Zyxel XGS3700-24 Рекомендации по настройке онлайн

Содержание

• Default login details 1
• Gbe l2 switch 1
• Gs3700 xgs3700 series 1
• Quick start guide 1
• User s guide 1
• Important 2
• Keep this guide for future reference 2
• Note it is recommended you use the web configurator to configure the switch 2
• Note this guide is a reference for a series of products therefore some features or options in this guide may not be available in your product 2
• Read carefully before use 2
• Related documentation 2
• Contents overview 3
• Technical reference 4 3
• User s guide 8 3
• Chapter 1 getting to know your switch 9 5
• Chapter 2 hardware installation and connection 4 5
• Chapter 3 hardware overview 8 5
• Contents overview 5
• Part i user s guide 18 5
• Table of contents 5
• Chapter 4 the web configurator 5 6
• Chapter 5 zon utility zon neighbor management and port status 5 6
• Chapter 6 basic setting 2 6
• Part ii technical reference 44 6
• Chapter 10 filtering 04 7
• Chapter 11 spanning tree protocol 06 7
• Chapter 7 vlan 1 7
• Chapter 8 static mac forward setup 9 7
• Chapter 9 static multicast forward setup 01 7
• Chapter 12 bandwidth control 24 8
• Chapter 13 broadcast storm control 26 8
• Chapter 14 mirroring 28 8
• Chapter 15 link aggregation 37 8
• Chapter 16 port authentication 45 9
• Chapter 17 port security 53 9
• Chapter 18 classifier 56 9
• Chapter 19 policy rule 62 9
• Chapter 20 queuing method 67 9
• Chapter 21 vlan stacking 70 9
• Chapter 22 multicast 77 10
• Chapter 23 aaa 00 10
• Chapter 24 ip source guard 13 11
• Chapter 25 loop guard 35 11
• Chapter 26 vlan mapping 38 11
• Chapter 27 layer 2 protocol tunneling 41 11
• Chapter 28 sflow 45 12
• Chapter 29 pppoe 49 12
• Chapter 30 error disable 57 12
• Chapter 31 mac pinning 63 12
• Chapter 32 private vlan 65 12
• Chapter 33 green ethernet 69 12
• Chapter 34 link layer discovery protocol lldp 71 13
• Chapter 35 static route 97 13
• Chapter 36 policy routing 01 13
• Chapter 37 differentiated services 05 13
• Chapter 38 dhcp 13 14
• Chapter 39 vrrp 27 14
• Chapter 40 load sharing 36 14
• Chapter 41 arp setup 38 14
• Chapter 42 maintenance 44 15
• Chapter 43 access control 52 15
• Chapter 44 diagnostic 73 16
• Chapter 45 syslog 75 16
• Chapter 46 cluster management 78 16
• Chapter 47 mac table 84 16
• Chapter 48 ip table 87 16
• Chapter 49 arp table 89 16
• Chapter 50 routing table 91 16
• User s guide 18
• Getting to know your switch 19
• Introduction 19
• Backbone 20
• Bridging example 20
• High performance switching example 20
• Rd sales 20
• Branch 21
• Gigabit ethernet to the desktop 21
• Ieee 802 q vlan application example 21
• Internet 21
• Ipv6 support 22
• Tag based vlan example 22
• Ways to manage the switch 22
• Good habits for managing the switch 23
• Freestanding installation 24
• Hardware installation and connection 24
• Attaching the brackets to the switch 25
• Installation requirements 25
• Mounting the switch on a rack 25
• Note failure to use the proper screws may damage the unit 25
• Note zyxel provides extensible rear mounting brackets rm400 to install the switch in a 21 inch 23 inch or 24 inch rack see the rm400 hardware installation guide 25
• Precautions 25
• Mounting the switch on a rack 26
• Power module installation 27
• Front panel connections 28
• Hardware overview 28
• An auto crossover auto mdi mdi x port automatically works with a straight through or crossover ethernet cable 29
• An auto negotiating port can detect and adjust to the optimum ethernet speed 10 100 1000 mbps and duplex mode full duplex or half duplex of the connected device 29
• Chapter 3 hardware overview 29
• Connector description 29
• Default ethernet settings 29
• Ethernet ports 29
• Figure 7 front panel xgs3700 series 29
• Gs3700 xgs3700 series user s guide 29
• Table 2 panel connections 29
• The factory default negotiation settings for the ethernet ports on the switch are 29
• The following table describes the ports 29
• The switch has 1000base t auto negotiating auto crossover ethernet ports in 10 100 1000 mbps gigabit ethernet the speed can be 10mbps 100 mbps or 1000 mbps the duplex mode can be both half or full duplex at 100 mbps and full duplex only at 1000 mbps 29
• Sfp sfp slots 30
• To avoid possible eye injury do not look into an operating fiber optic module s connectors 30
• Transceiver installation 30
• Console port 31
• Management port 31
• Transceiver removal 31
• Connecting the power 32
• Disconnecting the power 32
• Note use the included power cord for the ac power connection 32
• Power connection 32
• Rear panel 32
• Removing and installing the fan module 32
• Chapter 3 hardware overview 33
• Disconnect the power cord from the ac power socket 33
• Disconnect the power cord from the power outlet 33
• Gs3700 xgs3700 series user s guide 33
• Led color status description 33
• Table 3 leds 33
• The following table describes the leds 33
• Chapter 3 hardware overview 34
• Gs3700 xgs3700 series user s guide 34
• Led color status description 34
• Table 3 leds continued 34
• Introduction 35
• System login 35
• The web configurator 35
• The web configurator layout 36
• B d c e 37
• Basic setting advanced application ip application management 38
• Chapter 4 the web configurator 38
• Gs3700 xgs3700 series user s guide 38
• In the navigation panel click a main link to reveal a list of submenu links 38
• Link description 38
• Table 4 navigation panel sub links overview 38
• Table 5 navigation panel links 38
• The following table describes the links in the navigation panel 38
• Chapter 4 the web configurator 39
• Gs3700 xgs3700 series user s guide 39
• Link description 39
• Table 5 navigation panel links continued 39
• Chapter 4 the web configurator 40
• Gs3700 xgs3700 series user s guide 40
• Link description 40
• Table 5 navigation panel links continued 40
• Change your password 41
• Note use the save link when you are done with a configuration session 41
• Saving your configuration 41
• Switch lockout 41
• Note be careful not to lock yourself and others out of the switch if you do lock yourself out try using out of band management via the management port to configure the switch 42
• Reload the configuration file 42
• Resetting the switch 42
• Logging out of the web configurator 43
• Technical reference 44
• Overview 45
• Zon utility zon neighbor management and port status 45
• Zyxel one network zon utility screen 45
• Zon neighbor management screen 46
• Chapter 5 zon utility zon neighbor management and port status 47
• Gs3700 xgs3700 series user s guide 47
• Label description 47
• Neighbor 47
• Note if multiple neighbor devices use the same port the cycle button is displayed only on the first device others will show instead 47
• Note if multiple neighbor devices use the same port the reset button is not available and will show instead 47
• Note the switch must support power sourcing pse or the network device is a powered device pd 47
• Note you can only reset zyxel products 47
• Port status summary 47
• The following table describes the fields in the above screen 47
• To view the port statistics click status in all web configurator screens to display the status screen as shown next 47
• Chapter 5 zon utility zon neighbor management and port status 48
• Figure 20 status 48
• Gs3700 xgs3700 series user s guide 48
• Label description 48
• Table 7 status 48
• The following table describes the labels in this screen 48
• Chapter 5 zon utility zon neighbor management and port status 49
• Click a number in the port column in the status screen to display individual port statistics use this screen to check status and detailed performance data about an individual port on the switch 49
• Figure 21 status port details 49
• Gs3700 xgs3700 series user s guide 49
• Label description 49
• Port details 49
• Status port details 49
• The following table describes the labels in this screen 49
• Chapter 5 zon utility zon neighbor management and port status 50
• Gs3700 xgs3700 series user s guide 50
• Label description 50
• Port details continued 50
• Chapter 5 zon utility zon neighbor management and port status 51
• Gs3700 xgs3700 series user s guide 51
• Label description 51
• Port details continued 51
• Basic setting 52
• System information 52
• Chapter 6 basic setting 53
• Gs3700 xgs3700 series user s guide 53
• Label description 53
• System info 53
• The following table describes the labels in this screen 53
• Chapter 6 basic setting 54
• General setup 54
• General setup in the navigation panel to display the screen as shown 54
• Gs3700 xgs3700 series user s guide 54
• Label description 54
• The following table describes the labels in this screen 54
• A vlan virtual local area network allows a physical network to be partitioned into multiple logical networks devices on a logical network belong to one group a device can belong to more than one group with vlan a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router 55
• Chapter 6 basic setting 55
• General setup continued 55
• Gs3700 xgs3700 series user s guide 55
• In mtu multi tenant unit applications vlan is vital in providing isolation and security among the subscribers when properly configured vlan prevents one subscriber from accessing the network 55
• Introduction to vlans 55
• Label description 55
• Note vlan is unidirectional it only governs outgoing traffic 56
• Switch setup 56
• Chapter 6 basic setting 57
• Gs3700 xgs3700 series user s guide 57
• Label description 57
• Switch setup continued 57
• Ip interfaces 58
• Ip setup 58
• Note you must configure a vlan first 58
• Chapter 6 basic setting 59
• Gs3700 xgs3700 series user s guide 59
• Ip setup 59
• Label description 59
• Note deleting all ip subnets locks you out of the switch 59
• The following table describes the labels in this screen 59
• Port setup 60
• Chapter 6 basic setting 61
• Gs3700 xgs3700 series user s guide 61
• Label description 61
• Note changes in this row are copied to all the ports as soon as you make them 61
• Note due to space limitations the port name may be truncated in some web configurator screens 61
• Port setup 61
• The following table describes the labels in this screen 61
• Chapter 6 basic setting 62
• Figure 28 powered device examples 62
• Gs3700 xgs3700 series user s guide 62
• In the figure below the ip camera and ip phone get their power directly from the switch aside from minimizing the need for cables and wires poe removes the hassle of trying to find a nearby electric outlet to power up devices 62
• Label description 62
• Note the poe function and the following screens are available for models ending in hp only 62
• Port setup continued 62
• The switch supports both the ieee 802 af power over ethernet poe and ieee 802 at high power over ethernet poe standards the switch is power sourcing equipment pse because it provides a source of power via its ethernet ports and each device that receives power through an ethernet port is a powered device pd 62
• You can also set priorities so that the switch is able to reserve and allocate power to certain pds 62
• Chapter 6 basic setting 63
• Gs3700 xgs3700 series user s guide 63
• Label description 63
• Note the poe devices that supply or receive power and their connected ethernet cables must all be completely indoors 63
• Note the switch must have at least 16 w of remaining power in order to supply power to a poe device even if the poe device needs less than 16 w 63
• Poe setup 63
• Poe status 63
• The following table describes the labels in this screen 63
• Chapter 6 basic setting 64
• Gs3700 xgs3700 series user s guide 64
• Label description 64
• Poe setup 64
• Poe status 64
• Poe status screen the following screen opens 64
• Use this screen to set the priority levels for the switch in distributing power to pds 64
• Chapter 6 basic setting 65
• Gs3700 xgs3700 series user s guide 65
• Label description 65
• Poe setup 65
• The following table describes the labels in this screen 65
• Interface setup 66
• Note if the priority settings for two or more poe ports are the same and the power budget is not enough the ports will shut down randomly we strongly recommend you set the priority for each poe port to make sure the high priority ports get power 66
• Note in classification mode up to five ports can be active the switch reserves 36w per port and the total power budget is 180w select consumption mode if you want more ports to be active 66
• Chapter 6 basic setting 67
• Gs3700 xgs3700 series user s guide 67
• Interface setup 67
• Ipv6 in the navigation panel to display the ipv6 status screen as shown next 67
• Ipv6 status 67
• Label description 67
• The following table describes the labels in this screen 67
• Use this screen to view the ipv6 interface status and configure switch s management ipv6 addresses see appendix b on page 404 for more information about ipv6 67
• Vlan screens 67
• Ipv6 interface status 68
• Chapter 6 basic setting 69
• Gs3700 xgs3700 series user s guide 69
• Ipv6 interface status continued 69
• Label description 69
• Chapter 6 basic setting 70
• Gs3700 xgs3700 series user s guide 70
• Ipv6 configuration 70
• Ipv6 interface status continued 70
• Ipv6 screen the following screen opens 70
• Label description 70
• The following table describes the labels in this screen 70
• Chapter 6 basic setting 71
• Gs3700 xgs3700 series user s guide 71
• Ipv6 configuration continued 71
• Ipv6 global setup 71
• Ipv6 interface setup 71
• Label description 71
• The following table describes the labels in this screen 71
• Use this screen to configure the global ipv6 settings click the link next to ipv6 global setup in the ipv6 configuration screen to display the screen as shown next 71
• Use this screen to turn on or off an ipv6 interface and enable stateless autoconfiguration on it click the link next to ipv6 interface setup in the ipv6 configuration screen to display the screen as shown next 71
• A link local address uniquely identifies a device on the local network the lan it is similar to a private ip address in ipv4 you can have the same link local address on multiple interfaces on a device a link local unicast address has a predefined prefix of fe80 10 72
• Chapter 6 basic setting 72
• Gs3700 xgs3700 series user s guide 72
• Ipv6 interface setup 72
• Ipv6 link local address setup 72
• Label description 72
• The following table describes the labels in this screen 72
• Use this screen to configure the interface s link local address and default gateway click the link next to ipv6 link local address setup in the ipv6 configuration screen to display the screen as shown next 72
• Chapter 6 basic setting 73
• Gs3700 xgs3700 series user s guide 73
• Ipv6 global address setup 73
• Ipv6 link local address setup 73
• Label description 73
• The following table describes the labels in this screen 73
• Use this screen to configure the interface s ipv6 global address click the link next to ipv6 global address setup in the ipv6 configuration screen to display the screen as shown next 73
• Chapter 6 basic setting 74
• Gs3700 xgs3700 series user s guide 74
• Ipv6 global address setup 74
• Ipv6 neighbor discovery setup 74
• Label description 74
• The following table describes the labels in this screen 74
• Use this screen to configure neighbor discovery settings for each interface click the link next to ipv6 neighbor discovery setup in the ipv6 configuration screen to display the screen as shown next 74
• Chapter 6 basic setting 75
• Gs3700 xgs3700 series user s guide 75
• Ipv6 neighbor discovery setup 75
• Ipv6 router discovery setup 75
• Label description 75
• The following table describes the labels in this screen 75
• Use this screen to configure router discovery settings for each interface click the link next to ipv6 router discovery setup in the ipv6 configuration screen to display the screen as shown next 75
• Chapter 6 basic setting 76
• Gs3700 xgs3700 series user s guide 76
• Ipv6 router discovery setup 76
• Label description 76
• Note the minimum time interval cannot be greater than three quarters of the maximum time interval 76
• The following table describes the labels in this screen 76
• Chapter 6 basic setting 77
• Gs3700 xgs3700 series user s guide 77
• Ipv6 prefix setup 77
• Ipv6 router discovery setup continued 77
• Label description 77
• The following table describes the labels in this screen 77
• Use this screen to configure the switch s ipv6 prefix list for each interface click the link next to ipv6 prefix setup in the ipv6 configuration screen to display the screen as shown next 77
• Chapter 6 basic setting 78
• Gs3700 xgs3700 series user s guide 78
• Ipv6 neighbor setup 78
• Ipv6 prefix setup continued 78
• Label description 78
• Use this screen to create a static ipv6 neighbor entry in the switch s ipv6 neighbor table to store the neighbor information permanently click the link next to ipv6 neighbor setup in the ipv6 configuration screen to display the screen as shown next 78
• Chapter 6 basic setting 79
• Dhcpv6 client setup 79
• Gs3700 xgs3700 series user s guide 79
• Interface setup screen 79
• Ipv6 neighbor setup 79
• Label description 79
• The following table describes the labels in this screen 79
• Use this screen to configure the switch s dhcp settings when it is acting as a dhcpv6 client click the link next to ipv6 neighbor setup in the ipv6 configuration screen to display the screen as shown next 79
• Vlan screens 79
• Chapter 6 basic setting 80
• Dhcpv6 client setup 80
• Gs3700 xgs3700 series user s guide 80
• Label description 80
• The following table describes the labels in this screen 80
• Forwarding tagged and untagged frames 81
• Introduction to ieee 802 q tagged vlans 81
• Automatic vlan registration 82
• Chapter 7 vlan 82
• Garp and gvrp are the protocols used to automatically register vlan membership across switches 82
• Garp generic attribute registration protocol allows network switches to register and de register attribute values with other garp participants within a bridged lan garp is a protocol that provides a generic mechanism for protocols that serve a more specific application for example gvrp 82
• Garp timers 82
• Gs3700 xgs3700 series user s guide 82
• Gvrp garp vlan registration protocol is a registration protocol that defines a way for switches to register necessary vlan members on ports across the network enable this function to permit vlan groups beyond the local switch 82
• Please refer to the following table for common ieee 802 q vlan terminology 82
• Switches join vlans by making a declaration a declaration is made by issuing a join message using garp declarations are withdrawn by issuing a leave message a leave all message terminates all registrations garp timers set declaration timeout values 82
• Table 29 ieee 802 q vlan terminology 82
• Vlan parameter term description 82
• Port vlan trunking 83
• Q static vlan 83
• Select the vlan type 83
• Chapter 7 vlan 84
• Gs3700 xgs3700 series user s guide 84
• Label description 84
• The following table describes the labels in this screen 84
• Vlan from the navigation panel to display the vlan status screen as shown next 84
• Vlan status 84
• Vlan vlan status 84
• Chapter 7 vlan 85
• Gs3700 xgs3700 series user s guide 85
• Label description 85
• The following table describes the labels in this screen 85
• Use this screen to view detailed port settings and status of the vlan group see section 7 on page 81 for more information on 802 q vlan click on an index number in the vlan status screen to display vlan details 85
• Vlan detail 85
• Vlan details 85
• Configure a static vlan or private vlan 86
• Chapter 7 vlan 87
• Gs3700 xgs3700 series user s guide 87
• Label description 87
• Note changes in this row are copied to all the ports as soon as you make them 87
• Static vlan 87
• The following table describes the related labels in this screen 87
• Chapter 7 vlan 88
• Configure vlan port settings 88
• Gs3700 xgs3700 series user s guide 88
• Label description 88
• Note changes in this row are copied to all the ports as soon as you make them 88
• The following table describes the labels in this screen 88
• Use the vlan port setting screen to configure the static vlan ieee 802 q settings on a port see section 7 on page 81 for more information on 802 q vlan click the vlan port setting link in the vlan status screen 88
• Vlan port setting 88
• Chapter 7 vlan 89
• For example an isp internet service provider may divide different types of services it provides to customers into different ip subnets traffic for voice services is designated for ip subnet 172 6 24 video for 192 68 24 and data for 10 24 the switch can then be configured to group incoming traffic based on the source ip subnet of incoming frames 89
• Gs3700 xgs3700 series user s guide 89
• Label description 89
• Note subnet based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 89
• Subnet based vlans 89
• Subnet based vlans allow you to group traffic into logical vlans based on the source ip subnet you specify when a frame is received on a port the switch checks if a tag is added already and the ip subnet it came from the untagged packets from the same ip subnet are then placed in the same subnet based vlan one advantage of using subnet based vlans is that priority can be assigned to traffic from the same ip subnet 89
• Vlan port setting continued 89
• You can then configure a subnet based vlan with priority 6 and vid of 100 for traffic received from ip subnet 172 6 24 voice services you can also have a subnet based vlan with priority 5 and vid of 200 for traffic received from ip subnet 192 68 24 video services lastly you can configure vlan with priority 3 and vid of 300 for traffic received from ip subnet 10 24 data services all untagged incoming frames will be classified based on their source ip subnet and prioritized accordingly that is video services receive the highest priority and data the lowest 89
• Configuring subnet based vlan 90
• Internet 90
• Chapter 7 vlan 91
• Gs3700 xgs3700 series user s guide 91
• Label description 91
• Protocol based vlans 91
• Protocol based vlans allow you to group traffic into logical vlans based on the protocol you specify when an upstream frame is received on a port configured for a protocol based vlan the switch checks if a tag is added already and its protocol the untagged packets of the same protocol are then placed in the same protocol based vlan one advantage of using protocol based vlans is that priority can be assigned to traffic of the same protocol 91
• Subnet based vlan setup 91
• The following table describes the labels in this screen 91
• Configuring protocol based vlan 92
• Note protocol based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 92
• Activate this protocol based vlan 93
• Chapter 7 vlan 93
• Create an ip based vlan example 93
• Give this protocol based vlan a descriptive name type ip vlan 93
• Gs3700 xgs3700 series user s guide 93
• Label description 93
• Note protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based vlans 93
• Protocol based vlan setup 93
• Select the protocol leave the default value ip 93
• The following table describes the labels in this screen 93
• This example shows you how to create an ip vlan which includes ports 1 4 and 8 follow these steps using the screen below 93
• Type the port number you want to include in this protocol based vlan type 1 93
• Type the vlan id of an existing vlan in our example we already created a static vlan with an id of 5 type 5 93
• Example 94
• View private vlan status 94
• Configure a port based vlan 95
• Note in screens such as ip setup and filtering that require a vid you must enter 1 as the vid 95
• Note when you activate port based vlan the switch uses a default vlan id of 1 you cannot change it 95
• Port based vlan setup 95
• Chapter 7 vlan 98
• Gs3700 xgs3700 series user s guide 98
• Label description 98
• The following table describes the labels in this screen 98
• Vlan port based vlan setup 98
• Configuring static mac forwarding 99
• Overview 99
• Static mac forward setup 99
• Chapter 8 static mac forward setup 100
• Gs3700 xgs3700 series user s guide 100
• Label description 100
• Note static mac addresses do not age out 100
• Static mac forwarding 100
• The following table describes the labels in this screen 100
• Static multicast forward setup 101
• Static multicast forwarding overview 101
• Configuring static multicast forwarding 102
• Chapter 9 static multicast forward setup 103
• Gs3700 xgs3700 series user s guide 103
• Label description 103
• Static multicast forwarding continued 103
• Configure a filtering rule 104
• Filtering 104
• Chapter 10 filtering 105
• Filtering continued 105
• Gs3700 xgs3700 series user s guide 105
• Label description 105
• Spanning tree protocol 106
• Stp rstp overview 106
• Stp terminology 106
• How stp works 107
• Multiple rstp 107
• Stp port states 107
• Mstp network example 108
• Multiple stp 108
• Note each port can belong to one stp tree only 108
• Mst region 109
• Vlan 1 vlan 2 109
• Common and internal spanning tree cist 110
• Mst instance 110
• Spanning tree protocol status screen 110
• Spanning tree configuration 111
• Configure rapid spanning tree protocol 112
• 2 hello time 1 113
• Chapter 11 spanning tree protocol 113
• Gs3700 xgs3700 series user s guide 113
• Label description 113
• Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 113
• Note changes in this row are copied to all the ports as soon as you make them 113
• Note this screen is only available after you activate rstp on the switch 113
• Rapid spanning tree protocol status 113
• Rstp continued 113
• Spanning tree protocol in the navigation panel to display the status screen as shown next see section 11 on page 106 for more information on rstp 113
• Chapter 11 spanning tree protocol 114
• Configure multiple rapid spanning tree protocol 114
• Gs3700 xgs3700 series user s guide 114
• Label description 114
• Note the listening state does not exist in rstp 114
• Spanning tree protocol screen see section 11 on page 106 for more information on mrstp 114
• Status rstp 114
• The following table describes the labels in this screen 114
• Chapter 11 spanning tree protocol 115
• Configuration screen to enable mrstp on the switch 115
• Gs3700 xgs3700 series user s guide 115
• Label description 115
• The following table describes the labels in this screen 115
• 2 hello time 1 116
• Chapter 11 spanning tree protocol 116
• Gs3700 xgs3700 series user s guide 116
• Label description 116
• Mrstp continued 116
• Multiple rapid spanning tree protocol status 116
• Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 116
• Note changes in this row are copied to all the ports as soon as you make them 116
• Note this screen is only available after you activate mrstp on the switch 116
• Spanning tree protocol in the navigation panel to display the status screen as shown next see section 11 on page 106 for more information on mrstp 116
• Chapter 11 spanning tree protocol 117
• Configure multiple spanning tree protocol 117
• Gs3700 xgs3700 series user s guide 117
• Label description 117
• Note the listening state does not exist in rstp 117
• Spanning tree protocol screen see section 11 on page 108 for more information on mstp 117
• Status mrstp 117
• The following table describes the labels in this screen 117
• 2 hello time 1 119
• Chapter 11 spanning tree protocol 119
• Configuration screen to enable mstp on the switch 119
• Gs3700 xgs3700 series user s guide 119
• Label description 119
• The following table describes the labels in this screen 119
• Chapter 11 spanning tree protocol 120
• Gs3700 xgs3700 series user s guide 120
• Label description 120
• Mstp continued 120
• Mstp screen 120
• Multiple spanning tree protocol port configuration 120
• Note changes in this row are copied to all the ports as soon as you make them 120
• Chapter 11 spanning tree protocol 121
• Gs3700 xgs3700 series user s guide 121
• Label description 121
• Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 121
• Note changes in this row are copied to all the ports as soon as you make them 121
• The following table describes the labels in this screen 121
• Chapter 11 spanning tree protocol 122
• Gs3700 xgs3700 series user s guide 122
• Label description 122
• Multiple spanning tree protocol status 122
• Note this screen is only available after you activate mstp on the switch 122
• Spanning tree protocol in the navigation panel to display the status screen as shown next see section 11 on page 108 for more information on mstp 122
• Status mstp 122
• The following table describes the labels in this screen 122
• Chapter 11 spanning tree protocol 123
• Gs3700 xgs3700 series user s guide 123
• Label description 123
• Status mstp continued 123
• Bandwidth control 124
• Bandwidth control overview 124
• Bandwidth control setup 124
• Cir and pir 124
• Bandwidth control 125
• Chapter 12 bandwidth control 125
• Gs3700 xgs3700 series user s guide 125
• Label description 125
• Note changes in this row are copied to all the ports as soon as you make them 125
• The following table describes the related labels in this screen 125
• Broadcast storm control 126
• Broadcast storm control setup 126
• Broadcast storm control 127
• Chapter 13 broadcast storm control 127
• Gs3700 xgs3700 series user s guide 127
• Label description 127
• Note changes in this row are copied to all the ports as soon as you make them 127
• The following table describes the labels in this screen 127
• Mirroring 128
• Port mirroring 128
• Destination b 129
• Destination c 129
• Intermediate a destination a 129
• Intermediate b 129
• Multi destination rmirror 129
• Remote port mirroring rmirror vlan 129
• Single destination rmirror 129
• Source 129
• Source intermediate destination 129
• Port rules in port mirroring 130
• Table 53 port rules between different remote port mirroring vlans 130
• Table 54 port rules between remote and local port mirroring 130
• Chapter 14 mirroring 131
• Gs3700 xgs3700 series user s guide 131
• Label description 131
• Local port mirroring 131
• Mirroring 131
• Mirroring in the navigation panel to display the mirroring screen use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port 131
• Note changes in this row are copied to all the ports as soon as you make them 131
• The following table describes the labels in this screen 131
• Chapter 14 mirroring 132
• Gs3700 xgs3700 series user s guide 132
• Label description 132
• Mirroring continued 132
• Mirroring screen the following screen opens 132
• Remote port mirroring 132
• Rmirror 132
• Source 132
• The following table describes the labels in this screen 132
• Use this screen to configure the reflector port and specify the traffic flow to be copied to the monitor port when the switch is the source device in remote port mirroring 132
• Use this screen to create a remote port mirroring rmirror vlan through which the mirrored traffic is forwarded 132
• Chapter 14 mirroring 133
• Click the source link in the rmirror screen the following screen opens 133
• Gs3700 xgs3700 series user s guide 133
• Label description 133
• Note changes in this row are copied to all the ports as soon as you make them 133
• Source 133
• The following table describes the labels in this screen 133
• Chapter 14 mirroring 134
• Click the destination link in the rmirror screen the following screen opens 134
• Destination 134
• Gs3700 xgs3700 series user s guide 134
• Label description 134
• Source continued 134
• The following table describes the labels in this screen 134
• Use this screen to specify the rmirror vlan and configure the monitor port when the switch is the destination device in remote port mirroring 134
• Chapter 14 mirroring 135
• Click the connected port link in the rmirror screen the following screen opens 135
• Connected port 135
• Destination continued 135
• Gs3700 xgs3700 series user s guide 135
• Label description 135
• Use this screen to select the rmirror vlan and specify the port s that helps forward mirrored traffic to other connected switches and or receive mirrored traffic from other connected port in the same rmirror vlan 135
• Chapter 14 mirroring 136
• Connected port 136
• Gs3700 xgs3700 series user s guide 136
• Label description 136
• Note changes in this row are copied to all the ports as soon as you make them 136
• The following table describes the labels in this screen 136
• Dynamic link aggregation 137
• Link aggregation 137
• Link aggregation overview 137
• Link aggregation id 138
• Link aggregation status 138
• Chapter 15 link aggregation 139
• Gs3700 xgs3700 series user s guide 139
• Label description 139
• Link aggregation setting 139
• Link aggregation setting to display the screen shown next see section 15 on page 137 for more information on link aggregation 139
• Link aggregation status 139
• The following table describes the labels in this screen 139
• Chapter 15 link aggregation 141
• Gs3700 xgs3700 series user s guide 141
• Label description 141
• Lacp to display the screen shown next see section 15 on page 137 for more information on dynamic link aggregation 141
• Link aggregation control protocol 141
• Link aggregation setting continued 141
• Note when you enable the port security feature on the switch and configure port security settings for a port you cannot include the port in an active trunk group 141
• Chapter 15 link aggregation 142
• Gs3700 xgs3700 series user s guide 142
• Label description 142
• Note do not configure this screen unless you want to enable dynamic link aggregation 142
• The following table describes the labels in this screen 142
• Static trunking example 143
• Example 144
• Ieee 802 x authentication 145
• Port authentication 145
• Port authentication overview 145
• Mac authentication 146
• Activate ieee 802 x security 147
• Authentication reply 147
• Authentication request authentication request 147
• New connection 147
• Port authentication configuration 147
• Session granted denied 147
• Chapter 16 port authentication 148
• Gs3700 xgs3700 series user s guide 148
• Label description 148
• Note changes in this row are copied to all the ports as soon as you make them 148
• Note you must first enable 802 x authentication on the switch before configuring it on each port 148
• The following table describes the labels in this screen 148
• Guest vlan 149
• Internet 149
• Vlan 100 149
• Vlan 102 149
• Chapter 16 port authentication 150
• Gs3700 xgs3700 series user s guide 150
• Guest vlan 150
• Label description 150
• Note changes in this row are copied to all the ports as soon as you make them 150
• The following table describes the labels in this screen 150
• Activate mac authentication 151
• Chapter 16 port authentication 151
• Gs3700 xgs3700 series user s guide 151
• Guest vlan continued 151
• Label description 151
• Mac authentication 151
• Note you must first enable mac authentication on the switch before configuring it on each port 151
• The following table describes the labels in this screen 151
• Use this screen to activate mac authentication in the port authentication screen click mac authentication to display the configuration screen as shown 151
• Chapter 16 port authentication 152
• Gs3700 xgs3700 series user s guide 152
• Label description 152
• Mac authentication continued 152
• Note changes in this row are copied to all the ports as soon as you make them 152
• Note if the aging time in the switch setup screen is set to a lower value then it supersedes this setting see section 6 on page 56 152
• About port security 153
• Port security 153
• Port security setup 153
• Chapter 17 port security 154
• Gs3700 xgs3700 series user s guide 154
• Label description 154
• Note changes in this row are copied to all the ports as soon as you make them 154
• Port security 154
• Port security screen to display the screen as shown 154
• The following table describes the labels in this screen 154
• Vlan mac address limit 154
• Chapter 17 port security 155
• Gs3700 xgs3700 series user s guide 155
• Label description 155
• The following table describes the labels in this screen 155
• Vlan mac address limit 155
• About the classifier and qos 156
• Classifier 156
• Configuring the classifier 156
• Chapter 18 classifier 157
• Classifier 157
• Gs3700 xgs3700 series user s guide 157
• Label description 157
• The following table describes the labels in this screen 157
• Chapter 18 classifier 158
• Classifier continued 158
• Gs3700 xgs3700 series user s guide 158
• Label description 158
• Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 158
• Chapter 18 classifier 159
• Classifier continued 159
• Classifier summary table 159
• Gs3700 xgs3700 series user s guide 159
• Label description 159
• Note when two rules conflict with each other a higher layer rule has priority over a lower layer rule 159
• Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 159
• Table 71 classifier summary table 159
• The following table describes the labels in this screen 159
• To view a summary of the classifier configuration scroll down to the summary table at the bottom of the classifier screen to change the settings of a rule click a number in the index field 159
• Viewing and editing classifier configuration 159
• Chapter 18 classifier 160
• Classifier example 160
• Ethernet type protocol number 160
• Gs3700 xgs3700 series user s guide 160
• Port number port name 160
• Some of the most common ip ports are 160
• Table 72 common ethernet types and protocol number 160
• Table 73 common ip ports 160
• The following screen shows an example of configuring a classifier that identifies all traffic from mac address 00 50 ba ad 4f 81 on port 2 160
• The following table shows some other common ethernet types and the corresponding protocol number 160
• Example 161
• Configuring policy rules 162
• Diffserv 162
• Dscp and per hop behavior 162
• Policy rule 162
• Policy rules overview 162
• Chapter 19 policy rule 164
• Gs3700 xgs3700 series user s guide 164
• Label description 164
• Policy rule continued 164
• Chapter 19 policy rule 165
• Gs3700 xgs3700 series user s guide 165
• Label description 165
• Policy example 165
• Policy rule continued 165
• Policy rule summary table 165
• Table 75 policy summary table 165
• The figure below shows an example policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the example classifier refer to section 18 on page 160 165
• The following table describes the labels in this screen 165
• To view a summary of the classifier configuration scroll down to the summary table at the bottom of the policy screen to change the settings of a rule click a number in the index field 165
• Viewing and editing policy configuration 165
• Example 166
• Queuing method 167
• Queuing method overview 167
• Strictly priority 167
• Weighted fair queuing 167
• Configuring queuing 168
• Weighted round robin scheduling wrr 168
• Chapter 20 queuing method 169
• Gs3700 xgs3700 series user s guide 169
• Label description 169
• Note changes in this row are copied to all the ports as soon as you make them 169
• Queuing method 169
• The following table describes the labels in this screen 169
• Vlan stacking 170
• Vlan stacking example 170
• Vlan stacking overview 170
• Note static vlan tx tagging must be disabled on a port where you choose normal or access port 171
• Note static vlan tx tagging must be enabled on a port where you choose tunnel port 171
• Vlan stacking port roles 171
• Vlan tag format 171
• Configuring vlan stacking 172
• Frame format 172
• Chapter 21 vlan stacking 173
• Gs3700 xgs3700 series user s guide 173
• Label description 173
• Note changes in this row are copied to all the ports as soon as you make them 173
• Note you can define up to four different tunnel tpids including 8100 in this screen at a time 173
• The following table describes the labels in this screen 173
• Vlan stacking 173
• Chapter 21 vlan stacking 174
• Gs3700 xgs3700 series user s guide 174
• Label description 174
• Note selective q in q rules are only applied to single tagged frames received on the access ports if the incoming frames are untagged or single tagged but received on a tunnel port or cannot match any selective q in q rules the switch applies the port based q in q rules to them 174
• Port based q in q 174
• Port based q in q lets the switch treat all frames received on the same port as the same vlan flows and add the same outer vlan tag to them even they have different customer vlan ids 174
• Port based qinq 174
• Selective q in q 174
• Selective q in q is vlan based it allows the switch to add different outer vlan tags to the incoming frames received on one port according to their inner vlan tags 174
• The following table describes the labels in this screen 174
• Vlan stacking screen to display the screen as shown 174
• Chapter 21 vlan stacking 175
• Gs3700 xgs3700 series user s guide 175
• Label description 175
• Selective qinq 175
• The following table describes the labels in this screen 175
• Vlan stacking screen to display the screen as shown 175
• Chapter 21 vlan stacking 176
• Gs3700 xgs3700 series user s guide 176
• Label description 176
• Selective qinq continued 176
• Igmp filtering 177
• Ip multicast addresses 177
• Multicast 177
• Multicast overview 177
• Igmp snooping 178
• Igmp snooping and vlans 178
• Mld snooping proxy 178
• Mld messages 179
• Multicast setup 179
• Report 179
• Igmp snooping 180
• Ipv4 multicast status 180
• Chapter 22 multicast 181
• Gs3700 xgs3700 series user s guide 181
• Igmp snooping 181
• Label description 181
• Note if you enable igmp filtering you must create and assign igmp filtering profiles for the ports that you want to allow to join multicast groups 181
• The following table describes the labels in this screen 181
• Chapter 22 multicast 182
• Gs3700 xgs3700 series user s guide 182
• Igmp snooping continued 182
• Label description 182
• Note changes in this row are copied to all the ports as soon as you make them 182
• Chapter 22 multicast 183
• Gs3700 xgs3700 series user s guide 183
• Igmp snooping continued 183
• Igmp snooping vlan 183
• Ipv4 multicast in the navigation panel click the igmp snooping link and then the igmp snooping vlan link to display the screen as shown see section 22 on page 178 for more information on igmp snooping vlan 183
• Label description 183
• An igmp filtering profile specifies a range of multicast groups that clients connected to the switch are able to join a profile contains a range of multicast ip addresses which you want clients to be able to join profiles are assigned to ports in the igmp snooping screen clients connected to those ports are then able to join the multicast groups specified in the profile each port can be assigned a single profile a profile can be assigned to multiple ports 184
• Chapter 22 multicast 184
• Gs3700 xgs3700 series user s guide 184
• Igmp filtering profile 184
• Igmp snooping screen first 184
• Igmp snooping vlan 184
• Ipv4 multicast in the navigation panel click the igmp snooping link and then the igmp filtering profile link to display the screen as shown 184
• Label description 184
• Note you cannot configure the same vlan id as in the mvr screen 184
• The following table describes the labels in this screen 184
• Chapter 22 multicast 185
• Gs3700 xgs3700 series user s guide 185
• Igmp filtering profile 185
• Label description 185
• The following table describes the labels in this screen 185
• Ipv6 multicast status 186
• Mld snooping proxy 186
• Chapter 22 multicast 187
• Gs3700 xgs3700 series user s guide 187
• Ipv6 multicast screen to display the screen as shown see section 22 on page 177 for more information on multicasting 187
• Label description 187
• Mld snooping proxy vlan 187
• The following table describes the labels in this screen 187
• Chapter 22 multicast 188
• Gs3700 xgs3700 series user s guide 188
• Label description 188
• Mld snooping proxy vlan port role setting 188
• Vlan screen to display the screen as shown see section 22 on page 177 for more information on multicasting 188
• Chapter 22 multicast 189
• Gs3700 xgs3700 series user s guide 189
• Label description 189
• Note changes in this row are copied to all the ports as soon as you make them 189
• Port role setting 189
• The following table describes the labels in this screen 189
• Chapter 22 multicast 190
• Filtering 190
• Gs3700 xgs3700 series user s guide 190
• Ipv6 multicast screen to display the screen as shown see section 22 on page 177 for more information on multicasting 190
• Label description 190
• Mld snooping proxy filtering 190
• Port role setting continued 190
• Chapter 22 multicast 191
• Filtering 191
• Filtering profile 191
• Filtering screen to display the screen as shown 191
• Gs3700 xgs3700 series user s guide 191
• Label description 191
• Mld snooping proxy filtering profile 191
• Note changes in this row are copied to all the ports as soon as you make them 191
• The following table describes the labels in this screen 191
• Chapter 22 multicast 192
• Filtering profile 192
• Gs3700 xgs3700 series user s guide 192
• Label description 192
• Multicast vlan registration mvr is designed for applications such as media on demand mod that use multicast traffic across an ethernet ring based service provider network 192
• Mvr allows one single multicast vlan to be shared among different subscriber vlans on the network while isolated in different subscriber vlans connected devices can subscribe to and unsubscribe from the multicast stream in the multicast vlan this improves bandwidth utilization with reduced multicast traffic in the subscriber vlans and simplifies multicast group management 192
• Mvr only responds to igmp join and leave control messages from multicast groups that are configured under mvr join and leave reports from other multicast groups are managed by igmp snooping 192
• Mvr overview 192
• The following figure shows a network example the subscriber vlan 1 2 and 3 information is hidden from the streaming media server s in addition the multicast vlan information is only visible to the switch and s 192
• The following table describes the labels in this screen 192
• How mvr works 193
• Multicast vlan vlan 1 193
• Mvr modes 193
• Types of mvr ports 193
• Vlan 2 193
• Vlan 3 193
• General mvr configuration 194
• Multicast vlan vlan 1 194
• Note you can create up to five multicast vlans and up to 256 multicast rules on the switch 194
• Note your switch automatically creates a static vlan with the same vid when you create a multicast vlan in this screen 194
• Chapter 22 multicast 195
• Gs3700 xgs3700 series user s guide 195
• Label description 195
• The following table describes the related labels in this screen 195
• All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group 196
• Chapter 22 multicast 196
• Gs3700 xgs3700 series user s guide 196
• Label description 196
• Mvr continued 196
• Mvr group configuration 196
• Note a port can belong to more than one multicast vlan however ip multicast group addresses in different multicast vlans cannot overlap 196
• Note changes in this row are copied to all the ports as soon as you make them 196
• Use this screen to configure mvr ip multicast group address es click the group configuration link in the mvr screen 196
• Chapter 22 multicast 197
• Group configuration 197
• Gs3700 xgs3700 series user s guide 197
• Label description 197
• Note if you delete a multicast vlan all multicast groups in this vlan will also be removed 197
• The following table describes the labels in this screen 197
• Example 198
• Multicast vid 200 vlan 1 198
• Mvr configuration example 198
• Example 199
• Authentication authorization and accounting aaa 200
• Local user accounts 200
• Aaa screens 201
• Radius and tacacs 201
• Radius server setup 201
• Chapter 23 aaa 202
• Gs3700 xgs3700 series user s guide 202
• Label description 202
• Radius server setup 202
• The following table describes the labels in this screen 202
• Chapter 23 aaa 203
• Gs3700 xgs3700 series user s guide 203
• Label description 203
• Radius server setup continued 203
• Tacacs server setup 203
• Use this screen to configure your tacacs server settings see section 23 on page 201 for more information on tacacs servers click on the tacacs server setup link in the authentication and accounting screen to view the screen as shown 203
• Chapter 23 aaa 204
• Gs3700 xgs3700 series user s guide 204
• Label description 204
• Tacacs server setup 204
• The following table describes the labels in this screen 204
• Aaa setup 205
• Chapter 23 aaa 205
• Gs3700 xgs3700 series user s guide 205
• Label description 205
• Tacacs server setup continued 205
• Use this screen to configure authentication authorization and accounting settings on the switch click on the aaa setup link in the aaa screen to view the screen as shown 205
• Aaa setup 206
• Chapter 23 aaa 206
• Gs3700 xgs3700 series user s guide 206
• Label description 206
• The following table describes the labels in this screen 206
• Aaa setup continued 207
• Chapter 23 aaa 207
• Gs3700 xgs3700 series user s guide 207
• Label description 207
• Aaa setup continued 208
• Assign account privilege levels see the cli reference guide for more information on account privilege levels for the authenticated user 208
• Chapter 23 aaa 208
• Gs3700 xgs3700 series user s guide 208
• Label description 208
• Limit bandwidth on incoming or outgoing traffic for the port the user connects to 208
• Note refer to the documentation that comes with your radius server on how to configure vsas for users authenticating via the radius server 208
• Rfc 2865 standard specifies a method for sending vendor specific information between a radius server and a network access device for example the switch a company can create vendor specific attributes vsas to expand the functionality of a radius server 208
• The switch supports vsas that allow you to perform the following actions based on user authentication 208
• The vsas are composed of the following 208
• Vendor data a value you want to assign to the setting 208
• Vendor id an identification number assigned to the company by the iana internet assigned numbers authority zyxel s vendor id is 890 208
• Vendor specific attribute 208
• Vendor type a vendor specified attribute identifying the setting you want to modify 208
• Supported radius attributes 209
• Tunnel protocol attribute 209
• Attributes used by the ieee 802 x authentication 210
• Attributes used for accounting 210
• Attributes used for authenticating privilege access 210
• Attributes used for authentication 210
• Attributes used to login users 210
• Attributes used for accounting exec events 211
• Attributes used for accounting system events 211
• Attributes used for accounting ieee 802 x events 212
• Dhcp snooping overview 213
• Ip source guard 213
• Ip source guard overview 213
• Dhcp snooping database 214
• Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 214
• Arp inspection overview 215
• Configuring dhcp snooping 215
• Dhcp relay option 82 information 215
• Arp inspection and mac address filters 216
• Configuring arp inspection 216
• Note it is recommended you enable dhcp snooping at least one day before you enable arp inspection so that the switch has enough time to build the binding table 216
• Syslog 216
• Trusted vs untrusted ports 216
• Chapter 24 ip source guard 217
• Figure 136 ip source guard 217
• Gs3700 xgs3700 series user s guide 217
• Ip source guard 217
• Ip source guard static binding 217
• Label description 217
• Static binding 217
• Table 105 ip source guard 217
• The following table describes the labels in this screen 217
• Arp learning screen before you use the arp freeze feature 218
• Chapter 24 ip source guard 218
• Gs3700 xgs3700 series user s guide 218
• Label description 218
• Static binding 218
• The following table describes the labels in this screen 218
• Chapter 24 ip source guard 219
• Dhcp snooping 219
• Gs3700 xgs3700 series user s guide 219
• Label description 219
• Static binding continued 219
• Chapter 24 ip source guard 220
• Dhcp snooping 220
• Gs3700 xgs3700 series user s guide 220
• Label description 220
• The following table describes the labels in this screen 220
• Chapter 24 ip source guard 221
• Dhcp snooping continued 221
• Gs3700 xgs3700 series user s guide 221
• Label description 221
• Chapter 24 ip source guard 222
• Configure 222
• Dhcp snooping configure 222
• Dhcp snooping continued 222
• Gs3700 xgs3700 series user s guide 222
• Label description 222
• Chapter 24 ip source guard 223
• Configure 223
• Gs3700 xgs3700 series user s guide 223
• Label description 223
• Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 223
• Note you have to enable dhcp snooping on the dhcp vlan too 223
• The following table describes the labels in this screen 223
• Chapter 24 ip source guard 224
• Configure continued 224
• Dhcp snooping port configure 224
• Gs3700 xgs3700 series user s guide 224
• Label description 224
• Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 224
• Use this screen to specify whether ports are trusted or untrusted ports for dhcp snooping 224
• Chapter 24 ip source guard 225
• Dhcp snooping port configure 225
• Dhcp snooping vlan configure 225
• Gs3700 xgs3700 series user s guide 225
• Label description 225
• The following table describes the labels in this screen 225
• Chapter 24 ip source guard 226
• Dhcp snooping vlan configure 226
• Dhcp snooping vlan port configure 226
• Gs3700 xgs3700 series user s guide 226
• Label description 226
• Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 226
• The following table describes the labels in this screen 226
• Arp inspection 227
• Arp inspection status 227
• Chapter 24 ip source guard 227
• Dhcp snooping vlan port configure 227
• Gs3700 xgs3700 series user s guide 227
• Label description 227
• The following table describes the labels in this screen 227
• Vlan screen 227
• Arp inspection status 228
• Arp inspection vlan status 228
• Chapter 24 ip source guard 228
• Gs3700 xgs3700 series user s guide 228
• Label description 228
• The following table describes the labels in this screen 228
• Vlan status 228
• Arp inspection log status 229
• Arp inspection vlan status 229
• Chapter 24 ip source guard 229
• Gs3700 xgs3700 series user s guide 229
• Label description 229
• Log status 229
• The following table describes the labels in this screen 229
• Arp inspection log status 230
• Chapter 24 ip source guard 230
• Gs3700 xgs3700 series user s guide 230
• Label description 230
• The following table describes the labels in this screen 230
• Arp inspection configure 231
• Chapter 24 ip source guard 231
• Configure 231
• Gs3700 xgs3700 series user s guide 231
• Label description 231
• The following table describes the labels in this screen 231
• Arp inspection configure continued 232
• Arp inspection port configure 232
• Chapter 24 ip source guard 232
• Gs3700 xgs3700 series user s guide 232
• Label description 232
• Arp inspection port configure 233
• Arp inspection vlan configure 233
• Chapter 24 ip source guard 233
• Gs3700 xgs3700 series user s guide 233
• Label description 233
• The following table describes the labels in this screen 233
• Arp inspection vlan configure 234
• Chapter 24 ip source guard 234
• Gs3700 xgs3700 series user s guide 234
• Label description 234
• The following table describes the labels in this screen 234
• Loop guard 235
• Loop guard overview 235
• Note after resolving the loop problem on your network you can re activate the disabled port via the web configurator see section 6 on page 60 or via commands see the ethernet switch cli reference guide 236
• Chapter 25 loop guard 237
• Gs3700 xgs3700 series user s guide 237
• Label description 237
• Loop guard 237
• Loop guard in the navigation panel to display the screen as shown 237
• Loop guard setup 237
• Note changes in this row are copied to all the ports as soon as you make them 237
• Note the loop guard feature can not be enabled on the ports that have spanning tree protocol rstp mrstp or mstp enabled 237
• The following table describes the labels in this screen 237
• Enabling vlan mapping 238
• Vlan mapping 238
• Vlan mapping example 238
• Vlan mapping overview 238
• Chapter 26 vlan mapping 239
• Click the vlan mapping configure link in the vlan mapping screen to display the screen as shown use this screen to enable and edit the vlan mapping rule s 239
• Configuring vlan mapping 239
• Figure 155 vlan mapping 239
• Gs3700 xgs3700 series user s guide 239
• Label description 239
• Table 119 vlan mapping 239
• The following table describes the labels in this screen 239
• Chapter 26 vlan mapping 240
• Figure 156 vlan mapping configuration 240
• Gs3700 xgs3700 series user s guide 240
• Label description 240
• Table 120 vlan mapping configuration 240
• The following table describes the labels in this screen 240
• Layer 2 protocol tunneling 241
• Layer 2 protocol tunneling overview 241
• Configuring layer 2 protocol tunneling 242
• Layer 2 protocol tunneling mode 242
• Service provider s network c 242
• Chapter 27 layer 2 protocol tunneling 243
• Gs3700 xgs3700 series user s guide 243
• Label description 243
• Layer 2 protocol tunneling 243
• Note all the edge switches in the service provider s network should be set to use the same mac address for encapsulation 243
• Note changes in this row are copied to all the ports as soon as you make them 243
• Note the mac address can be either a unicast mac address or multicast mac address if you use a unicast mac address make sure the mac address does not exist in the address table of a switch on the service provider s network 243
• The following table describes the labels in this screen 243
• Chapter 27 layer 2 protocol tunneling 244
• Gs3700 xgs3700 series user s guide 244
• Label description 244
• Layer 2 protocol tunneling continued 244
• Note you can enable l2pt services for stp lacp vtp cdp udld and pagp on the access port s only 244
• Sflow overview 245
• Sflow port configuration 245
• Chapter 28 sflow 246
• Gs3700 xgs3700 series user s guide 246
• Label description 246
• Note changes in this row are copied to all the ports as soon as you make them 246
• The following table describes the labels in this screen 246
• Chapter 28 sflow 247
• Click the collector link in the sflow screen to display the screen as shown you can configure up to four sflow collectors in this screen you may want to configure more than one collector if the traffic load to be monitored is more than one collector can manage 247
• Collector 247
• Collector screen the sflow collector does not need to be in the same subnet as the switch but it must be accessible from the switch 247
• Gs3700 xgs3700 series user s guide 247
• Label description 247
• Note configure udp port 6343 the default on a nat router to allow port forwarding if the collector is behind a nat router configure a firewall rule for udp port 6343 the default to allow incoming traffic if the collector is behind a firewall 247
• Sflow collector configuration 247
• Sflow continued 247
• The following table describes the labels in this screen 247
• Chapter 28 sflow 248
• Collector continued 248
• Gs3700 xgs3700 series user s guide 248
• Label description 248
• Pppoe intermediate agent overview 249
• Pppoe intermediate agent tag format 249
• Sub option format 249
• Chapter 29 pppoe 250
• Every port is either a trusted port or an untrusted port for the pppoe intermediate agent this setting is independent of the trusted untrusted setting for dhcp snooping or arp inspection you can also specify the agent sub options circuit id and remote id that the switch adds to padi and padr packets from pppoe clients 250
• Flexible circuit id syntax with identifier string and variables 250
• Gs3700 xgs3700 series user s guide 250
• If you do not configure a circuit id string for a vlan on a specific port or for a specific port the switch adds the user defined identifier string and variables into the agent circuit id sub option the variables can be the slot id of the pppoe client the port number of the pppoe client and or the vlan id on the pppoe packet 250
• Intermediate agent screen the switch automatically generates a circuit id string according to the default circuit id syntax which is defined in the dsl forum working text wt 101 the default access node identifier is the host name of the pppoe intermediate agent and the eth indicates ethernet 250
• Port state 250
• Table 126 pppoe ia remote id sub option format 250
• Table 127 pppoe ia circuit id sub option format using identifier string and variables 250
• Table 128 pppoe ia circuit id sub option format defined in wt 101 250
• The 1 in the first field identifies this as an agent circuit id sub option and 2 identifies this as an agent remote id sub option the next field specifies the length of the field the switch takes the circuit id string you manually configure for a vlan on a port as the highest priority and the circuit id string for a port as the second priority in addition the switch puts the pppoe client s mac address into the agent remote id sub option if you do not specify any user defined string 250
• The identifier string slot id port number and vlan id are separated from each other by a pound key semi colon period comma forward slash or space an agent circuit id sub option example is switch 07 0123 and indicates the pppoe packets come from a pppoe client which is connected to the switch s port 7 and belong to vlan 123 250
• Wt 101 default circuit id syntax 250
• Note the switch will drop all pppoe discovery packets if you enable the pppoe intermediate agent and there are no trusted ports 251
• Pppoe intermediate agent 251
• The pppoe screen 251
• Chapter 29 pppoe 252
• Gs3700 xgs3700 series user s guide 252
• Intermediate agent 252
• Label description 252
• The following table describes the labels in this screen 252
• Note the switch will drop all pppoe packets if you enable the pppoe intermediate agent on the switch and there are no trusted ports 253
• Pppoe ia per port 253
• Chapter 29 pppoe 254
• Gs3700 xgs3700 series user s guide 254
• Label description 254
• Port continued 254
• Port screen to display the screen as shown 254
• Pppoe ia per port per vlan 254
• Use this screen to configure pppoe ia settings that apply to a specific vlan on a port 254
• Chapter 29 pppoe 255
• Gs3700 xgs3700 series user s guide 255
• Label description 255
• Note changes in this row are copied to all the vlans as soon as you make them 255
• The following table describes the labels in this screen 255
• Chapter 29 pppoe 256
• Click the vlan link in the intermediate agent screen to display the screen as shown 256
• Gs3700 xgs3700 series user s guide 256
• Label description 256
• Note changes in this row are copied to all the vlans as soon as you make them 256
• Pppoe ia for vlan 256
• The following table describes the labels in this screen 256
• Use this screen to set whether the pppoe intermediate agent is enabled on a vlan and whether the switch appends the circuit id and or remote id to pppoe discovery packets from a specific vlan 256
• Cpu protection overview 257
• Error disable 257
• Error disable recovery overview 257
• The error disable screen 257
• Error disable status 258
• Chapter 30 error disable 259
• Cpu protection configuration 259
• Errdisable detect screen 259
• Errdisable screen to display the screen as shown 259
• Errdisable status 259
• Gs3700 xgs3700 series user s guide 259
• Label description 259
• The following table describes the labels in this screen 259
• Chapter 30 error disable 260
• Cpu protection 260
• Errdisable screen to display the screen as shown 260
• Error disable detect configuration 260
• Gs3700 xgs3700 series user s guide 260
• Label description 260
• Note changes in this row are copied to all the ports as soon as you make them 260
• The following table describes the labels in this screen 260
• Chapter 30 error disable 261
• Errdisable detect 261
• Errdisable screen to display the screen as shown 261
• Error disable recovery configuration 261
• Gs3700 xgs3700 series user s guide 261
• Label description 261
• Note changes in this row are copied to all the entries as soon as you make them 261
• The following table describes the labels in this screen 261
• Chapter 30 error disable 262
• Errdisable recovery 262
• Gs3700 xgs3700 series user s guide 262
• Label description 262
• Note changes in this row are copied to all the entries as soon as you make them 262
• The following table describes the labels in this screen 262
• Mac pinning 263
• Mac pinning configuration 263
• Mac pinning overview 263
• Chapter 31 mac pinning 264
• Gs3700 xgs3700 series user s guide 264
• Label description 264
• Mac pinning 264
• Note changes in this row are copied to all the ports as soon as you make them 264
• The following table describes the labels in this screen 264
• Private vlan 265
• Private vlan overview 265
• Label description 266
• Table 138 pvlan graphic key continued 266
• Table 139 spanning pvlan graphic key 266
• Configuration 267
• Vlan port setting enabled will not be able to communicate with each other 267
• Chapter 32 private vlan 268
• Gs3700 xgs3700 series user s guide 268
• Label description 268
• Note changes in this row are copied to all the entries as soon as you make them 268
• Note the vlan id and mode selected here must be the same as the vlan id and vlan typ 268
• Private vlan 268
• The following table describes the labels in this screen 268
• Configuring green ethernet 269
• Green ethernet 269
• Green ethernet overview 269
• Chapter 33 green ethernet 270
• Green ethernet 270
• Gs3700 xgs3700 series user s guide 270
• Label description 270
• Note changes in this row are copied to all the ports as soon as you make them 270
• The following table describes the labels in this screen 270
• Link layer discovery protocol lldp 271
• Lldp overview 271
• Lldp med overview 272
• Lldp screens 273
• Chapter 34 link layer discovery protocol lldp 274
• Gs3700 xgs3700 series user s guide 274
• Label description 274
• Lldp continued 274
• Lldp local status 274
• Lldp local status to display the screen as shown next 274
• Chapter 34 link layer discovery protocol lldp 275
• Gs3700 xgs3700 series user s guide 275
• Label description 275
• Lldp local status 275
• The following table describes the labels in this screen 275
• Chapter 34 link layer discovery protocol lldp 276
• Gs3700 xgs3700 series user s guide 276
• Label description 276
• Lldp local port status detail 276
• Lldp local status 276
• Lldp local status and then click a port number for example 1 port in the local port column to display the screen as shown next 276
• Chapter 34 link layer discovery protocol lldp 279
• Gs3700 xgs3700 series user s guide 279
• Label description 279
• Lldp local port status detail 279
• The following table describes the labels in this screen 279
• Chapter 34 link layer discovery protocol lldp 280
• Gs3700 xgs3700 series user s guide 280
• Label description 280
• Lldp local port status detail 280
• Lldp remote status 280
• Lldp remote status to display the screen as shown next 280
• The following table describes the labels in this screen 280
• Lldp remote port status detail 281
• Chapter 34 link layer discovery protocol lldp 282
• Gs3700 xgs3700 series user s guide 282
• Label description 282
• Lldp remote port status detail basic tlv 282
• The following table describes the labels in basic tlv part of the screen 282
• Chapter 34 link layer discovery protocol lldp 283
• Dot 1 and dot3 tlv 283
• Gs3700 xgs3700 series user s guide 283
• Label description 283
• Lldp remote port status detail dot1 and dot3 tlv 283
• The following table describes the labels in the dot1 and dot3 parts of the screen 283
• Chapter 34 link layer discovery protocol lldp 284
• Gs3700 xgs3700 series user s guide 284
• Label description 284
• Lldp remote port status detail dot1 and dot3 tlv 284
• Chapter 34 link layer discovery protocol lldp 286
• Gs3700 xgs3700 series user s guide 286
• Label description 286
• Lldp remote port status detail med tlv 286
• The following table describes the labels in the med tlv part of the screen 286
• Chapter 34 link layer discovery protocol lldp 287
• Gs3700 xgs3700 series user s guide 287
• Label description 287
• Lldp configuration 287
• Lldp configuration to display the screen as shown next 287
• Lldp remote port status detail med tlv 287
• Chapter 34 link layer discovery protocol lldp 288
• Gs3700 xgs3700 series user s guide 288
• Label description 288
• Lldp configuration 288
• The following table describes the labels in this screen 288
• Basic tlv setting 289
• Basic tlv setting to display the screen as shown next 289
• Chapter 34 link layer discovery protocol lldp 289
• Gs3700 xgs3700 series user s guide 289
• Label description 289
• Lldp configuration 289
• Lldp configuration basic tlv setting 289
• Basic tlv setting 290
• Chapter 34 link layer discovery protocol lldp 290
• Gs3700 xgs3700 series user s guide 290
• Label description 290
• Lldp configuration basic org specific tlv setting 290
• Org specific tlv setting 290
• Org specific tlv setting to display the screen as shown next 290
• The following table describes the labels in this screen 290
• Chapter 34 link layer discovery protocol lldp 291
• Gs3700 xgs3700 series user s guide 291
• Label description 291
• Lldp med configuration 291
• Lldp med configuration to display the screen as shown next 291
• Note for poe models only 291
• Org specific tlv setting 291
• The following table describes the labels in this screen 291
• Chapter 34 link layer discovery protocol lldp 292
• Gs3700 xgs3700 series user s guide 292
• Label description 292
• Lldp med configuration 292
• Lldp med network policy 292
• Lldp med network policy to display the screen as shown next 292
• The following table describes the labels in this screen 292
• Chapter 34 link layer discovery protocol lldp 293
• Gs3700 xgs3700 series user s guide 293
• Label description 293
• Lldp med network policy 293
• The following table describes the labels in this screen 293
• Lldp med location 294
• Chapter 34 link layer discovery protocol lldp 295
• Gs3700 xgs3700 series user s guide 295
• Label description 295
• Lldp med location 295
• The following table describes the labels in this screen 295
• Chapter 34 link layer discovery protocol lldp 296
• Gs3700 xgs3700 series user s guide 296
• Label description 296
• Lldp med location 296
• Static route 297
• Static routing 297
• Static routing overview 297
• Configuring ipv4 static routing 298
• Chapter 35 static route 299
• Configuring ipv6 static routing 299
• Gs3700 xgs3700 series user s guide 299
• Ipv4 static route continued 299
• Label description 299
• Static routing screen to display the screen as shown 299
• Chapter 35 static route 300
• Gs3700 xgs3700 series user s guide 300
• Ipv6 static route 300
• Label description 300
• The following table describes the related labels you use to create a static route 300
• Benefits 301
• Configuring policy routing profile 301
• Policy route overview 301
• Policy routing 301
• Chapter 36 policy routing 302
• Gs3700 xgs3700 series user s guide 302
• Label description 302
• Policy routing 302
• Policy routing rule configuration 302
• The following table describes the labels in this screen 302
• Use this screen to configure a policy route to override the default shortest path routing behavior and forward packets based on the classifier and action you specify a policy route rule defines the matching classifier and the action to take when a packet meets the criteria in the classifier the action is taken only when all the criteria are met policy based routing is applied to incoming packets on a per interface basis before normal routing the switch does not perform normal routing on packets that match any of the policy routes 302
• You must first configure a layer 3 classifier in the classifier screen see section 18 on page 156 and a policy routing profile in the policy routing screen see section 36 on page 301 302
• Chapter 36 policy routing 303
• Gs3700 xgs3700 series user s guide 303
• Label description 303
• Policy routing screen to display the screen as shown 303
• Rule configuration 303
• The following table describes the labels in this screen 303
• Chapter 36 policy routing 304
• Gs3700 xgs3700 series user s guide 304
• Label description 304
• Rule configuration continued 304
• Differentiated services 305
• Diffserv network example 305
• Diffserv overview 305
• Dscp and per hop behavior 305
• P platinum g gold s silver b bronze 306
• Two rate three color marker traffic policing 306
• Activating diffserv 307
• Exceed cir 307
• Exceed pir 307
• Red yellow 307
• Trtcm color aware mode 307
• Trtcm color blind mode 307
• Chapter 37 differentiated services 308
• Configuring 2 rate 3 color marker settings 308
• Diffserv 308
• Gs3700 xgs3700 series user s guide 308
• Label description 308
• Note changes in this row are copied to all the ports as soon as you make them 308
• Note you cannot enable both trtcm and bandwidth control at the same time 308
• The following table describes the labels in this screen 308
• Use this screen to configure trtcm settings click the 2 rate 3 color marker link in the diffserv screen to display the screen as shown next 308
• Chapter 37 differentiated services 309
• Gs3700 xgs3700 series user s guide 309
• Label description 309
• Note changes in this row are copied to all the ports as soon as you make them 309
• Note you must also activate diffserv on the switch and the individual ports for the switch to drop red high loss priority colored packets 309
• Rate 3 color marker 309
• The following table describes the labels in this screen 309
• Chapter 37 differentiated services 310
• Dscp profile 310
• Gs3700 xgs3700 series user s guide 310
• Label description 310
• Rate 3 color marker continued 310
• Rate 3 color marker screen 310
• The following table describes the labels in this screen 310
• Chapter 37 differentiated services 311
• Configuring dscp settings 311
• Dscp profile continued 311
• Dscp setting 311
• Dscp to ieee 802 p priority settings 311
• Gs3700 xgs3700 series user s guide 311
• Label description 311
• Table 162 default dscp ieee 802 p mapping 311
• The following table shows the default dscp to ieee802 p mapping 311
• To change the dscp ieee 802 p mapping click the dscp setting link in the diffserv screen to display the screen as shown next 311
• You can configure the dscp to ieee 802 p mapping to allow the switch to prioritize all traffic based on the incoming dscp value according to the diffserv to ieee 802 p mapping table 311
• Chapter 37 differentiated services 312
• Dscp setting 312
• Gs3700 xgs3700 series user s guide 312
• Label description 312
• The following table describes the labels in this screen 312
• Dhcp configuration 313
• Dhcp configuration options 313
• Dhcp modes 313
• Dhcp overview 313
• Dhcpv4 server status detail 314
• Dhcpv4 status 314
• Chapter 38 dhcp 315
• Configure dhcp relay on the switch if the dhcp clients and the dhcp server are not in the same broadcast domain during the initial ip address leasing the switch helps to relay network information such as the ip address and subnet mask between a dhcp client and a dhcp server once the dhcp client obtains an ip address and can connect to the network network information renewal is done between the dhcp client and the dhcp server without the help of the switch 315
• Dhcpv4 relay 315
• Gs3700 xgs3700 series user s guide 315
• Label description 315
• Server status detail 315
• The following table describes the labels in this screen 315
• Dhcpv4 option 82 profile 316
• Dhcpv4 relay agent information 316
• Dhcpv4 relay agent information format 316
• Sub option format 316
• Chapter 38 dhcp 317
• Gs3700 xgs3700 series user s guide 317
• Label description 317
• Option 82 profile 317
• The following table describes the labels in this screen 317
• Chapter 38 dhcp 318
• Configuring dhcpv4 global relay 318
• Dhcpv4 in the navigation panel and click the global link to display the screen as shown 318
• Global 318
• Gs3700 xgs3700 series user s guide 318
• Label description 318
• Option 82 profile continued 318
• The following table describes the labels in this screen 318
• Chapter 38 dhcp 319
• Dhcpv4 global relay port configure 319
• Global continued 319
• Global screen 319
• Gs3700 xgs3700 series user s guide 319
• Label description 319
• The following table describes the labels in this screen 319
• Example 320
• Global dhcp relay configuration example 320
• Vlan1 vlan2 320
• Configuring dhcp vlan settings 321
• Note you must set up a management ip address for each vlan that you want to configure dhcp settings for on the switch see section 6 on page 58 for information on how to do this 321
• Chapter 38 dhcp 322
• Dhcpv4 vlan port configure 322
• Gs3700 xgs3700 series user s guide 322
• Label description 322
• Vlan continued 322
• Chapter 38 dhcp 323
• Gs3700 xgs3700 series user s guide 323
• Label description 323
• The following table describes the labels in this screen 323
• Vlan screen 323
• 6 0 00 324
• Example 324
• Example dhcp relay for two vlans 324
• Dhcpv6 relay 325
• Chapter 38 dhcp 326
• Dhcpv6 continued 326
• Gs3700 xgs3700 series user s guide 326
• Label description 326
• Vrrp overview 327
• Before configuring vrrp first create an ip interface or routing domain in the ip setup screen see the section 6 on page 58 for more information 328
• Chapter 39 vrrp 328
• Gs3700 xgs3700 series user s guide 328
• Ip interface setup 328
• Label description 328
• The following sections describe the different parts of the vrrp configuration screen 328
• The following table describes the labels in this screen 328
• Vrrp configuration 328
• Vrrp in the navigation panel to display the vrrp status screen as shown next 328
• Vrrp status 328
• Chapter 39 vrrp 329
• Click ip application vrrp and click the configuration link to display the vrrp configuration screen as shown next 329
• Gs3700 xgs3700 series user s guide 329
• Label description 329
• Note routing domains with the same vlan id are not displayed in the table indicated 329
• Note you can only configure vrrp on interfaces with unique vlan ids 329
• The following table describes the labels in this screen 329
• Vrrp configuration ip interface 329
• Advertisement interval 330
• Configuring vrrp parameters 330
• Note all routers participating in the virtual router must use the same advertisement interval 330
• Preempt mode 330
• Priority 330
• Vrrp parameters 330
• Chapter 39 vrrp 331
• Gs3700 xgs3700 series user s guide 331
• Label description 331
• The following table describes the labels in this screen 331
• Vrrp configuration vrrp parameters 331
• Chapter 39 vrrp 332
• Gs3700 xgs3700 series user s guide 332
• Label description 332
• One subnet network example 332
• The figure below shows a simple vrrp network with only one virtual router vr1 vrid 1 and two switches the network is connected to the wan via an uplink gateway g 172 6 00 the host computer x is set to use vr1 as the default gateway 332
• The following sections show two vrrp configuration examples on the switch 332
• The following table describes the labels in this screen 332
• View the vrrp configuration summary at the bottom of the screen 332
• Viewing vrrp summary 332
• Vrrp configuration examples 332
• Vrrp configuration summary 332
• Example 333
• Example 334
• Two subnets example 334
• Example 335
• Configuring load sharing 336
• Load sharing 336
• Load sharing overview 336
• Chapter 40 load sharing 337
• Gs3700 xgs3700 series user s guide 337
• Label description 337
• Load sharing 337
• The following table describes the labels in this screen 337
• Arp learning mode 338
• Arp overview 338
• Arp setup 338
• How arp works 338
• Arp request 339
• Gratuitous arp 339
• Arp learning 340
• Arp setup 340
• Arp learning 341
• Chapter 41 arp setup 341
• Gs3700 xgs3700 series user s guide 341
• Label description 341
• Note changes in this row are copied to all the ports as soon as you make them 341
• The following table describes the labels in this screen 341
• Arp setup screen to display the screen as shown 342
• Chapter 41 arp setup 342
• Gs3700 xgs3700 series user s guide 342
• Label description 342
• Static arp 342
• The following table describes the related labels in this screen 342
• Chapter 41 arp setup 343
• Gs3700 xgs3700 series user s guide 343
• Label description 343
• Static arp continued 343
• Maintenance 344
• The maintenance screen 344
• Load factory default 345
• Note clicking the apply or add button does not save the changes permanently all unsaved changes are erased after you reboot the switch 345
• Save configuration 345
• Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 346
• Firmware upgrade 346
• Reboot system 346
• Backup a configuration file 347
• Restore a configuration file 347
• Tech support 348
• Chapter 42 maintenance 349
• External name description 349
• File type internal name 349
• Filename conventions 349
• Ftp command line 349
• Gs3700 xgs3700 series user s guide 349
• Label description 349
• Table 184 filename conventions 349
• Tech support 349
• The configuration file also known as the romfile or rom contains the factory default settings in the screens such as password switch setup ip setup and so on once you have customized the switch s settings they can be saved back to your computer under a filename of your choosing 349
• This section shows some examples of uploading to or downloading files from the switch using ftp commands first understand the filename conventions 349
• You can store up to two images or firmware files of the same device model on the switch only one image is used at a time 349
• Zynos zyxel network operating system sometimes referred to as the ras file is the system firmware and has a bin filename extension 349
• Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 350
• Example ftp commands 350
• Ftp command line procedure 350
• Chapter 42 maintenance 351
• Command description 351
• Ftp restrictions 351
• Ftp service is disabled in the service access control screen 351
• Ftp will not work when 351
• Gs3700 xgs3700 series user s guide 351
• Gui based ftp clients 351
• Table 185 general commands for gui based ftp clients 351
• The following table describes some of the commands that you may see in gui based ftp clients 351
• The ip address es in the remote management screen does not match the client ip address if it does not match the switch will disconnect the ftp session immediately 351
• About snmp 352
• Access control 352
• Access control overview 352
• The access control main screen 352
• Snmp v3 and security 353
• An oid object id that begins with 1 90 5 is defined in private mibs otherwise it is a standard mib oid 354
• Chapter 43 access control 354
• Gs3700 xgs3700 series user s guide 354
• Mibs let administrators collect statistics and monitor status and performance 354
• Option object label object id description 354
• Rfc 1155 smi 354
• Rfc 1157 snmp v1 354
• Rfc 1493 bridge mibs 354
• Rfc 1643 ethernet mibs 354
• Rfc 1757 rmon 354
• Rfc 2674 snmpv2 snmpv2c 354
• Snmp mib ii rfc 1213 354
• Snmp traps 354
• Snmpv2 snmpv2c or later version compliant with rfc 2011 snmpv2 mib for ip rfc 2012 snmpv2 mib for tcp rfc 2013 snmpv2 mib for udp 354
• Supported mibs 354
• Table 188 snmp system traps 354
• The switch sends traps to an snmp manager when an event occurs the following tables outline the snmp traps by category 354
• The switch supports the following mibs 354
• Chapter 43 access control 355
• Gs3700 xgs3700 series user s guide 355
• Option object label object id description 355
• Table 188 snmp system traps continued 355
• Table 189 snmp interfacetraps 355
• Chapter 43 access control 356
• Gs3700 xgs3700 series user s guide 356
• Option object label object id description 356
• Table 189 snmp interfacetraps continued 356
• Table 190 aaa traps 356
• Chapter 43 access control 357
• Configuring snmp 357
• From the access control screen display the snmp screen you can click access control to go back to the access control screen 357
• Gs3700 xgs3700 series user s guide 357
• Option object label object id description 357
• Table 191 snmp ip traps 357
• Table 192 snmp switch traps 357
• Chapter 43 access control 358
• Gs3700 xgs3700 series user s guide 358
• Label description 358
• Note snmp version 2c is backwards compatible with snmp version 1 358
• The following table describes the labels in this screen 358
• User screen 358
• Chapter 43 access control 359
• Configuring snmp trap group 359
• From the snmp screen click trap group to view the screen as shown use the trap group screen to specify the types of snmp traps that should be sent to each snmp manager 359
• Gs3700 xgs3700 series user s guide 359
• Label description 359
• Snmp continued 359
• The following table describes the labels in this screen 359
• Trap group 359
• Chapter 43 access control 360
• Enabling disabling sending of snmp traps on a port 360
• Gs3700 xgs3700 series user s guide 360
• Label description 360
• Note changes in this row are copied to all the ports as soon as you make them 360
• The following table describes the labels in this screen 360
• Trap group screen click port to view the screen as shown use this screen to set whether a trap received on the port s would be sent to the snmp manager 360
• Chapter 43 access control 361
• Configuring snmp user 361
• From the snmp screen click user to view the screen as shown use the user screen to create snmp users for authentication with managers using snmp v3 and associate them to snmp groups an snmp user is an snmp manager 361
• Gs3700 xgs3700 series user s guide 361
• Label description 361
• Note the settings on the snmp manager must be set at the same security level or higher than the security level settings on the switch 361
• Note use the username and password of the login accounts you specify in this screen to create accounts on the snmp v3 manager 361
• The following table describes the labels in this screen 361
• A non administrator username is something other than admin is someone who can view but not configure switch settings 362
• An administrator is someone who can both view and configure switch changes the username for the administrator is always admin the default administrator password is 1234 362
• Chapter 43 access control 362
• Gs3700 xgs3700 series user s guide 362
• Label description 362
• Logins to view the screen as shown 362
• Note it is highly recommended that you change the default administrator password 1234 362
• Setting up login accounts 362
• Up to five people one administrator and four non administrators may access the switch via web configurator at any one time 362
• User continued 362
• Chapter 43 access control 363
• Gs3700 xgs3700 series user s guide 363
• Label description 363
• Logins 363
• The following table describes the labels in this screen 363
• Chapter 43 access control 364
• Figure 252 ssh communication example 364
• Gs3700 xgs3700 series user s guide 364
• How ssh works 364
• Label description 364
• Logins continued 364
• Ssh overview 364
• The following table summarizes how a secure connection is established between two remote hosts 364
• Unlike telnet or ftp which transmit data in clear text ssh secure shell is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network 364
• Ssh implementation on the switch 365
• Introduction to https 366
• Note if you disable http in the service access control screen then the switch blocks all http connection attempts 366
• Requirements for using ssh 366
• Https example 367
• Internet explorer 6 367
• Internet explorer 7 or 8 367
• Internet explorer warning messages 367
• Example 368
• Mozilla firefox warning messages 368
• Example 369
• Example 370
• Internet explore 370
• Service access control 370
• The main screen 370
• Chapter 43 access control 371
• From the access control screen display the remote management screen as shown next 371
• Gs3700 xgs3700 series user s guide 371
• Label description 371
• Remote management 371
• Service access control 371
• The following table describes the fields in this screen 371
• You can specify a group of one or more trusted computers from which an administrator may use a service to manage the switch click access control to return to the access control screen 371
• Chapter 43 access control 372
• Gs3700 xgs3700 series user s guide 372
• Label description 372
• Remote management 372
• The following table describes the labels in this screen 372
• Diagnostic 373
• Chapter 44 diagnostic 374
• Diagnostic continued 374
• Gs3700 xgs3700 series user s guide 374
• Label description 374
• Syslog 375
• Syslog overview 375
• Syslog setup 375
• Chapter 45 syslog 376
• Gs3700 xgs3700 series user s guide 376
• Label description 376
• Syslog 376
• Syslog server setup 376
• Syslog server setup to open the following screen use this screen to configure a list of external syslog servers 376
• The following table describes the labels in this screen 376
• Chapter 45 syslog 377
• Gs3700 xgs3700 series user s guide 377
• Label description 377
• Server setup 377
• The following table describes the labels in this screen 377
• Cluster management 378
• Clustering management status overview 378
• Cluster management status 379
• Note a cluster can only have one manager 379
• Chapter 46 cluster management 380
• Cluster management 380
• Cluster member switch management 380
• Go to the clustering management status screen of the cluster manager switch and then select an index hyperlink from the list of members to go to that cluster member switch s web configurator home page this cluster member web configurator home page and the home page that you d see if you accessed it directly are different 380
• Gs3700 xgs3700 series user s guide 380
• Label description 380
• The following table describes the labels in this screen 380
• Example 381
• Uploading firmware to a cluster member switch 381
• Clustering management configuration 382
• Example 382
• Chapter 46 cluster management 383
• Configuration 383
• Gs3700 xgs3700 series user s guide 383
• Label description 383
• The following table describes the labels in this screen 383
• Mac table 384
• Mac table overview 384
• Chapter 47 mac table 385
• Gs3700 xgs3700 series user s guide 385
• Label description 385
• Mac table 385
• Mac table in the navigation panel to display the following screen use this screen to search specific mac addresses you can also directly add dynamic mac address es into the static mac forwarding table or mac filtering table from the mac table using this screen 385
• The following table describes the labels in this screen 385
• Viewing the mac table 385
• Chapter 47 mac table 386
• Gs3700 xgs3700 series user s guide 386
• Label description 386
• Mac table continued 386
• Ip table 387
• Ip table overview 387
• Chapter 48 ip table 388
• Gs3700 xgs3700 series user s guide 388
• Ip table 388
• Ip table in the navigation panel to display the following screen 388
• Label description 388
• The following table describes the labels in this screen 388
• Viewing the ip table 388
• Arp table 389
• Arp table overview 389
• How arp works 389
• The arp table screen 389
• Arp table 390
• Chapter 49 arp table 390
• Gs3700 xgs3700 series user s guide 390
• Label description 390
• The following table describes the labels in this screen 390
• Overview 391
• Routing table 391
• Viewing the routing table status 391
• Path mtu overview 392
• Path mtu table 392
• Viewing the path mtu table 392
• Configure clone 393
• Chapter 52 configure clone 394
• Configure clone 394
• Gs3700 xgs3700 series user s guide 394
• Label description 394
• The following table describes the labels in this screen 394
• Ipv6 neighbor table overview 395
• Neighbor table 395
• Viewing the ipv6 neighbor table 395
• Chapter 53 neighbor table 396
• Gs3700 xgs3700 series user s guide 396
• Label description 396
• Neighbor table continued 396
• Power hardware connections and leds 397
• Troubleshooting 397
• I cannot see or access the login screen in the web configurator 398
• I forgot the ip address for the switch 398
• I forgot the username and or password 398
• One of the leds does not behave as expected 398
• Switch access and login 398
• I can see the login screen but i cannot log in to the switch 399
• Pop up windows javascripts and java permissions 399
• I cannot see some of advanced application submenus at the bottom of the navigation panel 400
• I lost my configuration settings after i restart the switch 400
• Switch configuration 400
• There is unauthorized access to my switch via telnet http and ssh 400
• Common services 401
• Ppendi 401
• Appendix a common services 402
• Gs3700 xgs3700 series user s guide 402
• Name protocol port s description 402
• Table 215 commonly used services continued 402
• Appendix a common services 403
• Gs3700 xgs3700 series user s guide 403
• Name protocol port s description 403
• Table 215 commonly used services continued 403
• Ppendi 404
• Global address 405
• Loopback address 405
• Multicast address 405
• Unspecified address 405
• Eui 64 406
• Interface id 406
• Stateless autoconfiguration 406
• Subnet masking 406
• Dhcp relay agent 407
• Dhcpv6 407
• Identity association 407
• Rebind 407
• Renew rebind 407
• Renew to s1 407
• Icmpv6 408
• Ipv6 cache 408
• Neighbor discovery protocol ndp 408
• Prefix delegation 408
• Mld messages 409
• Multicast listener discovery 409
• Example enabling dhcpv6 on windows xp 410
• Example enabling ipv6 on windows xp 2003 vista 410
• Example enabling ipv6 on windows 7 411
• Customer support 413
• Ppendi 413
• Austria 414
• Belarus 414
• Europe 414
• Malaysia 414
• Pakistan 414
• Philipines 414
• Singapore 414
• Taiwan 414
• Thailand 414
• Vietnam 414
• Belgium 415
• Bulgaria 415
• Denmark 415
• Estonia 415
• Finland 415
• France 415
• Germany 415
• Hungary 415
• Latvia 415
• Lithuania 416
• Netherlands 416
• Norway 416
• Poland 416
• Romania 416
• Russia 416
• Slovakia 416
• Sweden 416
• Switzerland 416
• Argentina 417
• Ecuador 417
• Latin america 417
• Middle east 417
• North america 417
• Turkey 417
• Ukraine 417
• Africa 418
• Australia 418
• Oceania 418
• South africa 418
• Legal information 419
• Ppendi 419
• Appendix d legal information 420
• Gs3700 xgs3700 series user s guide 420
• Open source licenses 420
• Registration 420
• Safety warnings 420
• Zyxel limited warranty 420
• Environmental product declaration 421
• Numbers 422