![Zyxel GS2210-48HP [211/444] Aaa overview](/img/pdf.png)
Zyxel GS2210-48HP [211/444] Aaa overview
![Zyxel GS2210-48HP [211/444] Aaa overview](/views2/1168825/page211/bgd3.png)
GS2210 Series User’s Guide
211
CHAPTER 25
AAA
25.1 AAA Overview
This chapter describes how to configure authentication, authorization and accounting settings on
the Switch.
The external servers that perform authentication, authorization and accounting functions are known
as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see
RADIUS and TACACS+ on page 212) and TACACS+ (Terminal Access Controller Access-Control
System Plus, see RADIUS and TACACS+ on page 212) as external authentication and authorization
servers.
Figure 150 AAA Server
25.1.1 What You Can Do
•Use the AAA screen (Section 25.2 on page 212) to display the links to the screens where you can
enable authentication and authorization or both of them on the Switch.
•use the RADIUS Server Setup screen (Section 25.3 on page 213) to configure your RADIUS
server settings.
•Use the TACACS+ Server Setup screen (Section 25.4 on page 214) to configure your TACACS+
authentication settings.
•Use the AAA Setup screen (Section 25.5 on page 216) to configure authentication, authorization
and accounting settings, such as the methods used to authenticate users accessing the Switch
and which database the Switch should use first.
25.1.2 What You Need to Know
Authentication is the process of determining who a user is and validating access to the Switch. The
Switch can authenticate users who try to log in based on user accounts configured on the Switch
itself. The Switch can also use an external authentication server to authenticate a large number of
users.
Authorization is the process of determining what a user is allowed to do. Different user accounts
may have higher or lower privilege levels associated with them. For example, user A may have the
right to create new login accounts on the Switch but user B cannot. The Switch can authorize users
Client
AAA Server
Содержание
- Default login details 1
- Gs2210 series 1
- Intelligent layer 2 gbe switch 1
- Quick start guide 1
- User s guide 1
- Important 2
- Keep this guide for future reference 2
- Note it is recommended you use the web configurator to configure the switch 2
- Read carefully before use 2
- Related documentation 2
- Contents overview 3
- Technical reference 3 3
- User s guide 8 3
- Chapter 1 getting to know your switch 9 5
- Chapter 2 hardware installation and connection 4 5
- Chapter 3 hardware panels 7 5
- Contents overview 5
- Part i user s guide 18 5
- Part ii technical reference 33 5
- Table of contents 5
- Chapter 4 the web configurator 4 6
- Chapter 5 initial setup example 2 6
- Chapter 6 tutorials 6 6
- Chapter 7 status and zon 5 6
- Chapter 8 basic setting 4 6
- Chapter 9 vlan 3 7
- Chapter 10 static mac forward setup 114 8
- Chapter 11 static multicast forward setup 116 8
- Chapter 12 filtering 119 8
- Chapter 13 spanning tree protocol 21 8
- Chapter 14 bandwidth control 42 8
- Chapter 15 broadcast storm control 44 9
- Chapter 16 mirroring 46 9
- Chapter 17 link aggregation 48 9
- Chapter 18 port authentication 57 9
- Chapter 19 port security 65 9
- Chapter 20 time range 68 10
- Chapter 21 classifier 70 10
- Chapter 22 policy rule 79 10
- Chapter 23 queuing method 83 10
- Chapter 24 multicast 86 10
- Chapter 25 aaa 211 11
- Chapter 26 ip source guard 22 11
- Chapter 27 loop guard 57 12
- Chapter 28 layer 2 protocol tunneling 61 12
- Chapter 29 pppoe 65 12
- Chapter 30 error disable 73 12
- Chapter 31 private vlan 80 13
- Chapter 32 green ethernet 82 13
- Chapter 33 link layer discovery protocol lldp 84 13
- Chapter 34 anti arpscan 09 13
- Chapter 35 bpdu guard 15 13
- Chapter 36 oam 18 14
- Chapter 37 zuld 26 14
- Chapter 38 static route 30 14
- Chapter 39 differentiated services 33 14
- Chapter 40 dhcp 37 14
- Chapter 41 arp setup 49 15
- Chapter 42 maintenance 53 15
- Chapter 43 access control 62 15
- Chapter 44 diagnostic 85 16
- Chapter 45 system log 88 16
- Chapter 46 syslog setup 89 16
- Chapter 47 cluster management 92 16
- Chapter 48 mac table 98 16
- User s guide 18
- Getting to know your switch 19
- Introduction 19
- Backbone application 20
- Switch model firmware version 20
- Switch model poe features 20
- Bridging example 21
- High performance switching example 21
- Ieee 802 q vlan application examples 22
- Tag based vlan example 22
- Good habits for managing the switch 23
- Ways to manage the switch 23
- Desktop installation procedure 24
- Hardware installation and connection 24
- Installation scenarios 24
- Mounting the switch on a rack 24
- Rack mounted installation requirements 24
- Attaching the mounting brackets to the switch 25
- Mounting the switch on a rack 25
- Front panel 27
- Gigabit ethernet ports 27
- Hardware panels 27
- Auto crossover 28
- Default ethernet negotiation settings 28
- Mini gbic slots 28
- Note the dual personality ports change to fiber mode directly when inserting the fiber module 28
- To avoid possible eye injury do not look into an operating fiber optic module s connectors 28
- Transceiver installation 29
- Transceiver removal 29
- Led mode only available for gs2210 48hp 30
- Rear panel 30
- 9600 bps 31
- After you connect the power to the switch view the leds to ensure proper functioning of the switch and as an aid in troubleshooting 31
- Chapter 3 hardware panels 31
- Connect the male 9 pin end of the console cable to the console port of the switch connect the female end to a serial port com1 com2 or other com port of your computer 31
- Console port 31
- Figure 23 rear panel gs2210 48hp 31
- For local management you can use a computer with terminal emulation software configured to the following parameters 31
- Gs2210 series user s guide 31
- Led color status description 31
- No flow control 31
- No parity 8 data bits 1 stop bit 31
- Note make sure you are using the correct power source as shown on the panel 31
- Power connector 31
- See chapter 53 on page 409 for information on the switch s power supply requirements 31
- Table 4 led descriptions 31
- Terminal emulation 31
- To connect power to the switch insert the female end of the power cord to the ac power receptacle on the rear panel connect the other end of the supplied power cord to a power outlet make sure that no objects obstruct the airflow of the fans located on the side of the unit 31
- Chapter 3 hardware panels 32
- Gs2210 series user s guide 32
- Led color status description 32
- Table 4 led descriptions continued 32
- Technical reference 33
- Overview 34
- System login 34
- The web configurator 34
- C d e f 35
- The status screen 35
- Chapter 4 the web configurator 37
- Gs2210 series user s guide 37
- Link description 37
- Table 6 navigation panel links 37
- The following table describes the links in the navigation panel 37
- Chapter 4 the web configurator 38
- Gs2210 series user s guide 38
- Link description 38
- Table 6 navigation panel links continued 38
- Change your password 39
- Chapter 4 the web configurator 39
- Figure 26 change administrator login password 39
- Gs2210 series user s guide 39
- Link description 39
- Logins to display the next screen 39
- Saving your configuration 39
- Table 6 navigation panel links continued 39
- When you are done modifying the settings in a screen click apply to save your changes back to the run time memory settings in the run time memory are lost when the switch s power is turned off 39
- Note be careful not to lock yourself and others out of the switch 40
- Note use the save link when you are done with a configuration session 40
- Reload the configuration file 40
- Resetting the switch 40
- Switch lockout 40
- Logging out of the web configurator 41
- Creating a vlan 42
- Initial setup example 42
- Overview 42
- Note the vlan group id field in this screen and the vid field in the ip setup screen refer to the same vlan id 43
- Setting port vid 43
- Configuring switch management ip address 44
- How to use dhcpv4 snooping on the switch 46
- Overview 46
- Tutorials 46
- How to use dhcpv4 relay on the switch 49
- Creating a vlan 50
- Dhcp relay tutorial introduction 50
- Dhcp server port 2 pvid 102 50
- Vlan 102 50
- Configuring dhcpv4 relay 53
- Troubleshooting 54
- Overview 55
- Status 55
- Status and zon 55
- What you can do 55
- Chapter 7 status and zon 56
- Figure 44 status for poe model s 56
- Gs2210 series user s guide 56
- Label description 56
- Table 8 status 56
- The following table describes the labels in this screen 56
- Chapter 7 status and zon 57
- Gs2210 series user s guide 57
- Label description 57
- Table 8 status continued 57
- The following figure shows the zon utility screen 57
- The zon utility issues requests via zyxel discovery protocol zdp and in response to the query the device responds back with basic information including ip address firmware version location system and model name in the same broadcast domain the information is then displayed in the zon utility screen and you can perform tasks like basic configuration of the devices and batch firmware upgrade in it you can download the zon utility at www zyxel com and install it on a pc 57
- Zon utility is a program designed to help you deploy and manage a network more efficiently it detects devices automatically and allows you to do basic settings on devices in the network without having to be near it 57
- Zyxel one network zon utility screen 57
- Zon neighbor management screen 58
- Chapter 7 status and zon 59
- Gs2210 series user s guide 59
- Label description 59
- Neighbor 59
- Port status 59
- The following table describes the fields in the above screen 59
- This screen displays a port statistical summary with links to each port showing statistical details to view the port statistics click status in all web configurator screens and then the port status link 59
- Chapter 7 status and zon 60
- Figure 47 port status for poe model s 60
- Gs2210 series user s guide 60
- Label description 60
- Port status to see the following screen 60
- Table 10 port status 60
- The following table describes the labels in this screen 60
- Port details 61
- Chapter 7 status and zon 62
- Gs2210 series user s guide 62
- Label description 62
- Table 11 port status port details 62
- The following table describes the labels in this screen 62
- Chapter 7 status and zon 63
- Gs2210 series user s guide 63
- Label description 63
- Table 11 port status port details continued 63
- Basic setting 64
- Overview 64
- System information 64
- What you can do 64
- Chapter 8 basic setting 65
- Gs2210 series user s guide 65
- Label description 65
- System info 65
- System info for poe model s only 65
- The following table describes the labels in this screen 65
- Chapter 8 basic setting 66
- General setup 66
- General setup in the navigation panel to display the screen as shown 66
- Gs2210 series user s guide 66
- Label description 66
- System info continued 66
- Chapter 8 basic setting 67
- General setup 67
- Gs2210 series user s guide 67
- Label description 67
- The following table describes the labels in this screen 67
- A vlan virtual local area network allows a physical network to be partitioned into multiple logical networks devices on a logical network belong to one group a device can belong to more than one group with vlan a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router 68
- Chapter 8 basic setting 68
- General setup continued 68
- Gs2210 series user s guide 68
- In mtu multi tenant unit applications vlan is vital in providing isolation and security among the subscribers when properly configured vlan prevents one subscriber from accessing the network resources of another on the same lan thus a user will not see the printers and hard disks of another user in the same building 68
- Introduction to vlans 68
- Label description 68
- Note vlan is unidirectional it only governs outgoing traffic 68
- Vlan also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain in traditional switched environments all broadcast packets go to each and every individual port with vlan all broadcasts are confined to a specific broadcast domain 68
- Chapter 8 basic setting 69
- Chapter 9 on page 9 69
- Gs2210 series user s guide 69
- Label description 69
- See chapter 9 on page 93 for information on port based and 802 q tagged vlans 69
- Switch setup 69
- Switch setup in the navigation panel to display the screen as shown the vlan setup screens change depending on whether you choose 802 q or port based in the vlan type field in this screen refer to chapter 9 on page 93 for more information on vlan 69
- The following table describes the labels in this screen 69
- Chapter 8 basic setting 70
- Gs2210 series user s guide 70
- Ip setup 70
- Label description 70
- Switch setup continued 70
- Use the ip setup screen to configure the switch ip address default gateway device and the management vlan id the default gateway specifies the ip address of the default gateway next hop for outgoing traffic 70
- Management ip addresses 71
- Note you must configure a vlan first each vlan can only have one management ip address 71
- Chapter 8 basic setting 72
- Gs2210 series user s guide 72
- Ip setup continued 72
- Label description 72
- Port setup 72
- Port setup in the navigation panel to display the configuration screen 72
- Chapter 8 basic setting 73
- Gs2210 series user s guide 73
- Label description 73
- Note changes in this row are copied to all the ports as soon as you make them 73
- Note due to space limitation the port name may be truncated in some web configurator screens 73
- Port setup 73
- The following table describes the labels in this screen 73
- A powered device pd is a device such as an access point or a switch that supports poe power over ethernet so that it can receive power from another device through an ethernet port 74
- Chapter 8 basic setting 74
- Gs2210 series user s guide 74
- In the figure below the ip camera and ip phone get their power directly from the switch aside from minimizing the need for cables and wires poe removes the hassle of trying to find a nearby electric outlet to power up devices 74
- Label description 74
- Note the following screens are available for the poe model s only some features are only available for the ethernet ports 1 to 8 for gs2210 8hp 1 to 24 for gs2210 24hp and 1 to 48 for gs2210 48hp 74
- Poe status 74
- Port setup continued 74
- The poe model s supports the ieee 802 at high power over ethernet poe standard 74
- Note the poe power over ethernet devices that supply or receive power and their connected ethernet cables must all be completely indoors 75
- Chapter 8 basic setting 76
- Gs2210 series user s guide 76
- Label description 76
- Note the switch must have at least 16 w of remaining power in order to supply power to a poe device even if the poe device needs less than 16w 76
- Poe status 76
- Poe time range status 76
- The following table describes the labels in this screen 76
- Use this screen to see whether poe is scheduled to be enabled on a port 76
- Poe setup 77
- Chapter 8 basic setting 78
- Gs2210 series user s guide 78
- Label description 78
- Note changes in this row are copied to all the ports as soon as you make them 78
- Poe setup 78
- The following table describes the labels in this screen 78
- An ipv6 address is configured on a per interface basis the interface can be a physical interface for example an ethernet port or a virtual interface for example a vlan the switch supports the vlan interface type for ipv6 at the time of writing 79
- Chapter 8 basic setting 79
- Gs2210 series user s guide 79
- Interface setup 79
- Interface setup in the navigation panel to display the configuration screen 79
- Label description 79
- Poe setup continued 79
- Chapter 8 basic setting 80
- Gs2210 series user s guide 80
- Interface setup 80
- Ipv6 in the navigation panel to display the ipv6 status screen as shown next 80
- Label description 80
- The following table describes the labels in this screen 80
- Use this screen to view the ipv6 interface status and configure switch s management ipv6 addresses 80
- Ipv6 interface status 81
- Chapter 8 basic setting 82
- Gs2210 series user s guide 82
- Ipv6 interface status 82
- Label description 82
- The following table describes the labels in this screen 82
- Chapter 8 basic setting 83
- Gs2210 series user s guide 83
- Ipv6 interface status continued 83
- Label description 83
- Chapter 8 basic setting 84
- Gs2210 series user s guide 84
- Ipv6 configuration 84
- Ipv6 global setup 84
- Ipv6 screen the following screen opens 84
- Label description 84
- The following table describes the labels in this screen 84
- Use this screen to configure the global ipv6 settings click the link next to ipv6 global setup in the ipv6 configuration screen to display the screen as shown next 84
- Chapter 8 basic setting 85
- Gs2210 series user s guide 85
- Ipv6 global setup 85
- Ipv6 interface setup 85
- Label description 85
- The following table describes the labels in this screen 85
- Use this screen to turn on or off an ipv6 interface and enable stateless autoconfiguration on it click the link next to ipv6 interface setup in the ipv6 configuration screen to display the screen as shown next 85
- A link local address uniquely identifies a device on the local network the lan it is similar to a private ip address in ipv4 you can have the same link local address on multiple interfaces on a device a link local unicast address has a predefined prefix of fe80 10 86
- Chapter 8 basic setting 86
- Gs2210 series user s guide 86
- Ipv6 interface setup 86
- Ipv6 link local address setup 86
- Label description 86
- The following table describes the labels in this screen 86
- Use this screen to configure the interface s link local address and default gateway click the link next to ipv6 link local address setup in the ipv6 configuration screen to display the screen as shown next 86
- Chapter 8 basic setting 87
- Gs2210 series user s guide 87
- Ipv6 global address setup 87
- Ipv6 link local address setup continued 87
- Label description 87
- The following table describes the labels in this screen 87
- Use this screen to configure the interface s ipv6 global address click the link next to ipv6 global address setup in the ipv6 configuration screen to display the screen as shown next 87
- Chapter 8 basic setting 88
- Gs2210 series user s guide 88
- Ipv6 global address setup continued 88
- Ipv6 neighbor discovery setup 88
- Label description 88
- The following table describes the labels in this screen 88
- Use this screen to configure neighbor discovery settings for each interface click the link next to ipv6 neighbor discovery setup in the ipv6 configuration screen to display the screen as shown next 88
- Chapter 8 basic setting 89
- Gs2210 series user s guide 89
- Ipv6 neighbor discovery setup continued 89
- Ipv6 neighbor setup 89
- Label description 89
- Use this screen to create a static ipv6 neighbor entry in the switch s ipv6 neighbor table to store the neighbor information permanently click the link next to ipv6 neighbor setup in the ipv6 configuration screen to display the screen as shown next 89
- Chapter 8 basic setting 90
- Dhcpv6 client setup 90
- Gs2210 series user s guide 90
- Ipv6 neighbor setup 90
- Label description 90
- The following table describes the labels in this screen 90
- Use this screen to configure the switch s dhcp settings when it is acting as a dhcpv6 client click the link next to dhcpv6 client setup in the ipv6 configuration screen to display the screen as shown next 90
- Chapter 8 basic setting 91
- Dhcpv6 client setup 91
- Gs2210 series user s guide 91
- Label description 91
- The following table describes the labels in this screen 91
- Chapter 8 basic setting 92
- Dns domain name system is for mapping a domain name to its corresponding ip address and vice versa use the dns screen to configure and view the default dns servers on the switch 92
- Gs2210 series user s guide 92
- Label description 92
- The following table describes the labels in this screen 92
- Overview 93
- What you can do 93
- What you need to know 93
- Automatic vlan registration 94
- Forwarding tagged and untagged frames 94
- Garp timers 94
- Chapter 9 vlan 95
- Enable vlan trunking on a port to allow frames belonging to unknown vlan groups to pass through that port this is useful if you want to set up vlan groups on end devices without having to configure the same vlan groups on intermediary devices 95
- Figure 70 port vlan trunking 95
- Gs2210 series user s guide 95
- Please refer to the following table for common ieee 802 q vlan terminology 95
- Port vlan trunking 95
- Refer to the following figure suppose you want to create vlan groups 1 and 2 v1 and v2 on devices a and b without vlan trunking you must configure vlan groups 1 and 2 on all intermediary switches c d and e otherwise they will drop frames with unknown vlan group tags however with vlan trunking enabled on a port s in each intermediary switch you only need to create vlan groups in the end devices a and b c d and e automatically allow frames with vlan group tags 1 and 2 vlan groups that are unknown to those switches to pass through their vlan trunking port s 95
- Select the vlan type 95
- Switch setup screen 95
- Table 32 ieee 802 q vlan terminology 95
- Vlan parameter term description 95
- Static vlan 96
- Vlan status 96
- Chapter 9 vlan 97
- Gs2210 series user s guide 97
- Label description 97
- The following table describes the labels in this screen 97
- Use this screen to view detailed port settings and status of the vlan group click on an index number in the vlan status screen to display vlan details 97
- Vlan detail 97
- Vlan details 97
- Vlan vlan status continued 97
- Chapter 9 vlan 98
- Configure a static vlan 98
- Gs2210 series user s guide 98
- Label description 98
- The following table describes the labels in the above screen 98
- Use this screen to configure a static vlan for the switch click the static vlan setup link in the vlan configuration screen to display the screen as shown next 98
- Vlan configuration 98
- Vlan configuration to see the following screen 98
- Chapter 9 vlan 99
- Gs2210 series user s guide 99
- Label description 99
- Note changes in this row are copied to all the ports as soon as you make them 99
- Static vlan setup 99
- The following table describes the related labels in this screen 99
- Chapter 9 vlan 100
- Configure vlan port settings 100
- Gs2210 series user s guide 100
- Label description 100
- Static vlan setup continued 100
- Use the vlan port setup screen to configure the static vlan ieee 802 q settings on a port click the vlan port setup link in the vlan configuration screen 100
- Vlan port setup 100
- Chapter 9 vlan 101
- For example an isp internet services provider may divide different types of services it provides to customers into different ip subnets traffic for voice services is designated for ip subnet 101
- Gs2210 series user s guide 101
- Label description 101
- Note changes in this row are copied to all the ports as soon as you make them 101
- Subnet based vlans 101
- Subnet based vlans allow you to group traffic into logical vlans based on the source ip subnet you specify when a frame is received on a port the switch checks if a tag is added already and the ip subnet it came from the untagged packets from the same ip subnet are then placed in the same subnet based vlan one advantage of using subnet based vlans is that priority can be assigned to traffic from the same ip subnet 101
- The following table describes the labels in this screen 101
- Vlan port setup 101
- Configuring subnet based vlan 102
- Internet 102
- Note subnet based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 102
- Chapter 9 vlan 103
- Gs2210 series user s guide 103
- Label description 103
- Subnet based vlan setup 103
- The following table describes the labels in this screen 103
- Configuring protocol based vlan 104
- Note protocol based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 104
- Protocol based vlans 104
- Chapter 9 vlan 105
- Gs2210 series user s guide 105
- Label description 105
- Note protocol based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 105
- Note protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based vlans 105
- Protocol based vlan setup 105
- The following table describes the labels in this screen 105
- Voice vlan 106
- Chapter 9 vlan 107
- Gs2210 series user s guide 107
- Label description 107
- Mac based vlan 107
- The following table describes the fields in the above screen 107
- The mac based vlan feature assigns incoming untagged packets to a vlan and classifies the traffic based on the source mac address of the packet when untagged packets arrive at the switch the source mac address of the packet is looked up in a mac to vlan mapping table if an entry is found the corresponding vlan id is assigned to the packet the assigned vlan id is verified against the vlan table if the vlan is valid ingress processing on the packet continues otherwise the packet is dropped 107
- This feature allows users to change ports without having to reconfigure the vlan you can assign priority to the mac based vlan and define a mac to vlan mapping table by entering a specified 107
- Voice vlan setup 107
- Chapter 9 vlan 108
- Click the mac based vlan setup link in the vlan configuration screen to see the following screen 108
- Gs2210 series user s guide 108
- Label description 108
- Mac based vlan setup 108
- Source mac address in the mac based vlan setup screen you can also delete a mac based vlan entry in the same screen 108
- The following table describes the fields in the above screen 108
- Configure a port based vlan 109
- Note in screens such as ip setup and filtering that require a vid you must enter 1 as the vid 109
- Note when you activate port based vlan the switch uses a default vlan id of 1 you cannot change it 109
- Port based vlan setup 109
- Activate this protocol based vlan 112
- Chapter 9 vlan 112
- Create an ip based vlan example 112
- Give this protocol based vlan a descriptive name type ip vlan 112
- Gs2210 series user s guide 112
- Leave the priority set to 0 and click add 112
- Select the protocol leave the default value ip 112
- Technical reference 112
- The following table describes the labels in this screen 112
- This example shows you how to create an ip vlan which includes ports 1 4 and 8 follow these steps 112
- This section provides technical background information on the topics discussed in this chapter 112
- Type the port number you want to include in this protocol based vlan type 1 112
- Type the vlan id of an existing vlan in our example we already created a static vlan with an id of 5 type 5 112
- Vlan port based vlan setup label description 112
- Configuring static mac forwarding 114
- Overview 114
- Static mac forward setup 114
- What you can do 114
- Chapter 10 static mac forward setup 115
- Gs2210 series user s guide 115
- Label description 115
- Note static mac addresses do not age out 115
- Static mac forwarding 115
- The following table describes the labels in this screen 115
- Static multicast forward setup 116
- Static multicast forward setup overview 116
- What you can do 116
- What you need to know 116
- Configuring static multicast forwarding 117
- Chapter 11 static multicast forward setup 118
- Gs2210 series user s guide 118
- Label description 118
- Static multicast forwarding 118
- The following table describes the labels in this screen 118
- Configure a filtering rule 119
- Filtering 119
- Filtering overview 119
- What you can do 119
- Chapter 12 filtering 120
- Filtering 120
- Gs2210 series user s guide 120
- Label description 120
- The following table describes the related labels in this screen 120
- Spanning tree protocol 121
- Spanning tree protocol overview 121
- What you can do 121
- What you need to know 121
- How stp works 122
- Note in this user s guide stp refers to both stp and rstp 122
- Stp terminology 122
- Multiple rstp 123
- Multiple stp 123
- Note each port can belong to one stp tree only 123
- Stp port states 123
- Spanning tree configuration 124
- Spanning tree protocol status screen 124
- Chapter 13 spanning tree protocol 125
- Configuration 125
- Configure rapid spanning tree protocol 125
- Gs2210 series user s guide 125
- Label description 125
- Spanning tree protocol screen 125
- The following table describes the labels in this screen 125
- 2 hello time 1 126
- Chapter 13 spanning tree protocol 126
- Configuration screen to enable rstp on the switch 126
- Gs2210 series user s guide 126
- Label description 126
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 126
- Note changes in this row are copied to all the ports as soon as you make them 126
- The following table describes the labels in this screen 126
- Chapter 13 spanning tree protocol 127
- Gs2210 series user s guide 127
- Label description 127
- Note this screen is only available after you activate rstp on the switch 127
- Rapid spanning tree protocol status 127
- Rstp continued 127
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 121 for more information on rstp 127
- Status rstp 127
- The following table describes the labels in this screen 127
- Chapter 13 spanning tree protocol 128
- Gs2210 series user s guide 128
- Label description 128
- Note the listening state does not exist in rstp 128
- Status rstp continued 128
- Configure multiple rapid spanning tree protocol 129
- 2 hello time 1 130
- Chapter 13 spanning tree protocol 130
- Gs2210 series user s guide 130
- Label description 130
- Mrstp continued 130
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 130
- Note changes in this row are copied to all the ports as soon as you make them 130
- Chapter 13 spanning tree protocol 131
- Gs2210 series user s guide 131
- Label description 131
- Mrstp continued 131
- Multiple rapid spanning tree protocol status 131
- Note this screen is only available after you activate mrstp on the switch 131
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 121 for more information on mrstp 131
- Status mrstp 131
- The following table describes the labels in this screen 131
- Chapter 13 spanning tree protocol 132
- Configure multiple spanning tree protocol 132
- Gs2210 series user s guide 132
- Label description 132
- Note the listening state does not exist in rstp 132
- Spanning tree protocol screen see multiple stp on page 123 for more information on mstp 132
- Status mrstp continued 132
- Chapter 13 spanning tree protocol 133
- Configuration screen to enable mstp on the switch 133
- Gs2210 series user s guide 133
- Label description 133
- The following table describes the labels in this screen 133
- 2 hello time 1 134
- Chapter 13 spanning tree protocol 134
- Gs2210 series user s guide 134
- Label description 134
- Mstp continued 134
- Note changes in this row are copied to all the ports as soon as you make them 134
- Chapter 13 spanning tree protocol 135
- Gs2210 series user s guide 135
- Label description 135
- Mstp continued 135
- Mstp port configuration 135
- Port in the navigation panel to display the status screen as shown next see multiple stp on page 123 for more information on mstp 135
- Chapter 13 spanning tree protocol 136
- Gs2210 series user s guide 136
- Label description 136
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 136
- Note changes in this row are copied to all the ports as soon as you make them 136
- The following table describes the labels in this screen 136
- Multiple spanning tree protocol status 137
- Note this screen is only available after you activate mstp on the switch 137
- Chapter 13 spanning tree protocol 138
- Gs2210 series user s guide 138
- Label description 138
- Status mstp 138
- The following table describes the labels in this screen 138
- Chapter 13 spanning tree protocol 139
- Gs2210 series user s guide 139
- Label description 139
- Mstp network example 139
- Status mstp continued 139
- Technical reference 139
- The following figure shows a network example where two vlans are configured on the two switches if the switches are using stp or rstp the link for vlan 2 will be blocked as stp and rstp allow only one link in the network and block the redundant link 139
- This section provides technical background information on the topics discussed in this chapter 139
- Mst region 140
- Vlan 1 vlan 2 140
- Common and internal spanning tree cist 141
- Mst instance 141
- Bandwidth control 142
- Bandwidth control overview 142
- Bandwidth control setup 142
- What you can do 142
- Bandwidth control 143
- Chapter 14 bandwidth control 143
- Gs2210 series user s guide 143
- Label description 143
- Note changes in this row are copied to all the ports as soon as you make them 143
- Note ingress rate bandwidth control applies to layer 2 traffic only 143
- The following table describes the related labels in this screen 143
- Broadcast storm control 144
- Broadcast storm control overview 144
- Broadcast storm control setup 144
- What you can do 144
- Broadcast storm control 145
- Chapter 15 broadcast storm control 145
- Gs2210 series user s guide 145
- Label description 145
- Note changes in this row are copied to all the ports as soon as you make them 145
- The following table describes the labels in this screen 145
- Mirroring 146
- Mirroring overview 146
- Port mirroring setup 146
- What you can do 146
- Chapter 16 mirroring 147
- Gs2210 series user s guide 147
- Label description 147
- Mirroring 147
- Note changes in this row are copied to all the ports as soon as you make them 147
- The following table describes the labels in this screen 147
- Link aggregation 148
- Link aggregation overview 148
- What you can do 148
- What you need to know 148
- Link aggregation id 149
- Link aggregation status 149
- Chapter 17 link aggregation 150
- Gs2210 series user s guide 150
- Label description 150
- Link aggregation status 150
- The following table describes the labels in this screen 150
- Chapter 17 link aggregation 151
- Gs2210 series user s guide 151
- Label description 151
- Link aggregation setting 151
- Link aggregation setting to display the screen shown next see section 17 on page 148 for more information on link aggregation 151
- Link aggregation status continued 151
- Chapter 17 link aggregation 153
- Gs2210 series user s guide 153
- Label description 153
- Lacp to display the screen shown next see dynamic link aggregation on page 148 for more information on dynamic link aggregation 153
- Link aggregation control protocol 153
- Link aggregation setting continued 153
- Note when you enable the port security feature on the switch and configure port security settings for a port you cannot include the port in an active trunk group 153
- Chapter 17 link aggregation 155
- Gs2210 series user s guide 155
- Label description 155
- Lacp continued 155
- Make your physical connections make sure that the ports that you want to belong to the trunk group are connected to the same destination the following figure shows ports 2 5 on switch a connected to switch b 155
- Note changes in this row are copied to all the ports as soon as you make them 155
- Static trunking example 155
- Technical reference 155
- This example shows you how to create a static port trunk group for ports 2 5 155
- This section provides technical background information on the topics discussed in this chapter 155
- Port authentication 157
- Port authentication overview 157
- What you can do 157
- What you need to know 157
- Mac authentication 158
- Activate ieee 802 x security 159
- Port authentication configuration 159
- Chapter 18 port authentication 160
- Gs2210 series user s guide 160
- Guest vlan 160
- Label description 160
- Note changes in this row are copied to all the ports as soon as you make them 160
- Note you must first enable 802 x authentication on the switch before configuring it on each port 160
- The following table describes the labels in this screen 160
- When 802 x port authentication is enabled on the switch and its ports clients that do not have the correct credentials are blocked from using the port s you can configure your switch to have one vlan that acts as a guest vlan if you enable the guest vlan 102 in the example on a port 2 in the example the user a in the example that is not ieee 802 x capable or fails to enter the correct username and password can still access the port but traffic from the user is forwarded to the guest vlan that is unauthenticated users can have access to limited network resources in the same guest vlan such as the internet the rights granted to the guest vlan depends on how the network administrator configures switches or routers with the guest network feature 160
- Internet 161
- Vlan 100 161
- Vlan 102 161
- Activate mac authentication 162
- Chapter 18 port authentication 162
- Gs2210 series user s guide 162
- Guest vlan 162
- Label description 162
- The following table describes the labels in this screen 162
- Use this screen to activate mac authentication in the port authentication screen click mac authentication to display the configuration screen as shown 162
- Chapter 18 port authentication 164
- Gs2210 series user s guide 164
- Label description 164
- Mac authentication continued 164
- Note changes in this row are copied to all the ports as soon as you make them 164
- Note if the aging time in the switch setup screen is set to a lower value then it supersedes this setting see section 8 on page 69 164
- Port security 165
- Port security overview 165
- Port security setup 165
- What you can do 165
- Chapter 19 port security 166
- Gs2210 series user s guide 166
- Label description 166
- Note changes in this row are copied to all the ports as soon as you make them 166
- Port security 166
- The following table describes the labels in this screen 166
- Chapter 19 port security 167
- Gs2210 series user s guide 167
- Label description 167
- Port security continued 167
- Configuring time range 168
- Time range 168
- Time range overview 168
- What you can do 168
- Chapter 20 time range 169
- Gs2210 series user s guide 169
- Label description 169
- The following table describes the labels in this screen 169
- Time range 169
- Classifier 170
- Classifier overview 170
- Classifier status 170
- What you can do 170
- What you need to know 170
- Chapter 21 classifier 171
- Classifier configuration 171
- Classifier in the navigation panel to display the configuration screen as shown 171
- Classifier status 171
- Gs2210 series user s guide 171
- In the classifier status screen click classifier configuration to display the configuration screen as shown 171
- Label description 171
- The following table describes the labels in this screen 171
- Use the classifier configuration screen to define the classifiers after you define the classifier you can specify actions or policy to act upon the traffic that matches the rules to configure policy rules refer to chapter 22 on page 179 171
- Chapter 21 classifier 173
- Classifier configuration 173
- Gs2210 series user s guide 173
- Label description 173
- Note make sure you also enable logging in the classifier global setting screen 173
- The following table describes the labels in this screen 173
- Chapter 21 classifier 174
- Classifier configuration continued 174
- Gs2210 series user s guide 174
- Label description 174
- Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 174
- Chapter 21 classifier 175
- Classifier configuration summary table 175
- Ethernet type protocol number 175
- Gs2210 series user s guide 175
- Label description 175
- Note when two rules conflict with each other a higher layer rule has priority over lower layer rule 175
- Table 72 common ethernet types and protocol numbers 175
- The following table describes the labels in this screen 175
- The following table shows some other common ethernet types and the corresponding protocol number 175
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the classifier screen to change the settings of a rule click a number in the index field 175
- Viewing and editing classifier configuration summary 175
- Classifier global setting 176
- After you have configured a classifier you can configure a policy in the policy screen to define action s on the classified traffic flow 177
- Chapter 21 classifier 177
- Classifier example 177
- Classifier global setting 177
- Gs2210 series user s guide 177
- Label description 177
- The following screen shows an example where you configure a classifier that identifies all traffic from mac address 00 50 ba ad 4f 81 on port 2 177
- The following table describes the labels in this screen 177
- Configuring policy rules 179
- Policy rule 179
- Policy rules overview 179
- What you can do 179
- Chapter 22 policy rule 180
- Gs2210 series user s guide 180
- Label description 180
- Policy rule 180
- The following table describes the labels in this screen 180
- Chapter 22 policy rule 181
- Gs2210 series user s guide 181
- Label description 181
- Note you can specify only one action pair in a policy rule to have the switch take multiple actions on the same traffic flow you need to define multiple classifiers with the same criteria and apply different policy rules 181
- Policy rule continued 181
- Policy example 182
- Queuing method 183
- Queuing method overview 183
- What you can do 183
- What you need to know 183
- Configuring queuing 184
- Chapter 23 queuing method 185
- Gs2210 series user s guide 185
- Label description 185
- Note changes in this row are copied to all the ports as soon as you make them 185
- Queuing method 185
- The following table describes the labels in this screen 185
- Multicast 186
- Multicast overview 186
- What you can do 186
- What you need to know 186
- Igmp snooping 187
- Igmp snooping and vlans 187
- Mld snooping proxy 187
- Mld messages 188
- Mvr overview 188
- Report 188
- How mvr works 189
- Multicast vlan vlan 1 189
- Mvr modes 189
- Types of mvr ports 189
- Vlan 2 189
- Vlan 3 189
- Ipv4 multicast status 190
- Multicast setup 190
- Multicast vlan vlan 1 190
- Igmp snooping 191
- Chapter 24 multicast 192
- Gs2210 series user s guide 192
- Igmp snooping 192
- Label description 192
- The following table describes the labels in this screen 192
- Chapter 24 multicast 193
- Gs2210 series user s guide 193
- Igmp snooping continued 193
- Igmp snooping vlan 193
- Ipv4 multicast in the navigation panel click the igmp snooping link and then the igmp snooping vlan link to display the screen as shown see igmp snooping and vlans on page 187 for more information on igmp snooping vlan 193
- Label description 193
- Chapter 24 multicast 194
- Gs2210 series user s guide 194
- Igmp snooping vlan 194
- Label description 194
- The following table describes the labels in this screen 194
- Igmp filtering profile 195
- Chapter 24 multicast 196
- Gs2210 series user s guide 196
- Igmp filtering profile continued 196
- Ipv6 multicast 196
- Ipv6 multicast status 196
- Ipv6 multicast to display the screen as shown this screen shows the ipv6 multicast group information see section 24 on page 186 for more information on multicasting 196
- Label description 196
- The following table describes the fields in the above screen 196
- Mld snooping proxy 197
- Mld snooping proxy vlan 197
- Chapter 24 multicast 198
- Gs2210 series user s guide 198
- Label description 198
- The following table describes the fields in the above screen 198
- Chapter 24 multicast 199
- Gs2210 series user s guide 199
- Label description 199
- Mld snooping proxy vlan port role setting 199
- Vlan screen to display the screen as shown see section 24 on page 186 for more information on multicasting 199
- Chapter 24 multicast 200
- Gs2210 series user s guide 200
- Label description 200
- Port role setting 200
- The following table describes the fields in the above screen 200
- Chapter 24 multicast 201
- Gs2210 series user s guide 201
- Label description 201
- Mld snooping proxy filtering 201
- Mld snooping proxy screen to display the screen as shown 201
- Port role setting 201
- Chapter 24 multicast 202
- Filtering 202
- Gs2210 series user s guide 202
- Label description 202
- The following table describes the fields in the above screen 202
- Chapter 24 multicast 203
- Filtering 203
- Filtering profile 203
- Filtering screen to display the screen as shown 203
- Gs2210 series user s guide 203
- Label description 203
- Mld snooping proxy filtering profile 203
- The following table describes the fields in the above screen 203
- Chapter 24 multicast 204
- Filtering profile 204
- General mvr configuration 204
- Gs2210 series user s guide 204
- Label description 204
- Mvr to display the screen as shown next 204
- Note you can create up to five multicast vlans and up to 256 multicast rules on the switch 204
- Note your switch automatically creates a static vlan with the same vid when you create a multicast vlan in this screen 204
- Chapter 24 multicast 205
- Gs2210 series user s guide 205
- Label description 205
- The following table describes the related labels in this screen 205
- All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group 206
- Chapter 24 multicast 206
- Gs2210 series user s guide 206
- Label description 206
- Mvr continued 206
- Mvr group configuration 206
- Note a port can belong to more than one multicast vlan however ip multicast group addresses in different multicast vlans cannot overlap 206
- Use this screen to configure mvr ip multicast group address es click the group configuration link in the mvr screen 206
- Chapter 24 multicast 207
- Group configuration 207
- Gs2210 series user s guide 207
- Label description 207
- The following table describes the labels in this screen 207
- Multicast vid 200 vlan 1 208
- Mvr configuration example 208
- Example 209
- Example 210
- Aaa overview 211
- What you can do 211
- What you need to know 211
- Aaa screens 212
- Local user accounts 212
- Radius and tacacs 212
- Chapter 25 aaa 213
- Gs2210 series user s guide 213
- Label description 213
- Radius server setup 213
- The following table describes the labels in this screen 213
- Use this screen to configure your radius server settings see radius and tacacs on page 212 for more information on radius servers and section 25 on page 220 for radius attributes utilized by the authentication features on the switch click on the radius server setup link in the aaa screen to view the screen as shown 213
- Chapter 25 aaa 214
- Gs2210 series user s guide 214
- Label description 214
- Radius server setup continued 214
- Tacacs server setup 214
- Use this screen to configure your tacacs server settings see radius and tacacs on page 212 for more information on tacacs servers click on the tacacs server setup link in the aaa screen to view the screen as shown 214
- Chapter 25 aaa 215
- Gs2210 series user s guide 215
- Label description 215
- Tacacs server setup 215
- The following table describes the labels in this screen 215
- Aaa setup 216
- Chapter 25 aaa 216
- Gs2210 series user s guide 216
- Label description 216
- Tacacs server setup continued 216
- Use this screen to configure authentication authorization and accounting settings on the switch click on the aaa setup link in the aaa screen to view the screen as shown 216
- Aaa setup 217
- Chapter 25 aaa 217
- Gs2210 series user s guide 217
- Label description 217
- The following table describes the labels in this screen 217
- Aaa setup continued 218
- Chapter 25 aaa 218
- Gs2210 series user s guide 218
- Label description 218
- Aaa setup continued 219
- Assign account privilege levels see the cli reference guide for more information on account privilege levels for the authenticated user 219
- Chapter 25 aaa 219
- Gs2210 series user s guide 219
- Label description 219
- Limit bandwidth on incoming or outgoing traffic for the port the user connects to 219
- Note refer to the documentation that comes with your radius server on how to configure vsas for users authenticating via the radius server 219
- Rfc 2865 standard specifies a method for sending vendor specific information between a radius server and a network access device for example the switch a company can create vendor specific attributes vsas to expand the functionality of a radius server 219
- Technical reference 219
- The switch supports vsas that allow you to perform the following actions based on user authentication 219
- The vsas are composed of the following 219
- This section provides technical background information on the topics discussed in this chapter 219
- Vendor data a value you want to assign to the setting 219
- Vendor id an identification number assigned to the company by the iana internet assigned numbers authority zyxel s vendor id is 890 219
- Vendor specific attribute 219
- Vendor type a vendor specified attribute identifying the setting you want to modify 219
- Supported radius attributes 220
- Tunnel protocol attribute 220
- Attributes used by the ieee 802 x authentication 221
- Attributes used for authenticating privilege access 221
- Attributes used for authentication 221
- Attributes used to login users 221
- Ip source guard 222
- Ip source guard overview 222
- What you can do 222
- Ip source guard screen 223
- What you need to know 223
- Chapter 26 ip source guard 224
- Gs2210 series user s guide 224
- Ip source guard 224
- Ipv4 source guard setup 224
- Label description 224
- The following table describes the labels in this screen 224
- Chapter 26 ip source guard 225
- Gs2210 series user s guide 225
- Ipv4 source guard setup 225
- Ipv4 source guard static binding 225
- Label description 225
- Static binding 225
- The following table describes the labels in this screen 225
- Arp learning screen before you use the arp freeze feature 226
- Chapter 26 ip source guard 226
- Gs2210 series user s guide 226
- Label description 226
- Static binding 226
- The following table describes the labels in this screen 226
- Chapter 26 ip source guard 227
- Dhcp snooping 227
- Gs2210 series user s guide 227
- Label description 227
- Static binding 227
- Chapter 26 ip source guard 228
- Dhcp snooping 228
- Gs2210 series user s guide 228
- Label description 228
- The following table describes the labels in this screen 228
- Chapter 26 ip source guard 229
- Dhcp snooping 229
- Gs2210 series user s guide 229
- Label description 229
- Chapter 26 ip source guard 230
- Configure 230
- Dhcp snooping 230
- Dhcp snooping configure 230
- Gs2210 series user s guide 230
- Label description 230
- Chapter 26 ip source guard 231
- Configure 231
- Gs2210 series user s guide 231
- Label description 231
- Note if dhcp is enabled and there are no trusted ports dhcp requests will not succeed 231
- Note you have to enable dhcp snooping on the dhcp vlan too 231
- The following table describes the labels in this screen 231
- Chapter 26 ip source guard 232
- Configure continued continued 232
- Dhcp snooping port configure 232
- Gs2210 series user s guide 232
- Label description 232
- Note if dhcp snooping is enabled but there are no trusted ports dhcp requests cannot reach the dhcp server 232
- Use this screen to specify whether ports are trusted or untrusted ports for dhcp snooping 232
- Chapter 26 ip source guard 234
- Dhcp snooping vlan configure 234
- Gs2210 series user s guide 234
- Label description 234
- The following table describes the labels in this screen 234
- Chapter 26 ip source guard 235
- Dhcp snooping vlan port configure 235
- Gs2210 series user s guide 235
- Label description 235
- Note if dhcp is enabled and there are no trusted ports dhcp requests will not succeed 235
- Vlan continued 235
- Arp inspection 236
- Arp inspection status 236
- Chapter 26 ip source guard 236
- Gs2210 series user s guide 236
- Label description 236
- The following table describes the labels in this screen 236
- Arp inspection 237
- Arp inspection vlan status 237
- Chapter 26 ip source guard 237
- Gs2210 series user s guide 237
- Label description 237
- The following table describes the labels in this screen 237
- Vlan status 237
- Arp inspection log status 238
- Chapter 26 ip source guard 238
- Gs2210 series user s guide 238
- Label description 238
- Log status 238
- The following table describes the labels in this screen 238
- Vlan status 238
- Chapter 26 ip source guard 239
- Gs2210 series user s guide 239
- Label description 239
- Log status 239
- The following table describes the labels in this screen 239
- Arp inspection configure 240
- Chapter 26 ip source guard 240
- Configure 240
- Gs2210 series user s guide 240
- Label description 240
- The following table describes the labels in this screen 240
- Arp inspection port configure 241
- Chapter 26 ip source guard 241
- Configure continued 241
- Gs2210 series user s guide 241
- Label description 241
- Chapter 26 ip source guard 242
- Gs2210 series user s guide 242
- Label description 242
- Note changes in this row are copied to all the ports as soon as you make them 242
- The following table describes the labels in this screen 242
- Arp inspection vlan configure 243
- Chapter 26 ip source guard 243
- Gs2210 series user s guide 243
- Label description 243
- Port continued 243
- The following table describes the labels in this screen 243
- Ipv6 source binding status 244
- Ipv6 source guard overview 244
- Chapter 26 ip source guard 245
- Gs2210 series user s guide 245
- Ipv6 source binding status 245
- Ipv6 static binding setup 245
- Label description 245
- The following table describes the labels in this screen 245
- Use this screen to manually create an ipv6 source guard binding table entry and manage ipv6 static bindings static bindings are uniquely identified by the source ipv6 address prefix each 245
- Chapter 26 ip source guard 246
- Gs2210 series user s guide 246
- Ipv6 static binding setup 246
- Label description 246
- Note you cannot choose any for all three of mac address vlan and port you must fill in at least one 246
- The following table describes the labels in this screen 246
- Ipv6 source guard policy setup 247
- Chapter 26 ip source guard 248
- Gs2210 series user s guide 248
- Ipv6 source guard port setup 248
- Ipv6 static binding setup continued 248
- Label description 248
- Chapter 26 ip source guard 249
- Gs2210 series user s guide 249
- Ipv6 snooping policy setup 249
- Ipv6 source guard port setup 249
- Label description 249
- Note changes in this row are copied to all the ports as soon as you make them 249
- The following table describes the labels in this screen 249
- Use this screen to dynamically create an ipv6 source guard binding table using a dhcpv6 snooping policy a dhcpv6 snooping policy lets the switch sniff dhcpv6 packets sent from a dhcpv6 server to a dhcpv6 client when it is assigning an ipv6 address when a dhcpv6 client successfully gets a 249
- Chapter 26 ip source guard 250
- Gs2210 series user s guide 250
- Ipv6 snooping policy setup 250
- Label description 250
- Note if you do not select protocol and prefix glean then the switch cannot perform dhcpv6 snooping 250
- Note the maximum limit address count is the maximum size of the ipv6 source guard binding table at the time of writing it is 50 for the gs2210 switch series see the product datasheet for the latest specifications 250
- The following table describes the labels in this screen 250
- Chapter 26 ip source guard 251
- Gs2210 series user s guide 251
- Ipv6 snooping policy setup continued 251
- Ipv6 snooping vlan setup 251
- Label description 251
- The following table describes the labels in this screen 251
- Ipv6 dhcp trust setup 252
- Note dhcpv6 solicit packets are sent from a dhcpv6 client to a dhcpv6 server reply packets from a dhcpv6 server connected to an untrusted port are discarded 252
- Dhcp snooping overview 253
- Note if dhcp is enabled and there are no trusted ports dhcp requests will not succeed 253
- Technical reference 253
- Trusted vs untrusted ports 253
- Dhcp relay option 82 information 254
- Dhcp snooping database 254
- Arp inspection and mac address filters 255
- Arp inspection overview 255
- Configuring dhcp snooping 255
- Configuring arp inspection 256
- Note it is recommended you enable dhcp snooping at least one day before you enable arp inspection so that the switch has enough time to build the binding table 256
- Syslog 256
- Trusted vs untrusted ports 256
- Loop guard 257
- Loop guard overview 257
- What you can do 257
- What you need to know 257
- Loop guard setup 259
- Note after resolving the loop problem on your network you can re activate the disabled port via the web configurator see section 8 on page 72 or via commands see the cli reference guide 259
- Note the loop guard feature can not be enabled on the ports that have spanning tree protocol rstp mrstp or mstp enabled 259
- Chapter 27 loop guard 260
- Gs2210 series user s guide 260
- Label description 260
- Loop guard 260
- Note changes in this row are copied to all the ports as soon as you make them 260
- The following table describes the labels in this screen 260
- Layer 2 protocol tunneling 261
- Layer 2 protocol tunneling overview 261
- What you can do 261
- What you need to know 261
- Configuring layer 2 protocol tunneling 262
- Layer 2 protocol tunneling mode 262
- Service provider s network c 262
- Chapter 28 layer 2 protocol tunneling 264
- Gs2210 series user s guide 264
- Label description 264
- Layer 2 protocol tunneling continued 264
- Note you can enable l2pt services for stp lacp vtp cdp udld and pagp on the access port s only 264
- Pppoe intermediate agent overview 265
- What you can do 265
- What you need to know 265
- Chapter 29 pppoe 266
- Flexible circuit id syntax with identifier string and variables 266
- Gs2210 series user s guide 266
- If you do not configure a circuit id string for a vlan on a specific port or for a specific port the switch adds the user defined identifier string and variables into the agent circuit id sub option the variables can be the slot id of the pppoe client the port number of the pppoe client and or the vlan id on the pppoe packet 266
- Intermediate agent screen the switch automatically generates a circuit id string according to the default circuit id syntax which is 266
- Sub option format 266
- Table 121 pppoe ia circuit id sub option format user defined string 266
- Table 122 pppoe ia remote id sub option format 266
- Table 123 pppoe ia circuit id sub option format using identifier string and variables 266
- The 1 in the first field identifies this as an agent circuit id sub option and 2 identifies this as an agent remote id sub option the next field specifies the length of the field the switch takes the circuit id string you manually configure for a vlan on a port as the highest priority and the circuit id string for a port as the second priority in addition the switch puts the pppoe client s mac address into the agent remote id sub option if you do not specify any user defined string 266
- The identifier string slot id port number and vlan id are separated from each other by a pound key semi colon period comma forward slash or space an agent circuit id sub option example is switch 07 0123 and indicates the pppoe packets come from a pppoe client which is connected to the switch s port 7 and belong to vlan 123 266
- The tag_type is 0x0105 for vendor specific tags as defined in rfc 2516 the tag_len indicates the length of value i1 and i2 the value is the 32 bit number 0x00000de9 which stands for the adsl forum iana entry i1 and i2 are pppoe intermediate agent sub options which contain additional information about the pppoe client 266
- There are two types of sub option agent circuit id sub option and agent remote id sub option they have the following formats 266
- Wt 101 default circuit id syntax 266
- Note the switch will drop all pppoe discovery packets if you enable the pppoe intermediate agent and there are no trusted ports 267
- Port state 267
- Pppoe screen 267
- Chapter 29 pppoe 268
- Gs2210 series user s guide 268
- Intermediate agent 268
- Intermediate agent in the navigation panel to display the screen as shown 268
- Label description 268
- Pppoe intermediate agent 268
- The following table describes the labels in this screen 268
- Use this screen to configure the switch to give a pppoe termination server additional subscriber information that the server can use to identify and authenticate a pppoe client 268
- Chapter 29 pppoe 269
- Click the port link in the intermediate agent screen to display the screen as shown 269
- Gs2210 series user s guide 269
- Intermediate agent continued 269
- Label description 269
- Note the switch will drop all pppoe packets if you enable the pppoe intermediate agent on the switch and there are no trusted ports 269
- Pppoe ia per port 269
- Use this screen to specify whether individual ports are trusted or untrusted ports and have the switch add extra information to pppoe discovery packets from pppoe clients on a per port basis 269
- Chapter 29 pppoe 270
- Gs2210 series user s guide 270
- Label description 270
- Port screen to display the screen as shown 270
- Pppoe ia per port per vlan 270
- The following table describes the labels in this screen 270
- Use this screen to configure pppoe ia settings that apply to a specific vlan on a port 270
- Chapter 29 pppoe 271
- Click the vlan link in the intermediate agent screen to display the screen as shown 271
- Gs2210 series user s guide 271
- Label description 271
- Pppoe ia for vlan 271
- The following table describes the labels in this screen 271
- Use this screen to set whether the pppoe intermediate agent is enabled on a vlan and whether the switch appends the circuit id and or remote id to pppoe discovery packets from a specific vlan 271
- Chapter 29 pppoe 272
- Gs2210 series user s guide 272
- Label description 272
- The following table describes the labels in this screen 272
- Cpu protection overview 273
- Error disable 273
- Error disable overview 273
- Error disable recovery overview 273
- What you can do 273
- Error disable screen 274
- Error disable status 274
- Chapter 30 error disable 275
- Errdisable status 275
- Gs2210 series user s guide 275
- Label description 275
- The following table describes the labels in this screen 275
- Chapter 30 error disable 276
- Cpu protection configuration 276
- Errdisable detect screen 276
- Errdisable screen to display the screen as shown 276
- Errdisable status continued 276
- Gs2210 series user s guide 276
- Label description 276
- Chapter 30 error disable 277
- Cpu protection 277
- Gs2210 series user s guide 277
- Label description 277
- The following table describes the labels in this screen 277
- Chapter 30 error disable 278
- Errdisable detect 278
- Errdisable screen to display the screen as shown 278
- Error disable detect configuration 278
- Error disable recovery configuration 278
- Gs2210 series user s guide 278
- Label description 278
- The following table describes the labels in this screen 278
- Chapter 30 error disable 279
- Errdisable recovery 279
- Gs2210 series user s guide 279
- Label description 279
- The following table describes the labels in this screen 279
- Configuring private vlan 280
- Private vlan 280
- Private vlan overview 280
- Chapter 31 private vlan 281
- Gs2210 series user s guide 281
- Label description 281
- Private vlan 281
- The following table describes the labels in this screen 281
- Configuring green ethernet 282
- Green ethernet 282
- Green ethernet overview 282
- Chapter 32 green ethernet 283
- Green ethernet 283
- Gs2210 series user s guide 283
- Label description 283
- The following table describes the labels in this screen 283
- Link layer discovery protocol lldp 284
- Lldp overview 284
- Lldp med overview 285
- Lldp screens 286
- Lldp local status 287
- Chapter 33 link layer discovery protocol lldp 288
- Gs2210 series user s guide 288
- Label description 288
- Lldp local port status detail 288
- Lldp local status 288
- Lldp local status and then click a port number for example 1 in the local port column to display the screen as shown next 288
- The following table describes the labels in this screen 288
- Chapter 33 link layer discovery protocol lldp 290
- Gs2210 series user s guide 290
- Label description 290
- Lldp local port status detail 290
- The following table describes the labels in this screen 290
- Chapter 33 link layer discovery protocol lldp 291
- Gs2210 series user s guide 291
- Label description 291
- Lldp local port status detail 291
- Lldp remote status 291
- Lldp remote status click here to display the screen as shown next 291
- The following table describes the labels in this screen 291
- Lldp remote port status detail 292
- Chapter 33 link layer discovery protocol lldp 293
- Gs2210 series user s guide 293
- Label description 293
- Lldp remote port status detail basic tlv 293
- Chapter 33 link layer discovery protocol lldp 295
- Gs2210 series user s guide 295
- Label description 295
- Lldp remote port status detail dot1 and dot3 tlv 295
- Chapter 33 link layer discovery protocol lldp 297
- Gs2210 series user s guide 297
- Label description 297
- Lldp remote port status detail med tlv 297
- The following table describes the labels in the med tlv part of the screen 297
- Chapter 33 link layer discovery protocol lldp 298
- Gs2210 series user s guide 298
- Label description 298
- Lldp configuration 298
- Lldp configuration click here to display the screen as shown next 298
- Lldp remote port status detail med tlv 298
- Chapter 33 link layer discovery protocol lldp 299
- Gs2210 series user s guide 299
- Label description 299
- Lldp configuration 299
- The following table describes the labels in this screen 299
- Basic tlv setting 300
- Basic tlv setting to display the screen as shown next 300
- Chapter 33 link layer discovery protocol lldp 300
- Gs2210 series user s guide 300
- Label description 300
- Lldp configuration 300
- Lldp configuration basic tlv setting 300
- Basic tlv setting 301
- Chapter 33 link layer discovery protocol lldp 301
- Gs2210 series user s guide 301
- Label description 301
- Lldp configuration org specific tlv setting 301
- Org specific tlv setting to display the screen as shown next 301
- The following table describes the labels in this screen 301
- Chapter 33 link layer discovery protocol lldp 302
- Gs2210 series user s guide 302
- Label description 302
- Org specific tlv setting 302
- The following table describes the labels in this screen 302
- Chapter 33 link layer discovery protocol lldp 303
- Gs2210 series user s guide 303
- Label description 303
- Lldp med configuration 303
- Lldp med configuration to display the screen as shown next 303
- Org specific tlv setting 303
- Chapter 33 link layer discovery protocol lldp 304
- Gs2210 series user s guide 304
- Label description 304
- Lldp med configuration 304
- Lldp med network policy 304
- Lldp med network policy click here to display the screen as shown next 304
- The following table describes the labels in this screen 304
- Chapter 33 link layer discovery protocol lldp 305
- Gs2210 series user s guide 305
- Label description 305
- Lldp med location 305
- Lldp med location click here to display the screen as shown next 305
- Lldp med network policy 305
- The following table describes the labels in this screen 305
- Chapter 33 link layer discovery protocol lldp 306
- Gs2210 series user s guide 306
- Label description 306
- Lldp med location 306
- The following table describes the labels in this screen 306
- Chapter 33 link layer discovery protocol lldp 307
- Gs2210 series user s guide 307
- Label description 307
- Lldp med location 307
- Chapter 33 link layer discovery protocol lldp 308
- Gs2210 series user s guide 308
- Label description 308
- Lldp med location 308
- Anti arpscan 309
- Anti arpscan overview 309
- What you can do 309
- What you need to know 309
- Anti arpscan host status 310
- Anti arpscan status 310
- Anti arpscan trust host 311
- Chapter 34 anti arpscan 311
- Gs2210 series user s guide 311
- Host status 311
- Label description 311
- The following table describes the labels in this screen 311
- Trust host 311
- Anti arpscan configure 312
- Chapter 34 anti arpscan 312
- Configure 312
- Gs2210 series user s guide 312
- Label description 312
- The following table describes the labels in this screen 312
- Trust host 312
- Chapter 34 anti arpscan 313
- Configure 313
- Gs2210 series user s guide 313
- Label description 313
- Note changes in this row are copied to all the ports as soon as you make them 313
- Note the allowed range is 2 to 100 arp request packets per second 313
- Note the allowed range is 2 to 255 packets received per second 313
- Note the port based threshold must be larger than the host based threshold or the host based threshold will not be applied 313
- The following table describes the labels in this screen 313
- Chapter 34 anti arpscan 314
- Configure continued 314
- Gs2210 series user s guide 314
- Label description 314
- Bpdu guard 315
- Bpdu guard overview 315
- Bpdu guard status 315
- What you can do 315
- Bpdu guard configuration 316
- Bpdu guard configuration 317
- Chapter 35 bpdu guard 317
- Gs2210 series user s guide 317
- Label description 317
- Note changes in this row are copied to all the ports as soon as you make them 317
- The following table describes the labels in this screen 317
- Oam overview 318
- Oam status 318
- What you can do 318
- Chapter 36 oam 319
- Gs2210 series user s guide 319
- Label description 319
- Oam staus 319
- The following table describes the labels in this screen 319
- Oam details 320
- Chapter 36 oam 321
- Gs2210 series user s guide 321
- Label description 321
- Oam details 321
- The following table describes the labels in this screen 321
- Chapter 36 oam 322
- Gs2210 series user s guide 322
- Label description 322
- Oam details continued 322
- Oam configuration 323
- Chapter 36 oam 324
- Gs2210 series user s guide 324
- Label description 324
- Oam configuration continued 324
- Oam remote loopback 324
- The following table describes the labels in this screen 324
- Use this screen to perform a remote loopback test in the oam status screen click remote loopback to display the screen as shown 324
- Chapter 36 oam 325
- Gs2210 series user s guide 325
- Label description 325
- Oam remote loopback continued 325
- What you can do 326
- What you need to know 326
- Zuld overview 326
- Zuld status 327
- Chapter 37 zuld 328
- Configuration 328
- Gs2210 series user s guide 328
- Label description 328
- Zuld configuration 328
- Zuld status continued 328
- Chapter 37 zuld 329
- Configuration 329
- Gs2210 series user s guide 329
- Label description 329
- Note changes in this row are copied to all the ports as soon as you make them 329
- The following table describes the labels in this screen 329
- Static route 330
- Static route overview 330
- What you can do 330
- Ipv4 static route 331
- Static routing 331
- Chapter 38 static route 332
- Gs2210 series user s guide 332
- Ipv4 static route continued 332
- Label description 332
- Differentiated services 333
- Differentiated services overview 333
- What you can do 333
- What you need to know 333
- Activating diffserv 334
- Diffserv network example 334
- P platinum g gold s silver b bronze 334
- Chapter 39 differentiated services 335
- Diffserv 335
- Dscp to ieee 802 p priority settings 335
- Gs2210 series user s guide 335
- Label description 335
- The following table describes the labels in this screen 335
- You can configure the dscp to ieee 802 p mapping to allow the switch to prioritize all traffic based on the incoming dscp value according to the diffserv to ieee 802 p mapping table 335
- Chapter 39 differentiated services 336
- Configuring dscp settings 336
- Dscp setting 336
- Gs2210 series user s guide 336
- Label description 336
- Table 162 default dscp ieee 802 p mapping 336
- The following table describes the labels in this screen 336
- The following table shows the default dscp to ieee802 p mapping 336
- To change the dscp ieee 802 p mapping click the dscp setting link in the diffserv screen to display the screen as shown next 336
- Dhcp overview 337
- What you can do 337
- What you need to know 337
- Dhcp configuration 338
- Dhcpv4 relay 338
- Dhcpv4 status 338
- Dhcpv4 relay agent information 339
- Dhcpv4 relay agent information format 339
- Sub option format 339
- Chapter 40 dhcp 340
- Dhcpv4 in the navigation panel and click the option 82 profile link to display the screen as shown 340
- Dhcpv4 option 82 profile 340
- Gs2210 series user s guide 340
- Label description 340
- Option 82 profile 340
- Table 168 dhcp relay agent remote id sub option format 340
- The 1 in the first field identifies this as an agent circuit id sub option and 2 identifies this as an agent remote id sub option the next field specifies the length of the field 340
- The following table describes the labels in this screen 340
- Chapter 40 dhcp 341
- Configuring dhcpv4 global relay 341
- Dhcpv4 in the navigation panel and click the global link to display the screen as shown 341
- Global 341
- Gs2210 series user s guide 341
- Label description 341
- Option 82 profile continued 341
- Chapter 40 dhcp 342
- Dhcpv4 global relay port configure 342
- Global 342
- Gs2210 series user s guide 342
- Label description 342
- The following table describes the labels in this screen 342
- 68 00 dhcp server 343
- Chapter 40 dhcp 343
- Configure the dhcp relay screen as shown make sure you select a dhcp option 82 profile default1 in this example to set the switch to send additional information such as the vlan id together with the dhcp requests to the dhcp server this allows the dhcp server to assign the appropriate ip address according to the vlan id 343
- Figure 239 global dhcp relay network example 343
- Global dhcp relay configuration example 343
- Gs2210 series user s guide 343
- Label description 343
- Port continued 343
- The follow figure shows a network example where the switch is used to relay dhcp requests for the vlan1 and vlan2 domains there is only one dhcp server that services the dhcp clients in both domains 343
- Vlan1 vlan2 343
- Configuring dhcpv4 vlan settings 344
- Example 344
- Note you must set up a management ip address for each vlan that you want to configure dhcp settings for on the switch see section 5 on page 44 for information on how to do this 344
- Chapter 40 dhcp 345
- Dhcpv4 vlan port configure 345
- Gs2210 series user s guide 345
- Label description 345
- The following table describes the labels in this screen 345
- Vlan continued 345
- Chapter 40 dhcp 346
- Dhcp 172 6 0 00 346
- Dhcp 192 68 00 346
- Example dhcp relay for two vlans 346
- Figure 243 dhcp relay for two vlans 346
- For the example network configure the vlan setting screen as shown 346
- Gs2210 series user s guide 346
- Label description 346
- Port continued 346
- The following example displays two vlans vids 1 and 2 for a campus network two dhcp servers are installed to serve each vlan the system is set up to forward dhcp requests from the dormitory rooms vlan 1 to the dhcp server with an ip address of 192 68 00 requests from the academic buildings vlan 2 are sent to the other dhcp server with an ip address of 172 6 0 00 346
- Dhcpv6 relay 347
- Example 347
- Chapter 40 dhcp 348
- Dhcpv6 348
- Gs2210 series user s guide 348
- Label description 348
- The following table describes the labels in this screen 348
- Arp overview 349
- Arp setup 349
- What you can do 349
- What you need to know 349
- Arp request 350
- Gratuitous arp 350
- Arp learning 351
- Arp setup 351
- Arp learning 352
- Chapter 41 arp setup 352
- Gs2210 series user s guide 352
- Label description 352
- The following table describes the labels in this screen 352
- Maintenance 353
- Overview 353
- The maintenance screen 353
- What you can do 353
- Chapter 42 maintenance 354
- Click ok to reset all switch configurations to the factory defaults 354
- Erase running configuration 354
- Figure 249 erase running configuration confirmation 354
- Follow the steps below to reset the switch back to the factory defaults 354
- Gs2210 series user s guide 354
- In the maintenance screen click the click here button next to erase running configuration to clear all switch configuration information you configured and return to the factory defaults 354
- Label description 354
- Maintenance 354
- Note make sure to click the save button in any screen to save your settings to the current configuration on the switch 354
- The following table describes the labels in this screen 354
- Firmware upgrade 355
- Note clicking the apply or add button does not save the changes permanently all unsaved changes are erased after you reboot the switch 355
- Reboot system 355
- Save configuration 355
- After the firmware upgrade process is complete see the system info screen to verify your current firmware version number 356
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 356
- Chapter 42 maintenance 356
- Firmware upgrade 356
- Firmware upgrade to view the screen as shown next 356
- Gs2210 series user s guide 356
- Label description 356
- Make sure you have downloaded and unzipped the correct model firmware and version to your computer before uploading to the device 356
- Type the path and file name of the firmware file you wish to upload to the switch in the file path text box or click browse to locate it select the rebooting checkbox if you want to reboot the switch and apply the new firmware immediately firmware upgrades are only applied after a reboot click upgrade to load the new firmware 356
- When firmware is uploaded using the web configurator and to specify which image is loaded when the switch starts up 356
- Back up your current switch configuration to a computer using the backup configuration screen 357
- Backing up your switch configurations allows you to create various snap shots of your device from which you may restore at a later date 357
- Backup a configuration file 357
- Chapter 42 maintenance 357
- Firmware upgrade 357
- Gs2210 series user s guide 357
- Label description 357
- Restore a configuration file 357
- Restore configuration 357
- Type the path and file name of the configuration file you wish to restore in the file path text box or click browse to locate it after you have specified the file click restore config is the name of the configuration file on the switch so your backup configuration file is automatically renamed when you restore using this screen 357
- Use this screen to restore a previously saved configuration from your computer to the switch 357
- Use this screen to save and store your current device settings 357
- Tech support 358
- Chapter 42 maintenance 359
- Ftp command line 359
- Gs2210 series user s guide 359
- Label description 359
- Tech support 359
- Technical reference 359
- This section provides technical background information on the topics discussed in this chapter 359
- This section shows some examples of uploading to or downloading files from the switch using ftp commands first understand the filename conventions 359
- You may need wordpad or similar software to see the log report correctly the table below describes the fields in the above screen 359
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 360
- Example ftp commands 360
- Filename conventions 360
- Ftp command line procedure 360
- Ftp restrictions 361
- Gui based ftp clients 361
- Access control 362
- Access control overview 362
- The access control main screen 362
- What you can do 362
- Access control 363
- Chapter 43 access control 363
- Configuring snmp 363
- Gs2210 series user s guide 363
- Label description 363
- Snmp to view the screen as shown 363
- The following table describes the labels in this screen 363
- Use this screen to configure your snmp settings 363
- Chapter 43 access control 364
- Configuring snmp trap group 364
- From the snmp screen click trap group to view the screen as shown use the trap group screen to specify the types of snmp traps that should be sent to each snmp manager 364
- Gs2210 series user s guide 364
- Label description 364
- Snmp continued 364
- Trap group 364
- Chapter 43 access control 365
- Enabling disabling sending of snmp traps on a port 365
- Gs2210 series user s guide 365
- Label description 365
- The following table describes the labels in this screen 365
- Trap group 365
- Trap group screen click port to view the screen as shown use this screen to set whether a trap received on the port s would be sent to the snmp manager 365
- Chapter 43 access control 366
- Configuring snmp user 366
- From the snmp screen click user to view the screen as shown use the user screen to create snmp users for authentication with managers using snmp v3 and associate them to snmp groups an snmp user is an snmp manager 366
- Gs2210 series user s guide 366
- Label description 366
- Note use the username and password of the login accounts you specify in this screen to create accounts on the snmp v3 manager 366
- The following table describes the labels in this screen 366
- Chapter 43 access control 367
- Gs2210 series user s guide 367
- Label description 367
- Note the settings on the snmp manager must be set at the same security level or higher than the security level settings on the switch 367
- User continued 367
- Note it is highly recommended that you change the default administrator password 1234 368
- Setting up login accounts 368
- Chapter 43 access control 369
- Gs2210 series user s guide 369
- Label description 369
- Logins continued 369
- Service access control 369
- Service access control allows you to decide what services you may use to access the switch you may also change the default service port and configure trusted computer s for each service in the remote management screen discussed later click access control to go back to the main access control screen 369
- Chapter 43 access control 370
- Gs2210 series user s guide 370
- Label description 370
- Remote management 370
- Remote management to view the screen as shown next 370
- Service access control 370
- The following table describes the fields in this screen 370
- Use this screen to specify a group of one or more trusted computers from which an administrator may use a service to manage the switch 370
- You can specify a group of one or more trusted computers from which an administrator may use a service to manage the switch click access control to return to the access control screen 370
- Chapter 43 access control 371
- Gs2210 series user s guide 371
- Label description 371
- Remote management 371
- Technical reference 371
- The following table describes the labels in this screen 371
- This section provides technical background information on the topics discussed in this chapter 371
- About snmp 372
- Snmp v3 and security 372
- An oid object id that begins with 1 90 5 is defined in private mibs otherwise it is a standard mib oid 373
- Chapter 43 access control 373
- Gs2210 series user s guide 373
- Mibs let administrators collect statistics and monitor status and performance 373
- Option object label object id description 373
- Rfc 1155 smi 373
- Rfc 1157 snmp v1 373
- Rfc 1493 bridge mibs 373
- Rfc 1643 ethernet mibs 373
- Rfc 1757 rmon 373
- Rfc 2674 snmpv2 snmpv2c 373
- Security can be further enhanced by encrypting the snmp messages sent from the managers encryption protects the contents of the snmp messages when the contents of the snmp messages are encrypted only the intended recipients can read them 373
- Snmp mib ii rfc 1213 373
- Snmp traps 373
- Snmpv2 snmpv2c or later version compliant with rfc 2011 snmpv2 mib for ip rfc 2012 snmpv2 mib for tcp rfc 2013 snmpv2 mib for udp 373
- Supported mibs 373
- Table 189 snmp system traps 373
- The switch sends traps to an snmp manager when an event occurs the following tables outline the snmp traps by category 373
- The switch supports the following mibs 373
- Chapter 43 access control 374
- Gs2210 series user s guide 374
- Option object label object id description 374
- Table 189 snmp system traps continued 374
- Chapter 43 access control 375
- Gs2210 series user s guide 375
- Option object label object id description 375
- Table 189 snmp system traps continued 375
- Table 190 snmp interface traps 375
- Chapter 43 access control 376
- Gs2210 series user s guide 376
- Option object label object id description 376
- Table 190 snmp interface traps continued 376
- Chapter 43 access control 377
- Gs2210 series user s guide 377
- Option object label object id description 377
- Table 191 snmp aaa traps 377
- Table 192 snmp ip traps 377
- Chapter 43 access control 378
- Figure 264 ssh communication example 378
- Gs2210 series user s guide 378
- How ssh works 378
- Option object label object id description 378
- Ssh overview 378
- Table 193 snmp switch traps 378
- The following table summarizes how a secure connection is established between two remote hosts 378
- Unlike telnet or ftp which transmit data in clear text ssh secure shell is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network 378
- Requirements for using ssh 379
- Ssh implementation on the switch 379
- Https example 380
- Internet explorer warning messages 380
- Introduction to https 380
- Note if you disable http in the service access control screen then the switch blocks all http connection attempts 380
- Example 382
- Mozilla firefox warning messages 382
- Example 383
- Example 384
- The main screen 384
- Diagnostic 385
- Overview 385
- Chapter 44 diagnostic 386
- Diagnostic 386
- Gs2210 series user s guide 386
- Label description 386
- Note the device to which you want to run a traceroute must belong to the vlan you specify here 386
- The following table describes the labels in this screen 386
- Chapter 44 diagnostic 387
- Diagnostic continued 387
- Gs2210 series user s guide 387
- Label description 387
- Overview 388
- System log 388
- Syslog overview 389
- Syslog setup 389
- What you can do 389
- Chapter 46 syslog setup 390
- Gs2210 series user s guide 390
- Label description 390
- Syslog setup 390
- The following table describes the labels in this screen 390
- Chapter 46 syslog setup 391
- Gs2210 series user s guide 391
- Label description 391
- Syslog setup 391
- Cluster management 392
- Cluster management overview 392
- Cluster management status 393
- Note a cluster can only have one manager 393
- What you can do 393
- Clustering management configuration 394
- Example 394
- Chapter 47 cluster management 395
- Configuration 395
- Gs2210 series user s guide 395
- Label description 395
- The following table describes the labels in this screen 395
- Cluster member switch management 396
- Example 396
- Technical reference 396
- Uploading firmware to a cluster member switch 396
- Mac table 398
- Mac table overview 398
- What you can do 398
- What you need to know 398
- Viewing the mac table 399
- Chapter 48 mac table 400
- Gs2210 series user s guide 400
- Label description 400
- Mac table 400
- The following table describes the labels in this screen 400
- Arp table 401
- Overview 401
- Viewing the arp table 401
- What you can do 401
- What you need to know 401
- Arp table 402
- Chapter 49 arp table 402
- Gs2210 series user s guide 402
- Label description 402
- The following table describes the labels in this screen 402
- Path mtu overview 403
- Path mtu table 403
- Viewing the path mtu table 403
- Configure clone 404
- Overview 404
- Chapter 51 configure clone 406
- Configure clone 406
- Gs2210 series user s guide 406
- Label description 406
- The following table describes the labels in this screen 406
- Ipv6 neighbor table 407
- Ipv6 neighbor table overview 407
- Viewing the ipv6 neighbor table 407
- Chapter 52 ipv6 neighbor table 408
- Gs2210 series user s guide 408
- Ipv6 neighbor table continued 408
- Label description 408
- Power hardware connections and leds 409
- Troubleshooting 409
- I cannot see or access the login screen in the web configurator 410
- I forgot the ip address for the switch 410
- I forgot the username and or password 410
- Switch access and login 410
- I can see the login screen but i cannot log in to the switch 411
- I cannot see some of advanced application submenus at the bottom of the navigation panel 411
- Pop up windows javascripts and java permissions 411
- There is unauthorized access to my switch via telnet http and ssh 411
- I lost my configuration settings after i restart the switch 412
- Switch configuration 412
- Customer support 413
- Ppendi 413
- Austria 414
- Belarus 414
- Europe 414
- Malaysia 414
- Pakistan 414
- Philippines 414
- Singapore 414
- Taiwan 414
- Thailand 414
- Vietnam 414
- Belgium 415
- Bulgaria 415
- Czech republic 415
- Denmark 415
- Estonia 415
- Finland 415
- France 415
- Germany 415
- Hungary 415
- Latvia 415
- Lithuania 416
- Netherlands 416
- Norway 416
- Poland 416
- Romania 416
- Russia 416
- Slovakia 416
- Sweden 416
- Switzerland 416
- Argentina 417
- Ecuador 417
- Israel 417
- Latin america 417
- Middle east 417
- North america 417
- Turkey 417
- Ukraine 417
- Africa 418
- Australia 418
- Oceania 418
- South africa 418
- Common services 419
- Ppendi 419
- Appendix b common services 420
- Gs2210 series user s guide 420
- Name protocol port s description 420
- Table 206 commonly used services continued 420
- Appendix b common services 421
- Gs2210 series user s guide 421
- Name protocol port s description 421
- Table 206 commonly used services continued 421
- Ppendi 422
- Global address 423
- Loopback address 423
- Multicast address 423
- Unspecified address 423
- Eui 64 424
- Interface id 424
- Stateless autoconfiguration 424
- Subnet masking 424
- Dhcp relay agent 425
- Dhcpv6 425
- Identity association 425
- Rebind 425
- Renew rebind 425
- Renew to s1 425
- Icmpv6 426
- Ipv6 cache 426
- Neighbor discovery protocol ndp 426
- Prefix delegation 426
- Example enabling dhcpv6 on windows xp 427
- Example enabling ipv6 on windows xp 2003 vista 427
- Example enabling ipv6 on windows 7 428
- Legal information 430
- Ppendi 430
- Appendix d legal information 431
- Ce emc statement 431
- Gs2210 series user s guide 431
- List of national codes 431
- Notices 431
- Safety warnings 431
- Appendix d legal information 432
- Environment statment 432
- European union disposal and recycling information 432
- Gs2210 series user s guide 432
- Weee directive 432
- Environmental product declaration 433
- Appendix d legal information 434
- Gs2210 series user s guide 434
- Open source licenses 434
- Registration 434
- Trademarks 434
- Viewing certifications 434
- Zyxel limited warranty 434
- 台灣 434
- Numerics 435
Похожие устройства
- Zyxel GS2210-48HP Технические характеристики
- Zyxel GS2210-48HP Справочник командного интерфейса
- Zyxel GS2210-48HP Сводная таблица функций управляемых коммутаторов
- Zyxel GS2210-48HP Рекомендации по настройке
- Zyxel GS3700-24HP Инструкция по эксплуатации
- Zyxel GS3700-24HP Технические характеристики
- Zyxel GS3700-24HP Справочник командного интерфейса
- Zyxel GS3700-24HP Сводная таблица функций управляемых коммутаторов
- Zyxel GS3700-48HP Инструкция по эксплуатации
- Zyxel GS3700-48HP Технические характеристики
- Zyxel GS3700-48HP Справочник командного интерфейса
- Zyxel GS3700-48HP Сводная таблица функций управляемых коммутаторов
- Gorenje go 978 x Инструкция по эксплуатации
- Gorenje go 978 b Инструкция по эксплуатации
- Zyxel XGS3700-24HP Инструкция по эксплуатации
- Zyxel XGS3700-24HP Технические характеристики
- Zyxel XGS3700-24HP Справочник командного интерфейса
- Gorenje gcm 512 x Инструкция по эксплуатации
- Zyxel XGS3700-24HP Сводная таблица функций управляемых коммутаторов
- Zyxel XGS3700-24HP Рекомендации по настройке
Скачать
Случайные обсуждения