example MGS3700-12C User’s Guide...
Page 248: Types Of Mvr Ports
VLAN 1 on the receiver port (in this case, a DSL port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination MGS3700-12C User’s Guide...
Page 249: General Mvr Configuration
VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to display the screen as shown next. Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. MGS3700-12C User’s Guide...
Page 250 Compatible. Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports. Port This field displays the port number on the Switch. MGS3700-12C User’s Guide...
Page 251: Mvr Group Configuration
All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. MGS3700-12C User’s Guide...
Page 252 Click Cancel to begin configuring this screen afresh. MVLAN This field displays the multicast VLAN ID. Name This field displays the descriptive name for this setting. Start This field displays the starting IP address of the multicast group. Address MGS3700-12C User’s Guide...
Page 253: Mvr Configuration Example
S. Computers A, B and C in VLAN are able to receive the traffic. Figure 119 MVR Configuration Example To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 120 MVR Configuration Example MGS3700-12C User’s Guide...
Page 254 Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 121 MVR Group Configuration Example Figure 122 MVR Group Configuration Example MGS3700-12C User’s Guide...
Page 255: Aaa
The external servers that perform authentication, authorization and accounting functions are known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see Section 25.1.2 on page 256) and TACACS+ (Terminal Access Controller Access-Control System Plus, see Section MGS3700-12C User’s Guide...
Page 256: Local User Accounts
The AAA screens allow you to enable authentication, authorization, accounting or all of them on the Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or both) and then set up the authentication priority, activate authorization and configure accounting settings. MGS3700-12C User’s Guide...
Page 257: Radius Server Setup
RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 125 Advanced Application > AAA > RADIUS Server Setup MGS3700-12C User’s Guide...
Page 258 Enter the IP address of an external RADIUS accounting server in dotted decimal notation. UDP Port The default port of a RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so. MGS3700-12C User’s Guide...
Page 259: Tacacs+ Server Setup
Section 25.1.2 on page 256 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the AAA screen to view the screen as shown. Figure 126 Advanced Application > AAA > TACACS+ Server Setup MGS3700-12C User’s Guide...
Page 260 Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. TCP Port The default port of a TACACS+ server for accounting is 49. You need not change this value unless your network administrator instructs you to do MGS3700-12C User’s Guide...
Page 261: Aaa Setup
Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 127 Advanced Application > AAA > AAA Setup MGS3700-12C User’s Guide...
Page 262 Exec: Allow an administrator which logs in the Switch through Telnet or SSH to have different access privilege level assigned via the external server. • Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via the external server. MGS3700-12C User’s Guide...
Page 263 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 264: Vendor Specific Attribute
VSAs for users authenticating via the RADIUS server. The following table describes the VSAs supported on the Switch. Table 76 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Vendor-Id = 890 Assignment Vendor-Type = 1 ingress rate (Kbps in decimal format) Vendor-data = MGS3700-12C User’s Guide...
Page 265: Supported Radius Attributes
Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This appendix lists the RADIUS attributes supported by the Switch. MGS3700-12C User’s Guide...
Page 266: Attributes Used For Authentication
25.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator MGS3700-12C User’s Guide...
Page 267: Attributes Used For Accounting
Table 78 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-Identifier NAS-IP-Address Service-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Session-Time Acct-Terminate-Cause Table 79 RADIUS Attributes - Exec Events via Telnet/SSH ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-Identifier NAS-IP-Address Service-Type Calling-Station-Id Acct-Status-Type Acct-Delay-Time MGS3700-12C User’s Guide...
Page 268 Table 80 RADIUS Attributes - Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE STOP User-Name NAS-IP-Address NAS-Port Class Called-Station-Id Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output- Gigawords MGS3700-12C User’s Guide...
Page 269: Ip Source Guard
• ARP inspection. Use this to filter unauthorized ARP packets on the network. If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you have to enable DHCP snooping before you enable ARP inspection. MGS3700-12C User’s Guide...
Page 270: Dhcp Snooping Overview
The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server. If you set up the DHCP snooping database, the Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts. MGS3700-12C User’s Guide...
Page 271: Configuring Dhcp Snooping
(Chapter 37 on page 349). 26.1.1.4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch. Enable DHCP snooping on the Switch. Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. MGS3700-12C User’s Guide...
Page 272: Arp Inspection Overview
These MAC address filters are different than regular MAC address filters (Chapter 12 on page 145). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. MGS3700-12C User’s Guide...
Page 273: Ip Source Guard
Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns MGS3700-12C User’s Guide...
Page 274: Ip Source Guard Static Binding
Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the MGS3700-12C User’s Guide...
Page 275 This binding was learned from information provided manually by an administrator. VLAN This field displays the source VLAN ID in the binding. Port This field displays the port number in the binding. If this field is blank, the binding applies to all ports. MGS3700-12C User’s Guide...
Page 276 Chapter 26 IP Source Guard Table 82 IP Source Guard Static Binding (continued) LABEL DESCRIPTION Delete Select this, and click Delete to remove the specified entry. Cancel Click this to clear the Delete check boxes above. MGS3700-12C User’s Guide...
Page 277: Dhcp Snooping
Chapter 26 IP Source Guard 26.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 132 DHCP Snooping MGS3700-12C User’s Guide...
Page 278 DHCP snooping database for any reason. Startup failures This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database. MGS3700-12C User’s Guide...
Page 279 Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore. MGS3700-12C User’s Guide...
Page 280: Dhcp Snooping Configure
TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 133 DHCP Snooping Configure MGS3700-12C User’s Guide...
Page 281 If there is a conflict, the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen (Section 26.4 on page 277). MGS3700-12C User’s Guide...
Page 282: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 134 DHCP Snooping Port Configure MGS3700-12C User’s Guide...
Page 283: Dhcp Snooping Vlan Configure
Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 37 on page 349) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To MGS3700-12C User’s Guide...
Page 284 DHCP VLAN, if specified, or VLAN. You can configure the system name in the General Setup screen. See Chapter 8 on page 99. You can specify the DHCP VLAN in the DHCP Snooping Configure screen. See Section 26.5 on page 280. MGS3700-12C User’s Guide...
Page 285: Arp Inspection Status
Port This field displays the source port of the discarded ARP packet. Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). MGS3700-12C User’s Guide...
Page 286: Arp Inspection Vlan Status
VLAN ID (End VID) you want to look at. Apply Click this to display the specified range of VLANs in the section below. This field displays the VLAN ID of each VLAN in the range specified above. MGS3700-12C User’s Guide...
Page 287: Arp Inspection Log Status
This field displays the source VLAN ID of the ARP packet. Sender Mac This field displays the source MAC address of the ARP packet. Sender IP This field displays the source IP address of the ARP packet. MGS3700-12C User’s Guide...
Page 288: Arp Inspection Configure
This field displays when the log message was generated. 26.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global MGS3700-12C User’s Guide...
Page 289 Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 26.6.2 on page 287. MGS3700-12C User’s Guide...
Page 290: Arp Inspection Port Configure
Click this to reset the values in this screen to their last-saved values. 26.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives MGS3700-12C User’s Guide...
Page 291 These settings have no effect on trusted ports. Rate (pps) Specify the maximum rate (1-2048 packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit. MGS3700-12C User’s Guide...
Page 292: Arp Inspection Vlan Configure
Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. MGS3700-12C User’s Guide...
Page 293 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. MGS3700-12C User’s Guide...
Page 294 Chapter 26 IP Source Guard MGS3700-12C User’s Guide...
Page 295: Loop Guard
If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: • It will receive broadcast messages sent out from the switch in loop state. MGS3700-12C User’s Guide...
Page 296 The following figure illustrates three switches forming a loop. A sample path of the loop guard probe packet is also shown. In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on MGS3700-12C User’s Guide...
Page 297: Loop Guard Setup
Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled. Figure 146 Advanced Application > Loop Guard MGS3700-12C User’s Guide...
Page 298 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 299: Vlan Mapping
VLAN ID from 12 into 123 before forwarding the packets. Any packets carrying a VLAN tag other than 12 (such as 10) and received on port 3 will be dropped. Figure 147 VLAN mapping example Service Provider Network Port 3 MGS3700-12C User’s Guide...
Page 300: Enabling Vlan Mapping
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 301: Configuring Vlan Mapping
This is the number of the VLAN mapping entry in the table. Active This shows whether this entry is activated or not. Name This is the descriptive name for this rule. Port This is the port number to which this rule is applied. MGS3700-12C User’s Guide...
Page 302 This is the priority level that replaces the customer priority level in the tagged packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 303: Layer 2 Protocol Tunneling
B, C and D. Topology change information can be propagated throughout the service provider’s network. To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and MGS3700-12C User’s Guide...
Page 304: Layer 2 Protocol Tunneling Mode
• The Tunnel port is an egress port at the edge of the service provider's network and connected to another service provider’s switch. Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port. MGS3700-12C User’s Guide...
Page 305: Configuring Layer 2 Protocol Tunneling
Note: All the edge switches in the service provider’s network should be set to use the same MAC address for encapsulation. Port This field displays the port number. MGS3700-12C User’s Guide...
Page 306 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 307: Sflow
For example, you can use it to know which IP address or which type of traffic caused network congestion. Figure 153 sFlow Application sFlow Agent sFlow Collector MGS3700-12C User’s Guide...
Page 308: Sflow Configuration
Select this to allow the Switch to monitor traffic on this port and generate and send sFlow datagram to the specified collector. Sample-rate Enter a number (N) from 256 to 65535. The Switch captures every one out of N packets for this port and creates sFlow datagram. MGS3700-12C User’s Guide...
Page 309: Sflow Collector Configuration
You may want to configure more than one collector if the traffic load to be monitored is more than one collector can manage. Figure 155 Advanced Application > sFlow > Collector MGS3700-12C User’s Guide...
Page 310 This field displays port number the Switch uses to send sFlow datagram to the collector. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 311: Error Diable
With error-disable recovery, you can set the disabled port(s) to become active or start receiving the packets again after the time interval you specify. MGS3700-12C User’s Guide...
Page 312: The Error Disable Screen
Note: After you configure this screen, make sure you also enable error detection for the specific control packets in the Advanced Application > Errdisable > Errdisable Detect screen. Figure 157 Advanced Application > Errdisable > CPU protection MGS3700-12C User’s Guide...
Page 313: Error-Disable Detect Configuration
Click the Click Here link next to Errdisable Detect link in the Advanced Application > Errdisable screen to display the screen as shown. Figure 158 Advanced Application > Errdisable > Errdisable Detect MGS3700-12C User’s Guide...
Page 314 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 315: Error-Disable Recovery Configuration
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 316 Chapter 31 Error Diable MGS3700-12C User’s Guide...
Page 317: Pppoe
Tag_Len indicates the length of Value, i1 and i2. The Value is the 32-bit number 0x00000DE9, which stands for the “ADSL Forum” IANA entry. i1 and i2 are PPPoE intermediate agent sub-options, which contain additional information about the PPPoE client. MGS3700-12C User’s Guide...
Page 318: Sub-Option Format
Table 105 PPPoE IA Circuit ID Sub-option Format: Using Identifier String and Variables SubOpt Length Value 0x01 Identifier delimiter Slot ID delimiter Port No delimiter VLAN ID String (1 byte) (1 byte) (1 byte) (1 byte) (1 byte) (2 byte) (1 byte) (4 bytes) (53 byte) MGS3700-12C User’s Guide...
Page 319: Port State
Switch adds a vendor-specific tag to the packet and then forwards it to the trusted port(s). • The Switch discards PADO and PADS packets which are sent from a PPPoE server but received on an untrusted port. MGS3700-12C User’s Guide...
Page 320: Pppoe
PPPoE client. Click Advanced Application > PPPoE > Intermediate Agent to display the screen as shown. Figure 161 Advanced Application > PPPoE > Intermediate Agent MGS3700-12C User’s Guide...
Page 321: Pppoe Ia Per-Port
Click Cancel to begin configuring this screen afresh. 32.5 PPPoE IA Per-Port Use this screen to specify whether individual ports are trusted or untrusted ports and have the Switch add extra information to PPPoE discovery packets from PPPoE clients on a per-port basis. MGS3700-12C User’s Guide...
Page 322 Use this row to make the settings the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MGS3700-12C User’s Guide...
Page 323 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 324: Pppoe Ia Per-Port Per-Vlan
Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub-option for PPPoE discovery packets received on this VLAN on the specified port. Spaces are allowed. The Circuit ID you configure for a specific VLAN on a port has the highest priority. MGS3700-12C User’s Guide...
Page 325: Pppoe Ia For Vlan
Table 110 Advanced Application > PPPoE > Intermediate Agent > VLAN LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to configure in the section below. Start VID Enter the lowest VLAN ID you want to configure in the section below. MGS3700-12C User’s Guide...
Page 326 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 327: Private Vlan
Isolated ports: 2 ~ 6 Promiscuous port: 10 Note: Make sure you keep at least one port in the promiscuous port list for a VLAN with private VLAN enabled. Otherwise, this VLAN is blocked from the whole network. MGS3700-12C User’s Guide...
Page 328: Configuring Private Vlan
This shows whether this rule is activated or not. Name This is the descriptive name for this rule. VLAN This is the VLAN to which this rule is applied. Promiscuous This shows the port(s) that can communicate with any ports in the same Ports VLAN. MGS3700-12C User’s Guide...
Page 329 Table 111 Advanced Application > Private VLAN (continued) LABEL DESCRIPTION Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 330 Chapter 33 Private VLAN MGS3700-12C User’s Guide...
Page 331: Green Ethernet
When all cables are disconnected from the switch, it is placed in a sleep mode, further saving power while still remaining capable of detecting energy on any port and resuming normal activity in a timely manner. MGS3700-12C User’s Guide...
Page 332: Configuring Green Ethernet
It disables almost all functions of PHY in link down state. Recovery from this mode to normal mode without frames lost. Clear this check box to disable the Auto Power Down feature on the port. MGS3700-12C User’s Guide...
Page 333 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 334 Chapter 34 Green Ethernet MGS3700-12C User’s Guide...
Page 335: Ip Application
IP Application Static Route (337) Differentiated Services (341) DHCP (349)
Page 337: Static Route
(R1). You create one static route to connect to services offered by your ISP behind router R2. You create another static route to communicate with a separate network behind a router R3 connected to the Switch. Figure 168 Example of Static Routing Topology Internet MGS3700-12C User’s Guide...
Page 338: Configuring Static Routing
Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the above fields to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. MGS3700-12C User’s Guide...
Page 339 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MGS3700-12C User’s Guide...
Page 340 Chapter 35 Static Route MGS3700-12C User’s Guide...
Page 341: Differentiated Services
Figure 170 DiffServ: Differentiated Service Field DSCP (6 bits) CU (2 bits) DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. MGS3700-12C User’s Guide...
Page 342: Diffserv Network Example
Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria. MGS3700-12C User’s Guide...
Page 343: Trtcm-Color-Blind Mode
Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green. Figure 172 TRTCM-Color-blind Mode Exceed Exceed Low Packet Loss PIR? CIR? High Packet Medium Packet Loss Loss MGS3700-12C User’s Guide...
Page 344: Trtcm-Color-Aware Mode
Low Packet Red? Yellow? Loss CIR? PIR? Medium Packet High Packet High Packet Medium Packet Loss Loss Loss Loss 36.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). MGS3700-12C User’s Guide...
Page 345 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 346: Configuring 2-Rate 3 Color Marker Settings
All incoming packets are evaluated against the CIR and PIR. Select color-aware to treat the packets as marked by some preceding entity. Incoming packets are evaluated based on their existing color. Incoming packets that are not marked proceed through the Switch. MGS3700-12C User’s Guide...
Page 347: Dscp-To-Ieee 802.1P Priority Settings
The following table shows the default DSCP-to-IEEE802.1p mapping. Table 116 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0 – 7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE 802.1p MGS3700-12C User’s Guide...
Page 348: Configuring Dscp Settings
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 349: Dhcp
• Global - The Switch forwards all DHCP requests to the same DHCP server. • VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. MGS3700-12C User’s Guide...
Page 350: Dhcp Status
DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information. Please refer to RFC 3046 for more details. MGS3700-12C User’s Guide...
Page 351: Configuring Dhcp Global Relay
Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 178 IP Application > DHCP > Global MGS3700-12C User’s Guide...
Page 352: Global Dhcp Relay Configuration Example
Figure 179 Global DHCP Relay Network Example DHCP Server: 192.168.1.100 VLAN2 VLAN1 Configure the DHCP Relay screen as shown. Make sure you select the Option 82 check box to set the Switch to send additional information (such as the VLAN ID) MGS3700-12C User’s Guide...
Page 353: Configuring Dhcp Vlan Settings
Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. Section 8.6 on page 108 for information on how to set up management IP addresses for VLANs. Figure 181 IP Application > DHCP > VLAN MGS3700-12C User’s Guide...
Page 354: Example: Dhcp Relay For Two Vlans
The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server MGS3700-12C User’s Guide...
Page 355 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 182 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 183 DHCP Relay for Two VLANs Configuration Example MGS3700-12C User’s Guide...
Page 356 Chapter 37 DHCP MGS3700-12C User’s Guide...
Page 357: Management
Management Maintenance (359) Access Control (367) Diagnostic (389) Syslog (391) Cluster Management (395) MAC Table (403) ARP Table (407) Configure Clone (409)
Page 359: Maintenance
Click Click Here to go to the Restore Configuration screen. Configuration Backup Click Click Here to go to the Backup Configuration screen. Configuration Load Factory Click Click Here to reset the configuration to the factory default settings. Default MGS3700-12C User’s Guide...
Page 360: Load Factory Default
Switch IP address (192.168.1.1). 38.3 Save Configuration Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch. Click Config 2 to save the current configuration settings to Configuration 2 on the Switch. MGS3700-12C User’s Guide...
Page 361: Reboot System
Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. MGS3700-12C User’s Guide...
Page 362: Restore A Configuration File
Path text box or click Browse to locate it. After you have specified the file, click Restore. "config" is the name of the configuration file on the Switch, so your backup configuration file is automatically renamed when you restore using this screen. MGS3700-12C User’s Guide...
Page 363: Backup A Configuration File
The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing. MGS3700-12C User’s Guide...
Page 364: Ftp Command Line Procedure
Enter open, followed by a space and the IP address of your Switch. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter bin to set transfer mode to binary. MGS3700-12C User’s Guide...
Page 365: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MGS3700-12C User’s Guide...
Page 366 Chapter 38 Maintenance MGS3700-12C User’s Guide...
Page 367: Access Control
See the CLI Reference Guide for more information on disabling multi-login. 39.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 190 Management > Access Control MGS3700-12C User’s Guide...
Page 368: About Snmp
Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. MGS3700-12C User’s Guide...
Page 369: Snmp V3 And Security
• RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c • RFC 1757 RMON • SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP MGS3700-12C User’s Guide...
Page 370: Snmp Traps
This trap is sent when the 5.2.1 Switch fails to get the time and date from a time server. RTCNotUpdatedEventClear 1.3.6.1.4.1.890.1.5.8.55.2 This trap is sent when the 5.2.2 Switch gets the time and date from a time server. MGS3700-12C User’s Guide...
Page 371 This trap is sent when the .2.2 Ethernet link is up. linkdown linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. LinkDownEventOn 1.3.6.1.4.1.890.1.5.8.55.25 This trap is sent when the .2.1 Ethernet link is down. MGS3700-12C User’s Guide...
Page 372 RADIUSNotReachableEve 1.3.6.1.4.1.890.1.5.8.55. This trap is sent when there is ntOn 25.2.1 no response message from the RADIUS server. RADIUSNotReachableEve 1.3.6.1.4.1.890.1.5.8.55. This trap is sent when the ntClear 25.2.2 RADIUS server can be reached. MGS3700-12C User’s Guide...
Page 373 STPTopologyChange 1.3.6.1.2.1.17.0.2 This trap is sent when the STP topology changes. MRSTPTopologyChange 1.3.6.1.4.1.890.1.5.8.55.3 This trap is sent when the 2.2.2 MRSTP topology changes. MSTPTopologyChange 1.3.6.1.4.1.890.1.5.8.55.1 This trap is sent when the MSTP 07.70.2 root switch changes. MGS3700-12C User’s Guide...
Page 374: Configuring Snmp
Switch detects a connectivity fault. 39.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. Figure 192 Management > Access Control > SNMP MGS3700-12C User’s Guide...
Page 375 SNMP v3 manager. Index This is a read-only number identifying a login account on the Switch. Username This field displays the username of a login account on the Switch. MGS3700-12C User’s Guide...
Page 376 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 377: Configuring Snmp Trap Group
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 378: Setting Up Login Accounts
This is the default administrator account with the “admin” user name. You cannot change the default administrator user name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped). New Password Enter your new system password. MGS3700-12C User’s Guide...
Page 379: Ssh Overview
Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 195 SSH Communication Example MGS3700-12C User’s Guide...
Page 380: How Ssh Works
Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. MGS3700-12C User’s Guide...
Page 381: Ssh Implementation On The Switch
SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch. Please refer to the following figure. MGS3700-12C User’s Guide...
Page 382: Https Example
When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. Click View Certificate if you want to verify that the certificate is from the Switch. MGS3700-12C User’s Guide...
Page 383: Netscape Navigator Warning Messages
Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. MGS3700-12C User’s Guide...
Page 384 Chapter 39 Access Control Select Accept this certificate permanently to import the Switch’s certificate into the SSL client. Figure 199 Security Certificate 1 (Netscape) example example example Figure 200 Security Certificate 2 (Netscape) example MGS3700-12C User’s Guide...
Page 385: The Main Screen
Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed MGS3700-12C User’s Guide...
Page 386: Remote Management
Cancel Click Cancel to begin configuring this screen afresh. 39.10 Remote Management Click Management > Access Control > Remote Management to view the screen as shown next. MGS3700-12C User’s Guide...
Page 387 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 388 Chapter 39 Access Control MGS3700-12C User’s Guide...
Page 389: Diagnostic
This chapter explains the Diagnostic screen. 40.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 204 Management > Diagnostic MGS3700-12C User’s Guide...
Page 390 Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Enter a port number and click Port Test to perform an internal Test loopback test. MGS3700-12C User’s Guide...
Page 391: Syslog
Error: There is an error condition on the system. Warning: There is a warning condition on the system. Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. MGS3700-12C User’s Guide...
Page 392: Syslog Setup
The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 393: Syslog Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 394 Chapter 41 Syslog MGS3700-12C User’s Guide...
Page 395: Cluster Management
Maximum number of cluster members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches. Cluster Members The switches being managed by the cluster manager switch. MGS3700-12C User’s Guide...
Page 396: Cluster Management Status
Figure 207 Clustering Application Example 42.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 208 Management > Cluster Management: Status MGS3700-12C User’s Guide...
Page 397: Cluster Member Switch Management
Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web MGS3700-12C User’s Guide...
Page 398: Uploading Firmware To A Cluster Member Switch
297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 390BBA0.bin fw-00-a0-c5-01-23-46 200 Port command okay 150 Opening data connection for STOR fw-00-a0-c5-01-23-46 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> MGS3700-12C User’s Guide...
Page 399 This is the cluster member switch’s firmware name as seen fw-00-a0-c5-01-23-46 in the cluster manager switch. config-00-a0-c5-01-23-46 This is the cluster member switch’s configuration file name as seen in the cluster manager switch. MGS3700-12C User’s Guide...
Page 400: Clustering Management Configuration
Error in the Cluster Management Status screen and a warning icon ( ) appears in the member summary list below. Name Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). MGS3700-12C User’s Guide...
Page 401 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 402 Chapter 42 Cluster Management MGS3700-12C User’s Guide...
Page 403: Mac Table
• If the Switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion. MGS3700-12C User’s Guide...
Page 404: Viewing The Mac Table
Figure 212 MAC Table Flowchart 43.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 213 Management > MAC Table MGS3700-12C User’s Guide...
Page 405 This is the VLAN group to which this frame belongs. Port This is the port where the above MAC address is forwarded. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). MGS3700-12C User’s Guide...
Page 406 Chapter 43 MAC Table MGS3700-12C User’s Guide...
Page 407: Arp Table
MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. MGS3700-12C User’s Guide...
Page 408: Viewing The Arp Table
This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. This is the MAC address of the device with corresponding IP address above. Address Type This shows whether the MAC address is dynamic (learned by the Switch) or static. MGS3700-12C User’s Guide...
Page 409: Configure Clone
45.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 215 Management > Configure Clone MGS3700-12C User’s Guide...
Page 410 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MGS3700-12C User’s Guide...
Page 411 Chapter 45 Configure Clone MGS3700-12C User’s Guide...
Page 412 Chapter 45 Configure Clone MGS3700-12C User’s Guide...
Page 413: Troubleshooting & Product Specifications
Troubleshooting & Product Specifications Troubleshooting (415) Product Specifications (419)
Page 415: Troubleshooting
If the problem continues, contact the vendor. The ALM LED is on. Disconnect and re-connect the power adaptor to the Switch. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. MGS3700-12C User’s Guide...
Page 416: Switch Access And Login
If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. MGS3700-12C User’s Guide...
Page 417 Turn the Switch off and on. Disconnect and re-connect the cord to the Switch. If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page MGS3700-12C User’s Guide...
Page 418: Switch Configuration
Switch’s nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 38.3 on page 360 for more information about how to save your configuration. MGS3700-12C User’s Guide...
Page 419: Product Specifications
Per 1000BASE-T RJ-45 port slot: 100, 1000, LNK, ACT Per mini-GBIC slot: LNK, ACT Per Management port: 10, 100 Operating Temperature: 0º C ~ 70º C (32º F ~ 158º F) Environment Humidity: 5 ~ 90% (non-condensing) MGS3700-12C User’s Guide...
Page 420 The Switch supports IGMP snooping and MLD snooping-proxy, Snooping-proxy enabling group multicast traffic to be only forwarded to ports that are members of that group; thus allowing you to significantly reduce multicast traffic passing through your Switch. MGS3700-12C User’s Guide...
Page 421 Loop Guard Use the loop guard feature to protect against network loops on the edge of your network. IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. MGS3700-12C User’s Guide...
Page 422 PPPoE IA allows the Switch to add more subscriber information to packets for the PPPoE server on a per-port basis. Private VLAN Private VLAN allows you to block traffic between ports in a VLAN on the Switch. MGS3700-12C User’s Guide...
Page 423 Supports IEEE 802.3ad; static and dynamic (LACP) port trunking Aggregation Six groups (up to 8 ports each) Port All ports support port mirroring mirroring Support port mirroring per IP/TCP/UDP Bandwidth Supports rate limiting at 64 Kb increments control Provider BPDU transparency Bridge Layer2 protocol tunneling MGS3700-12C User’s Guide...
Page 424 DHCP snooping Multicast IGMP snooping (IGMP v1/v2/v3, 16 VLAN maximum-user configurable) IGMP filtering IGMP timer Multicast reserve group Static multicast IGMP snooping fast-leave IGMP snooping statistics IGMP throttling MLD Snooping-proxy IGMP message Limit Support RADIUS and TACACS+ MGS3700-12C User’s Guide...
Page 425 SNMPv2 Simple Network Management Protocol version 2 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1757 RMON RFC 1901 SNMPv2c Simple Network Management Protocol version 2c RFC 1981 Path MTU Discovery for IPv6 RFC 2138 RADIUS (Remote Authentication Dial In User Service) MGS3700-12C User’s Guide...
Page 426 IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation IEEE 802.3ah Ethernet OAM (Operations, Administration and Maintenance) IEEE 802.3x Flow Control Safety UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) MGS3700-12C User’s Guide...
Page 427: Fan Module Removal And Installation
Slide out the fan module. Replace the fuse if it is burnt out. If the fuse is not the problem, use a different fan module from the manufacturer. Slide the fan module back into the fan module slot. Tighten the thumbscrew. MGS3700-12C User’s Guide...
Page 428 Chapter 47 Product Specifications MGS3700-12C User’s Guide...
Page 429: Appendices And Index
Appendices and Index Common Services (431) Legal Information (435) Index (417)
Page 431: Appendix A Common Services
Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. MGS3700-12C User’s Guide...
Page 432 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). PPTP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. MGS3700-12C User’s Guide...
Page 433 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. MGS3700-12C User’s Guide...
Page 434 Appendix A Common Services MGS3700-12C User’s Guide...
Page 435: Appendix B Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 436 Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11. MGS3700-12C User’s Guide...
Page 437: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. MGS3700-12C User’s Guide...
Page 438 Appendix B Legal Information MGS3700-12C User’s Guide...
Page 439: Index
BPS status backbone Bridge Protocol Data Units (BPDUs) bridging IEEE 802.1Q VLAN bridging switched workgroup broadcast storm control how it works viewing ARP (Address Resolution Protocol) ARP inspection 269, 272 and MAC filter certifications configuring notices MGS3700-12C User’s Guide...
Page 440 See port cloning double-tagged frames copyright DS (Differentiated Services) CPU management port DSCP CPU protection DSCP-to-IEEE802.1p mapping overview service level current date what it does MGS3700-12C User’s Guide...
Page 441 IEEE 802.1p, priority delay IEEE 802.1x frames activate 198, 202, 259 tagged reauthentication untagged IEEE 802.1x, port authentication front panel IGMP version file transfer procedure IGMP (Internet Group Management restrictions over WAN Protocol) IGMP filtering profile MGS3700-12C User’s Guide...
Page 442 L2PT loop guard access port examples port shut down configuration setup encapsulation vs STP LACP MAC address mode overview PAgP point to point MAC (Media Access Control) MAC address 100, 407 tunnel port MGS3700-12C User’s Guide...
Page 443 MDIX (Media Dependent Interface group configuration Crossover) network example MGMT port MVR (Multicast VLAN Registration) and SNMP supported MIBs MIB (Management Information Base) mirroring ports network applications monitor port 175, 176 network management system (NMS) mounting brackets NTP (RFC-1305) MRSTP MGS3700-12C User’s Guide...
Page 444 MAC address learning configuration example overview isolate traffic setup 206, 297, 305 priority port setup un-tagged packets port status PVID port VLAN ID, see PVID PVID (Priority Frame) port VLAN trunking PWR LED port-based VLAN all connected port isolation MGS3700-12C User’s Guide...
Page 445 53, 362 how it works RFC 3164 implementation Round Robin Scheduling SSH (Secure Shell) routing protocols SSL (Secure Socket Layer) RSTP standby ports rubber feet static bindings static link aggregation example MGS3700-12C User’s Guide...
Page 446 VLAN traps and DHCP VLAN AC prefer priority destination setup TRTCM subnet based VLANs and bandwidth control switch lockout and DiffServ switch reset color-aware mode switch setup color-blind mode switching setup syntax conventions trunk group MGS3700-12C User’s Guide...
Page 447 VLAN number of possible VIDs priority frame VT100 VID (VLAN Identifier) VLAN 104, 423 acceptable frame type automatic registration IGMP snooping ingress filtering warranty introduction note number of VLANs web configurator port number getting help port settings MGS3700-12C User’s Guide...
Page 448 Index home login logout navigation panel weight, queuing Weighted Round Robin Scheduling (WRR) WRR (Weighted Round Robin Scheduling) ZyNOS (ZyXEL Network Operating System) MGS3700-12C User’s Guide...