Page 1 GS2200-24 Intelligent Layer 2 GbE Switch Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 3.90 Edition 1, 6/2009 www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Refer to the included CD for support documents. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com.
Page 4 • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it. GS2200-24 User’s Guide...
Page 5: Document Conventions
Syntax Conventions • The GS2200-24 may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router GS2200-24 User’s Guide...
Page 7: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. GS2200-24 User’s Guide...
Page 8 Safety Warnings GS2200-24 User’s Guide...
Page 9: Table Of Contents
VLAN Stacking ........................185 Multicast ..........................193 AAA ............................201 IP Source Guard ........................215 Loop Guard ..........................241 Layer 2 Protocol Tunneling ...................... 245 IP Application ........................251 Static Route ..........................253 Differentiated Services ......................257 GS2200-24 User’s Guide...
Page 10 Syslog ............................303 Cluster Management ....................... 307 MAC Table ..........................315 ARP Table ..........................319 Configure Clone ........................321 Troubleshooting & Product Specifications ............... 323 Troubleshooting ........................325 Product Specifications ......................329 Appendices and Index ......................337 GS2200-24 User’s Guide...
Page 11: Table Of Contents
2.3.3 Mounting the Switch on a Rack .................. 33 Chapter 3 Hardware Panels ........................35 3.1 Overview ..........................35 3.2 Front Panel ......................... 35 3.2.1 Console Port ......................36 3.2.2 Gigabit Ethernet Ports ....................36 3.2.3 Mini-GBIC Slots ......................37 GS2200-24 User’s Guide...
Page 12 6.3.3 Configuring DHCP Relay ................... 63 6.3.4 Troubleshooting ......................63 Chapter 7 System Status and Port Statistics..................65 7.1 Overview ..........................65 7.2 What You Can Do ........................ 65 7.3 Port Status Summary ..................... 66 7.3.1 Status: Port Details ....................67 GS2200-24 User’s Guide...
Page 13 9.8.1 Configuring Protocol Based VLAN ................. 100 9.9 Port-based VLAN Setup ....................102 9.9.1 Configure a Port-based VLAN ................. 103 9.10 Technical Reference ......................105 9.10.1 Create an IP-based VLAN Example ............... 105 Chapter 10 Static MAC Forward Setup....................107 GS2200-24 User’s Guide...
Page 14 ..............133 13.12 Technical Reference ...................... 135 13.12.1 MSTP Network Example ..................135 13.12.2 MST Region ......................136 13.12.3 MST Instance ....................... 136 13.12.4 Common and Internal Spanning Tree (CIST) ............137 Chapter 14 Bandwidth Control........................ 139 GS2200-24 User’s Guide...
Page 15 18.3.1 IEEE 802.1x Authentication ................... 161 18.4 Port Authentication Configuration ..................162 18.5 Activate IEEE 802.1x Security ..................163 Chapter 19 Port Security.......................... 165 19.1 Overview ......................... 165 19.2 What You Can Do ......................165 19.3 Port Security Setup ......................166 GS2200-24 User’s Guide...
Page 16 23.6 Technical Reference ......................188 23.6.1 VLAN Stacking Example ..................188 23.6.2 VLAN Stacking Port Roles ..................189 23.6.3 VLAN Tag Format ....................190 23.6.4 Frame Format ......................190 Chapter 24 Multicast ..........................193 24.1 Overview ......................... 193 GS2200-24 User’s Guide...
Page 17 26.9 ARP Inspection VLAN Status ..................228 26.10 ARP Inspection Log Status .................... 229 26.11 ARP Inspection Configure ..................... 230 26.11.1 ARP Inspection Port Configure ................232 26.11.2 ARP Inspection VLAN Configure ................. 234 26.12 Technical Reference ...................... 235 GS2200-24 User’s Guide...
Page 18 30.3.2 DiffServ Network Example ..................258 30.4 Activating DiffServ ......................259 30.5 DSCP-to-IEEE 802.1p Priority Settings ................. 260 30.5.1 Configuring DSCP Settings ..................260 Chapter 31 DHCP............................. 261 31.1 DHCP Overview ......................261 31.2 What You Can Do ......................261 GS2200-24 User’s Guide...
Page 19 33.3 The Access Control Main Screen ..................280 33.4 Configuring SNMP ......................280 33.5 Configuring SNMP Trap Group ..................283 33.6 Setting Up Login Accounts ..................284 33.7 Service Port Access Control ..................285 33.8 Remote Management ....................286 GS2200-24 User’s Guide...
Page 20 ARP Table ..........................319 38.1 Overview ......................... 319 38.2 What You Can Do ......................319 38.2.1 How ARP Works ....................319 38.3 Viewing the ARP Table ....................320 Chapter 39 Configure Clone ........................321 39.1 Overview .......................... 321 GS2200-24 User’s Guide...
Page 21 40.3 Switch Configuration ......................328 Chapter 41 Product Specifications ......................329 Part VII: Appendices and Index ............337 Appendix A Changing a Fuse ....................339 Appendix B Common Services..................... 341 Appendix C Legal Information ....................345 Index............................349 GS2200-24 User’s Guide...
Page 22 Table of Contents GS2200-24 User’s Guide...
Page 23: Introduction And Hardware
Introduction and Hardware Getting to Know Your Switch (25) Hardware Installation and Connection (31) Hardware Panels (35)
Page 25: Getting To Know Your Switch
The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch. GS2200-24 User’s Guide...
Page 26: Bridging Example
Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 2 Bridging Application GS2200-24 User’s Guide...
Page 27: High Performance Switching Example
Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re- cabling. GS2200-24 User’s Guide...
Page 28: Ways To Manage The Switch
Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. GS2200-24 User’s Guide...
Page 29 If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. GS2200-24 User’s Guide...
Page 30 Chapter 1 Getting to Know Your Switch GS2200-24 User’s Guide...
Page 31: Hardware Installation And Connection
The Switch can be mounted on an EIA standard size, 19-inch rack or in a wiring closet with other equipment. Follow the steps below to mount your Switch on a standard EIA rack using a rack-mounting kit. GS2200-24 User’s Guide...
Page 32: Rack-Mounted Installation Requirements
Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. Repeat steps to install the second mounting bracket on the other side of the Switch. You may now mount the Switch on a rack. Proceed to the next section. GS2200-24 User’s Guide...
Page 33: Mounting The Switch On A Rack
Figure 6 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. Repeat steps to attach the second mounting bracket on the other side of the rack. GS2200-24 User’s Guide...
Page 34 Chapter 2 Hardware Installation and Connection GS2200-24 User’s Guide...
Page 35: Hardware Panels
The following table describes the port labels on the front panel. Table 1 Front Panel Connections LABEL DESCRIPTION 24 10/100/ Connect these ports to a computer, a hub, an Ethernet switch or router. 1000 RJ-45 Ethernet Ports GS2200-24 User’s Guide...
Page 36: Console Port
Four 1000Base-T Ethernet ports are paired with a mini-GBIC slot to create a dual personality interface. The Switch uses up to one connection for each mini-GBIC and 1000Base-T Ethernet pair. The mini-GBIC slots have priority over the Gigabit GS2200-24 User’s Guide...
Page 37: Mini-Gbic Slots
You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors. To avoid possible eye injury, do not look into an operating fiber- optic module’s connectors. • Type: SFP connection interface GS2200-24 User’s Guide...
Page 38: Transceiver Installation
Figure 8 Transceiver Installation Example Figure 9 Connecting the Fiber Optic Cables 3.2.3.2 Transceiver Removal Use the following steps to remove a mini-GBIC transceiver (SFP module). Remove the fiber optic cables from the transceiver. Open the transceiver’s latch (latch styles vary). GS2200-24 User’s Guide...
Page 39: Power Connector
Connect the other end of the supplied power cord to a power outlet. Make sure that no objects obstruct the airflow of the fans (located on the side of the unit). Chapter 41 on page 329 for information on the Switch’s power supply requirements. GS2200-24 User’s Guide...
Page 40: Leds
The Gigabit port is negotiating in full-duplex mode. The Gigabit port is negotiating in half-duplex mode. Mini-GBIC Slots Green The link to this port is up. The link to this port is not connected. Green Blinking This port is receiving or transmitting data. GS2200-24 User’s Guide...
Page 41: Basic Configuration
Basic Configuration The Web Configurator (43) Initial Setup Example (51) System Status and Port Statistics (65) Basic Setting (71)
Page 43: The Web Configurator
• Java permissions (enabled by default). 4.2 System Login Start your web browser. Type “http://” and the IP address of the Switch (for example, the default management IP address is 192.168.1.1) in the Location or Address field. Press [ENTER]. GS2200-24 User’s Guide...
Page 44: The Status Screen
4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 14 Web Configurator Home Screen (Status) GS2200-24 User’s Guide...
Page 45 E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION GS2200-24 User’s Guide...
Page 46 This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets. Queuing This link takes you to a screen where you can configure queuing with Method associated queue weights for each port. GS2200-24 User’s Guide...
Page 47 This link takes you to a screen where you can view the MAC addresses – IP address resolution table. Configure This link takes you to a screen where you can copy attributes of one port Clone to other ports. GS2200-24 User’s Guide...
Page 48: Change Your Password
Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory. Nonvolatile memory refers to the Switch’s storage that remains even if the Switch’s power is turned off. Note: Use the Save link when you are done with a configuration session. GS2200-24 User’s Guide...
Page 49: Switch Lockout
9600 bps with 8 data bits, no parity, one stop bit and flow control set to none. The password will also be reset to “1234” and the IP address to 192.168.1.1. To upload the configuration file, do the following: Connect to the console port using a computer with terminal emulation software. GS2200-24 User’s Guide...
Page 50: Logging Out Of The Web Configurator
Figure 16 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. GS2200-24 User’s Guide...
Page 51: Initial Setup Example
You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 17 Initial Setup Network Example: VLAN GS2200-24 User’s Guide...
Page 52 TX Tagging check box to set the Switch to remove VLAN tags before sending. Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS2200-24 User’s Guide...
Page 53: Setting Port Vid
Setting link. Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS2200-24 User’s Guide...
Page 54: Configuring Switch Management Ip Address
This is the same as the VLAN ID you configure in the Static VLAN screen. Click Add to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS2200-24 User’s Guide...
Page 55: Tutorials
Note: For related information about DHCP snooping, see Section 26.1 on page 215. The settings in this tutorial are as the following. Table 5 Tutorial: Settings in this Tutorial PORT DHCP SNOOPING HOST VLAN PVID CONNECTED PORT TRUSTED DHCP Server (A) 1 and 100 GS2200-24 User’s Guide...
Page 56 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add. Figure 21 Tutorial: Create a VLAN and Add Ports to It GS2200-24 User’s Guide...
Page 57 Figure 22 Tutorial: Tag Untagged Frames Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 23 Tutorial: Specify DHCP VLAN GS2200-24 User’s Guide...
Page 58 If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry. See Section 26.12.1.3 on page 237. Figure 25 Tutorial: Enable DHCP Snooping on this VLAN GS2200-24 User’s Guide...
Page 59: How To Use Dhcp Relay On The Switch
DHCP requests. 6.3.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) to DHCP client A based GS2200-24 User’s Guide...
Page 60: Creating A Vlan
Access the web configurator through the Switch’s management port. Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. Figure 28 Tutorial: Set VLAN Type to 802.1Q GS2200-24 User’s Guide...
Page 61 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. Figure 29 Tutorial: Create a Static VLAN GS2200-24 User’s Guide...
Page 62 VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory. Figure 31 Tutorial: Add Tag for Frames Received on Port 2 GS2200-24 User’s Guide...
Page 63: Configuring Dhcp Relay
Click the Save link in the upper right corner of the web configurator to save your configuration permanently. The DHCP server can then assign a specific IP address based on the DHCP request. 6.3.4 Troubleshooting Check the client A’s IP address. If it did not receive the IP address 172.16.1.18, make sure: GS2200-24 User’s Guide...
Page 64 Client A is connected to the Switch’s port 2 in VLAN 102. You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. You clicked the Save link on the Switch to have your settings take effect. GS2200-24 User’s Guide...
Page 65: System Status And Port Statistics
7.2 What You Can Do • Use the Port Status Sumary screen (Section 7.3 on page 66) to view the port statistics. • Use the Port Details screen (Section 7.3.1 on page 67) to display individual port statistics. GS2200-24 User’s Guide...
Page 66: Port Status Summary
This field shows the number of received frames on this port. Errors This field shows the number of received errors on this port. Tx KB/s This field shows the number of kilobytes per second transmitted on this port. GS2200-24 User’s Guide...
Page 67: Status: Port Details
Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 34 Status > Port Details GS2200-24 User’s Guide...
Page 68 Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision. Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision. GS2200-24 User’s Guide...
Page 69 This field shows the number of packets (including bad packets) received that were between 1519 octets and the maximum frame size. The maximum frame size varies depending on your switch model. See Chapter 41 on page 329. GS2200-24 User’s Guide...
Page 70 Chapter 7 System Status and Port Statistics GS2200-24 User’s Guide...
Page 71: Basic Setting
(Section 8.7.1 on page 79) to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. • Use the Port Setup screen (Section 8.8 on page 81) to configure Switch port settings. GS2200-24 User’s Guide...
Page 72: System Information
This field displays the maximum temperature measured at this sensor. This field displays the minimum temperature measured at this sensor. Threshold This field displays the upper temperature limit at this sensor. Status This field displays Normal for temperatures below the threshold and Error for those above. GS2200-24 User’s Guide...
Page 73 This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. GS2200-24 User’s Guide...
Page 74: General Setup
Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. Contact Enter the name of the person in charge of this Switch. You can use up to Person's Name 32 printable ASCII characters; spaces are allowed. GS2200-24 User’s Guide...
Page 75 European Union you would select Last, Sunday, March and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). GS2200-24 User’s Guide...
Page 76: Introduction To Vlans
With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. Chapter 9 on page 87 for information on port-based and 802.1Q tagged VLANs. GS2200-24 User’s Guide...
Page 77: Switch Setup Screen
Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds. Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 milliseconds. GS2200-24 User’s Guide...
Page 78: Ip Setup
Use the IP Setup screen to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic. GS2200-24 User’s Guide...
Page 79: Management Ip Addresses
You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 38 Basic Setting > IP Setup GS2200-24 User’s Guide...
Page 80 This field displays the index number of the rule. Click an index number to edit the rule. IP Address This field displays the IP address. IP Subnet Mask This field displays the subnet mask. This field displays the ID number of the VLAN group. GS2200-24 User’s Guide...
Page 81: Port Setup
Click Cancel to clear the selected check boxes in the Delete column. 8.8 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. Figure 39 Basic Setting > Port Setup GS2200-24 User’s Guide...
Page 82 Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later. Select Flow Control to enable it. GS2200-24 User’s Guide...
Page 83 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 84 Chapter 8 Basic Setting GS2200-24 User’s Guide...
Page 85: Advanced
Advanced VLAN (87) Layer 2 Protocol Tunneling (245) Static MAC Forward Setup (107) Filtering (115) Spanning Tree Protocol (117) Bandwidth Control (139) Broadcast Storm Control (143) Mirroring (147) Link Aggregation (151) Port Authentication (161) Port Security (165) Classifier (169) Policy Rule (175) Queuing Method (181) VLAN Stacking (185) Multicast (193)
Page 87: Vlan
A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or GS2200-24 User’s Guide...
Page 88: Forwarding Tagged And Untagged Frames
GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 9.3.4 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register attribute values with other GARP participants within a bridged GS2200-24 User’s Guide...
Page 89: Gvrp
You may choose to accept both tagged and Type untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port. Ingress filtering If set, the Switch discards incoming frames for VLANs that do not have this port as a member GS2200-24 User’s Guide...
Page 90: Port Vlan Trunking
• sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. GS2200-24 User’s Guide...
Page 91: Vlan Status
This field shows how this VLAN was added to the Switch. dynamic: using GVRP static: added as a permanent entry Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. GS2200-24 User’s Guide...
Page 92: Vlan Details
This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the Switch. dynamic: using GVRP static: added as a permanent entry GS2200-24 User’s Guide...
Page 93: Configure A Static Vlan
This name consists of up to 64 printable characters. VLAN Group Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Port The port number identifies the port you are configuring. GS2200-24 User’s Guide...
Page 94 This field indicates whether the VLAN settings are enabled (Yes) or disabled (No). Name This field displays the descriptive name for this VLAN group. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 95: Configure Vlan Port Settings
If this check box is selected, the Switch discards incoming frames on a port for VLANs that do not include this port in its member set. Clear this check box to disable ingress filtering. Port This field displays the port number. GS2200-24 User’s Guide...
Page 96: Subnet Based Vlans
IP subnet it came from. The untagged packets from the same IP subnet are then placed in the same subnet based VLAN. One advantage of using subnet based VLANs is that priority can be assigned to traffic from the same IP subnet. GS2200-24 User’s Guide...
Page 97: Configuring Subnet Based Vlan
Internet Untagged Frames 10.1.1.0/24 172.16.1.0/24 192.168.1.0/24 VID = 300 VID = 100 VID = 200 9.7.1 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. GS2200-24 User’s Guide...
Page 98 1’s together. Take “255.255.255.0” for example. 255 converts to eight 1s in binary. There are three 255s, so add three eights together and you get the bit number (24). GS2200-24 User’s Guide...
Page 99: Protocol Based Vlans
ARP traffic received on port 1, 2 and 3. You also have a protocol based VLAN B with priority 2 for Apple Talk traffic received on port 6 and 7. All upstream ARP traffic from port 1, 2 and 3 will be grouped together, and all upstream Apple Talk GS2200-24 User’s Guide...
Page 100: Configuring Protocol Based Vlan
Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 49 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN GS2200-24 User’s Guide...
Page 101 This field shows the priority which is assigned to frames belonging to this protocol based VLAN. Delete Click this to delete the protocol based VLANs which you marked for deletion. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 102: Port-Based Vlan Setup
Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. GS2200-24 User’s Guide...
Page 103: Configure A Port-Based Vlan
Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 50 Port Based VLAN Setup (All Connected) GS2200-24 User’s Guide...
Page 104 Chapter 9 VLAN Figure 51 Port Based VLAN Setup (Port Isolation) GS2200-24 User’s Guide...
Page 105: Technical Reference
This section provides technical background information on the topics discussed in this chapter. 9.10.1 Create an IP-based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. Follow these steps: GS2200-24 User’s Guide...
Page 106 To add more ports to this protocol based VLAN. Click the index number of the protocol based VLAN entry. Click 1 Change the value in the Port field to the next port you want to add. Click Add. GS2200-24 User’s Guide...
Page 107: Static Mac Forward Setup
Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See Chapter 19 on page for more information on port security. GS2200-24 User’s Guide...
Page 108 MAC address-forwarding rule. MAC Address This field displays the MAC address that will be forwarded and the VLAN identification number to which the MAC address belongs. This field displays the ID number of the VLAN group. GS2200-24 User’s Guide...
Page 109 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 110 Chapter 10 Static MAC Forward Setup GS2200-24 User’s Guide...
Page 111: Static Multicast Forward Setup
24.5 on page 196). Figure 54 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to port(s) within a VLAN group. Figure 55 shows frames being forwarded to devices GS2200-24 User’s Guide...
Page 112: Configuring Static Multicast Forwarding
Figure 55 Static Multicast Forwarding to A Single Port Figure 56 Static Multicast Forwarding to Multiple Ports 11.4 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). GS2200-24 User’s Guide...
Page 113 Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to begin configuring this screen afresh. Index Click an index number to modify a static multicast MAC address rule for port(s). GS2200-24 User’s Guide...
Page 114 This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 115: Filtering
12.3 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch. Click Advanced Application > Filtering in the navigation panel to display the screen as shown next. Figure 58 Advanced Application > Filtering GS2200-24 User’s Guide...
Page 116 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. GS2200-24 User’s Guide...
Page 117: Spanning Tree Protocol
128) to view the MRSTP status. • Use the Multiple Spanning Tree Protocol screen (Section 13.10 on page 130) to configure MSTP. • Use the Multiple Spanning Tree Protocol Status screen (Section 13.11 on page 133) to view the MSTP status. GS2200-24 User’s Guide...
Page 118: What You Need To Know
It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network. GS2200-24 User’s Guide...
Page 119: How Stp Works
MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information. GS2200-24 User’s Guide...
Page 120: Multiple Stp
• A VLAN can be mapped to a specific Multiple Spanning Tree Instance (MSTI). MSTI allows multiple VLANs to use the same spanning tree. • Load-balancing is possible as traffic from different VLANs can use distinct paths in a region. GS2200-24 User’s Guide...
Page 121: Spanning Tree Protocol Status Screen
13.5 Spanning Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch. Click Configuration in the Advanced Application > Spanning Tree Protocol. Figure 61 Advanced Application > Spanning Tree Protocol > Configuration GS2200-24 User’s Guide...
Page 122: Configure Rapid Spanning Tree Protocol
Use this screen to configure RSTP settings, see Section 13.1 on page 117 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 62 Advanced Application > Spanning Tree Protocol > RSTP GS2200-24 User’s Guide...
Page 123 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2200-24 User’s Guide...
Page 124: Rapid Spanning Tree Protocol Status
See Section 13.1 on page 117 more information on RSTP. Note: This screen is only available after you activate RSTP on the Switch. Figure 63 Advanced Application > Spanning Tree Protocol > Status: RSTP GS2200-24 User’s Guide...
Page 125 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change GS2200-24 User’s Guide...
Page 126: Configure Multiple Rapid Spanning Tree Protocol
Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. GS2200-24 User’s Guide...
Page 127 Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost-see Table 24 on page 118 for more information. GS2200-24 User’s Guide...
Page 128: Multiple Rapid Spanning Tree Protocol Status
Bridge is this switch. This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. GS2200-24 User’s Guide...
Page 129 Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change GS2200-24 User’s Guide...
Page 130: Configure Multiple Spanning Tree Protocol
13.10 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.3.5 on page 120 for more information on MSTP. Figure 66 Advanced Application > Spanning Tree Protocol > MSTP GS2200-24 User’s Guide...
Page 131 Click Cancel to begin configuring this screen afresh. Instance Use this section to configure MSTI (Multiple Spanning Tree Instance) settings. Instance Enter the number you want to use to identify this MST instance on the Switch. The Switch supports instance numbers 0-15. GS2200-24 User’s Guide...
Page 132 This field displays the ID of an MST instance. VLAN This field displays the VID (or VID ranges) to which the MST instance is mapped. Active Port This field display the ports configured to participate in the MST instance. GS2200-24 User’s Guide...
Page 133: Multiple Spanning Tree Protocol Status
See Section 13.3.5 on page 120 more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 67 Advanced Application > Spanning Tree Protocol > Status: MSTP GS2200-24 User’s Guide...
Page 134 This Switch may also be the root bridge. Bridge ID This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. GS2200-24 User’s Guide...
Page 135: Technical Reference
If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link. Figure 68 STP/RSTP Network Example VLAN 1 VLAN 2 GS2200-24 User’s Guide...
Page 136: Mst Region
An MST Instance (MSTI) is a spanning tree instance. VLANs can be configured to run on a specific MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Thus an MSTI does not span across MST regions. GS2200-24 User’s Guide...
Page 137: Common And Internal Spanning Tree (Cist)
MSTP-enabled network, there is only one CIST that runs between MST regions and single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP. Figure 71 MSTP and Legacy RSTP Network Example GS2200-24 User’s Guide...
Page 138 Chapter 13 Spanning Tree Protocol GS2200-24 User’s Guide...
Page 139: Bandwidth Control
Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. 14.2 What You Can Do Use the Bandwidth Control screen (Section 14.3 on page 140) to limit the bandwidth for traffic going through the Switch. GS2200-24 User’s Guide...
Page 140: Bandwidth Control Setup
Select this check box to activate ingress rate limits on this port. Ingress Rate Active Select this check box to activate egress rate limits on this port. Egress Rate Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic flow on a port. GS2200-24 User’s Guide...
Page 141 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. GS2200-24 User’s Guide...
Page 142 Chapter 14 Bandwidth Control GS2200-24 User’s Guide...
Page 143: Broadcast Storm Control
15.2 What You Can Do Use the Broadcast Storm Control screen (Section 15.3 on page 144) to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. GS2200-24 User’s Guide...
Page 144: Broadcast Storm Control Setup
Multicast (pkt/ Select this option and specify how many multicast packets the port receives per second. DLF (pkt/s) Select this option and specify how many destination lookup failure (DLF) packets the port receives per second. GS2200-24 User’s Guide...
Page 145 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. GS2200-24 User’s Guide...
Page 146 Chapter 15 Broadcast Storm Control GS2200-24 User’s Guide...
Page 147: Mirroring
16.2 What You Can Do Use the Mirroring screen (Section 16.3 on page 148) to select a monitor port and specify the traffic flow to be copied to the monitor port. GS2200-24 User’s Guide...
Page 148: Port Mirroring Setup
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2200-24 User’s Guide...
Page 149 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. GS2200-24 User’s Guide...
Page 150 Chapter 16 Mirroring GS2200-24 User’s Guide...
Page 151: Link Aggregation
Note: In a properly planned network, it is recommended to implement static link aggregation only. This ensures increased network stability and control over the trunk groups on your Switch. Section 17.7.1 on page 158 for a static port trunking example. GS2200-24 User’s Guide...
Page 152: Dynamic Link Aggregation
Table 37 Link Aggregation ID: Peer Switch SYSTEM PORT MAC ADDRESS PORT NUMBER PRIORITY PRIORITY 0000 00-00-00-00-00-00 0000 0000 Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. GS2200-24 User’s Guide...
Page 153: Link Aggregation Status
Refer to Section 17.3.2 on page 152 for more information on this field. The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group. GS2200-24 User’s Guide...
Page 154 This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. GS2200-24 User’s Guide...
Page 155: Link Aggregation Setting
This is the only screen you need to configure to enable static link Aggregation aggregation. Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. GS2200-24 User’s Guide...
Page 156 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 157: Link Aggregation Control Protocol
Table 40 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable Aggregation dynamic link aggregation. Control Protocol Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). GS2200-24 User’s Guide...
Page 158: Technical Reference
Click Cancel to begin configuring this screen afresh. 17.7 Technical Reference This section provides technical background information on the topics discussed in this chapter. 17.7.1 Static Trunking Example This example shows you how to create a static port trunk group for ports 2-5. GS2200-24 User’s Guide...
Page 159 Click Apply when you are done. Figure 79 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete. GS2200-24 User’s Guide...
Page 160 Chapter 17 Link Aggregation GS2200-24 User’s Guide...
Page 161: Port Authentication
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. GS2200-24 User’s Guide...
Page 162: Port Authentication Configuration
Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen. Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Figure 81 Advanced Application > Port Authentication GS2200-24 User’s Guide...
Page 163: Activate Ieee 802.1X Security
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2200-24 User’s Guide...
Page 164 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 165: Port Security
19.2 What You Can Do Use the Port Security screen (Section 19.3 on page 166) to enable port security and disable MAC address learning. You can also enable the port security feature on a port. GS2200-24 User’s Guide...
Page 166: Port Security Setup
Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list. Active Select this option to enable port security on the Switch. Port This field displays the port number. GS2200-24 User’s Guide...
Page 167 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 168 Chapter 19 Port Security GS2200-24 User’s Guide...
Page 169: Classifier
(such as Telnet) to form a flow. Configure QoS on the Switch to group and prioritize application traffic and fine- tune network performance. Setting up QoS involves two separate steps: Configure classifiers to sort traffic into different flows. GS2200-24 User’s Guide...
Page 170: Configuring The Classifier
(or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 21 on page 175. Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. Figure 84 Advanced Application > Classifier GS2200-24 User’s Guide...
Page 171 TCP/UDP protocol port number. Refer to Table 47 on page 173 for more information. Destination Enter a destination IP address in dotted decimal notation. Address/ Specify the address prefix by entering the number of ones in the subnet mask. Address Prefix GS2200-24 User’s Guide...
Page 172: Viewing And Editing Classifier Configuration
This field displays the descriptive name for this rule. This is for identification purpose only. Rule This field displays a summary of the classifier rule’s settings. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 173 Some of the most common TCP and UDP port numbers are: Table 47 Common TCP and UDP Port Numbers PROTOCOL NAME TCP/UDP PORT NUMBER Telnet SMTP HTTP POP3 Appendix B on page 341 for information on commonly used port numbers. GS2200-24 User’s Guide...
Page 174: Classifier Example
MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. Figure 86 Classifier: Example GS2200-24 User’s Guide...
Page 175: Policy Rule
175) to enable the policy and display the active classifier(s) you configure in the Classifier screen. 21.3 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 20.4 on page 170 for more information. GS2200-24 User’s Guide...
Page 176 Set the fields below for this policy. You only have to set the field(s) that is related to the action(s) you configure in the Action field. General VLAN ID Specify a VLAN ID number. Egress Type the number of an outgoing port. Port Priority Specify a priority level. GS2200-24 User’s Guide...
Page 177 Select Set the packet's VLAN ID to replace the VLAN ID of the packets with the value you configure in the VLAN ID field. Rate Limit Select Enable to activate bandwidth limitation on the traffic flow(s). GS2200-24 User’s Guide...
Page 178: Viewing And Editing Policy Configuration
This field displays the name you have assigned to this policy. Classifier(s This field displays the name(s) of the classifier to which this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 179: Policy Example
21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.5 on page 174). Figure 89 Policy Example GS2200-24 User’s Guide...
Page 180 Chapter 21 Policy Rule GS2200-24 User’s Guide...
Page 181: Queuing Method
Q6 empties, and then traffic is transmitted on Q5 and so on. If higher priority queues never empty, then traffic on lower priority queues never gets sent. SP does not automatically adapt to changing network requirements. GS2200-24 User’s Guide...
Page 182: Weighted Fair Queuing
Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. GS2200-24 User’s Guide...
Page 183: Configuring Queuing
Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2200-24 User’s Guide...
Page 184 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 185: Vlan Stacking
A service provider’s customers can assign their own inner VLAN tags on ports for these applications. The service provider can assign an outer VLAN tag for each customer. Therefore, there is no VLAN tag overlap among customers, so traffic from different customers is kept separate. GS2200-24 User’s Guide...
Page 186: Configuring Vlan Stacking
0x0000 to 0xFFFF. 0x denotes a hexadecimal number. It does not have to be typed in the Others text field. Port The port number identifies the port you are configuring. GS2200-24 User’s Guide...
Page 187: Configuring Svlan
Use this screen to configure up to 64 service provider's VLANs. If an incoming frame received on a Tunnel Port is untagged or its service provider's VLAN ID is not configured in this screen, the Switch drops the frame. GS2200-24 User’s Guide...
Page 188: Technical Reference
(SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to GS2200-24 User’s Guide...
Page 189: Vlan Stacking Port Roles
SP VID is not in the SVLAN table and/or SP TPID is different to the one configured on the Switch. Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. GS2200-24 User’s Guide...
Page 190: Vlan Tag Format
23.6.4 Frame Format The frame format for an untagged Ethernet frame, a single-tagged IEEE 802.1Q frame (customer) and a “double-tagged” 802.1Q frame (service provider) is shown next. Configure the fields as highlighted in the Switch VLAN Stacking screen. GS2200-24 User’s Guide...
Page 191 TPID Etype frame Table 55 802.1Q Frame Destination Address Priority 802.1p Priority Source Address Len/ Length and type of Ethernet Etype frame (SP)TPID (Service Provider) Tag Protocol Data Frame data IDentifier VLAN ID Frame Check Sequence GS2200-24 User’s Guide...
Page 192 Chapter 23 VLAN Stacking GS2200-24 User’s Guide...
Page 193: Multicast
Switch learns multicast group membership information and add VLANs upon which the Switch is to perform IGMP snooping. 24.3 What You Need to Know Read on for concepts on Multicasting that can help you configure the screens in this chapter. GS2200-24 User’s Guide...
Page 194: Ip Multicast Addresses
IGMP snooping should be performed on. This is referred to as fixed mode. In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN. GS2200-24 User’s Guide...
Page 195: Multicast Status
This is the index number of the entry. This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. GS2200-24 User’s Guide...
Page 196: Multicast Setting
VLANs with the multicast hosts attached. Host Timeout Specify the time (from 1 to 16,711,450) in seconds that elapses before the Switch removes an IGMP group membership entry if it does not receive report messages from the port. GS2200-24 User’s Guide...
Page 197 IGMP snooping membership entry when an IGMP leave message is received on this port from a host. Group Limited Select this option to limit the number of multicast groups this port is allowed to join. GS2200-24 User’s Guide...
Page 198: Igmp Snooping Vlan
Cancel Click Cancel to begin configuring this screen afresh. 24.6 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the GS2200-24 User’s Guide...
Page 199 Use this section of the screen to add VLANs upon which the Switch is to perform IGMP snooping. Name Enter the descriptive name of the VLAN for identification purposes. Enter the ID of a static VLAN; the valid range is between 1 and 4094. GS2200-24 User’s Guide...
Page 200 This field displays the ID number of the VLAN group. Delete Check the rule(s) that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 201: Aaa
206) to configure your TACACS+ authentication settings. • Use the AAA Setup screen (Section 25.7 on page 208) to specify the methods used to authenticate users accessing the Switch and specify which database the Switch should use first. GS2200-24 User’s Guide...
Page 202: What You Need To Know
Table 59 RADIUS vs. TACACS+ RADIUS TACACS+ Transport UDP (User Datagram Protocol) TCP (Transmission Control Protocol) Protocol Encryption Encrypts the password sent for All communication between the client authentication. (the Switch) and the TACACS server is encrypted. GS2200-24 User’s Guide...
Page 203: Aaa Screens
Use this screen to configure your RADIUS server settings. See Section 25.3.2 on page 202 for more information on RADIUS servers and Section 25.8.2 on page for RADIUS attributes utilized by the authentication features on the Switch. GS2200-24 User’s Guide...
Page 204 RADIUS servers. For example, if you set the timeout value to 30 seconds, then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server. Index This is a read-only number representing a RADIUS server entry. GS2200-24 User’s Guide...
Page 205 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 206: Tacacs+ Server Setup
Select index-priority and the Switch tries to authenticate with the first configured TACACS+ server, if the TACACS+ server does not respond then the Switch tries to authenticate with the second TACACS+ server. Select round-robin to alternate between the TACACS+ servers that it sends authentication requests to. GS2200-24 User’s Guide...
Page 207 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 208: Aaa Setup
Use this screen to configure authentication and authorization settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 101 Advanced Application > AAA > AAA Setup GS2200-24 User’s Guide...
Page 209 Exec: Allow an administrator which logs in the Switch through Telnet or SSH to have different access privilege level assigned via the external server. • Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via the external server. GS2200-24 User’s Guide...
Page 210: Technical Reference
• Vendor-Type: A vendor specified attribute, identifying the setting you want to modify. • Vendor-data: A value you want to assign to the setting. Note: Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server. GS2200-24 User’s Guide...
Page 211: Tunnel Protocol Attribute
Note that the bolded values in the table are fixed values as defined in RFC 3580. Table 64 Supported Tunnel Protocol Attribute FUNCTION ATTRIBUTE VLAN Assignment Tunnel-Type = VLAN(13) Tunnel-Medium-Type = 802(6) Tunnel-Private-Group-ID = VLAN ID Note: You must also create a VLAN with the specified VID on the Switch. GS2200-24 User’s Guide...
Page 212: Supported Radius Attributes
- The format of the User-Name attribute is $enab#$, where # is the privilege level (1-14). User-Password NAS-Identifier NAS-IP-Address 25.8.3.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.8.3.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type GS2200-24 User’s Guide...
Page 213 Chapter 25 AAA - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator GS2200-24 User’s Guide...
Page 214 Chapter 25 AAA GS2200-24 User’s Guide...
Page 215: Ip Source Guard
DHCP server is located, and configure the DHCP snooping database. • Use the DHCP Snooping Port Configure screen (Section 26.7.1 on page 224) to specify whether ports are trusted or untrusted ports for DHCP snooping. GS2200-24 User’s Guide...
Page 216: What You Need To Know
DHCP snooping before you enable ARP inspection. 26.4 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish GS2200-24 User’s Guide...
Page 217: Ip Source Guard Static Binding
Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the GS2200-24 User’s Guide...
Page 218 This field displays how long the binding is valid. Type This field displays how the Switch learned the binding. static: This binding was learned from information provided manually by an administrator. VLAN This field displays the source VLAN ID in the binding. GS2200-24 User’s Guide...
Page 219: Dhcp Snooping
Click this to clear the Delete check boxes above. 26.6 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 104 DHCP Snooping GS2200-24 User’s Guide...
Page 220 DHCP snooping database for any reason. Startup failures This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database. GS2200-24 User’s Guide...
Page 221 Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore. GS2200-24 User’s Guide...
Page 222: Dhcp Snooping Configure
TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 105 DHCP Snooping Configure GS2200-24 User’s Guide...
Page 223 If there is a conflict, the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen (Section 26.6 on page 219). GS2200-24 User’s Guide...
Page 224: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 106 DHCP Snooping Port Configure GS2200-24 User’s Guide...
Page 225: Dhcp Snooping Vlan Configure
Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 31 on page 261) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To GS2200-24 User’s Guide...
Page 226 The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS2200-24 User’s Guide...
Page 227: Arp Inspection Status
IP address was not valid. Port: The MAC address, VLAN ID, and IP address were in the binding table, but the port number was not valid. Delete Select this, and click Delete to remove the specified entry. GS2200-24 User’s Guide...
Page 228: Arp Inspection Vlan Status
This field displays the total number of ARP packets received from the VLAN since the Switch last restarted. Request This field displays the total number of ARP Request packets received from the VLAN since the Switch last restarted. GS2200-24 User’s Guide...
Page 229: Arp Inspection Log Status
This field displays the source VLAN ID of the ARP packet. Sender MAC This field displays the source MAC address of the ARP packet. Sender IP This field displays the source IP address of the ARP packet. GS2200-24 User’s Guide...
Page 230: Arp Inspection Configure
This field displays when the log message was generated. 26.11 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global GS2200-24 User’s Guide...
Page 231 Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 26.10 on page 229. GS2200-24 User’s Guide...
Page 232: Arp Inspection Port Configure
Click this to reset the values in this screen to their last-saved values. 26.11.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives GS2200-24 User’s Guide...
Page 233 These settings have no effect on trusted ports. Rate (pps) Specify the maximum rate (1-2048 packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit. GS2200-24 User’s Guide...
Page 234: Arp Inspection Vlan Configure
Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below. GS2200-24 User’s Guide...
Page 235: Technical Reference
Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. GS2200-24 User’s Guide...
Page 236 The <initial-checksum> helps distinguish between the bindings in the latest update and the bindings from previous updates. Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is GS2200-24 User’s Guide...
Page 237: Configuring Dhcp Snooping
Enable DHCP snooping on the Switch. Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. Configure trusted and untrusted ports, and specify the maximum number of DHCP packets that each port can receive per second. Configure static bindings. GS2200-24 User’s Guide...
Page 238: Arp Inspection Overview
• They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. • They appear only in the ARP Inspection screens and commands, not in the MAC Address Filter screens and commands. GS2200-24 User’s Guide...
Page 239: Configuring Arp Inspection
ARP inspection so that the Switch has enough time to build the binding table. Enable ARP inspection on each VLAN. Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. GS2200-24 User’s Guide...
Page 240 Chapter 26 IP Source Guard GS2200-24 User’s Guide...
Page 241: Loop Guard
Loop Guard Refer to Section 27.3 on page 242 for more information. 27.2 What You Can Do Use the Loop Guard screen (Section 27.4 on page 243) to enable loop guard on the Switch and in specific ports. GS2200-24 User’s Guide...
Page 242: What You Need To Know
The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B. Since switch B is in loop state, the probe packet P GS2200-24 User’s Guide...
Page 243: Loop Guard Setup
(see Section 8.8 on page 81) or via commands (See the CLI Reference Guide). 27.4 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. GS2200-24 User’s Guide...
Page 244 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 245: Layer 2 Protocol Tunneling
L2PT allows edge switches (1 and 2 in the following figure) to tunnel layer 2 STP (Spanning Tree Protocol), CDP (Cisco Discovery Protocol) and VTP (VLAN Trunking Protocol) packets between customer switches (A, B and C in the following figure) connected through the service provider’s network. The edge switch encapsulates GS2200-24 User’s Guide...
Page 246: Layer 2 Protocol Tunneling Mode
• The Access port is an ingress port on the service provider's edge device (1 or 2 Figure 122 on page 246) and connected to a customer switch (A or B). Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports. GS2200-24 User’s Guide...
Page 247: Configuring Layer 2 Protocol Tunneling
2 protocol packets received on a tunnel port are decapsulated and sent to an access port. 28.4 Configuring Layer 2 Protocol Tunneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. Figure 123 Advanced Application > Layer 2 Protocol Tunneling GS2200-24 User’s Guide...
Page 248 Select this option to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups. UDLD Select this option to have the Switch send UDLD packets to a peer’s port it connected to monitor the physical status of a link. GS2200-24 User’s Guide...
Page 249 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 250 Chapter 28 Layer 2 Protocol Tunneling GS2200-24 User’s Guide...
Page 251: Ip Application
IP Application Static Route (253) Differentiated Services (257) DHCP (261)
Page 253: Static Route
R1 which routes it back to the manager’s computer. The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2. Figure 124 Static Routing Overview SNMP Telnet GS2200-24 User’s Guide...
Page 254: What You Can Do
Enter the IP address of the gateway. The gateway is an immediate Address neighbor of your Switch that will forward the packet to the destination. The gateway must be a router on the same segment as your Switch. GS2200-24 User’s Guide...
Page 255 Switch that will forward the packet to the destination. Metric This field displays the cost of transmission for routing purposes. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. GS2200-24 User’s Guide...
Page 256 Chapter 29 Static Route GS2200-24 User’s Guide...
Page 257: Differentiated Services
• Use the DSCP screen (Section 30.5.1 on page 260) to change the DSCP-IEEE 802.1p mapping. 30.3 What You Need to Know Read on for concepts on Differentiated Services that can help you configure the screens in this chapter. GS2200-24 User’s Guide...
Page 258: Dscp And Per-Hop Behavior
A network administrator can then apply various traffic policies to the traffic flows. An example traffic policy, is to give higher drop precedence to one traffic flow over others. In our example, packets in the Bronze GS2200-24 User’s Guide...
Page 259: Activating Diffserv
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 260: Dscp-To-Ieee 802.1P Priority Settings
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 261: Dhcp
Read on for concepts on DHCP that can help you configure the screens in this chapter. 31.3.1 DHCP Modes If there is already a DHCP server on your network, then you can configure the Switch as a DHCP relay agent. When the Switch receives a request from a GS2200-24 User’s Guide...
Page 262: Dhcp Configuration Options
Switch relays to a DHCP server. Relay Agent Information can include the System Name of the Switch if you select this option. You can change the System Name in Basic Settings > General Setup. GS2200-24 User’s Guide...
Page 263: Dhcp Status
None: if the Switch is not configured as a DHCP relay agent. • Global: if the Switch is configured as a DHCP relay agent only. • VLAN: followed by a VLAN ID if it is configured as a relay agent for specific VLAN(s). GS2200-24 User’s Guide...
Page 264: Configuring Dhcp Global Relay
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 265: Global Dhcp Relay Configuration Example
Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. GS2200-24 User’s Guide...
Page 266 Cancel Click Cancel to begin configuring this screen afresh. Clear Click this to clear the fields above. This field displays the ID number of the VLAN group to which this DHCP settings apply. GS2200-24 User’s Guide...
Page 267: Example: Dhcp Relay For Two Vlans
IP address of 192.168.1.100. Requests from the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 135 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 GS2200-24 User’s Guide...
Page 268 Chapter 31 DHCP For the example network, configure the VLAN Setting screen as shown. Figure 136 DHCP Relay for Two VLANs Configuration Example GS2200-24 User’s Guide...
Page 269: Management
Management Maintenance (271) Access Control (279) Diagnostic (301) Syslog (303) Cluster Management (307) MAC Table (315) ARP Table (319) Configure Clone (321)
Page 271: Maintenance
32.3 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Figure 137 Management > Maintenance GS2200-24 User’s Guide...
Page 272: Load Factory Default
In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch configuration information you configured and return to the factory defaults. Click OK to reset all Switch configurations to the factory defaults. Figure 138 Load Factory Default: Start GS2200-24 User’s Guide...
Page 273: Save Configuration
Click OK again and then wait for the Switch to restart. This takes up to two minutes. This does not affect the Switch’s configuration. Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch. GS2200-24 User’s Guide...
Page 274: Firmware Upgrade
32.5 Restore a Configuration File Use this screen to restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 141 Management > Maintenance > Restore Configuration GS2200-24 User’s Guide...
Page 275: Backup A Configuration File
Choose a location to save the file on your computer from the Save in drop-down list box and type a descriptive name for it in the File name list box. Click Save to save the configuration file to your computer. GS2200-24 User’s Guide...
Page 276: Technical Reference
If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the Switch only recognizes “config” and “ras”. Be sure you keep unaltered copies of both files for later use. GS2200-24 User’s Guide...
Page 277: Ftp Command Line Procedure
ISP or service administrator has enabled this option. Normal. The server requires a unique User ID and Password to login. Transfer Type Transfer files in either ASCII (plain text format) or in binary mode. Configuration and firmware files should be transferred in binary mode. GS2200-24 User’s Guide...
Page 278: Ftp Restrictions
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. GS2200-24 User’s Guide...
Page 279: Access Control
Switch. • Use the Remote Management screen (Section 33.8 on page 286) to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. GS2200-24 User’s Guide...
Page 280: The Access Control Main Screen
Figure 143 Management > Access Control 33.4 Configuring SNMP Use this screen to configure your SNMP settings. Click Management > Access Control > SNMP to view the screen as shown. Figure 144 Management > Access Control > SNMP GS2200-24 User’s Guide...
Page 281 SNMP v3 manager. Index This is a read-only number identifying a login account on the Switch. Username This field displays the username of a login account on the Switch. GS2200-24 User’s Guide...
Page 282 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 283: Configuring Snmp Trap Group
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 284: Setting Up Login Accounts
• A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. Click Management > Access Control > Logins to view the screen as shown next. Figure 146 Management > Access Control > Logins GS2200-24 User’s Guide...
Page 285: Service Port Access Control
Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed GS2200-24 User’s Guide...
Page 286: Remote Management
Use this screen to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Management > Access Control > Remote Management to view the screen as shown next. GS2200-24 User’s Guide...
Page 287: Technical Reference
Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 33.9 Technical Reference This section provides technical background information on the topics discussed in this chapter. GS2200-24 User’s Guide...
Page 288: About Snmp
Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. GS2200-24 User’s Guide...
Page 289: Supported Mibs
• SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP SNMP Traps The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the SNMP traps by category. GS2200-24 User’s Guide...
Page 290 Switch gets the time and date 5.2.2 from a time server. intrusionlo IntrusionLockEventOn This trap is sent when intrusion 1.3.6.1.4.1.890.1.5.8.55.2 lock occurs on a port. 5.2.1 loopguard LoopguardEventOn This trap is sent when loopguard 1.3.6.1.4.1.890.1.5.8.55.2 shuts down a port. 5.2.1 GS2200-24 User’s Guide...
Page 291 1.3.6.1.4.1.890.1.5.8.55.27 This trap is sent when all .2.2 device operating parameters return to the normal operating range. GS2200-24 User’s Guide...
Page 292 This trap is sent when path to target has changed from a previously determined path. traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 This trap is sent when a traceroute test is completed. GS2200-24 User’s Guide...
Page 293: Ssh Overview
The trap is sent when the Switch detects a connectivity fault. 33.9.2 SSH Overview Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption GS2200-24 User’s Guide...
Page 294: How Ssh Works
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. GS2200-24 User’s Guide...
Page 295: Ssh Implementation On The Switch
SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch. Please refer to the following figure. GS2200-24 User’s Guide...
Page 296: Https Example
When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. Click View Certificate if you want to verify that the certificate is from the Switch. GS2200-24 User’s Guide...
Page 297 Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. GS2200-24 User’s Guide...
Page 298 Chapter 33 Access Control Select Accept this certificate permanently to import the Switch’s certificate into the SSL client. Figure 154 Security Certificate 1 (Netscape) example Figure 155 Security Certificate 2 (Netscape) example GS2200-24 User’s Guide...
Page 299: The Main Screen
After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection. Figure 156 Example: Lock Denoting a Secure Connection example GS2200-24 User’s Guide...
Page 300 Chapter 33 Access Control GS2200-24 User’s Guide...
Page 301: Diagnostic
IP addresses or perform port tests. 34.2 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 157 Management > Diagnostic GS2200-24 User’s Guide...
Page 302 Type the IP address of a device that you want to ping in order to test a connection. Click Ping to have the Switch ping the IP address (in the field to the left). Ethernet Port Enter a port number and click Port Test to perform an internal Test loopback test. GS2200-24 User’s Guide...
Page 303: Syslog
• Use the Syslog Setup screen (Section 35.3 on page 304) to configure the device’s system logging settings. • Use the Syslog Server Setup screen (Section 35.4 on page 305) to configure a list of external syslog servers. GS2200-24 User’s Guide...
Page 304: Syslog Setup
The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 305: Syslog Server Setup
This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 306 Chapter 35 Syslog GS2200-24 User’s Guide...
Page 307: Cluster Management
Maximum number of cluster members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches. Cluster Members The switches being managed by the cluster manager switch. GS2200-24 User’s Guide...
Page 308: What You Can Do
36.3 Cluster Management Status Use this screen to view the role of the Switch within the cluster and to access a cluster member switch’s web configurator. Click Management > Cluster Management in the navigation panel to display the following screen. GS2200-24 User’s Guide...
Page 309 Error (for example the cluster member switch password was changed or the switch was set as the manager and so left the member list, etc.) Offline (the switch is disconnected - Offline shows approximately 1.5 minutes after the link between cluster member and manager goes down) GS2200-24 User’s Guide...
Page 310: Clustering Management Configuration
Error in the Cluster Management Status screen and a warning icon ( ) appears in the member summary list below. Name Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). GS2200-24 User’s Guide...
Page 311 Model This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 312: Technical Reference
This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. Figure 163 Cluster Management: Cluster Member Web Configurator Screen example example GS2200-24 User’s Guide...
Page 313: Uploading Firmware To A Cluster Member Switch
This is the cluster member switch’s firmware name as seen fw-00-a0-c5-01-23-46 in the cluster manager switch. config-00-a0-c5-01-23-46 This is the cluster member switch’s configuration file name as seen in the cluster manager switch. GS2200-24 User’s Guide...
Page 314 Chapter 36 Cluster Management GS2200-24 User’s Guide...
Page 315: Mac Table
• If the Switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion. GS2200-24 User’s Guide...
Page 316: Viewing The Mac Table
37.4 Viewing the MAC Table Use this screen to check dynamic or static whether the MAC address is Click Management > MAC Table in the navigation panel to display the following screen. Figure 166 Management > MAC Table GS2200-24 User’s Guide...
Page 317 This is the VLAN group to which this frame belongs. Port This is the port where the above MAC address is forwarded. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). GS2200-24 User’s Guide...
Page 318 Chapter 37 MAC Table GS2200-24 User’s Guide...
Page 319: Arp Table
MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. GS2200-24 User’s Guide...
Page 320: Viewing The Arp Table
This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. This is the MAC address of the device with corresponding IP address above. Address Type This shows whether the MAC address is dynamic (learned by the Switch) or static. GS2200-24 User’s Guide...
Page 321: Configure Clone
39.2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 168 Management > Configure Clone GS2200-24 User’s Guide...
Page 322 Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non- volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2200-24 User’s Guide...
Page 323: Troubleshooting & Product Specifications
Troubleshooting & Product Specifications Troubleshooting (325) Product Specifications (329)
Page 325: Troubleshooting
If the problem continues, contact the vendor. The ALM LED is on. Disconnect and re-connect the power adaptor or cord to the Switch. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. GS2200-24 User’s Guide...
Page 326: Switch Access And Login
I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. • If you changed the IP address, use the new IP address. GS2200-24 User’s Guide...
Page 327 Disconnect and re-connect the cord to the Switch. If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page Pop-up Windows, JavaScripts and Java Permissions GS2200-24 User’s Guide...
Page 328: Switch Configuration
Switch’s nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 32.6 on page 275 for more information about how to save your configuration. GS2200-24 User’s Guide...
Page 329: Product Specifications
Humidity: 10 ~ 95% (non-condensing) Storage Environment Temperature: -40º C ~ 70º C (-40º F ~ 158º F) Humidity: 10 ~ 95% (non-condensing) Ground Wire Gauge 18 AWG or larger Power Wire Gauge 18 AWG or larger GS2200-24 User’s Guide...
Page 330 Classifier and Policy You can create a policy to define actions to be performed on a traffic flow grouped by a classifier according to specific criteria such as the IP address, port number or protocol type, etc. GS2200-24 User’s Guide...
Page 331 Switch. Port Cloning Use the port cloning feature to copy the settings you configure on one port to another port or ports. Syslog The Switch can generate syslog messages and send it to a syslog server. GS2200-24 User’s Guide...
Page 332 IEEE 802.1s Multiple Spanning Tree Protocol IEEE 802.1p with 8 CoS per port 802.3x flow control SPQ,WFQ, or SPQ/WFQ combination capable Rule-based bandwidth control (ingress traffic metering/dropping 64Kb stepping) Rule-based traffic mirroring IGMP snooping (IGMP v1/v2/v3, 16 VLAN maximum - user configurable) GS2200-24 User’s Guide...
Page 333 64 Management IPs Routing Static Routing protocols IP services DHCP client DHCP relay VLAN-based DHCP relay DHCP snooping Filtering Support L2 MAC filtering, L3 IP filtering, Layer 4 TCP/UDP socket Multicast IGMP snooping (IGMP v1/v2/v3, 16 VLAN maximum-user configurable) GS2200-24 User’s Guide...
Page 334 RFC 1901 SNMPv2c Simple Network Management Protocol version 2c RFC 2138 RADIUS (Remote Authentication Dial In User Service) RFC 2236 Internet Group Management Protocol, Version 2. RFC 2865 RADIUS - Vendor Specific Attribute RFC 2674 P-BRIDGE-MIB, Q-BRIDGE-MIB GS2200-24 User’s Guide...
Page 335 IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) IEEE 802.3 Packet Format IEEE 802.3ad Link Aggregation IEEE 802.3x Flow Control Safety UL 60950-1 CSA 60950-1 EN 60950-1 IEC 60950-1 FCC Part 15 (Class A) CE EMC (Class A) GS2200-24 User’s Guide...
Page 336 Chapter 41 Product Specifications GS2200-24 User’s Guide...
Page 337: Appendices And Index
Appendices and Index Changing a Fuse (339) Common Services (341) Legal Information (345) Index (349)
Page 339: Appendix A Changing A Fuse
Put another spare fuse in its place in order to always have one on hand. Push the replacement fuse into the fuse housing until you hear a click. Push the fuse housing back into the Switch until you hear a click. Plug the power cord back into the unit. GS2200-24 User’s Guide...
Page 340 Appendix A Changing a Fuse GS2200-24 User’s Guide...
Page 341: Appendix B Common Services
Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. GS2200-24 User’s Guide...
Page 342: Appendix B Common Services
Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING User-Defined Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. GS2200-24 User’s Guide...
Page 343 TCP/UDP Secure Shell Remote Login Program. STRM WORKS 1558 Stream Works Protocol. SYSLOG Syslog allows you to send system logs to a UNIX server. TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). GS2200-24 User’s Guide...
Page 344 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. GS2200-24 User’s Guide...
Page 345: Appendix C Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 346 Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11. GS2200-24 User’s Guide...
Page 347: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. GS2200-24 User’s Guide...
Page 348 Appendix C Legal Information GS2200-24 User’s Guide...
Page 349: Index
MAC filter CIST configuring syslog messages Class of Service (CoS) trusted ports classifier 169, 171 authentication and QoS setup editing example Authentication and Authorization, see AAA overview authorization setup 170, 171, 172 privilege levels viewing setup GS2200-24 User’s Guide...
Page 350 Ethernet broadcast address DHCP Ethernet port test configuration options external authentication server modes Option 82 overview relay agent relay agent information relay example fan speed setup FCC interference statement VLAN setting file transfer using FTP DHCP relay GS2200-24 User’s Guide...
Page 351 Gigabit ports installation GMT (Greenwich Mean Time) desktop GVRP 89, 95, 96 precautions and port assignment rack-mounting GVRP (GARP VLAN Registration Protocol) transceivers installation scenarios IP address IP capability IP interface hardware installation IP services GS2200-24 User’s Guide...
Page 352 Link Aggregation Control Protocol (LACP) good habits Link Aggregation Control Protocol, see LACP using FTP. See FTP. lockout using Telnet. See command interface. using the command interface. See command interface. login man-in-the-middle attacks password GS2200-24 User’s Guide...
Page 353 Multiple Rapid Spanning Tree Protocol port security Multiple RSTP limit MAC address learning Multiple Spanning Tree Protocol, See MSTP 117, MAC address learning overview Multiple STP setup 166, 243, 247 port setup port status port VLAN ID, see PVID GS2200-24 User’s Guide...
Page 354 Secure Shell See SSH queue weight security queuing service access control service port Simple Network Management Protocol, see queuing method 181, 184 SNMP Small Form-factor Pluggable (SFP) SNMP agent and MIB and security rack-mounting authentication GS2200-24 User’s Guide...
Page 355 Control System Plus) port details Tag Protocol Identifier, see TPID power 124, 128 tagged VLAN VLAN temperature 117, 248, 332 temperature indicator bridge ID 125, 128 terminal emulation bridge priority 123, 127 time configuration 122, 126 GS2200-24 User’s Guide...
Page 356 VLAN tag format VLAN Trunking Protocol, see VTP VLAN, protocol based, See protocol based VLAN Vendor Specific Attribute, See VSA VT100 ventilation 91, 92, 190 number of possible VIDs priority frame VID (VLAN Identifier) VLAN 76, 332 GS2200-24 User’s Guide...
Page 357 Index warranty note web configurator getting help home login logout navigation panel weight, queuing Weighted Round Robin Scheduling (WRR) WRR (Weighted Round Robin Scheduling) ZyNOS (ZyXEL Network Operating System) GS2200-24 User’s Guide...
Page 358 Index GS2200-24 User’s Guide...

ZyXEL Communications GS2200-24 User Manual

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Panels

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 Tutorials

Chapter 7 System Status and Port Statistics

Chapter 8 Basic Setting

Chapter 9 VLAN

Chapter 10

Chapter 11 Static Multicast Forward Setup

Chapter 12 Filtering

Chapter 13 Spanning Tree Protocol

Chapter 14 Bandwidth Control

Chapter 15 Broadcast Storm Control

Chapter 16 Mirroring

Chapter 17 Link Aggregation

Chapter 18 Port Authentication

Chapter 19 Port Security

Chapter 20 Classifier

Chapter 21 Policy Rule

Chapter 22 Queuing Method

Chapter 23 VLAN Stacking

Chapter 24 Multicast

Chapter 25 AAA

Chapter 26 IP Source Guard

Chapter 27 Loop Guard

Chapter 28 Layer 2 Protocol Tunneling

Chapter 29 Static Route

Chapter 30 Differentiated Services

Chapter 31 DHCP

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications GS2200-24

Summary of Contents for ZyXEL Communications GS2200-24