![Zyxel GS-2024 EE — port-based VLAN Setup Guide: Configuration and Security [84/266]](/icons/site-icon-64.png){kind=icon}
Zyxel GS-2024 EE — port-based VLAN Setup Guide: Configuration and Security [84/266]
Превью страниц
Страница 84 /
266
![Zyxel GS-2024 EE Инструкция по эксплуатации онлайн [84/266] 10024](/views2/1010653/page84/bg54.png)
Chapter 8 VLAN
GS-2024 User’s Guide
84
8.6 Port-based VLAN Setup
Port-based VLANs are VLANs where the packet forwarding decision is based on the
destination MAC address and its associated port.
Port-based VLANs require allowed outgoing ports to be defined for each port. Therefore, if
you wish to allow two subscriber ports to talk to each other, for example, between conference
rooms in a hotel, you must define the egress (an egress port is an outgoing port, that is, a port
through which a data packet leaves) for both ports.
Port-based VLANs are specific only to the Switch on which they were created.
" When you activate port-based VLAN, the Switch uses a default VLAN ID of 1.
You cannot change it.
" In screens (such as IP Setup) that require a VID, you must enter 1 as the VID.
The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN
with all Ethernet ports.
8.6.1 Configure a Port-based VLAN
Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN
from the navigation panel to display the following screen. Select either All Connected or Port
Isolated from the drop-down list depending on your VLAN and VLAN security requirements.
If VLAN members need to communicate directly with each other, then select All Connected.
Select Port Isolated if you want to restrict users from communicating directly. Click Apply to
save your settings.
The following screen shows users on a port-based, all-connected VLAN configuration.
Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch
loses these changes if it is turned off or loses power, so use the Save link on the
top navigation panel to save your changes to the non-volatile memory when you
are done configuring.
Cancel Click Cancel to begin configuring this screen afresh.
Table 17 Advanced Application > VLAN > VLAN Port Setting (continued)
LABEL DESCRIPTION
Содержание
882- User s guide
- Gs 2024
- Www zyxel com
- Layer 2 ethernet switch
- It is recommended you use the web configurator to configure the switch
- About this user s guide
- Warnings tell you about things that could harm you or your device
- Notes tell you other important information for example other things you may need to configure or helpful tips or recommendations
- Document conventions
- Gs 2024 user s guide
- Figures in this user s guide may use the following generic icons the switch icon is not an exact representation of your device
- Document conventions
- Icons used in figures
- Safety warnings
- For your safety be sure to read and follow all warning notices and instructions
- This product is recyclable dispose of it properly
- Management 73
- Ip application 57
- Introduction 7
- Contents overview
- Basic configuration 3
- Advanced setup 5
- Troubleshooting product specifications 17
- Appendices and index 31
- Chapter 3 hardware overview 7
- Chapter 2 hardware installation and connection 3
- Chapter 1 getting to know your switch 9
- About this user s guide
- Table of contents 1
- Table of contents
- Safety warnings
- Part i introduction 27
- List of tables 3
- List of figures 9
- Document conventions
- Contents overview
- Part ii basic configuration 43
- Chapter 7 basic setting 3
- Chapter 6 system status and port statistics 7
- Chapter 5 initial setup example 3
- Chapter 4 the web configurator 5
- Chapter 9 static mac forward setup 9
- Chapter 8 vlan 7
- Chapter 10 spanning tree protocol 1
- Part iii advanced setup 75
- Chapter 17 queuing method 23
- Chapter 16 port security 21
- Chapter 15 port authentication 117
- Chapter 14 link aggregation 111
- Chapter 13 mirroring 09
- Chapter 12 broadcast storm control 07
- Chapter 11 bandwidth control 05
- Part iv ip application 157
- Chapter 20 loop guard 53
- Chapter 19 authentication accounting 39
- Chapter 18 multicast 25
- Chapter 24 maintenance 75
- Chapter 23 dhcp 67
- Chapter 22 differentiated services 63
- Chapter 21 static route 59
- Part v management 173
- Chapter 29 mac table 211
- Chapter 28 cluster management 05
- Chapter 27 syslog 01
- Chapter 26 diagnostic 99
- Chapter 25 access control 81
- Part vii appendices and index 231
- Part vi troubleshooting product specifications 217
- List of figures
- List of tables
- Introduction
- Introduction
- Hapter
- Getting to know your switch
- Backbone application
- Bridging example
- High performance switching example
- Ways to manage the switch
- Ieee 802 q vlan application examples
- Good habits for managing the switch
- Hardware installation and connection
- Hapter
- Freestanding installation
- Rack mounted installation requirements
- Mounting the switch on a rack
- For proper ventilation allow at least 4 inches 10 cm of clearance at the front and 3 inches 8 cm at the back of the switch this is especially important for enclosed rack installations
- Failure to use the proper screws may damage the unit
- Attaching the mounting brackets to the switch
- Mounting the switch on a rack
- Hardware overview
- Hapter
- Front panel connections
- Dual personality interfaces
- Base t ports
- To avoid possible eye injury do not look into an operating fiber optic module s connectors
- Rear panel
- Management port
- Console port
- Power connector
- Make sure you are using the correct power source as shown on the panel
- Table 2 led descriptions continued
- Gs 2024 user s guide
- Chapter 3 hardware overview
- Basic configuration
- The web configurator
- System login
- Introduction
- Hapter
- The status screen
- B d c e
- The following table lists the various web configurator screens within the sub links
- The following table describes the links in the navigation panel
- Table 5 navigation panel links
- Table 4 web configurator screen sub links details
- Gs 2024 user s guide
- Chapter 4 the web configurator
- Table 5 navigation panel links continued
- Gs 2024 user s guide
- Chapter 4 the web configurator
- Use the save link when you are done with a configuration session
- Saving your configuration
- Change your password
- Resetting the switch
- Reload the configuration file
- Be careful not to lock yourself and others out of the switch if you do lock yourself out try using out of band management via the management port to configure the switch
- Switch lockout
- The web configurator s online help has descriptions of individual screens and some supplementary information
- The switch is now reinitialized with a default configuration file including the default password of 1234
- Logging out of the web configurator
- Gs 2024 user s guide
- Figure 18 web configurator logout screen
- Figure 17 resetting the switch via the console port
- Click the help link from a web configurator screen to view an online help description of that screen
- Click logout in a screen to exit the web configurator you have to log in with your password again after you log out this is recommended after you finish a management session for security reasons
- Chapter 4 the web configurator
- Overview
- Initial setup example
- Hapter
- Creating a vlan
- Setting port vid
- The vlan group id field in this screen and the vid field in the ip setup screen refer to the same vlan id
- Configuring switch management ip address
- System status and port statistics
- Port status summary
- Overview
- Hapter
- Table 6 status continued
- Status port details
- Gs 2024 user s guide
- Click a number in the port column in the status screen to display individual port statistics use this screen to check status and detailed performance data about an individual port on the switch
- Chapter 6 system status and port statistics
- The following table describes the labels in this screen
- Port details
- Gs 2024 user s guide
- Figure 23 status port details
- Chapter 6 system status and port statistics
- Port details continued
- Gs 2024 user s guide
- Chapter 6 system status and port statistics
- Port details continued
- Gs 2024 user s guide
- Chapter 6 system status and port statistics
- System information
- Overview
- Hapter
- Basic setting
- The following table describes the labels in this screen
- System info
- Gs 2024 user s guide
- Chapter 7 basic setting
- General setup
- Chapter 7 basic setting
- Use this screen to configure general settings such as the system name and time click basic setting and general setup in the navigation panel to display the screen as shown
- System info continued
- Gs 2024 user s guide
- The following table describes the labels in this screen
- Gs 2024 user s guide
- General setup
- Chapter 7 basic setting
- Vlan is unidirectional it only governs outgoing traffic
- Vlan also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain in traditional switched environments all broadcast packets go to each and every individual port with vlan all broadcasts are confined to a specific broadcast domain
- Switch setup screen
- See chapter 8 on page 77 for information on port based and 802 q tagged vlans
- Introduction to vlans
- In mtu multi tenant unit applications vlan is vital in providing isolation and security among the subscribers when properly configured vlan prevents one subscriber from accessing the network resources of another on the same lan thus a user will not see the printers and hard disks of another user on the same network
- Click basic setting and then switch setup in the navigation panel to display the screen as shown the vlan setup screens change depending on whether you choose 802 q or port based in the vlan type field in this screen refer to the chapter on vlan
- A vlan virtual local area network allows a physical network to be partitioned into multiple logical networks devices on a logical network belong to one group a device can belong to more than one group with vlan a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router
- Chapter 7 basic setting
- The following table describes the labels in this screen
- Switch setup
- Gs 2024 user s guide
- You must configure the vlan first
- Ip setup
- Ip interfaces
- The following table describes the labels in this screen
- Ip setup
- Gs 2024 user s guide
- Chapter 7 basic setting
- Port setup in the navigation panel to display the configuration screen
- Port setup
- Ip setup continued
- Gs 2024 user s guide
- Chapter 7 basic setting
- Chapter 7 basic setting
- The following table describes the labels in this screen
- Port setup
- Note due to space limitations the port name may be truncated in some web configurator screens
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Advanced setup
- Introduction to ieee 802 q tagged vlans
- Hapter
- Forwarding tagged and untagged frames
- Gvrp garp vlan registration protocol is a registration protocol that defines a way for switches to register necessary vlan members on ports across the network enable this function to permit vlan groups beyond the local switch
- Gs 2024 user s guide
- Garp timers
- Garp generic attribute registration protocol allows network switches to register and de register attribute values with other garp participants within a bridged lan garp is a protocol that provides a generic mechanism for protocols that serve a more specific application for example gvrp
- Garp and gvrp are the protocols used to automatically register vlan membership across switches
- Chapter 8 vlan
- Automatic vlan registration
- Table 13 ieee 802 q vlan terminology
- Switches join vlans by making a declaration a declaration is made by issuing a join message using garp declarations are withdrawn by issuing a leave message a leave all message terminates all registrations garp timers set declaration timeout values
- Please refer to the following table for common ieee 802 q vlan terminology
- Static vlan
- Select the vlan type
- Port vlan trunking
- Vlan vlan status
- Vlan from the navigation panel to display the vlan status screen as shown next
- Vlan detail
- Use this screen to view detailed port settings and status of the vlan group see section 8 on page 77 for more information on static vlan click on an index number in the vlan status screen to display vlan details
- The following table describes the labels in this screen
- Static vlan status
- Static vlan details
- Gs 2024 user s guide
- Chapter 8 vlan
- Chapter 8 vlan
- Vlan detail
- Use this screen to configure and view 802 q vlan parameters for the switch see section 8 on page 77 for more information on static vlan to configure a static vlan click static vlan in the vlan status screen to display the screen as shown next
- The following table describes the labels in this screen
- Static vlan
- Gs 2024 user s guide
- Configure a static vlan
- Use the vlan port setting screen to configure the static vlan ieee 802 q settings on a port see section 8 on page 77 for more information on static vlan click the vlan port setting link in the vlan status screen
- The following table describes the related labels in this screen
- Static vlan
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Configure vlan port settings
- Chapter 8 vlan
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Chapter 8 vlan
- Vlan port setting
- The following table describes the labels in this screen
- When you activate port based vlan the switch uses a default vlan id of 1 you cannot change it
- Port based vlan setup
- In screens such as ip setup that require a vid you must enter 1 as the vid
- Configure a port based vlan
- The following screen shows users on a port based port isolated vlan configuration
- Vlan port based vlan setup port isolation
- Vlan port based vlan setup
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Chapter 8 vlan
- Vlan port based vlan setup continued
- Gs 2024 user s guide
- Chapter 8 vlan
- Configuring static mac forwarding
- Static mac forward setup
- Overview
- Hapter
- The following table describes the labels in this screen
- Static mac forwarding
- Note static mac addresses do not age out
- Gs 2024 user s guide
- Chapter 9 static mac forward setup
- Stp terminology
- Stp rstp overview
- Spanning tree protocol
- Hapter
- Gs 2024 user s guide
- For each lan segment a designated bridge is selected this bridge has the lowest cost to the root among the bridges connected to the lan
- Chapter 10 spanning tree protocol
- After a bridge determines the lowest cost spanning tree with stp it enables the root port and the ports that are the designated ports for connected lans and disables all other ports that participate in stp network packets are therefore only forwarded between enabled ports eliminating any possible network loops
- Table 21 stp port states
- Table 20 stp path costs
- Stp port states
- Stp aware switches exchange bridge protocol data units bpdus periodically when the bridged lan topology changes a new spanning tree is constructed
- Stp assigns five port states to eliminate packet looping a bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops
- Path cost is the cost of transmitting a frame onto a lan through that port the recommended cost is assigned according to the speed of the link to which a port is attached the slower the media the higher the cost
- Once a stable network topology has been established all bridges listen for hello bpdus bridge protocol data units transmitted from the root bridge if a bridge does not get a hello bpdu after a predefined interval max age the bridge assumes that the link to the root bridge is down this bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology
- On each bridge the bridge communicates with the root through the root port the root port is the port on this switch with the lowest path cost to the root the root path cost if there is no root port then this switch has been accepted as the root bridge of the spanning tree network
- How stp works
- Vlan 1 vlan 2
- Multiple stp
- Vlan 1 vlan 2
- Spanning tree protocol status screen
- Spanning tree configuration
- Configure rapid spanning tree protocol
- Chapter 10 spanning tree protocol
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Configuration screen to enable rstp on the switch
- This screen is only available after you activate rstp on the switch
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 10 on page 91 for more information on rstp
- Rapid spanning tree protocol status
- Note changes in this row are copied to all the ports as soon as you make them
- 2 hello time 1
- The following table describes the labels in this screen
- Status rstp
- Spanning tree protocol screen see section 10 on page 93 for more information on mstp
- Note the listening state does not exist in rstp
- Gs 2024 user s guide
- Configure multiple spanning tree protocol
- Chapter 10 spanning tree protocol
- 2 hello time 1
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Configuration screen to enable mstp on the switch
- Chapter 10 spanning tree protocol
- This screen is only available after you activate mstp on the switch
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 10 on page 93 for more information on mstp
- Note changes in this row are copied to all the ports as soon as you make them
- Multiple spanning tree protocol status
- The following table describes the labels in this screen
- Status mstp
- Gs 2024 user s guide
- Chapter 10 spanning tree protocol
- Status mstp continued
- Gs 2024 user s guide
- Chapter 10 spanning tree protocol
- Bandwidth control
- Hapter
- Bandwidth control setup
- Bandwidth control overview
- The following table describes the related labels in this screen
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Chapter 11 bandwidth control
- Bandwidth control
- Hapter
- Broadcast storm control setup
- Broadcast storm control
- The following table describes the labels in this screen
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Chapter 12 broadcast storm control
- Broadcast storm control
- Port mirroring setup
- Mirroring
- Hapter
- Link aggregation overview
- Link aggregation
- Hapter
- Dynamic link aggregation
- Table 30 link aggregation id local switch
- Link aggregation status
- Link aggregation in the navigation panel the link aggregation status screen displays by default see section 14 on page 111 for more information
- Link aggregation id
- Lacp only works on full duplex links all ports in the same trunk group must have the same media type speed duplex mode and flow control settings
- Lacp aggregation id consists of the following informatio
- Gs 2024 user s guide
- Configure trunk groups or lacp before you connect the ethernet switch to avoid causing network topology loops
- Chapter 14 link aggregation
- The following table describes the labels in this screen
- Table 31 link aggregation id peer switch
- The following table describes the labels in this screen
- Link aggregation status continued
- Link aggregation setting to display the screen shown next see section 14 on page 111 for more information on link aggregation
- Link aggregation setting
- Gs 2024 user s guide
- Chapter 14 link aggregation
- Link aggregation setting continued
- Link aggregation control protocol
- Lacp to display the screen shown next see section 14 on page 111 for more information on dynamic link aggregation
- Gs 2024 user s guide
- Chapter 14 link aggregation
- Make your physical connections make sure that the ports that you want to belong to the trunk group are connected to the same destination the following figure shows ports 2 5 on switch a connected to switch b
- Gs 2024 user s guide
- Chapter 14 link aggregation
- This example shows you how to create a static port trunk group for ports 2 5
- The following table describes the labels in this screen
- Static trunking example
- Note do not configure this screen unless you want to enable dynamic link aggregation
- Note changes in this row are copied to all the ports as soon as you make them
- Port authentication overview
- Port authentication
- Ieee 802 x authentication
- Hapter
- Port authentication configuration
- Activate ieee 802 x security
- The following table describes the labels in this screen
- Note you must first enable 802 x authentication on the switch before configuring it on each port
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Chapter 15 port authentication
- Port security setup
- Port security
- Hapter
- About port security
- The following table describes the labels in this screen
- Port security
- Note changes in this row are copied to all the ports as soon as you make them
- Gs 2024 user s guide
- Chapter 16 port security
- Weighted round robin scheduling wrr
- Strictly priority
- Queuing method overview
- Queuing method
- Hapter
- Configuring queuing
- Chapter 17 queuing method
- The following table describes the labels in this screen
- Queuing method in the navigation panel
- Queuing method
- Gs 2024 user s guide
- Multicast overview
- Multicast
- Ip multicast addresses
- Igmp snooping
- Igmp filtering
- Hapter
- Multicast status
- Multicast setting
- Igmp snooping and vlans
- Multicast setting
- Gs 2024 user s guide
- Chapter 18 multicast
- The following table describes the labels in this screen
- Note if you enable igmp filtering you must create and assign igmp filtering profiles for the ports that you want to allow to join multicast groups
- Note changes in this row are copied to all the ports as soon as you make them
- Multicast setting continued
- Multicast in the navigation panel click the multicast setting link and then the igmp snooping vlan link to display the screen as shown see section 18 on page 126 for more information on igmp snooping vlan
- Igmp snooping vlan
- Gs 2024 user s guide
- Chapter 18 multicast
- The following table describes the labels in this screen
- Note you must also enable igmp snooping in the multicast setting screen first
- Note you cannot configure the same vlan id as in the mvr screen
- Igmp snooping vlan
- Gs 2024 user s guide
- Chapter 18 multicast
- Chapter 18 multicast
- An igmp filtering profile specifies a range of multicast groups that clients connected to the switch are able to join a profile contains a range of multicast ip addresses which you want clients to be able to join profiles are assigned to ports in the multicast setting screen clients connected to those ports are then able to join the multicast groups specified in the profile each port can be assigned a single profile a profile can be assigned to multiple ports
- The following table describes the labels in this screen
- Igmp snooping vlan
- Igmp filtering profile link to display the screen as shown
- Igmp filtering profile
- Gs 2024 user s guide
- Types of mvr ports
- The following figure shows a network example the subscriber vlan 1 2 and 3 information is hidden from the streaming media server s in addition the multicast vlan information is only visible to the switch and s
- Mvr overview
- Mvr only responds to igmp join and leave control messages from multicast groups that are configured under mvr join and leave reports from other multicast groups are managed by igmp snooping
- Mvr allows one single multicast vlan to be shared among different subscriber vlans on the network while isolated in different subscriber vlans connected devices can subscribe to and unsubscribe from the multicast stream in the multicast vlan this improves bandwidth utilization with reduced multicast traffic in the subscriber vlans and simplifies multicast group management
- Multicast vlan registration mvr is designed for applications such as media on demand mod that use multicast traffic across an ethernet ring based service provider network
- In mvr a source port is a port on the switch that can send and receive multicast traffic in a multicast vlan while a receiver port can only receive multicast traffic once configured the switch maintains a forwarding table that matches the multicast stream to the associated multicast group
- Igmp filtering profile
- Gs 2024 user s guide
- Figure 65 mvr network example
- Chapter 18 multicast
- You can create up to three multicast vlans and up to 256 multicast rules on the switch
- Mvr modes
- How mvr works
- General mvr configuration
- Your switch automatically creates a static vlan with the same vid when you create a multicast vlan in this screen
- The following table describes the related labels in this screen
- Note changes in this row are copied to all the ports as soon as you make them
- Mvr group configuration
- Configure mvr ip multicast group address es in the group configuration screen click group configuration in the mvr screen
- All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group
- A port can belong to more than one multicast vlan however ip multicast group addresses in different multicast vlans cannot overlap
- The following figure shows a network example where ports 1 2 and 3 on the switch belong to vlan 1 in addition port 7 belongs to the multicast group with vid 200 to receive multicast traffic the news and movie channels from the remote streaming media server s computers a b and c in vlan 1 are able to receive the traffic
- Mvr group configuration
- Mvr configuration example
- Gs 2024 user s guide
- Chapter 18 multicast
- The following table describes the labels in this screen
- Example
- Local user accounts
- Hapter
- Authentication authorization and accounting
- Authentication accounting
- Radius server setup
- Radius and tacacs
- Authentication and accounting screens
- The following table describes the labels in this screen
- Radius server setup
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Radius server setup continued
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Use this screen to configure your tacacs server settings see section 19 on page 140 for more information on tacacs servers click on the tacacs server setup link in the authentication and accounting screen to view the screen as shown
- Tacacs server setup
- The following table describes the labels in this screen
- Tacacs server setup
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Use this screen to configure authentication and accounting settings on the switch click on the auth and acct setup link in the authentication and accounting screen to view the screen as shown
- Tacacs server setup continued
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Authentication and accounting setup
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Auth and acct setup
- Auth and acct setup continued
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Vendor specific attribute
- Refer to the documentation that comes with your radius server on how to configure vsas for users authenticating via the radius server
- You can configure tunnel protocol attributes on the radius server refer to your radius server documentation to assign a port on the switch to a vlan based on ieee 802 x authentication the port vlan settings are fixed and untagged this will also set the port s vid the following table describes the values you need to configure note that the bolded values in the table are fixed values as defined in rfc 3580
- Tunnel protocol attribute
- This section lists the attributes used by authentication and accounting functions on the switch in cases where the attribute has a specific format associated with it the format is specified
- Table 49 supported tunnel protocol attribute
- Table 48 supported vsas
- Supported radius attributes
- Remote authentication dial in user service radius attributes are data used to define specific authentication and accounting elements in a user profile which is stored on the radius server this section lists the radius attributes supported by the switch
- Refer to rfc 2865 for more information about radius attributes used for authentication refer to rfc 2866 and rfc 2869 for radius attributes used for accounting
- Note you must also create a vlan with the specified vid on the switch
- Note if you set the privilege level of a login account differently on the radius server s and the switch the user is assigned a privilege level from the database radius or local the switch uses first for user authentication
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Attributes used for authentication
- Attributes used for accounting
- The attributes are listed in the following table along with the time that they are sent the difference between console and telnet ssh exec events is that the telnet ssh events utilize the calling station id attribute
- The attributes are listed in the following table along with the time of the session they are sent
- Table 52 radius attributes exec events via console
- Table 51 radius attributes exec events via telnet ssh
- Table 50 radius attributes exec events via console
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Attributes used for accounting ieee 802 x events
- Attributes used for accounting exec events
- Table 52 radius attributes exec events via console
- Gs 2024 user s guide
- Chapter 19 authentication accounting
- Loop guard
- Hapter
- Loop guard overview
- The loop guard feature can not be enabled on the ports that have spanning tree protocol rstp mrstp or mstp enabled
- The following table describes the labels in this screen
- Note changes in this row are copied to all the ports as soon as you make them
- Loop guard setup
- Loop guard in the navigation panel to display the screen as shown
- After resolving the loop problem on your network you can re activate the disabled port via the web configurator see section 7 on page 72 or via commands see the cli reference guid
- Loop guard continued
- Gs 2024 user s guide
- Chapter 20 loop guard
- Ip application
- Static routing overview
- Static route
- Hapter
- Configuring static routing
- Chapter 21 static route
- The following table describes the related labels you use to create a static route
- Static routing
- Gs 2024 user s guide
- Static routing continued
- Gs 2024 user s guide
- Chapter 21 static route
- Hapter
- Dscp and per hop behavior
- Diffserv overview
- Differentiated services
- Dscp to ieee 802 p priority settings
- Diffserv network example
- Activating diffserv
- Gs 2024 user s guide
- Diffserv
- Chapter 22 differentiated services
- The following table describes the labels in this screen
- Hapter
- Dhcp status
- Dhcp overview
- Dhcp modes
- Dhcp configuration options
- Dhcp relay agent information
- Dhcp relay
- The following table describes the labels in this screen
- Table 58 relay agent information
- Gs 2024 user s guide
- Global
- Dhcp in the navigation panel and click the global link to display the screen as shown
- Configuring dhcp global relay
- Chapter 23 dhcp
- Configuring dhcp vlan settings
- Global dhcp relay configuration example
- You must set up a management ip address for each vlan that you want to configure dhcp settings for on the switch see section 7 on page 69 for information on how to do this
- The following table describes the labels in this screen
- The following example displays two vlans vids 1 and 2 for a campus network two dhcp servers are installed to serve each vlan the system is set up to forward dhcp requests from the dormitory rooms vlan 1 to the dhcp server with an ip address of 192 68 00 requests from the academic buildings vlan 2 are sent to the other dhcp server with an ip address of 172 3 0 00
- For the example network configure the vlan setting screen as shown
- Example dhcp relay for two vlans
- Example
- Management
- The maintenance screen
- Maintenance
- Hapter
- Save configuration
- Load factory default
- Clicking the apply or add button does not save the changes permanently all unsaved changes are erased after you reboot the switch
- Firmware upgrade
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device
- Reboot system
- Restore a configuration file
- Backup a configuration file
- Ftp command line procedure
- Ftp command line
- Filename conventions
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device
- Gui based ftp clients
- Ftp restrictions
- The access control main screen
- Hapter
- Access control overview
- Access control
- About snmp
- Chapter 25 access control
- An oid object id that begins with 1 90 is defined in private mibs otherwise it is a standard mib oid
- The switch supports the following mibs
- The switch sends traps to an snmp manager when an event occurs the following tables outline the snmp traps by category
- Table 66 snmp system traps
- Supported mibs
- Snmp v3 enhances security for snmp management snmp managers can be required to authenticate with agents before conducting snmp management sessions
- Snmp v3 and security
- Snmp traps
- Snmp mib ii rfc 1213 rfc 1157 snmp v1 rfc 1493 bridge mibs rfc 1643 ethernet mibs rfc 1155 smi rfc 2674 snmpv2 snmpv2c rfc 1757 rmon snmpv2 snmpv2c or later version compliant with rfc 2011 snmpv2 mib for ip rfc 2012 snmpv2 mib for tcp rfc 2013 snmpv2 mib for udp
- Security can be further enhanced by encrypting the snmp messages sent from the managers encryption protects the contents of the snmp messages when the contents of the snmp messages are encrypted only the intended recipients can read them
- Mibs let administrators collect statistics and monitor status and performance
- Gs 2024 user s guide
- Table 67 snmp interface traps
- Table 66 snmp system traps continued
- Gs 2024 user s guide
- Chapter 25 access control
- Chapter 25 access control
- Table 70 snmp switch traps
- Table 69 snmp ip traps
- Table 68 aaa traps
- Gs 2024 user s guide
- Table 70 snmp switch traps continued
- Gs 2024 user s guide
- From the access control screen display the snmp screen you can click access control to go back to the access control screen
- Configuring snmp
- Chapter 25 access control
- The following table describes the labels in this screen
- Note use the username and password of the login accounts you specify in this section to create accounts on the snmp v3 manager
- Note snmp version 2c is backwards compatible with snmp version 1
- Logins screen
- Gs 2024 user s guide
- Chapter 25 access control
- Chapter 25 access control
- Trap group
- Snmp continued
- Note the settings on the snmp manager must be set at the same security level or higher than the security level settings on the switch
- Gs 2024 user s guide
- From the snmp screen click trap group to view the screen as shown use the trap group screen to specify the types of snmp traps that should be sent to each snmp manager
- Configuring snmp trap group
- Setting up login accounts
- It is highly recommended that you change the default administrator password 1234
- The following table describes the labels in this screen
- Logins
- Gs 2024 user s guide
- Chapter 25 access control
- Ssh overview
- How ssh works
- Requirements for using ssh
- Introduction to https
- Ssh implementation on the switch
- Internet explorer warning messages
- Https example
- Example
- The main screen
- Netscape navigator warning messages
- Example
- Service port access control
- You can specify a group of one or more trusted computers from which an administrator may use a service to manage the switch click access control to return to the access control screen
- The following table describes the labels in this screen
- The following table describes the fields in this screen
- Service access control
- Remote management
- Gs 2024 user s guide
- From the access control screen display the remote management screen as shown next
- Chapter 25 access control
- Remote management continued
- Gs 2024 user s guide
- Chapter 25 access control
- Hapter
- Diagnostic
- Syslog setup
- Syslog overview
- Syslog
- Hapter
- The following table describes the labels in this screen
- Syslog server setup to open the following screen use this screen to configure a list of external syslog servers
- Syslog server setup
- Syslog
- Gs 2024 user s guide
- Chapter 27 syslog
- Chapter 27 syslog
- The following table describes the labels in this screen
- Server setup
- Gs 2024 user s guide
- Hapter
- Clustering management status overview
- Cluster management
- Cluster management status
- Cluster management in the navigation panel to display the following screen
- A cluster can only have one manager
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Go to the clustering management status screen of the cluster manager switch and then select an index hyperlink from the list of members to go to that cluster member switch s web configurator home page this cluster member web configurator home page and the home page that you d see if you accessed it directly are different
- Figure 120 cluster management cluster member web configurator screen
- Cluster member switch management
- Cluster management
- Chapter 28 cluster management
- You can use ftp to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example
- Use this screen to configure clustering management click configuration from the cluster management screen to display the next screen
- Uploading firmware to a cluster member switch
- The following table explains some of the ftp parameters
- Table 82 ftp upload to cluster member example
- Gs 2024 user s guide
- Figure 121 example uploading firmware to a cluster member switch
- Clustering management configuration
- Chapter 28 cluster management
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Configuration
- Chapter 28 cluster management
- Gs 2024 user s guide
- Configuration continued
- Chapter 28 cluster management
- Mac table overview
- Mac table
- Hapter
- Viewing the mac table
- The following table describes the labels in this screen
- Mac table in the navigation panel to display the following screen
- Mac table
- Gs 2024 user s guide
- Figure 123 mac table flowchart
- Chapter 29 mac table
- Viewing the arp table
- How arp works
- Hapter
- Arp table overview
- Arp table
- Arp table
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Chapter 30 arp table
- Hapter
- Configure clone
- The following table describes the labels in this screen
- Gs 2024 user s guide
- Configure clone
- Chapter 31 configure clone
- Troubleshooting product specifications
- Troubleshooting
- Power hardware connections and leds
- Hapter
- I forgot the password
- I forgot the ip address for the switch
- I cannot see or access the login screen in the web configurator
- Switch access and login
- I cannot use ftp to upload download the configuration file i cannot use ftp to upload new firmware
- I cannot access the smt i cannot telnet to the switch
- I can see the login screen but i cannot log in to the switch
- Product specifications
- Hapter
- Table 88 firmware specifications
- Table 87 hardware specifications
- Gs 2024 user s guide
- Chapter 33 product specifications
- Table 88 firmware specifications
- Note only upload firmware for your specific model
- Gs 2024 user s guide
- Chapter 33 product specifications
- Gs 2024 user s guide
- Chapter 33 product specifications
- Table 89 switching specifications
- The following list which is not exhaustive illustrates the standards supported in the switch
- Table 90 standards supported
- Table 89 switching specifications continued
- Gs 2024 user s guide
- Chapter 33 product specifications
- Table 90 standards supported continued
- In a serial communications connection generally a computer is dte data terminal equipment and a modem is dce data circuit terminating equipment the switch is dce when you connect a computer to the console port the switch is dte when you connect a modem to the dial backup port
- Gs 2024 user s guide
- Figure 127 console dial backup port pin layout
- Chapter 33 product specifications
- Cable pin assignments
- Table 92 ethernet cable pin assignments
- Table 91 console dial backup port pin assignments
- Gs 2024 user s guide
- Chapter 33 product specifications
- Appendices and index
- Appendices and
- Ppendix
- Pop up windows javascripts and java permissions
- Enable pop up blockers with exceptions
- Javascripts
- Java permissions
- Mozilla firefox
- Java sun
- Click content to show the screen below select the check boxes as shown in the following screen
- Structure
- Ppendix
- Ip addresses and subnetting
- Introduction to ip addresses
- A subnet mask is used to determine which bits are part of the network number and which bits are part of the host id using a logical and operation the term subnet is short for sub network
- A subnet mask has 32 bits if a bit in the subnet mask is a 1 then the corresponding bit in the ip address is part of the network number if a bit in the subnet mask is 0 then the corresponding bit in the ip address is part of the host id
- The following example shows a subnet mask identifying the network number in bold text and host id of an ip address 192 68 in decimal
- Table 93 ip address network number and host id example
- Subnet masks can be referred to by the size of the network number part the bits with a 1 value for example an 8 bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes
- Subnet masks
- How much of the ip address is the network number and how much is the host id varies according to the subnet mask
- Gs 2024 user s guide
- Figure 138 network number and host id
- By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits
- Appendix b ip addresses and subnetting
- Notation
- Network size
- Gs 2024 user s guide
- For example 192 25 is equivalent to saying 192 with subnet mask 255 55 55 28
- As these two ip addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows
- Appendix b ip addresses and subnetting
- An ip address with host ids of all zeros is the ip address of the network 192 68 with a 24 bit subnet mask for example an ip address with host ids of all ones is the broadcast address for that network 192 68 55 with a 24 bit subnet mask for example
- The size of the network number determines the maximum number of possible hosts you can have on your network the larger the number of network number bits the smaller the number of remaining host id bits
- The following table shows some possible subnet masks using both notations
- Table 96 alternative subnet mask notation
- Table 95 maximum host numbers
- Table 94 subnet masks
- Subnet masks are expressed in dotted decimal notation just like ip addresses the following examples show the binary and decimal notation for 8 bit 16 bit 24 bit and 29 bit subnet masks
- Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet this is usually specified by writing a followed by the number of bits in the mask after the address
- The following figure shows the company network after subnetting there are now two sub networks a and b
- The borrowed host id bit can have a value of either 0 or 1 allowing two subnets 192 68 25 and 192 68 28 25
- Table 96 alternative subnet mask notation continued
- Subnetting
- In this example the company network address is 192 68 the first three octets of the address 192 68 are the network number and the remaining octet is the host id allowing a maximum of
- Gs 2024 user s guide
- Figure 139 subnetting example before subnetting
- Appendix b ip addresses and subnetting
- 2 or 254 possible hosts
- You can use subnetting to divide one network into multiple sub networks in the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons
- You can borrow one of the host id bits to divide the network 192 68 into two separate sub networks the subnet mask is now 25 bits 255 55 55 28 or 25
- The following figure shows the company network before subnetting
- Example four subnets
- The following table shows ip address last octet values for each subnet
- Table 99 subnet 3
- Table 98 subnet 2
- Table 101 eight subnets
- Table 100 subnet 4
- Similarly use a 27 bit mask to create eight subnets 000 001 010 011 100 101 110 and 111
- Gs 2024 user s guide
- Example eight subnets
- Appendix b ip addresses and subnetting
- Subnet planning
- Gs 2024 user s guide
- Appendix b ip addresses and subnetting
- The following table is a summary for subnet planning on a network with a 24 bit network number
- The following table is a summary for subnet planning on a network with a 16 bit network number
- Table 103 16 bit network number subnet planning
- Table 102 24 bit network number subnet planning
- Table 101 eight subnets continued
- Private ip addresses
- Configuring ip addresses
- Ppendix
- Legal information
- Copyright
- Certifications
- Zyxel limited warranty
- Ppendix
- Customer support
- Numerics
- Gs 2024 user s guide
- Gs 2024 user s guide
- Gs 2024 user s guide
- Gs 2024 user s guide
- Gs 2024 user s guide
- Gs 2024 user s guide
- Gs 2024 user s guide
Похожие устройства
-
Zyxel XGS4600-52FОфициальные технические данные -
Zyxel XGS4600-32FТехнические характеристики
-
Zyxel XGS4600-32Техническое описание
-
Zyxel XGS1210-12Краткая инструкция -
Zyxel XS3700-24Технический обзор -
Zyxel GS2210-8HPПодробное техническое описание
-
Zyxel GS2210-24HPТехническая спецификация
-
Zyxel GS2210-48HPТехническое описание
-
Zyxel GS2210-8Техническая спецификация
-
Zyxel GS2210-24Технический паспорт устройства
-
Zyxel GS2210-48Техническая спецификация
-
Zyxel XGS2210-28HPТехническая спецификация
Learn how to configure port-based VLANs for network segmentation, define allowed ports, and manage VLAN settings on switches for improved security and traffic control.