ZyXEL Communications XS3700 Series User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. XS3700 Series
  6. User manual
ZyXEL Communications XS3700 Series User Manual

ZyXEL Communications XS3700 Series User Manual

10 gbe l2+ switch
Hide thumbs Also See for XS3700 Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
Table of Contents

Advertisement

Quick Links

XS3700 Series
10 GbE L2+ Switch
Version 4.20
Edition 2, 1/2015
Quick Start Guide
User's Guide
Default Login Details
IP Address
http://192.168.0.1 (Out-
http://192.168.1.1 (In-
www.zyxel.com
User Name
Password
of-band MGMT port)
band ports)
admin
1234
Copyright © 2015 ZyXEL Communications Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the XS3700 Series and is the answer not in the manual?

Questions and answers

Related Manuals for ZyXEL Communications XS3700 Series

Summary of Contents for ZyXEL Communications XS3700 Series

  • Page 1 10 GbE L2+ Switch Version 4.20 Edition 2, 1/2015 Quick Start Guide User’s Guide Default Login Details IP Address http://192.168.0.1 (Out- of-band MGMT port) http://192.168.1.1 (In- www.zyxel.com band ports) User Name admin Password 1234 Copyright © 2015 ZyXEL Communications Corporation...
  • Page 2 This guide explains how to use the Command-Line Interface (CLI) to configure the Switch. Note: It is recommended you use the Web Configurator to configure the Switch. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. XS3700 Series User’s Guide...

  • Page 3: Table Of Contents

    IP Source Guard ...........................221 Loop Guard ............................243 VLAN Mapping ............................246 Layer 2 Protocol Tunneling ........................249 sFlow ..............................253 PPPoE ..............................257 Error Disable ............................265 MAC Pinning ............................271 Private VLAN ............................273 Green Ethernet ............................277 Link Layer Discovery Protocol (LLDP) ....................279 XS3700 Series User’s Guide...
  • Page 4 Maintenance ............................350 Access Control ............................359 Diagnostic .............................380 Syslog ..............................382 Cluster Management ..........................385 MAC Table .............................391 IP Table ..............................394 ARP Table .............................396 Routing Table ............................398 Path MTU Table ............................399 Configure Clone ............................400 Neighbor Table ............................402 Troubleshooting ............................404 XS3700 Series User’s Guide...

  • Page 5: Table Of Contents

    3.1 Front Panel Connections ........................28 3.1.1 Ethernet Ports ..........................28 3.1.2 SFP/SFP+ Slots ........................29 3.1.3 Management Port ........................31 3.1.4 Console Port ...........................31 3.2 Rear Panel ............................31 3.2.1 Removing and Installing the Fan Module ................31 3.2.2 Power Connection ........................31 3.3 LEDs .............................33 XS3700 Series User’s Guide...
  • Page 6 6.6 Port Setup ............................63 6.7 Interface Setup ..........................65 6.8 IPv6 ..............................66 6.8.1 IPv6 Interface Status .......................66 6.8.2 IPv6 Configuration ........................69 6.8.3 IPv6 Global Setup ........................70 6.8.4 IPv6 Interface Setup ........................70 6.8.5 IPv6 Link-Local Address Setup ....................71 XS3700 Series User’s Guide...
  • Page 7 Chapter 8 Static MAC Forward Setup.......................101 8.1 Overview ............................101 8.2 Configuring Static MAC Forwarding ...................101 Chapter 9 Static Multicast Forward Setup .......................103 9.1 Static Multicast Forwarding Overview .....................103 9.2 Configuring Static Multicast Forwarding ..................104 Chapter 10 Filtering..............................106 XS3700 Series User’s Guide...
  • Page 8 14.1 Port Mirroring ..........................130 14.1.1 Local Port Mirroring ......................133 14.1.2 Remote Port Mirroring ......................134 14.1.3 Source ..........................135 14.1.4 Destination ...........................136 14.1.5 Connected Port ........................137 Chapter 15 Link Aggregation ..........................140 15.1 Link Aggregation Overview ......................140 15.2 Dynamic Link Aggregation ......................140 XS3700 Series User’s Guide...
  • Page 9 19.3 Classifier Configuration .........................162 19.3.1 Viewing and Editing Classifier Configuration ...............165 19.3.2 Classifier Global Setting ......................167 19.4 Classifier Example ........................168 Chapter 20 Policy Rule ............................170 20.1 Policy Rules Overview .........................170 20.1.1 DiffServ ..........................170 20.1.2 DSCP and Per-Hop Behavior ....................170 XS3700 Series User’s Guide...
  • Page 10 23.3.3 IGMP Filtering Profile ......................192 23.4 IPv6 Multicast Status ........................194 23.4.1 MLD Snooping-proxy ......................194 23.4.2 MLD Snooping-proxy VLAN ....................195 23.4.3 MLD Snooping-proxy VLAN Port Role Setting ..............196 23.4.4 MLD Snooping-proxy Filtering ....................198 23.4.5 MLD Snooping-proxy Filtering Profile .................199 XS3700 Series User’s Guide...
  • Page 11 25.6 ARP Inspection Status ........................235 25.6.1 ARP Inspection VLAN Status ....................236 25.6.2 ARP Inspection Log Status ....................237 25.7 ARP Inspection Configure ......................239 25.7.1 ARP Inspection Port Configure ....................240 25.7.2 ARP Inspection VLAN Configure ..................241 Chapter 26 Loop Guard ............................243 XS3700 Series User’s Guide...
  • Page 12 Error Disable .............................265 31.1 CPU Protection Overview ......................265 31.2 Error-Disable Recovery Overview ....................265 31.3 The Error Disable Screen ......................265 31.4 Error-Disable Status ........................266 31.5 CPU Protection Configuration ......................267 31.6 Error-Disable Detect Configuration ....................268 31.7 Error-Disable Recovery Configuration ..................269 XS3700 Series User’s Guide...
  • Page 13 36.1 Static Routing Overview ......................305 36.2 Static Routing ..........................305 36.3 Configuring IPv4 Static Routing ....................306 36.4 Configuring IPv6 Static Routing ....................307 Chapter 37 Policy Routing...........................309 37.1 Policy Route Overview .........................309 37.1.1 Benefits ..........................309 37.2 Configuring Policy Routing Profile ....................309 XS3700 Series User’s Guide...
  • Page 14 39.5.2 Example: DHCP Relay for Two VLANs ................332 39.6 DHCPv6 Relay ..........................333 Chapter 40 VRRP..............................335 40.1 VRRP Overview ...........................335 40.2 VRRP Status ..........................336 40.3 VRRP Configuration ........................336 40.3.1 IP Interface Setup .......................336 40.3.2 VRRP Parameters ......................338 40.3.3 Configuring VRRP Parameters ....................338 XS3700 Series User’s Guide...
  • Page 15 43.3.1 SNMP v3 and Security ......................360 43.3.2 Supported MIBs .........................361 43.3.3 SNMP Traps ........................361 43.3.4 Configuring SNMP ......................364 43.3.5 Configuring SNMP Trap Group ..................366 43.3.6 Enabling/Disabling Sending of SNMP Traps on a Port ............367 43.3.7 Configuring SNMP User ....................367 XS3700 Series User’s Guide...
  • Page 16 47.1 MAC Table Overview ........................391 47.2 Viewing the MAC Table .........................392 Chapter 48 IP Table ..............................394 48.1 IP Table Overview ........................394 48.2 Viewing the IP Table ........................395 Chapter 49 ARP Table ............................396 49.1 ARP Table Overview ........................396 XS3700 Series User’s Guide...
  • Page 17 54.1 Power, Hardware Connections, and LEDs ..................404 54.2 Switch Access and Login ......................405 54.3 Switch Configuration ........................407 Appendix A Common Services ......................408 Appendix B IPv6 ..........................411 Appendix C Customer Support ......................420 Appendix D Legal Information ......................426 Index ..............................431 XS3700 Series User’s Guide...

  • Page 18: User's Guide

    User’s Guide...

  • Page 19: Getting To Know Your Switch

    It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using the optional 10 Gigabit uplink module on the Switch. XS3700 Series User’s Guide...

  • Page 20: High Performance Switching Example

    The Switch is an ideal solution for small networks which demand high bandwidth for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch. Use the optional 10 Gigabit uplink module to provide high speed XS3700 Series User’s Guide...

  • Page 21: Ieee 802.1Q Vlan Application Example

    Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too. XS3700 Series User’s Guide...

  • Page 22: Ipv6 Support

    • FTP. Use File Transfer Protocol for firmware upgrades and configuration backup/restore. See Section 42.2 on page 356. • SNMP. The device can be monitored and/or managed by an SNMP manager. See Section 43.3 on page 359. XS3700 Series User’s Guide...

  • Page 23: Good Habits For Managing The Switch

    Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. XS3700 Series User’s Guide...

  • Page 24: Hardware Installation And Connection

    Note: Do NOT block the ventilation holes. Leave space between devices when stacking. Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations. XS3700 Series User’s Guide...

  • Page 25: Mounting The Switch On A Rack

    Switch. Use a screwdriver to install the M4 screws with small heads through the sliding rail holes into the Switch. Repeat steps to install the second sliding rail on the other side of the Switch. XS3700 Series User’s Guide...

  • Page 26: Mounting The Switch On A Rack

    Use a screwdriver to install the rack screws through the mounting bracket holes into the rack. Repeat steps to attach the other rear mounting bracket on the other side of the rack. XS3700 Series User’s Guide...

  • Page 27: Power Module Installation

    There is one power module installed in the first power slot of the Switch by default. See the Power Module Hardware Installation Guide for how to install a second power module or remove the power module. XS3700 Series User’s Guide...

  • Page 28: Hardware Overview

    An auto-negotiating port can detect and adjust to the optimum Ethernet speed of the connected device. Auto-1000M / Full-Duplex supports Ethernet and fiber connections at 100Mbps or 1000Mbps (1Gbps) full-duplex mode. Auto-10G / Full-Duplex supports Ethernet connections at 100Mbps, 1000Mbps or 10Gbps full-duplex mode and 10Gbps only for fiber connections. XS3700 Series User’s Guide...

  • Page 29: Sfp/Sfp+ Slots

    To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors. 3.1.2.1 Transceiver Installation Use the following steps to install a transceiver. Insert the transceiver into the slot with the exposed section of PCB board facing down. XS3700 Series User’s Guide...
  • Page 30 3.1.2.2 Transceiver Removal Use the following steps to remove a transceiver. Open the transceiver’s latch (latch styles vary). Figure 9 Opening the Transceiver’s Latch Example Pull the transceiver out of the slot. Figure 10 Transceiver Removal Example XS3700 Series User’s Guide...

  • Page 31: Management Port

    Make sure you are using the correct power source and that no objects obstruct the airflow of the fans. The Switch uses two power supply modules, one of which is redundant, so if one power module fails the system can operate on the remaining module. XS3700 Series User’s Guide...
  • Page 32 Connect the other end of the cord to a power outlet. Disconnecting the Power The power input connectors can be disconnected from the power source individually. Disconnect the power cord from the power outlet. Disconnect the power cord from the AC power socket. XS3700 Series User’s Guide...

  • Page 33: Leds

    The port is receiving or transmitting data at 1Gbps. The port has a successful 1Gbps connection. LNK/ACT (Left) Blue Blinking The port is receiving or transmitting data 10Gbps. The port has a successful 10Gbps connection. (Right) This link is disconnected. XS3700 Series User’s Guide...
  • Page 34 The MGMT port is transmitting or receiving to/from an Ethernet device (Right) at 1000Mbps through the MGMT port. The MGMT port is connected at 1000Mbps. The MGMT port is not connected to an Ethernet device, or the port is disabled. XS3700 Series User’s Guide...

  • Page 35: The Web Configurator

    The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. XS3700 Series User’s Guide...

  • Page 36: The Web Configurator Layout

    The following figure shows the navigating components of a web configurator screen. Figure 13 The Web Configurator Layout A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. XS3700 Series User’s Guide...
  • Page 37 F - Click this link to go to the ZON Neighbor Management screen where you can see and manage neighbor devices learned by the Switch. In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview ADVANCED BASIC SETTING IP APPLICATION MANAGEMENT APPLICATION XS3700 Series User’s Guide...
  • Page 38 This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets. Queuing Method This link takes you to a screen where you can configure queuing with associated queue weights for each port. XS3700 Series User’s Guide...
  • Page 39 SNMP and remote management. Diagnostic This link takes you to screens where you can view system logs and can test port(s). Syslog This link takes you to screens where you can setup system logs and a system log server. XS3700 Series User’s Guide...

  • Page 40: Change Your Password

    4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. XS3700 Series User’s Guide...

  • Page 41: Switch Lockout

    9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will also be reset to “1234” and the IP address to 192.168.1.1. To upload the configuration file, do the following: XS3700 Series User’s Guide...

  • Page 42: Logging Out Of The Web Configurator

    Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session for security reasons. Figure 16 Web Configurator: Logout Screen XS3700 Series User’s Guide...

  • Page 43: Help

    Chapter 4 The Web Configurator 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. XS3700 Series User’s Guide...

  • Page 44: Technical Reference

    Technical Reference...

  • Page 45: Zon Utility, Zon Neighbor Management And Port Status

    ZON Utility screen and you can perform tasks like basic configuration of the devices and batch firmware upgrade in it. You can download the ZON Utility at www.zyxel.com and install it on a PC. The following figure shows the ZON Utility screen. XS3700 Series User’s Guide...

  • Page 46: Zon Neighbor Screen

    (turn the power off and then back on again), and reset to factory default settings in the Neighbor Management screen. For more information on LLDP, see Section 35.2 on page 280. Click Status > Neighbor to see the following screen Status > Neighbor Figure 18 XS3700 Series User’s Guide...

  • Page 47: Port Status Summary

    This shows the MAC address of the neighbor device in the remote network. This field will show “-” for non-ZyXEL devices. 5.4 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 19 Status XS3700 Series User’s Guide...

  • Page 48: Status: Port Details

    5.4.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. XS3700 Series User’s Guide...
  • Page 49 Tx KBs/s This field shows the transmission speed of data sent on this port in kilobytes per second. Rx KBs/s This field shows the transmission speed of data received on this port in kilobytes per second. XS3700 Series User’s Guide...
  • Page 50 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length. XS3700 Series User’s Guide...
  • Page 51 1024 and 1518 octets in length. Giant This field shows the number of packets (including bad packets) received that were between 1519 octets and the maximum frame size. The maximum frame size varies depending on your switch model. XS3700 Series User’s Guide...

  • Page 52: Basic Setting

    In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen. Figure 21 Basic Setting > System Info XS3700 Series User’s Guide...
  • Page 53 This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. XS3700 Series User’s Guide...

  • Page 54: General Setup

    Type the IP address of your timeserver. The Switch searches for the timeserver for up to Address 60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds. Please wait. XS3700 Series User’s Guide...

  • Page 55: Introduction To Vlans

    In MTU (Multi-Tenant Unit) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network XS3700 Series User’s Guide...

  • Page 56: Switch Setup

    Bridge Control Select Active to allow the Switch to handle bridging control protocols (STP, for example). Protocol You also need to define how to treat a BPDU in the Port Setup screen. Transparency XS3700 Series User’s Guide...
  • Page 57 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 58: Ip Setup

    Click this to renew the dynamic IP address. Release Click this to release the dynamic IP address. 6.5.2 IP Status Details Click the index link in the previous screen to view further details on this IP address. XS3700 Series User’s Guide...
  • Page 59 This shows whether ths IP address is dynamically assigned from a DHCP server or manually assigned (Static or DHCP). This is the VLAN identification number to which an IP routing domain belongs. IP Address This is the IP address of your Switch in dotted decimal notation for example 192.168.1.1. XS3700 Series User’s Guide...

  • Page 60: Ip Configuration

    You can configure up to 128 IP domains which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). Click IP Setup > IP Configuration to display the next screen. XS3700 Series User’s Guide...
  • Page 61 Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. XS3700 Series User’s Guide...
  • Page 62 Delete Click Delete to remove the selected entry from the summary table. Note: Deleting all IP subnets locks you out of the Switch. Cancel Click Cancel to clear the selected check boxes in the Delete column. XS3700 Series User’s Guide...

  • Page 63: Port Setup

    Note: Due to space limitations, the port name may be truncated in some web configurator screens. Type This field displays 100M/1000M/10G for a 1000Base-T connection, 1000M for a 1000Base-X connection, and 10G for a 10 Gigabit connection (available only on the Switch that has a 10 Gigabit interface). XS3700 Series User’s Guide...
  • Page 64 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 65: Interface Setup

    This field displays the interface’s descriptive name which is generated automatically by the Switch. The name is from a combination of the interface type and ID number. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...

  • Page 66: Ipv6

    This field displays whether the IPv6 interface is activated or not. 6.8.1 IPv6 Interface Status Use this screen to view a specific IPv6 interface status and detailed information. Click an interface index number in the Basic Setting > IPv6 screen. The following screen opens. XS3700 Series User’s Guide...
  • Page 67 If the bucket is full, subsequent error messages are Size suppressed. ICMPv6 Rate This field displays the time period (in milliseconds) during which ICMPv6 error messages of Limit Error up to the bucket size can be transmitted. 0 means no limit. Interval XS3700 Series User’s Guide...
  • Page 68 This field displays how long (in seconds) that the global address remains preferred. Lifetime Valid This field displays how long (in seconds) that the global address is valid. Lifetime This field displays the DNS server address assigned by the DHCPv6 server. XS3700 Series User’s Guide...

  • Page 69: Ipv6 Configuration

    Click the link to go to a screen where you can create a static IPv6 neighbor entry in the Switch’s IPv6 neighbor table. DHCPv6 Client Setup Click the link to go to a screen where you can configure the Switch DHCP settings. XS3700 Series User’s Guide...

  • Page 70: Ipv6 Global Setup

    Use this screen to turn on or off an IPv6 interface and enable stateless autoconfiguration on it. Click the link next to IPv6 Interface Setup in the IPv6 Configuration screen to display the screen as shown next. XS3700 Series User’s Guide...

  • Page 71: Ipv6 Link-Local Address Setup

    A link-local unicast address has a predefined prefix of fe80::/10. Use this screen to configure the interface’s link-local address and default gateway. Click the link next to IPv6 Link-Local Address Setup in the IPv6 Configuration screen to display the screen as shown next. XS3700 Series User’s Guide...

  • Page 72: Ipv6 Global Address Setup

    6.8.6 IPv6 Global Address Setup Use this screen to configure the interface’s IPv6 global address. Click the link next to IPv6 Global Address Setup in the IPv6 Configuration screen to display the screen as shown next. XS3700 Series User’s Guide...

  • Page 73: Ipv6 Neighbor Discovery Setup

    6.8.7 IPv6 Neighbor Discovery Setup Use this screen to configure neighbor discovery settings for each interface. Click the link next to IPv6 Neighbor Discovery Setup in the IPv6 Configuration screen to display the screen as shown next. XS3700 Series User’s Guide...

  • Page 74: Ipv6 Router Discovery Setup

    6.8.8 IPv6 Router Discovery Setup Use this screen to configure router discovery settings for each interface. Click the link next to IPv6 Router Discovery Setup in the IPv6 Configuration screen to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 75 Click Clear to reset the fields to the factory defaults. Index This is the interface index number. Click on an index number to change the settings. Interface This is the name of the IPv6 interface you created. XS3700 Series User’s Guide...

  • Page 76: Ipv6 Prefix Setup

    Set the IPv6 prefix that the Switch includes in router advertisements for this interface. Prefix Length Set the prefix length that the Switch includes in router advertisements for this interface. Valid Lifetime Specify how long (from 0 to 4294967295 seconds) the prefix is valid for on-link determination. XS3700 Series User’s Guide...

  • Page 77: Ipv6 Neighbor Setup

    Click the link next to IPv6 Neighbor Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 41 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup XS3700 Series User’s Guide...

  • Page 78: Dhcpv6 Client Setup

    Use this screen to configure the Switch’s DHCP settings when it is acting as a DHCPv6 client. Click the link next to IPv6 Neighbor Setup in the IPv6 Configuration screen to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 79 This field displays whether the Switch obtains a list of domain names from the DHCP server. Information Refresh This field displays the time interval (in seconds) at which the Switch exchanges other Minimum configuration information with a DHCPv6 server again. XS3700 Series User’s Guide...

  • Page 80: Vlan

    - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame XS3700 Series User’s Guide...

  • Page 81: Forwarding Tagged And Untagged Frames

    Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. XS3700 Series User’s Guide...

  • Page 82: Port Vlan Trunking

    VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s). XS3700 Series User’s Guide...

  • Page 83: Select The Vlan Type

    You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. 7.3 VLAN Status Section 7.2 on page 80 for more information on 802.1Q VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. XS3700 Series User’s Guide...

  • Page 84: Vlan Details

    Use this screen to view detailed port settings and status of the VLAN group. See Section 7.2 on page 80 for more information on 802.1Q VLAN. Click on an index number in the VLAN Status screen to display VLAN details. XS3700 Series User’s Guide...
  • Page 85 This shows the ports mapped to the private VLAN using the Advanced Application > Private VLAN or Advanced Application > VLAN > Static VLAN screen. Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. XS3700 Series User’s Guide...

  • Page 86: Private Vlan Status

    Use the Previous and Next buttons to display different pages. 7.5 VLAN Configuration Use this screen to view IEEE 802.1Q VLAN parameters for the Switch. Click Advanced Application > VLAN > VLAN Configuration to see the following screen. XS3700 Series User’s Guide...

  • Page 87: Configure A Static Vlan

    Click Click Here to configure the MAC Based VLAN for the Switch. 7.6 Configure a Static VLAN Use this screen to configure a static VLAN for the Switch. Click Static VLAN in the VLAN Status screen to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 88 64 printable characters. VLAN Group ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. VLAN Type Select Normal (static) or Private. For Private VLANs, select Primary, Isolated or Community. XS3700 Series User’s Guide...

  • Page 89: Configure Vlan Port Settings

    Click Cancel to clear the Delete check boxes. 7.7 Configure VLAN Port Settings Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. Click the VLAN Port Setup link in the VLAN Status screen. XS3700 Series User’s Guide...
  • Page 90 VLAN group that the tag defines. Enter a number between 1and 4094 as the port VLAN ID. GVRP Select this check box to allow GVRP on this port. XS3700 Series User’s Guide...

  • Page 91: Subnet Based Vlans

    3 and VID of 300 for traffic received from IP subnet 10.1.1.0/24 (data services). All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly. That is video services receive the highest priority and data the lowest. XS3700 Series User’s Guide...

  • Page 92: Configuring Subnet Based Vlan

    Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 52 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN XS3700 Series User’s Guide...

  • Page 93: Protocol Based Vlans

    VLAN. One advantage of using protocol based VLANs is that priority can be assigned to traffic of the same protocol. Note: Protocol based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. XS3700 Series User’s Guide...

  • Page 94: Configuring Protocol Based Vlan

    Click Protocol Based VLAN Setup in the VLAN Configuration screen to display the configuration screen as shown. Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 54 Advanced Application > VLAN > VLAN Configuration > Protocol Based VLAN Setup XS3700 Series User’s Guide...

  • Page 95: Voice Vlan

    You can set priority level to the Voice VLAN and add MAC address of IP phones from specific manufacturers by using its ID from the Organizationally Unique Identifiers (OUI). Click Voice VLAN in the VLAN Configuration screen to display the configuration screen as shown. XS3700 Series User’s Guide...
  • Page 96 Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. XS3700 Series User’s Guide...

  • Page 97: Mac-Based Vlan

    MAC-based VLAN entry in the same screen. Click MAC-based VLAN in the VLAN Configuration window to see the following screen. Figure 56 Advanced Application > VLAN > VLAN Configuration > MAC-based VLAN Setup XS3700 Series User’s Guide...

  • Page 98: Port-Based Vlan Setup

    Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. XS3700 Series User’s Guide...

  • Page 99: Port-Based Vlan

    Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen. Figure 57 Basic Setting > Switch Setup (Port Based) Then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 58 Port Based VLAN Setup (All Connected) XS3700 Series User’s Guide...
  • Page 100 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 101: Static Mac Forward Setup

    Chapter 17 on page 156 for more information on port security. Click Advanced Application > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. Figure 60 Advanced Application > Static MAC Forwarding XS3700 Series User’s Guide...
  • Page 102 This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...

  • Page 103: Static Multicast Forward Setup

    3. Figure 63 shows frames being forwarded to ports 2 and 3 within VLAN group 4. Figure 61 No Static Multicast Forwarding Figure 62 Static Multicast Forwarding to A Single Port XS3700 Series User’s Guide...

  • Page 104: Configuring Static Multicast Forwarding

    03:00:5e:00:00:27 are valid multicast MAC addresses. You can forward frames with matching destination MAC address to port(s) within a VLAN group. Enter the ID that identifies the VLAN group here. If you don’t have a specific target VLAN, enter 1. XS3700 Series User’s Guide...
  • Page 105 This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...

  • Page 106: Filtering

    Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The Switch can still receive frames originating from the MAC address. Select Discard source and Discard destination to block traffic to/from the MAC address specified in the MAC field. XS3700 Series User’s Guide...
  • Page 107 This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. XS3700 Series User’s Guide...

  • Page 108: Spanning Tree Protocol

    Path Cost 4Mbps 100 to 1000 1 to 65535 Path Cost 10Mbps 50 to 600 1 to 65535 Path Cost 16Mbps 40 to 400 1 to 65535 Path Cost 100Mbps 10 to 60 1 to 65535 XS3700 Series User’s Guide...

  • Page 109: How Stp Works

    MRSTP (Multiple RSTP) is ZyXEL’s proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each spanning tree operates independently with its own bridge information. XS3700 Series User’s Guide...

  • Page 110: Multiple Stp

    The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link. XS3700 Series User’s Guide...

  • Page 111: Mst Region

    Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings. These include the following parameters: • Name of the MST region • Revision level as the unique number for the MST region • VLAN-to-MST Instance mapping XS3700 Series User’s Guide...

  • Page 112: Spanning Tree Protocol Status Screen

    MST regions and single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP. Figure 70 MSTP and Legacy RSTP Network Example 11.2 Spanning Tree Protocol Status Screen Click Advanced Application > Spanning Tree Protocol to see the screen as shown. XS3700 Series User’s Guide...

  • Page 113: Spanning Tree Configuration

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 114: Configure Rapid Spanning Tree Protocol

    Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. XS3700 Series User’s Guide...

  • Page 115: Rapid Spanning Tree Protocol Status

    Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 108 for more information on RSTP. Note: This screen is only available after you activate RSTP on the Switch. XS3700 Series User’s Guide...

  • Page 116: Configure Multiple Rapid Spanning Tree Protocol

    This is the time since the spanning tree was last reconfigured. Change 11.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1 on page 108 for more information on MRSTP. XS3700 Series User’s Guide...
  • Page 117 BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds. XS3700 Series User’s Guide...

  • Page 118: Multiple Rapid Spanning Tree Protocol Status

    Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 108 for more information on MRSTP. Note: This screen is only available after you activate MRSTP on the Switch. XS3700 Series User’s Guide...

  • Page 119: Configure Multiple Spanning Tree Protocol

    This is the time since the spanning tree was last reconfigured. Change 11.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. Section 11.1.5 on page 110 for more information on MSTP. XS3700 Series User’s Guide...
  • Page 120 Chapter 11 Spanning Tree Protocol Figure 77 Advanced Application > Spanning Tree Protocol > MSTP XS3700 Series User’s Guide...
  • Page 121 Remove - to remove this range of VLAN(s) from being mapped to the MST instance. • Clear - to remove all VLAN(s) from being mapped to this MST instance. Enabled VLAN(s) This field displays which VLAN(s) are mapped to this MST instance. XS3700 Series User’s Guide...

  • Page 122: Multiple Spanning Tree Protocol Port Configuration

    Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. 11.8.1 Multiple Spanning Tree Protocol Port Configuration To configure MSTP ports, click Port in the Advanced Application > Spanning Tree Protocol > MSTP screen. XS3700 Series User’s Guide...
  • Page 123 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 124: Multiple Spanning Tree Protocol Status

    This is the time (in seconds) the root switch will wait before changing states (that is, (second) listening to learning to forwarding). Cost to Bridge This is the path cost from the root port on this Switch to the root switch. XS3700 Series User’s Guide...
  • Page 125 This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. XS3700 Series User’s Guide...

  • Page 126: Bandwidth Control

    Note: The sum of CIRs cannot be greater than or equal to the uplink bandwidth. 12.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. XS3700 Series User’s Guide...
  • Page 127 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 128: Broadcast Storm Control

    You can specify limits for each packet type on each port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 81 Advanced Application > Broadcast Storm Control XS3700 Series User’s Guide...
  • Page 129 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 130: Mirroring

    Source Destination Intermediate Reflector port Monitor port Connected port Connected port Connected port Mirroring port Connected port Remote Port Mirroring (RMirror) VLAN XS3700 Series User’s Guide...
  • Page 131 Connected port Connected port Monitor port Source Reflector port Mirroring port Connected ports Destination B Intermediate B Connected port Monitor port Connected port Connected port Destination C Monitor port Connected port Remote Port Mirroring (RMirror) VLAN XS3700 Series User’s Guide...
  • Page 132 Table 58 Port Rules between Remote and Local Port Mirroring RMirror Source Source Source Connected Connected Destination Mirroring Reflector Port in Single- Port Monitor Port Port Port Destination RMirror Mirroring Local Port Port Monitor Mirroring Port XS3700 Series User’s Guide...

  • Page 133: Local Port Mirroring

    Note: Changes in this row are copied to all the ports as soon as you make them. Mirrored Select this option to mirror the traffic on a port. Direction Specify the direction of the traffic to mirror by selecting from the drop-down list box. Choices are Egress (outgoing), Ingress (incoming) and Both. XS3700 Series User’s Guide...

  • Page 134: Remote Port Mirroring

    This field displays whether the VLAN is enabled or not. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 135: Source

    Select the check box to enable the specified reflector port. Enter the number of reflector port that adds the RMirror VLAN tag to all mirrored traffic and forwards traffic to the connected port(s) in the same RMirror VLAN. Port This field displays the port number. XS3700 Series User’s Guide...

  • Page 136: Destination

    Use this screen to specify the RMirror VLAN and configure the monitor port when the Switch is the destination device in remote port mirroring. Click the Destination link in the RMirror screen. The following screen opens. Figure 85 Advanced Application > Mirroring > RMirror > Destination XS3700 Series User’s Guide...

  • Page 137: Connected Port

    Use this screen to select the RMirror VLAN and specify the port(s) that helps forward mirrored traffic to other connected switches and/or receive mirrored traffic from other connected port in the same RMirror VLAN. Click the Connected Port link in the RMirror screen. The following screen opens. XS3700 Series User’s Guide...
  • Page 138 Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...
  • Page 139 VLAN This field displays the ID number of port mirroring VLAN over which the mirrored traffic is forwarded. Connected Port This field displays the number of port(s) that helps forward mirrored traffic to other connected switches. XS3700 Series User’s Guide...

  • Page 140: Link Aggregation

    • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. XS3700 Series User’s Guide...

  • Page 141: Link Aggregation Id

    Section 15.1 on page 140 for more information. Figure 87 Advanced Application > Link Aggregation Status Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. XS3700 Series User’s Guide...

  • Page 142: Link Aggregation Setting

    LACP - if the ports are configured to join a trunk group via LACP. 15.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 15.1 on page 140 for more information on link aggregation. XS3700 Series User’s Guide...
  • Page 143 This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. XS3700 Series User’s Guide...

  • Page 144: Link Aggregation Control Protocol

    15.5 Link Aggregation Control Protocol Click in the Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 15.2 on page 140 for more information on dynamic link aggregation. XS3700 Series User’s Guide...
  • Page 145 The LACP “server” controls the operation of LACP setup. Enter a number to set the priority of an active port using Link Aggregation Control Protocol (LACP). The smaller the number, the higher the priority level. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. XS3700 Series User’s Guide...

  • Page 146: Static Trunking Example

    Aggregation Setting. In this screen activate trunk group T1, select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. XS3700 Series User’s Guide...
  • Page 147 Chapter 15 Link Aggregation Figure 91 Trunking Example - Configuration Screen EXAMPLE Your trunk group 1 (T1) configuration is now complete. XS3700 Series User’s Guide...

  • Page 148: Port Authentication

    At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. XS3700 Series User’s Guide...

  • Page 149: Mac Authentication

    Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. XS3700 Series User’s Guide...

  • Page 150: Port Authentication Configuration

    Select a port authentication method in the screen that appears. Figure 94 Advanced Application > Port Authentication 16.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. XS3700 Series User’s Guide...
  • Page 151 Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port. Reauth-period Specify the length of time required to pass before a client has to re-enter his or her username and password to stay connected to the port. XS3700 Series User’s Guide...

  • Page 152: Guest Vlan

    Figure 96 Guest VLAN Example VLAN 100 VLAN 102 Internet Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. XS3700 Series User’s Guide...
  • Page 153 VLAN. Once the first user who did authentication logs out or disconnects from the port, rest of the users are blocked until a user does the authentication process again. Select Multi-Secure to authenticate each user that connects to this port. XS3700 Series User’s Guide...

  • Page 154: Activate Mac Authentication

    If you leave this field blank, then only the MAC address of the client is forwarded to the RADIUS server. Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters. XS3700 Series User’s Guide...
  • Page 155 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 156: Port Security

    17.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. Figure 99 Advanced Application > Port Security XS3700 Series User’s Guide...

  • Page 157: Vlan Mac Address Limit

    17.3 VLAN MAC Address Limit Use this screen to set the MAC address learning limit on per-port and per-VLAN basis. Click VLAN MAC Address Limit in the Advanced Application > Port Security screen to display the screen as shown. XS3700 Series User’s Guide...
  • Page 158 This is the maximum number of MAC addresses which a port can learn in a VLAN. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. XS3700 Series User’s Guide...

  • Page 159: Time Range

    Periodic is recurrence of a time range and doesn’t have an end time. 18.2 Time Range Setup Click Advanced Application > Time Range in the navigation panel to display the screen as shown. Figure 101 Advanced Application > Time Range XS3700 Series User’s Guide...
  • Page 160 You can delete this time range by clicking the check box of this time range rule and click Delete button below. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. XS3700 Series User’s Guide...

  • Page 161: Classifier

    (or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 20 on page 170. Click Advanced Application > Classifier in the navigation panel to display the configuration Status screen as shown. XS3700 Series User’s Guide...

  • Page 162: Classifier Configuration

    Select Classifier, type a classifier name in the text box, then click Clear to clear the matched count for that classifier. 19.3 Classifier Configuration Click Classifier Configuration in the Classifier Status screen to display the configuration screen as shown. XS3700 Series User’s Guide...
  • Page 163 Chapter 19 Classifier Figure 103 Advanced Application > Classifier > Classifier Configuration XS3700 Series User’s Guide...
  • Page 164 Layer-3 fields configured in a classifier have a lower priority than layer-4 fields when the match order is in auto mode. IP Packet Click Any to classify any size of packet length or manually enter a range of number (from/to) Length of packet size in the field provided. XS3700 Series User’s Guide...

  • Page 165: Viewing And Editing Classifier Configuration

    To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier Configuration screen. To change the settings of a rule, click a number in the Index field. XS3700 Series User’s Guide...
  • Page 166 In the Internet Protocol there is a field, called “Protocol”, to identify the next level protocol. The following table shows some common protocol types and the corresponding protocol number. Refer http://www.iana.org/assignments/protocol-numbers for a complete list. Table 79 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ICMP XS3700 Series User’s Guide...

  • Page 167: Classifier Global Setting

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 168: Classifier Example

    The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. XS3700 Series User’s Guide...
  • Page 169 Chapter 19 Classifier Figure 106 Classifier: Example EXAMPLE XS3700 Series User’s Guide...

  • Page 170: Policy Rule

    Resources can then be allocated according to the DSCP values and the configured policies. 20.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 19.2 on page 161 more information. XS3700 Series User’s Guide...
  • Page 171 Figure 107 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 82 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. XS3700 Series User’s Guide...
  • Page 172 Select Send the packet to the egress port to send the packet to the egress port. Metering Select Enable to activate bandwidth limitation on the traffic flow(s) then set the actions to be taken on out-of-profile packets. XS3700 Series User’s Guide...

  • Page 173: Viewing And Editing Policy Configuration

    The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 19.4 on page 168). XS3700 Series User’s Guide...
  • Page 174 Chapter 20 Policy Rule Figure 109 Policy Example EXAMPLE XS3700 Series User’s Guide...

  • Page 175: Queuing Method

    The weights range from 1 to 15 and the actual guaranteed bandwidth is calculated as follows: Weight x 2 KB If the weight setting is 5, the actual quantum guaranteed to the associated queue would be as follows: 5 x 2KB = 10 KB XS3700 Series User’s Guide...

  • Page 176: Weighted Round Robin Scheduling (Wrr)

    This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. 21.2 Configuring Queuing Click Advanced Application > Queuing Method in the navigation panel. Figure 110 Advanced Application > Queuing Method XS3700 Series User’s Guide...
  • Page 177 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 178: Vlan Stacking

    VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. XS3700 Series User’s Guide...

  • Page 179: Vlan Stacking Port Roles

    Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. 22.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 85 VLAN Tag Format Type Priority XS3700 Series User’s Guide...

  • Page 180: Frame Format

    Length and type of Ethernet frame (SP)TPID (Service Provider) Tag Protocol IDentifier Data Frame data VLAN ID Frame Check Sequence 22.4 Configuring VLAN Stacking Click Advanced Application > VLAN Stacking to display the screen as shown. XS3700 Series User’s Guide...
  • Page 181 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 182: Port-Based Q-In-Q

    Note: Selective Q-in-Q rules are only applied to single-tagged frames received on the access ports. If the incoming frames are untagged or single-tagged but received on a tunnel port or cannot match any selective Q-in-Q rules, the Switch applies the port-based Q-in-Q rules to them. XS3700 Series User’s Guide...
  • Page 183 This is the customer VLAN ID in the incoming packets. SPVID This is the service provider’s VLAN ID that adds to the packets from the subscribers. Priority This is the service provider’s priority level in the packets. XS3700 Series User’s Guide...
  • Page 184 Table 90 Advanced Application > VLAN Stacking > Selective QinQ (continued) LABEL DESCRIPTION Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...

  • Page 185: Multicast

    You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. XS3700 Series User’s Guide...

  • Page 186: Igmp Snooping

    In the following MLD snooping-proxy example, all connected upstream ports (1 ~7) are treated as one interface. The connection between ports 8 and 9 is blocked by STP to break the loop. If there is XS3700 Series User’s Guide...

  • Page 187: Mld Messages

    23.2 Multicast Setup Use this screen to configure IGMP for IPv4 or MLD for IPv6 and set up multicast VLANs. Click Advanced Application > Multicast in the navigation panel. Figure 115 Advanced Application > Multicast Setup XS3700 Series User’s Guide...

  • Page 188: Ipv4 Multicast Status

    This field displays IP multicast group addresses. 23.3.1 IGMP Snooping Click the IGMP Snooping link in the Advanced Application > Multicast > IPv4 Multicast screen to display the screen as shown. See Section 23.1 on page 185 for more information on multicasting. XS3700 Series User’s Guide...
  • Page 189 Unknown Specify the action to perform when the Switch receives an unknown multicast frame. Multicast Frame Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports. XS3700 Series User’s Guide...
  • Page 190 Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table entry is aged out. Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report(s) received on this port. XS3700 Series User’s Guide...

  • Page 191: Igmp Snooping Vlan

    IGMP Snooping link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 23.1.4 on page 186 for more information on IGMP Snooping VLAN. Figure 118 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN XS3700 Series User’s Guide...

  • Page 192: Igmp Filtering Profile

    A profile can be assigned to multiple ports. Click Advanced Application > Multicast > IPv4 Multicast in the navigation panel. Click the IGMP Snooping link and then the IGMP Filtering Profile link to display the screen as shown. XS3700 Series User’s Guide...
  • Page 193 To delete a rule(s) from a profile, select the rule(s) that you want to remove in the Delete Rule column, then click the Delete button. Cancel Click Cancel to clear the Delete Profile/Delete Rule check boxes. XS3700 Series User’s Guide...

  • Page 194: Ipv6 Multicast Status

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 195: Mld Snooping-Proxy Vlan

    T = (QI*RV) + MRD, where T = Timeout, QI = Query Interval, RV = Robustness Variable, and MRD = Maximum Response Delay. When an MLD Done message is received, the Switch sets the entry’s lifetime to be the product of Last Member Query Interval and Robustness Variable XS3700 Series User’s Guide...

  • Page 196: Mld Snooping-Proxy Vlan Port Role Setting

    Click the Port Role Setting link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN screen to display the screen as shown. See Section 23.1 on page for more information on multicasting. XS3700 Series User’s Guide...
  • Page 197 This specifies whether the Switch removes an MLD snooping membership entry (learned on a downstream port) immediately (Immediate) or wait for an MLD report before the leave timeout (Normal) or fast leave timeout (Fast) when an MLD leave message is received on this port from a host. XS3700 Series User’s Guide...

  • Page 198: Mld Snooping-Proxy Filtering

    Filtering link in the Advanced Application > Multicast > IPv6 Multicast screen to display the screen as shown. See Section 23.1 on page 185 for more information on multicasting. Figure 124 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering XS3700 Series User’s Guide...

  • Page 199: Mld Snooping-Proxy Filtering Profile

    Click the Filtering Profile link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering screen to display the screen as shown. Figure 125 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile XS3700 Series User’s Guide...

  • Page 200: Mvr Overview

    The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. XS3700 Series User’s Guide...

  • Page 201: Types Of Mvr Ports

    (in this case, an uplink port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. XS3700 Series User’s Guide...

  • Page 202: General Mvr Configuration

    Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. XS3700 Series User’s Guide...
  • Page 203 Select Dynamic to send IGMP reports or MLD messages to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports or MLD messages. Port This field displays the port number on the Switch. XS3700 Series User’s Guide...

  • Page 204: Mvr Group Configuration

    Use this screen to configure MVR IP multicast group address(es). Click the Group Configuration link in the MVR screen. Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. XS3700 Series User’s Guide...
  • Page 205 Note: If you delete a multicast VLAN, all multicast groups in this VLAN will also be removed. Cancel Select Cancel to clear the checkbox(es) in the table. XS3700 Series User’s Guide...

  • Page 206: Mvr Configuration Example

    To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200. XS3700 Series User’s Guide...
  • Page 207 Chapter 23 Multicast Figure 132 MVR Group Configuration Example EXAMPLE Figure 133 MVR Group Configuration Example EXAMPLE XS3700 Series User’s Guide...

  • Page 208: Aaa

    By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Chapter 43 on page 359). XS3700 Series User’s Guide...

  • Page 209: Radius And Tacacs

    RADIUS servers and Section 24.3 on page 217 for RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. XS3700 Series User’s Guide...
  • Page 210 RADIUS server and the Switch. Delete Check this box if you want to remove an existing RADIUS server entry from the Switch. This entry is deleted when you click Apply. XS3700 Series User’s Guide...

  • Page 211: Tacacs+ Server Setup

    Use this screen to configure your TACACS+ server settings. See Section 24.1.2 on page 209 more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. XS3700 Series User’s Guide...
  • Page 212 Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. This key is not sent over the network. This key must be the same on the external TACACS+ server and the Switch. XS3700 Series User’s Guide...

  • Page 213: Aaa Setup

    Click Cancel to begin configuring this screen afresh. 24.2.3 AAA Setup Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. XS3700 Series User’s Guide...
  • Page 214 Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. XS3700 Series User’s Guide...
  • Page 215 If you don’t select this and you have two accounting servers set up, then the Switch sends information to the first accounting server and if it doesn’t get a response from the accounting server then it tries the second accounting server. XS3700 Series User’s Guide...

  • Page 216: Vendor Specific Attribute

    • Vendor-Type: A vendor specified attribute, identifying the setting you want to modify. • Vendor-data: A value you want to assign to the setting. Note: Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server. XS3700 Series User’s Guide...

  • Page 217: Tunnel Protocol Attribute

    Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This section lists the RADIUS attributes supported by the Switch. XS3700 Series User’s Guide...

  • Page 218: Attributes Used For Authentication

    - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 24.3.2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. XS3700 Series User’s Guide...
  • Page 219    NAS-IP-Address    Service-Type    Calling-Station-Id    Acct-Status-Type    Acct-Delay-Time    Acct-Session-Id    Acct-Authentic    Acct-Session-Time   Acct-Terminate-Cause  XS3700 Series User’s Guide...
  • Page 220  Acct-Delay-Time    Acct-Session-Id    Acct-Authentic    Acct-Input-Octets   Acct-Output-Octets   Acct-Session-Time   Acct-Input-Packets   Acct-Output-Packets   Acct-Terminate-Cause  Acct-Input-Gigawords   Acct-Output-Gigawords   XS3700 Series User’s Guide...

  • Page 221: Ip Source Guard

    Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. XS3700 Series User’s Guide...
  • Page 222 Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the file, that binding and all others after it are ignored. XS3700 Series User’s Guide...

  • Page 223: Arp Inspection Overview

    In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things: XS3700 Series User’s Guide...
  • Page 224 ARP inspection so that the Switch has enough time to build the binding table. Enable ARP inspection on each VLAN. Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. XS3700 Series User’s Guide...

  • Page 225: Ip Source Guard

    If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. XS3700 Series User’s Guide...
  • Page 226 ARP Freeze. Static Binding MAC Address Enter the source MAC address in the binding. IP Address Enter the IP address assigned to the MAC address in the binding. VLAN Enter the source VLAN ID in the binding. XS3700 Series User’s Guide...

  • Page 227: Dhcp Snooping

    Click this to clear the Delete check boxes above. 25.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. XS3700 Series User’s Guide...
  • Page 228 This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change. This section displays information about the current update and the next update of the DHCP snooping database. XS3700 Series User’s Guide...
  • Page 229 MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore. XS3700 Series User’s Guide...

  • Page 230: Dhcp Snooping Configure

    TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. XS3700 Series User’s Guide...
  • Page 231 Enter how long (10-65535 seconds) the Switch waits to update the DHCP snooping interval database the first time the current bindings change after an update. Once the next update is scheduled, additional changes in current bindings are automatically included in the next update. XS3700 Series User’s Guide...

  • Page 232: Dhcp Snooping Port Configure

    You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 145 IP Source Guard > DHCP Snooping Port Configure XS3700 Series User’s Guide...

  • Page 233: Dhcp Snooping Vlan Configure

    Switch relays to a DHCP server for each VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN. Figure 146 IP Source Guard > DHCP Snooping VLAN Configure XS3700 Series User’s Guide...

  • Page 234: Dhcp Snooping Vlan Port Configure

    Use this screen to apply a different DHCP option 82 profile to certain ports in a VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN > Port. Figure 147 IP Source Guard > DHCP Snooping VLAN Port Configure XS3700 Series User’s Guide...

  • Page 235: Arp Inspection Status

    MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection. XS3700 Series User’s Guide...

  • Page 236: Arp Inspection Vlan Status

    25.6.1 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status. XS3700 Series User’s Guide...

  • Page 237: Arp Inspection Log Status

    Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status. XS3700 Series User’s Guide...
  • Page 238 In the ARP Inspection VLAN Configure screen, you can configure the Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See Section 25.7.2 on page 241. Time This field displays when the log message was generated. XS3700 Series User’s Guide...

  • Page 239: Arp Inspection Configure

    Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 25.6.2 on page 237. XS3700 Series User’s Guide...

  • Page 240: Arp Inspection Port Configure

    Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. Figure 152 IP Source Guard > ARP Inspection Port Configure XS3700 Series User’s Guide...

  • Page 241: Arp Inspection Vlan Configure

    ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN. Figure 153 IP Source Guard > ARP Inspection VLAN Configure XS3700 Series User’s Guide...
  • Page 242 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. XS3700 Series User’s Guide...

  • Page 243: Loop Guard

    The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B. XS3700 Series User’s Guide...
  • Page 244 Figure 157 Loop Guard - Network Loop Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 6.6 on page 63) or via commands (see the Ethernet Switch CLI Reference Guide). XS3700 Series User’s Guide...

  • Page 245: Loop Guard Setup

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 246: Vlan Mapping

    3 will be dropped. Figure 159 VLAN mapping example Service Provider Network Port 3 27.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown. XS3700 Series User’s Guide...

  • Page 247: Configuring Vlan Mapping

    Click Cancel to begin configuring this screen afresh. 27.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to display the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). XS3700 Series User’s Guide...
  • Page 248 This is the priority level that replaces the customer priority level in the tagged packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...

  • Page 249: Layer 2 Protocol Tunneling

    To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection). XS3700 Series User’s Guide...

  • Page 250: Layer-2 Protocol Tunneling Mode

    Incoming encapsulated layer-2 protocol packets received on a tunnel port are decapsulated and sent to an access port. 28.2 Configuring Layer 2 Protocol Tunneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. XS3700 Series User’s Guide...
  • Page 251 (local and remote) networks. Select this option to have the Switch tunnel VTP (VLAN Trunking Protocol) packets so that all customer switches can use consistent VLAN configuration through the service provider’s network. XS3700 Series User’s Guide...
  • Page 252 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 253: Sflow

    For example, you can use it to know which IP address or which type of traffic caused network congestion. Figure 165 sFlow Application sFlow Agent sFlow Collector 29.2 sFlow Port Configuration Click Advanced Application > sFlow in the navigation panel to display the screen as shown. XS3700 Series User’s Guide...
  • Page 254 Enter a number (N) from 256 to 65535. The Switch captures every one out of N packets for this port and creates sFlow datagram. poll-interval Specify a time interval (from 20 to 120 in seconds) the Switch waits before sending the sFlow datagram and packet counters for this port to the collector. XS3700 Series User’s Guide...

  • Page 255: Sflow Collector Configuration

    This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. XS3700 Series User’s Guide...
  • Page 256 This field displays port number the Switch uses to send sFlow datagram to the collector. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 257: Pppoe

    There are two types of sub-option: “Agent Circuit ID Sub-option” and “Agent Remote ID Sub- option”. They have the following formats. Table 133 PPPoE IA Circuit ID Sub-option Format: User-defined String SubOpt Length Value 0x01 String (1 byte) (1 byte) (63 bytes) XS3700 Series User’s Guide...

  • Page 258: Port State

    DHCP snooping or ARP inspection. You can also specify the agent sub-options (circuit ID and remote ID) that the Switch adds to PADI and PADR packets from PPPoE clients. XS3700 Series User’s Guide...

  • Page 259: The Pppoe Screen

    Use this screen to configure the Switch to give a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client. Click Advanced Application > PPPoE > Intermediate Agent in the navigation panel to display the screen as shown. XS3700 Series User’s Guide...
  • Page 260 Select a delimiter to separate the identifier-string, slot ID, port number and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. XS3700 Series User’s Guide...

  • Page 261: Pppoe Ia Per-Port

    Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. XS3700 Series User’s Guide...

  • Page 262: Pppoe Ia Per-Port Per-Vlan

    30.3.2 PPPoE IA Per-Port Per-VLAN Use this screen to configure PPPoE IA settings that apply to a specific VLAN on a port. Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. XS3700 Series User’s Guide...
  • Page 263 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 264: Pppoe Ia For Vlan

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 265: Error Disable

    31.3 The Error Disable Screen Use this screen to configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. XS3700 Series User’s Guide...

  • Page 266: Error-Disable Status

    Click the Click here link next to Errdisable Status in the Advanced Application > Errdisable screen to display the screen as shown. Figure 174 Advanced Application > Errdisable > Errdisable Status XS3700 Series User’s Guide...

  • Page 267: Cpu Protection Configuration

    Advanced Application > Errdisable screen to display the screen as shown. Note: After you configure this screen, make sure you also enable error detection for the specific control packets in the Advanced Application > Errdisable > Errdisable Detect screen. XS3700 Series User’s Guide...

  • Page 268: Error-Disable Detect Configuration

    Click the Click Here link next to Errdisable Detect link in the Advanced Application > Errdisable screen to display the screen as shown. XS3700 Series User’s Guide...

  • Page 269: Error-Disable Recovery Configuration

    Use this screen to configure the Switch to automatically undo an action after the error is gone. Click the Click Here link next to Errdisable Recovery in the Advanced Application > Errdisable screen to display the screen as shown. XS3700 Series User’s Guide...
  • Page 270 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 271: Mac Pinning

    [MAC x, VLAN y] 32.2 MAC Pinning Configuration Use this screen to enable MAC pinning on the Switch and on specific ports. Click Advanced Application > MAC Pinning in the navigation panel to open the following screen. XS3700 Series User’s Guide...
  • Page 272 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 273: Private Vlan

    Primary VLAN only. They cannot communicate with other isolated ports in the same Isolated VLAN, non-associated Primary VLAN promiscuous ports nor any community ports. Table 146 PVLAN Graphic Key LABEL DESCRIPTION P-VLAN 100 Primary private VLAN XS3700 Series User’s Guide...
  • Page 274 C-VLAN 101. They cannot communicate with isolated ports in I-VLAN 102. • Isolated ports can communicate with promiscuous ports in P-VLAN 100. They cannot communicate with other isolated ports in I-VLAN 102 nor community ports in C-VLAN 101. XS3700 Series User’s Guide...

  • Page 275: Configuration

    You must go to the Static VLAN screen first (see Section Chapter 8 on page 101) to create VLAN IDs for Primary, Isolated or Community VLANs. Click Advanced Application > Private VLAN to display the following screen. Advanced Application > Private VLAN Figure 179 XS3700 Series User’s Guide...
  • Page 276 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 277: Green Ethernet

    Auto Power Down and operates normally. 34.2 Configuring Green Ethernet Click Advanced Application > Green Ethernet in the navigation panel to display the screen as shown. Note: EEE and Auto Power Down are not supported on an uplink port. XS3700 Series User’s Guide...
  • Page 278 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 279: Link Layer Discovery Protocol (Lldp)

    The optional TLVs are inserted between the Time To Live TLV and the End of LLDPDU TLV. The next figure demonstrates that the network devices Switches and Routers (S and R) transmit and receive device information via LLDPDU and the network manager can query the information using Simple Network Management Protocol (SNMP). XS3700 Series User’s Guide...

  • Page 280: Lldp-Med Overview

    Since LLDPDU updates status and configuration information periodically, network managers may check the result of provision via remote status. The remote status is updated by receiving LLDP-MED TLVs from endpoint devices. XS3700 Series User’s Guide...

  • Page 281: Lldp Screens

    Table 150 Advanced Application > LLDP LABEL DESCRIPTION LLDP LLDP Local Click here to show a screen with the Switch’s LLDP information. Status LLDP Remote Click here to show a screen with LLDP information from the neighboring devices. Status XS3700 Series User’s Guide...

  • Page 282: Lldp Local Status

    Media Endpoint Devices) location parameters. 35.4 LLDP Local Status This screen displays a summary of LLDP status on this Switch. Click Advanced Application > LLDP > LLDP Local Status to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 283 This shows the System Description which is the firmware version of the Switch. Description TLV System This shows the System Capabilities enabled and supported on the local Switch. Capabilities • System Capabilities Supported - Bridge • System Capabilities Enabled - Bridge XS3700 Series User’s Guide...

  • Page 284: Lldp Local Port Status Detail

    This screen displays detailed LLDP status for each port on this Switch. Click Advanced Application > LLDP > LLDP Local Status and then click a port number, for example 1 (Port) in the Local Port column to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 285 Chapter 35 Link Layer Discovery Protocol (LLDP) Figure 185 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (Basic, Dot1, Dot3 TLV) XS3700 Series User’s Guide...
  • Page 286 Chapter 35 Link Layer Discovery Protocol (LLDP) Figure 186 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (MED TLV) XS3700 Series User’s Guide...
  • Page 287 Capabilities This field displays which LLDP-MED TLV are capable to transmit on the Switch. • Network Policy • Location Device Type This is the LLDP-MED device class. The ZyXEL Switch device type is: • Network Connectivity XS3700 Series User’s Guide...

  • Page 288: Lldp Remote Status

    This is an alpha-numeric string that contains the specific identifier for the port from which this LLDPDU was transmitted. The port ID is identified by the port ID subtype. Port Description This displays a description for the port from which this LLDPDU was transmitted. XS3700 Series User’s Guide...

  • Page 289: Lldp Remote Port Status Detail

    Application > LLDP > LLDP Remote Status and then click an index number, for example 1, in the Index column in the LLDP Remote Status screen to display the screen as shown next. Figure 188 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Basic TLV) XS3700 Series User’s Guide...
  • Page 290 System Capabilities Supported • System Capabilities Enabled Management This displays the following management address parameters of the remote device. Address TLV • Management Address Subtype • Management Address • Interface Number Subtype • Interface Number • Object Identifier XS3700 Series User’s Guide...
  • Page 291 LLDPDU. • Port-Protocol VLAN ID • Port-Protocol VLAN ID Supported • Port-Protocol VLAN ID Enabled Vlan Name TLV This shows the VLAN ID and name for remote device port. • VLAN ID • VLAN Name XS3700 Series User’s Guide...
  • Page 292 • Port Class • MDI Supported • MDI Enabled • Pair Controlable • PSE Power Pairs • Power Class Max Frame This displays the maximum supported frame size in octets. Size TLV XS3700 Series User’s Guide...
  • Page 293 Chapter 35 Link Layer Discovery Protocol (LLDP) Figure 190 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) XS3700 Series User’s Guide...
  • Page 294 This shows the location information of a caller by its: Identification • Coordinate-base LCI - latitude and longitude coordinates of the Location Configuration Information (LCI) • Civic LCI - IETF Geopriv Civic Address based Location Configuration Information • ELIN - (Emergency Location Identifier Number) XS3700 Series User’s Guide...

  • Page 295: Lldp Configuration

    Power Value - power requirement, in fractions of Watts, in current configuration 35.6 LLDP Configuration Use this screen to configure global LLDP settings on the Switch. Click Advanced Application > LLDP > LLDP Configuration to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 296 Cancel Click Cancel to begin configuring this screen afresh. Port This displays the port number with this LLDP configuration. * means all ports. XS3700 Series User’s Guide...

  • Page 297: Lldp Configuration Basic Tlv Setting

    System Select check box to enable or disable the sending of System Description TLVs on the Description port(s). System Name Select check box to enable or disable the sending of System Name TLVs on the port(s). XS3700 Series User’s Guide...

  • Page 298: Lldp Configuration Basic Org-Specific Tlv Setting

    Status TLVs on the port(s). All check boxes in this column are enabled by default. Max Frame Select check box to enable or disable the sending of IEEE 802.3 Max Frame Size TLVs on Size the port(s). XS3700 Series User’s Guide...

  • Page 299: Lldp-Med Configuration

    The following table describes the labels in this screen. Table 160 Advanced Application > LLDP > LLDP-MED Configuration LABEL DESCRIPTION Port This displays the port number on which you’re configuring LLDP-MED. Select * to configure all ports simultaneously. Notification XS3700 Series User’s Guide...

  • Page 300: Lldp-Med Network Policy

    Enter the port number to set up the LLDP-MED network policy. Application Type Select the type of application used in the network policy. • voice • voice-signaling • guest-voice • guest-voice-signaling • softphone-voice • video-conferencing • streaming-video • video-signaling XS3700 Series User’s Guide...

  • Page 301: Lldp-Med Location

    Check the rules that you want to remove in the delete column, then click the Delete button. Cancel Click Cancel to clear the selected checkboxes in the Delete column. 35.9 LLDP-MED Location Click Advanced Application > LLDP > LLDP-MED Location to display the screen as shown next. XS3700 Series User’s Guide...
  • Page 302 Latitude Enter the latitude information. The value should be from 0º to 90º. • north • south Longitude Enter the longitude information. The value should be from 0º to 180º. • west • east XS3700 Series User’s Guide...
  • Page 303 Country, State, County, City, Street, Number, ZIP code and additional information. ELIN Number This field shows the Emergency Location Identification Number (ELIN), which is used to identify endpoint devices when they issue emergency call services. The valid length is form 10 characters to 25 characters. XS3700 Series User’s Guide...
  • Page 304 Table 162 Advanced Application > LLDP > LLDP-MED Location LABEL DESCRIPTION Delete Check the locations that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the selected check boxes in the delete column. XS3700 Series User’s Guide...

  • Page 305: Static Route

    Click the link next to IPv4 Static Route to open a screen where you can create IPv4 static routing rules. Click the link next to IPv6 Static Route to open a screen where you can create IPv6 static routing rules. XS3700 Series User’s Guide...

  • Page 306: Configuring Ipv4 Static Routing

    Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch Address that will forward the packet to the destination. The gateway must be a router on the same segment as your Switch. XS3700 Series User’s Guide...

  • Page 307: Configuring Ipv6 Static Routing

    Cancel Click Cancel to clear the Delete check boxes. 36.4 Configuring IPv6 Static Routing Click the link next to IPv6 Static Route in the IP Application > Static Routing screen to display the screen as shown. XS3700 Series User’s Guide...
  • Page 308 This field displays the IPv6 address of the gateway that helps forward the packet to the destination. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...

  • Page 309: Policy Routing

    37.2 Configuring Policy Routing Profile Click IP Application > Policy Routing in the navigation panel to display the screen as shown. Use this screen to configure a policy routing profile, which can consist of multiple policy routing rules. XS3700 Series User’s Guide...

  • Page 310: Policy Routing Rule Configuration

    Policy-based routing is applied to incoming packets on a per interface basis before normal routing. The Switch does not perform normal routing on packets that match any of the policy routes. XS3700 Series User’s Guide...
  • Page 311 161), which are not used by any policy rule or policy routing rule. Select a classifier to which this policy routing rule applies. Action Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch that will forward the packet to the destination. XS3700 Series User’s Guide...
  • Page 312 This field displays the name of the classifier to which this policy applies. Rule Delete Select the policy routing rule(s) that you want to remove. Delete Click Delete to remove the selected entry(ies) from the summary table. Cancel Click Cancel to clear the Rule Delete check boxes. XS3700 Series User’s Guide...

  • Page 313: Differentiated Services

    The boundary node (A in Figure 204) in a DiffServ network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules. A network administrator can then apply XS3700 Series User’s Guide...

  • Page 314: Two Rate Three Color Marker Traffic Policing

    In the color-aware mode, packets are marked based on both existing color and evaluation against the PIR and CIR. If the packets do not match any of colors, then the packets proceed unchanged. XS3700 Series User’s Guide...

  • Page 315: Trtcm - Color-Blind Mode

    Loss Loss Loss 38.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). Click IP Application > DiffServ in the navigation panel to display the screen as shown. XS3700 Series User’s Guide...

  • Page 316: Configuring 2-Rate 3 Color Marker Settings

    Use this screen to configure TRTCM settings. Click the 2-rate 3 Color Marker link in the DiffServ screen to display the screen as shown next. Note: You cannot enable both TRTCM and Bandwidth Control at the same time. XS3700 Series User’s Guide...
  • Page 317 Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this to activate TRTCM on the port. Commit Specify the Commit Information Rate (CIR) for this port. Rate Peak Rate Specify the Peak Information Rate (PIR) for this port. XS3700 Series User’s Guide...

  • Page 318: Dscp Profile

    Click this to reset the fields to your previous configuration. Profile Name This field displays the descriptive name of the profile. Click the profile name to change the settings. Green This field displays the DSCP value to use for packets with low packet loss priority. XS3700 Series User’s Guide...

  • Page 319: Dscp-To-Ieee 802.1P Priority Settings

    IEEE 802.1p 38.4.1 Configuring DSCP Settings To change the DSCP-IEEE 802.1p mapping, click the DSCP Setting link in the DiffServ screen to display the screen as shown next. Figure 210 IP Application > DiffServ > DSCP Setting XS3700 Series User’s Guide...
  • Page 320 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 321: Dhcp

    39.2 DHCP Configuration Click IP Application > DHCP in the navigation panel to display the screen as shown. Click the link next to DHCPv4 to open screens where you can enable and configure DHCPv4 server/relay settings XS3700 Series User’s Guide...

  • Page 322: Dhcpv4 Status

    Click IP Application > DHCP > DHCPv4 in the navigation panel and then click an existing index number of a DHCP server configuration to view the screen as shown. Use this screen to view details regarding DHCP server settings configured on the Switch. XS3700 Series User’s Guide...

  • Page 323: Dhcpv4 Relay

    (such as the IP address and subnet mask) between a DHCP client and a DHCP server. Once the DHCP client obtains an IP address and can connect to the network, network information renewal is done between the DHCP client and the DHCP server without the help of the Switch. XS3700 Series User’s Guide...

  • Page 324: Dhcpv4 Relay Agent Information

    39.4.2 DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles. Click IP Application > DHCP > DHCPv4 in the navigation panel and click the Option 82 Profile link to display the screen as shown. XS3700 Series User’s Guide...
  • Page 325 Select this option to have the Switch add its MAC address to the client DHCP requests that it relays to a DHCP server. string Enter a string of up to 64 ASCII characters for the remote ID information in this field. Spaces are allowed. XS3700 Series User’s Guide...

  • Page 326: Configuring Dhcpv4 Global Relay

    Select a pre-defined DHCPv4 option 82 profile that the Switch applies to all ports. The Profile Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the profile to DHCP requests that it relays to a DHCP server. XS3700 Series User’s Guide...

  • Page 327: Dhcpv4 Global Relay Port Configure

    Click Clear to reset the fields to the factory defaults. Index This field displays a sequential number for each entry. Click an index number to change the settings. Port This field displays the port(s) to which the Switch applies the settings. XS3700 Series User’s Guide...

  • Page 328: Global Dhcp Relay Configuration Example

    (default1 in this example) to set the Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. Figure 218 DHCP Relay Configuration Example EXAMPLE XS3700 Series User’s Guide...

  • Page 329: Configuring Dhcp Vlan Settings

    Use this section if you want to configure the Switch to function as a DHCP server for this VLAN. Client IP Pool Specify the first of the contiguous addresses in the IP address pool. Starting Address XS3700 Series User’s Guide...

  • Page 330: Dhcpv4 Vlan Port Configure

    39.5.1 DHCPv4 VLAN Port Configure Use this screen to apply a different DHCP option 82 profile to certain ports in a VLAN. To open this screen, click IP Application > DHCP > DHCPv4 > VLAN > Port. XS3700 Series User’s Guide...
  • Page 331 Delete Select the entry(ies) that you want to remove in the Delete column, then click the Delete button to remove the selected entry(ies) from the table. Cancel Click this to clear the Delete check boxes above. XS3700 Series User’s Guide...

  • Page 332: Example: Dhcp Relay For Two Vlans

    (VLAN 2) are sent to the other DHCP server with an IP address of 172.16.10.100. Figure 221 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.16.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 222 DHCP Relay for Two VLANs Configuration Example EXAMPLE XS3700 Series User’s Guide...

  • Page 333: Dhcpv6 Relay

    This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. XS3700 Series User’s Guide...
  • Page 334 This field displays whether the remote-ID option is added to DHCPv6 requests from clients in this VLAN. Delete Check the entry(ies) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. XS3700 Series User’s Guide...

  • Page 335: Vrrp

    Switch B, having a lower priority, is the backup router. Figure 224 VRRP: Example 1 172.16.1.1 172.16.1.100 172.16.1.10 If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B. XS3700 Series User’s Guide...

  • Page 336: Vrrp Status

    The following sections describe the different parts of the VRRP Configuration screen. 40.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 6.5 on page 58 for more information). XS3700 Series User’s Guide...
  • Page 337 Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface. When you select Simple in the Authentication field, enter a password key (up to eight printable ASCII character long) in this field. XS3700 Series User’s Guide...

  • Page 338: Vrrp Parameters

    By default, a layer 3 device with the same IP address as the virtual router will become the master router regardless of the preempt mode. 40.3.3 Configuring VRRP Parameters After you set up an IP interface, configure the VRRP parameters in the VRRP Configuration screen. XS3700 Series User’s Guide...
  • Page 339 Cancel Click Cancel to discard all changes made in this table. Clear Click Clear to set the above fields back to the factory defaults. XS3700 Series User’s Guide...

  • Page 340: Viewing Vrrp Summary

    The figure below shows a simple VRRP network with only one virtual router VR1 (VRID =1) and two switches. The network is connected to the WAN via an uplink gateway G (172.16.1.100). The host computer X is set to use VR1 as the default gateway. XS3700 Series User’s Guide...
  • Page 341 Figure 230 VRRP Example 1: VRRP Parameter Settings on Switch A EXAMPLE Figure 231 VRRP Example 1: VRRP Parameter Settings on Switch B EXAMPLE After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. XS3700 Series User’s Guide...

  • Page 342: Two Subnets Example

    You need to configure the VRRP Configuration screen for virtual router VR2 on each switch, while keeping the VRRP configuration in example 1 for virtual router VR1 (refer to Section 40.4.2 on page 342). Configure the VRRP parameters on the switches as shown in the figures below. XS3700 Series User’s Guide...
  • Page 343 After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 237 VRRP Example 2: VRRP Status on Switch A EXAMPLE Figure 238 VRRP Example 2: VRRP Status on Switch B EXAMPLE XS3700 Series User’s Guide...

  • Page 344: Arp Setup

    LAN. When the Switch receives the ARP reply from host B, it updates its ARP table and also forwards host A’s ICMP request to host B. After the Switch gets the XS3700 Series User’s Guide...
  • Page 345 In Gratuitous-ARP learning mode, the Switch updates its ARP table with either an ARP reply or a gratuitous ARP request. 41.1.2.3 ARP-Request When the Switch is in ARP-Request learning mode, it updates the ARP table with both ARP replies, gratuitous ARP requests and ARP requests. XS3700 Series User’s Guide...

  • Page 346: Arp Setup

    Figure 239 IP Application > ARP Setup 41.2.1 ARP Learning Use this screen to configure each port’s ARP learning mode. Click the link next to ARP Learning in the IP Application > ARP Setup screen to display the screen as shown next. XS3700 Series User’s Guide...

  • Page 347: Static Arp

    Use this screen to create static ARP entries that will display in the Management > ARP Table screen and will not age out. Click the link next to Static ARP in the IP Application > ARP Setup screen to display the screen as shown. XS3700 Series User’s Guide...
  • Page 348 This field displays the VLAN to which the device belongs. Port This field displays the port to which the device connects. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. XS3700 Series User’s Guide...
  • Page 349 Chapter 41 ARP Setup XS3700 Series User’s Guide...

  • Page 350: Maintenance

    Configuration Save Click Config 1 to save the current configuration settings to Configuration 1 on the Switch. Configuration Click Config 2 to save the current configuration settings to Configuration 2 on the Switch. XS3700 Series User’s Guide...

  • Page 351: Firmware Upgrade

    The top of firmware upgrade screen shows which firmware version is currently running on the Switch. Select the Config Boot Image drop-down list box if you want to reboot the Switch and click Apply to apply the new firmware immediately. (Firmware upgrades are only applied after a XS3700 Series User’s Guide...

  • Page 352: Restore A Configuration File

    Browse to display the Choose File screen from which you can locate it. After you have specified the file, click Restore. "config" is the name of the configuration file on the Switch, so your backup configuration file is automatically renamed when you restore using this screen. XS3700 Series User’s Guide...

  • Page 353: Backup A Configuration File

    Switch IP address (192.168.1.1). 42.1.5 Save Configuration Click Config 1 to save the current configuration settings permanently to configuration one on the Switch. XS3700 Series User’s Guide...

  • Page 354: Reboot System

    If you want to access the Switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1). XS3700 Series User’s Guide...

  • Page 355: Tech-Support

    For example, Mbuf 50 means a log will be created when the Mbuf utilization is over 50%. The higher the Mbuf threshold number, the fewer logs will be created, and the less data technical support will have to analyze and vice versa. XS3700 Series User’s Guide...

  • Page 356: Ftp Command Line

    Switch. ras-0 is image 1; ras-1 is image 2. ras-1 You can store up to two images, or firmware files of the same device model, on the Switch. Only one image is used at a time. XS3700 Series User’s Guide...

  • Page 357: Ftp Command Line Procedure

    Switch and renames it to “config”. Likewise get config config.cfg transfers the configuration file on the Switch to your computer and renames it to “config.cfg”. See Table 192 on page 356 more information on filename conventions. Enter quit to exit the ftp prompt. XS3700 Series User’s Guide...

  • Page 358: Gui-Based Ftp Clients

    • FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. XS3700 Series User’s Guide...

  • Page 359: Access Control

    TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the Switch through the network via SNMP version 1 (SNMPv1), SNMP version 2c or XS3700 Series User’s Guide...

  • Page 360: Snmp V3 And Security

    Security can be further enhanced by encrypting the SNMP messages sent from the managers. Encryption protects the contents of the SNMP messages. When the contents of the SNMP messages are encrypted, only the intended recipients can read them. XS3700 Series User’s Guide...

  • Page 361: Supported Mibs

    1.3.6.1.4.1.890.1.15.3.26.2.2 This trap is sent when the temperature OfRange goes above or below the normal operating range. voltage zyHwMonitorPowerSupplyVolt 1.3.6.1.4.1.890.1.15.3.26.2.3 This trap is sent when the voltage goes ageOutOfRange above or below the normal operating range. XS3700 Series User’s Guide...
  • Page 362 The trap is sent when entries in the remote database have any updates. Link Layer Discovery Protocol (LLDP), defined as IEEE 802.1ab, enables LAN devices that support LLDP to exchange their configured settings. This helps eliminate configuration mismatch issues. XS3700 Series User’s Guide...
  • Page 363 1.3.6.1.4.1.890.1.15.3.71.2.2 This trap is sent when there is no rNotReachable response message from the RADIUS accounting server. zyTacacsServerAccountingServe 1.3.6.1.4.1.890.1.15.3.83.2.2 This trap is sent when there is no rUnreachable response message from the TACACS+ accounting server. XS3700 Series User’s Guide...

  • Page 364: Configuring Snmp

    The trap is sent when the Switch detects a connectivity fault. 43.3.4 Configuring SNMP From the Access Control screen, display the SNMP screen. You can click Access Control to go back to the Access Control screen. XS3700 Series User’s Guide...
  • Page 365 Enter the username to be sent to the SNMP manager along with the SNMP v3 trap. Note: This username must match an existing account on the Switch (configured in the Management > Access Control > SNMP > User screen). XS3700 Series User’s Guide...

  • Page 366: Configuring Snmp Trap Group

    Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 367: Enabling/Disabling Sending Of Snmp Traps On A Port

    From the SNMP screen, click User to view the screen as shown. Use the User screen to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups. An SNMP user is an SNMP manager. XS3700 Series User’s Guide...
  • Page 368 AES - Advanced Encryption Standard is another method for data encryption that also uses a secret key. AES applies a 128-bit key to 128-bit blocks of data. Password Enter the password of up to 32 ASCII characters for encrypting SNMP packets. XS3700 Series User’s Guide...

  • Page 369: Setting Up Login Accounts

    Note: It is highly recommended that you change the default administrator password (1234). • A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. Click Management > Access Control > Logins to view the screen as shown. XS3700 Series User’s Guide...
  • Page 370 CLI. For more information on assigning privileges see the Ethernet Switch CLI Reference Guide. User Name Set a user name (up to 32 ASCII characters long). Password Enter your new system password. Retype to Retype your new system password for confirmation confirm XS3700 Series User’s Guide...

  • Page 371: Ssh Overview

    Figure 257 SSH Communication Example 43.6 How SSH works The following table summarizes how a secure connection is established between two remote hosts. XS3700 Series User’s Guide...

  • Page 372: Ssh Implementation On The Switch

    Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time. XS3700 Series User’s Guide...

  • Page 373: Requirements For Using Ssh

    HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s WS (web server). Figure 259 HTTPS Implementation Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. XS3700 Series User’s Guide...

  • Page 374: Https Example

    If that is the case, click Continue to this website (not recommended) to proceed to the web configurator login screen. Figure 261 Security Certificate Warning (Internet Explorer 7 or 8) XS3700 Series User’s Guide...

  • Page 375: Mozilla Firefox Warning Messages

    43.9.2 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Untrusted screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button. XS3700 Series User’s Guide...
  • Page 376 Chapter 43 Access Control Figure 264 Security Alert (Mozilla Firefox) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. Figure 265 Security Alert (Mozilla Firefox) EXAMPLE XS3700 Series User’s Guide...

  • Page 377: The Main Screen

    Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen. XS3700 Series User’s Guide...

  • Page 378: Remote Management

    From the Access Control screen, display the Remote Management screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen. XS3700 Series User’s Guide...
  • Page 379 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 380: Diagnostic

    Table 208 Management > Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi-line text box. Click Clear to empty the text box and reset the syslog entry. Ping Test XS3700 Series User’s Guide...
  • Page 381 Enter a time interval (in minutes) and click Blink to show the actual location of the Switch between several devices in a rack. The default time interval is 30 minutes. Click Stop to have the Switch terminate the blinking locator LED. XS3700 Series User’s Guide...

  • Page 382: Syslog

    Debug: The message is intended for debug-level purposes. 45.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. XS3700 Series User’s Guide...

  • Page 383: Syslog Server Setup

    Click Cancel to begin configuring this screen afresh. 45.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to open the following screen. Use this screen to configure a list of external syslog servers. XS3700 Series User’s Guide...
  • Page 384 This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry’s Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 385: Cluster Management

    Cluster members are the switches being managed by the cluster manager switch. In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. XS3700 Series User’s Guide...

  • Page 386: Cluster Management Status

    Figure 272 Clustering Application Example 46.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 273 Management > Cluster Management XS3700 Series User’s Guide...

  • Page 387: Cluster Member Switch Management

    Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. XS3700 Series User’s Guide...

  • Page 388: Uploading Firmware To A Cluster Member Switch

    297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 410AAGB0.bin ras-00-a0-c5-01-23-46 200 Port command okay 150 Opening data connection for STOR ras-00-a0-c5-01-23-46 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> XS3700 Series User’s Guide...

  • Page 389: Clustering Management Configuration

    46.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen to display the next screen. Figure 276 Management > Clustering Management > Configuration EXAMPLE XS3700 Series User’s Guide...
  • Page 390 This is the cluster member switch’s model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 391: Mac Table

    • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 277 MAC Table Flowchart XS3700 Series User’s Guide...

  • Page 392: Viewing The Mac Table

    106). The MAC address(es) will be removed from the MAC table and all traffic sent from the MAC address(es) will be blocked by the Switch. Search Click this to search data in the MAC table according to your input criteria. XS3700 Series User’s Guide...
  • Page 393 Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). XS3700 Series User’s Guide...

  • Page 394: Ip Table

    • If the Switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it filters the packet. Figure 279 IP Table Flowchart XS3700 Series User’s Guide...

  • Page 395: Viewing The Ip Table

    This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the Switch. Type This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). XS3700 Series User’s Guide...

  • Page 396: Arp Table

    MAC address that replied. 49.2 The ARP Table Screen Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries. XS3700 Series User’s Guide...
  • Page 397 This shows 0 for a static entry. Type This shows whether the IP address is dynamic (learned by the Switch) or static (manually configured in the Basic Setting > IP Setup or IP Application > ARP Setup > Static ARP screen). XS3700 Series User’s Guide...

  • Page 398: Routing Table

    This field displays the IP address of the Interface. Metric This field displays the cost of the route. Type This field displays the method used to learn the route. STATIC - added as a static entry. XS3700 Series User’s Guide...

  • Page 399: Path Mtu Table

    This field displays the maximum transmission unit of the links in the path. Expire This field displays how long (in minutes) an entry can still remain in the Path MTU table before it ages out and needs to be relearned. XS3700 Series User’s Guide...

  • Page 400: Configure Clone

    Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 284 Management > Configure Clone XS3700 Series User’s Guide...
  • Page 401 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XS3700 Series User’s Guide...

  • Page 402: Neighbor Table

    This field displays the IPv6 address of the Switch or a neighboring device. Address This field displays the MAC address of the IPv6 interface on which the IPv6 address is configure or the MAC address of the neighboring device. XS3700 Series User’s Guide...
  • Page 403 • dynamic (D): The IP address to MAC address can be successfully resolved using IPv6 Neighbor Discovery protocol. Is it similar as IPv4 ARP (Address Resolution protocol). • static (S): The interface address is statically configured. XS3700 Series User’s Guide...

  • Page 404: Troubleshooting

    Turn the Switch off and on (in DC models or if the DC power supply is connected in AC/DC models). Disconnect and re-connect the power adaptor or cord to the Switch (in AC models or if the AC power supply is connected in AC/DC models). If the problem continues, contact the vendor. XS3700 Series User’s Guide...

  • Page 405: Switch Access And Login

    If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default in-band IP address is 192.168.1.1. XS3700 Series User’s Guide...
  • Page 406 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). XS3700 Series User’s Guide...

  • Page 407: Switch Configuration

    Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 42.1.5 on page 353 for more information about how to save your configuration. XS3700 Series User’s Guide...

  • Page 408: Appendix A Common Services

    File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/server protocol for the world wide web. XS3700 Series User’s Guide...
  • Page 409 Simple Mail Transfer Protocol is the message- exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). XS3700 Series User’s Guide...
  • Page 410 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. XS3700 Series User’s Guide...

  • Page 411: Appendix B Ipv6

    A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Table 224 Link-local Unicast Address Format 1111 1110 10 Interface ID 10 bits 54 bits 64 bits XS3700 Series User’s Guide...

  • Page 412: Global Address

    The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 226 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 XS3700 Series User’s Guide...
  • Page 413 (beginning with fe80). When the interface is connected to a network with a router and the Switch is set to automatically obtain an IPv6 network prefix from the router for the interface, it generates another address which XS3700 Series User’s Guide...

  • Page 414: Dhcp Relay Agent

    The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID option to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string, In IPv6, all network interfaces can be associated with several addresses. XS3700 Series User’s Guide...
  • Page 415 When the Switch needs to send a packet, it first consults the destination cache to determine the next hop. If there is no matching entry in the destination cache, the Switch uses the prefix list to XS3700 Series User’s Guide...
  • Page 416 Done message to the router or switch. The router or switch then sends a group-specific query to the port on which the Done message is received to determine if other devices connected to this port should remain in the group. XS3700 Series User’s Guide...
  • Page 417 Install Dibbler and select the DHCPv6 client option on your computer. After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client Install as service. Select Start > Control Panel > Administrative Tools > Services. Double click Dibbler - a DHCPv6 client. XS3700 Series User’s Guide...
  • Page 418 To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. Click OK to save the change. XS3700 Series User’s Guide...
  • Page 419 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 XS3700 Series User’s Guide...

  • Page 420: Appendix C Customer Support

    • Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
  • Page 421 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de XS3700 Series User’s Guide...
  • Page 422 • ZyXEL BY • http://www.zyxel.by Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland •...
  • Page 423 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
  • Page 424 Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ XS3700 Series User’s Guide...
  • Page 425 Appendix C Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za XS3700 Series User’s Guide...

  • Page 426: Appendix D Legal Information

    The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
  • Page 427 Fuse Warning! Replace a fuse only with a fuse of the same type and rating. • The POE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. Environment Statment WEEE Directive XS3700 Series User’s Guide...
  • Page 428 è composta l’apparecchiatura. Lo smaltimento abusivo del prodotto da parte del detentore comporta l’applicazione delle sanzioni amministrative previste dalla normativa vigente. XS3700 Series User’s Guide...
  • Page 429 Appendix D Legal Information Environmental Product Declaration XS3700 Series User’s Guide...

  • Page 430: Zyxel Limited Warranty

    North American products. Trademarks ZyNOS (ZyXEL Network Operating System) and ZON (ZyXEL One Network)are registered trademarks of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

  • Page 431: Index

    161, 165 viewing syslog messages trusted ports cloning a port See port cloning authentication cluster management and RADIUS and switch passwords setup cluster manager 385, 390 cluster member authorization 385, 390 cluster member firmware upgrade privilege levels XS3700 Series User’s Guide...
  • Page 432 Ethernet settings default gateway egress port default IP address Energy Efficient Ethernet DHCP erase running-configuration client IP pool error disable detect 266, 268 configuration options error disable recovery modes configuration relay agent overview relay example XS3700 Series User’s Guide...
  • Page 433 GARP terminology Installation GARP timer Rack-mounting 57, 81 general setup installation freestanding getting help precautions GMT (Greenwich Mean Time) Installing the Fan Module Green Ethernet Internet Protocol version 6, see IPv6 GVRP 82, 90 XS3700 Series User’s Guide...
  • Page 434 MAC (Media Access Control) PAgP MAC address 53, 344, 396 point to point maximum number per port 157, 158 MAC address learning 57, 92, 94, 101, 157 tunnel port specify limit UDLD MAC authentication XS3700 Series User’s Guide...
  • Page 435 MIB (Management Information Base) configuration mini GBIC ports group configuration connection speed network example connector type transceiver installation MVR (Multicast VLAN Registration) transceiver removal mirroring ports monitor port MSA (MultiSource Agreement) MST Instance, See MSTI network management system (NMS) XS3700 Series User’s Guide...
  • Page 436 VLAN type un-tagged packets port cloning PVID 400, 401 advanced settings 400, 401 PVID (Priority Frame) basic settings 400, 401 port details port isolation port mirroring 130, 133 direction 133, 136 egress 133, 136 XS3700 Series User’s Guide...
  • Page 437 RMirror, see also remote port mirroring how it works Round Robin Scheduling implementation routing domain 60, 336 SSH (Secure Shell) routing table SSL (Secure Socket Layer) RSTP standby ports rubber feet static bindings XS3700 Series User’s Guide...
  • Page 438 VLAN setup and DHCP VLAN trunk group priority trunking setup example subnet based VLANs trusted ports switch lockout ARP inspection switch reset DHCP snooping switch setup PPPoE IA syslog 224, 382 Tunnel Protocol Attribute, and RADIUS XS3700 Series User’s Guide...
  • Page 439 338, 339 priority port settings 338, 339 status port-based VLAN uplink gateway port-based, all connected uplink status port-based, isolation Virtual Router port-based, wizard Virtual Router ID private VLAN VRID PVID static VLAN status 84, 85 subnet based XS3700 Series User’s Guide...
  • Page 440 22, 35 getting help layout login logout navigation panel weight, queuing Weighted Round Robin Scheduling (WRR) WFQ (Weighted Fair Queuing) WRR (Weighted Round Robin Scheduling ZON Neighbor Management ZON Utility ZyNOS (ZyXEL Network Operating System) XS3700 Series User’s Guide...

Table of Contents