![Zyxel XS3900-48F [188/332] Aaa screens](/img/pdf.png)
Zyxel XS3900-48F [188/332] Aaa screens
![Zyxel XS3900-48F [188/332] Aaa screens](/views2/1168992/page188/bgbc.png)
Chapter 23 AAA
XS3900-48F User’s Guide
188
23.1.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
23.2 AAA Screens
The AAA screens allow you to enable authentication, authorization, accounting or all of them on the
Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or
both) and then set up the authentication priority, activate authorization and configure accounting
settings.
Click Advanced Application > AAA in the navigation panel to display the screen as shown.
Figure 102 Advanced Application > AAA
23.2.1 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See Section 23.1.2 on page 188 for more
information on RADIUS servers and Section 23.3 on page 196 for RADIUS attributes utilized by the
Table 73 RADIUS vs TACACS+
RADIUS TACACS+
Transport
Protocol
UDP (User Datagram Protocol) TCP (Transmission Control Protocol)
Encryption Encrypts the password sent for
authentication.
All communication between the client (the
Switch) and the TACACS server is encrypted.
Содержание
- Default login details 1
- Port 10gbe top of rack switch with 4 port 40gbe uplink 1
- Quick start guide 1
- User s guide 1
- Xs3900 48f 1
- Important 2
- In the switc 2
- Keep this guide for future reference 2
- Note it is recommended you use the web configurator to configure the switch 2
- Read carefully before use 2
- Related documentation 2
- Contents overview 3
- Technical reference 3 3
- User s guide 5 3
- Chapter 1 getting to know your switch 7 5
- Chapter 2 tutorials 5 5
- Contents overview 5
- Part i user s guide 15 5
- Table of contents 5
- Chapter 3 switch hardware overview 9 6
- Chapter 4 the web configurator 3 6
- Chapter 5 system status and port statistics 5 6
- Chapter 6 basic setting 0 6
- Chapter 7 vlan 1 6
- Part ii technical reference 63 6
- Chapter 10 filtering 05 7
- Chapter 11 spanning tree protocol 07 7
- Chapter 8 static mac forward setup 9 7
- Chapter 9 static multicast forward setup 01 7
- Chapter 12 bandwidth control 25 8
- Chapter 13 broadcast storm control 28 8
- Chapter 14 mirroring 30 8
- Chapter 15 link aggregation 32 8
- Chapter 16 port authentication 40 8
- Chapter 17 port security 48 8
- Chapter 18 classifier 51 9
- Chapter 19 policy rule 57 9
- Chapter 20 queuing method 62 9
- Chapter 21 vlan stacking 65 9
- Chapter 22 multicast 72 9
- Chapter 23 aaa 87 10
- Chapter 24 ip source guard 00 10
- Chapter 25 loop guard 20 11
- Chapter 26 vlan mapping 24 11
- Chapter 27 layer 2 protocol tunneling 28 11
- Chapter 28 sflow 32 11
- Chapter 29 pppoe 36 11
- Chapter 30 error disable 44 11
- Chapter 31 private vlan 49 12
- Chapter 32 static route 53 12
- Chapter 33 differentiated services 56 12
- Chapter 34 dhcp 63 12
- Chapter 35 maintenance 69 12
- Chapter 36 access control 76 13
- Chapter 37 diagnostic 96 13
- Chapter 38 syslog 97 13
- Chapter 39 cluster management 00 13
- Appendix a common services 17 14
- Appendix b legal information 21 14
- Chapter 40 mac table 06 14
- Chapter 41 arp table 09 14
- Chapter 42 configure clone 311 14
- Chapter 43 troubleshooting 13 14
- Index 23 14
- User s guide 15
- Data center bridging dcb 17
- Getting to know your switch 17
- Introduction 17
- Label description 18
- Pfc ets and dcbx standards 18
- Table 1 dcb graphic key 18
- Dcb configuration 19
- Dcb only 19
- Guaranteed minimum bandwidth 19
- Name incoming traffic bandwidth gbps 19
- Outgoing traffic bandwidth gbps 19
- Table 2 defined traffic classes 19
- Table 3 defined relative weights 19
- Traffic class id guaranteed bandwidth class name 19
- Dcb with dcbx 20
- Priority traffic class id name 20
- Table 4 bound traffic priorities 20
- Backbone 21
- Bridging example 21
- Note at the time of writing dcb is configured using the command line interface cli only see the cli reference guide for details and usage examples 21
- Rd sales 21
- High performance switching example 22
- Ieee 802 q vlan application example 22
- Tag based vlan example 22
- Ipv6 support 23
- Ways to manage the switch 23
- Good habits for managing the switch 24
- How to use dhcp snooping on the switch 25
- Tutorials 25
- How to use dhcp relay on the switch 28
- Creating a vlan 29
- Dhcp relay tutorial introduction 29
- Dhcp server port 2 pvid 102 29
- Vlan 102 29
- Configuring dhcp relay 32
- How to use pppoe ia on the switch 33
- Note for related information about pppoe ia see section 29 on page 238 33
- Port 11 trusted 33
- Port 12 trusted 33
- Port 5 untrusted port 12 trusted 33
- Troubleshooting 33
- Configuring switch a 34
- Configuring switch b 36
- How to use error disable and recovery on the switch 38
- Note refer to section 25 on page 222 and section 30 on page 244 for more information about loop guard and errdiable 38
- Creating a vlan 40
- Example 40
- Example 41
- Note the vlan group id field in this screen and the vid field in the ip setup screen refer to the same vlan id 41
- Setting port vid 41
- Creating a guest vlan 42
- How to set up a guest vlan 42
- Internet 42
- Enabling ieee 802 x port authentication 45
- Enabling guest vlan 46
- Front panel connections 49
- Q sfp transceiver slots 49
- Switch hardware overview 49
- To avoid possible eye injury do not look into an operating fiber optic module s connectors 50
- Transceiver installation 50
- Transceiver removal 50
- Power connection 51
- Rear panel 51
- Chapter 3 switch hardware overview 52
- Connect the female end of the power cord to the module power socket 52
- Connect the other end of the cord to a power outlet 52
- Disconnect the power cord from the module power socket 52
- Disconnect the power cord from the power outlet 52
- Led color status description 52
- Switch leds 52
- Table 8 switch leds 52
- The following table describes the switch leds 52
- The power modules can be disconnected from the power source individually use the following procedure to disconnect the switch from a power source 52
- Xs3900 48f user s guide 52
- Introduction 53
- System login 53
- The web configurator 53
- The web configurator layout 54
- B d c e 55
- Basic setting advanced application ip application management 56
- Chapter 4 the web configurator 56
- In the navigation panel click a main link to reveal a list of submenu links 56
- Link description 56
- Table 10 navigation panel links 56
- Table 9 navigation panel sub links overview 56
- The following table describes the links in the navigation panel 56
- Xs3900 48f user s guide 56
- Chapter 4 the web configurator 57
- Link description 57
- Table 10 navigation panel links continued 57
- Xs3900 48f user s guide 57
- Change your password 58
- Chapter 4 the web configurator 58
- Figure 17 change administrator login password 58
- Link description 58
- Logins to display the next screen 58
- Table 10 navigation panel links continued 58
- Xs3900 48f user s guide 58
- Note be careful not to lock yourself and others out of the switch if you do lock yourself out try using out of band management via the management port to configure the switch 59
- Note use the save link when you are done with a configuration session 59
- Reload the configuration file 59
- Resetting the switch 59
- Saving your configuration 59
- Switch lockout 59
- Logging out of the web configurator 61
- Technical reference 63
- Overview 65
- Port status summary 65
- System status and port statistics 65
- Chapter 5 system status and port statistics 66
- Click a number in the port column in the status screen to display individual port statistics use this screen to check status and detailed performance data about an individual port on the switch 66
- Label description 66
- Status port details 66
- Table 11 port status continued 66
- Xs3900 48f user s guide 66
- Chapter 5 system status and port statistics 67
- Figure 21 status port details 67
- Label description 67
- Port details 67
- The following table describes the labels in this screen 67
- Xs3900 48f user s guide 67
- Chapter 5 system status and port statistics 68
- Label description 68
- Port details continued 68
- Xs3900 48f user s guide 68
- Chapter 5 system status and port statistics 69
- Label description 69
- Port details continued 69
- Xs3900 48f user s guide 69
- Basic setting 70
- Overview 70
- System information 70
- Chapter 6 basic setting 71
- Label description 71
- System info 71
- The following table describes the labels in this screen 71
- Xs3900 48f user s guide 71
- Chapter 6 basic setting 72
- General setup 72
- Label description 72
- The following table describes the labels in this screen 72
- Use this screen to configure general settings such as the system name and time click basic setting and general setup in the navigation panel to display the screen as shown 72
- Xs3900 48f user s guide 72
- A vlan virtual local area network allows a physical network to be partitioned into multiple logical networks devices on a logical network belong to one group a device can belong to more than one group with vlan a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router 73
- Chapter 6 basic setting 73
- General setup continued 73
- In mtu multi tenant unit applications vlan is vital in providing isolation and security among the subscribers when properly configured vlan prevents one subscriber from accessing the network resources of another on the same lan thus a user will not see the printers and hard disks of another user on the same network 73
- Introduction to vlans 73
- Label description 73
- Xs3900 48f user s guide 73
- Chapter 6 basic setting 74
- Click basic setting and then switch setup in the navigation panel to display the screen as shown the vlan setup screens change depending on whether you choose 802 q or port based in the vlan type field in this screen refer to the chapter on vlan 74
- Label description 74
- Note vlan is unidirectional it only governs outgoing traffic 74
- See chapter 7 on page 81 for information on port based and 802 q tagged vlans 74
- Switch setup 74
- Switch setup screen 74
- The following table describes the labels in this screen 74
- Vlan also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain in traditional switched environments all broadcast frames go to each and every individual port with vlan all broadcasts are confined to a specific broadcast domain 74
- Xs3900 48f user s guide 74
- Chapter 6 basic setting 75
- Label description 75
- Switch setup continued 75
- Xs3900 48f user s guide 75
- Chapter 6 basic setting 76
- Ip setup 76
- Label description 76
- The following table describes the labels in this screen 76
- Use the ip setup screen to configure the default gateway device the default domain name server and add ip domains 76
- Xs3900 48f user s guide 76
- Chapter 6 basic setting 77
- Ip setup continued 77
- Label description 77
- Note deleting all ip subnets locks you out of the switch 77
- Xs3900 48f user s guide 77
- Auto negotiation 78
- Port setup 78
- Switch peer result 78
- Table 17 78
- Chapter 6 basic setting 79
- Label description 79
- Note changes in this row are copied to all the ports as soon as you make them 79
- Note due to space limitations the port name may be truncated in some web configurator screens 79
- Port setup 79
- The following table describes the labels in this screen 79
- Xs3900 48f user s guide 79
- Chapter 6 basic setting 80
- Label description 80
- Port setup continued 80
- Xs3900 48f user s guide 80
- Forwarding tagged and untagged frames 81
- Introduction to ieee 802 q tagged vlans 81
- Automatic vlan registration 82
- Chapter 7 vlan 82
- Garp and gvrp are the protocols used to automatically register vlan membership across switches 82
- Garp generic attribute registration protocol allows network switches to register and de register attribute values with other garp participants within a bridged lan garp is a protocol that provides a generic mechanism for protocols that serve a more specific application for example gvrp 82
- Garp timers 82
- Gvrp garp vlan registration protocol is a registration protocol that defines a way for switches to register necessary vlan members on ports across the network enable this function to permit vlan groups beyond the local switch 82
- Please refer to the following table for common ieee 802 q vlan terminology 82
- Switches join vlans by making a declaration a declaration is made by issuing a join message using garp declarations are withdrawn by issuing a leave message a leave all message terminates all registrations garp timers set declaration timeout values 82
- Table 19 ieee 802 q vlan terminology 82
- Vlan parameter term description 82
- Xs3900 48f user s guide 82
- Port vlan trunking 83
- Q static vlan 83
- Select the vlan type 83
- Chapter 7 vlan 84
- Label description 84
- The following table describes the labels in this screen 84
- Vlan from the navigation panel to display the vlan status screen as shown next 84
- Vlan status 84
- Vlan vlan status 84
- Xs3900 48f user s guide 84
- You also use the static vlan screen to create vlan ids for static normal or private primary isolated or community vlans 84
- Chapter 7 vlan 85
- Label description 85
- The following table describes the labels in this screen 85
- Use this screen to view detailed port settings and status of the vlan group see section 7 on page 81 for more information on static 802 q vlan click on an index number in the vlan status screen to display vlan details 85
- Vlan detail 85
- Vlan details 85
- Xs3900 48f user s guide 85
- Configure a static vlan or private vlan 86
- Chapter 7 vlan 87
- Label description 87
- Note changes in this row are copied to all the ports as soon as you make them 87
- Static vlan continued 87
- Xs3900 48f user s guide 87
- Configure vlan port settings 88
- Chapter 7 vlan 89
- For example an isp internet service provider may divide different types of services it provides to customers into different ip subnets traffic for voice services is designated for ip subnet 172 6 24 video for 192 68 24 and data for 10 24 the switch can then be configured to group incoming traffic based on the source ip subnet of incoming frames 89
- Label description 89
- Note subnet based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 89
- Subnet based vlans 89
- Subnet based vlans allow you to group traffic into logical vlans based on the source ip subnet you specify when a frame is received on a port the switch checks if a tag is added already and the ip subnet it came from the untagged packets from the same ip subnet are then placed in the same subnet based vlan one advantage of using subnet based vlans is that priority can be assigned to traffic from the same ip subnet 89
- Vlan port setting continued 89
- Xs3900 48f user s guide 89
- You can then configure a subnet based vlan with priority 6 and vid of 100 for traffic received from ip subnet 172 6 24 voice services you can also have a subnet based vlan with priority 5 and vid of 200 for traffic received from ip subnet 192 68 24 video services lastly you can configure vlan with priority 3 and vid of 300 for traffic received from ip subnet 10 24 data 89
- Configuring subnet based vlan 90
- Internet 90
- Chapter 7 vlan 91
- Label description 91
- Note protocol based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 91
- Protocol based vlans 91
- Protocol based vlans allow you to group traffic into logical vlans based on the protocol you specify when an upstream frame is received on a port configured for a protocol based vlan the switch checks if a tag is added already and its protocol the untagged packets of the same protocol are then placed in the same protocol based vlan one advantage of using protocol based vlans is that priority can be assigned to traffic of the same protocol 91
- Subnet based vlan setup 91
- The following table describes the labels in this screen 91
- Xs3900 48f user s guide 91
- Configuring protocol based vlan 92
- Activate this protocol based vlan 93
- Chapter 7 vlan 93
- Create an ip based vlan example 93
- Give this protocol based vlan a descriptive name type ip vlan 93
- Label description 93
- Note protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based vlans 93
- Protocol based vlan setup 93
- Select the protocol leave the default value ip 93
- This example shows you how to create an ip vlan which includes ports 1 4 and 8 follow these steps using the screen below 93
- Type the port number you want to include in this protocol based vlan type 1 93
- Type the vlan id of an existing vlan in our example we already created a static vlan with an id of 5 type 5 93
- Xs3900 48f user s guide 93
- Example 94
- View private vlan status 94
- Configure a port based vlan 95
- Note in screens such as ip setup and filtering that require a vid you must enter 1 as the vid 95
- Note when you activate port based vlan the switch uses a default vlan id of 1 you cannot change it 95
- Port based vlan setup 95
- Chapter 7 vlan 98
- Label description 98
- The following table describes the labels in this screen 98
- These are the egress ports an egress port is an outgoing port that is a port through which a data packet leaves if you wish to allow two subscriber ports to talk to each other you must define the egress port for both ports cpu refers to the switch management port by default it forms a vlan with all ethernet ports if it does not form a vlan with a particular port then the switch cannot be managed from that port 98
- Vlan port based vlan setup 98
- Xs3900 48f user s guide 98
- Configuring static mac forwarding 99
- Overview 99
- Static mac forward setup 99
- Chapter 8 static mac forward setup 100
- Label description 100
- Note static mac addresses do not age out 100
- Static mac forwarding 100
- The following table describes the labels in this screen 100
- Xs3900 48f user s guide 100
- Static multicast forward setup 101
- Static multicast forwarding overview 101
- Configuring static multicast forwarding 102
- Chapter 9 static multicast forward setup 103
- Label description 103
- Static multicast forwarding 103
- Static multicast forwarding to display the configuration screen as shown 103
- The following table describes the labels in this screen 103
- Xs3900 48f user s guide 103
- Chapter 9 static multicast forward setup 104
- Label description 104
- Static multicast forwarding continued 104
- Xs3900 48f user s guide 104
- Configure a filtering rule 105
- Filtering 105
- Chapter 10 filtering 106
- Filtering continued 106
- Label description 106
- Xs3900 48f user s guide 106
- Spanning tree protocol 107
- Stp rstp overview 107
- Stp terminology 107
- How stp works 108
- Multiple rstp 108
- Stp port states 108
- Multiple stp 109
- Note each port can belong to one stp tree only 109
- Mst region 110
- Mstp network example 110
- Vlan 1 vlan 2 110
- Common and internal spanning tree cist 111
- Mst instance 111
- Spanning tree configuration 112
- Spanning tree protocol status screen 112
- Configure rapid spanning tree protocol 113
- 2 hello time 1 114
- Chapter 11 spanning tree protocol 114
- Label description 114
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 114
- Note changes in this row are copied to all the ports as soon as you make them 114
- Rapid spanning tree protocol status 114
- Rstp continued 114
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 11 on page 107 for more information on rstp 114
- Xs3900 48f user s guide 114
- Chapter 11 spanning tree protocol 115
- Label description 115
- Note the listening state does not exist in rstp 115
- Note this screen is only available after you activate rstp on the switch 115
- Status rstp 115
- The following table describes the labels in this screen 115
- Xs3900 48f user s guide 115
- Configure multiple rapid spanning tree protocol 116
- 2 hello time 1 117
- Chapter 11 spanning tree protocol 117
- Label description 117
- Mrstp continued 117
- Multiple rapid spanning tree protocol status 117
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 117
- Note changes in this row are copied to all the ports as soon as you make them 117
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 11 on page 107 for more information on mrstp 117
- Xs3900 48f user s guide 117
- Chapter 11 spanning tree protocol 118
- Label description 118
- Note the listening state does not exist in rstp 118
- Note this screen is only available after you activate mrstp on the switch 118
- Status mrstp 118
- The following table describes the labels in this screen 118
- Xs3900 48f user s guide 118
- Configure multiple spanning tree protocol 119
- 2 hello time 1 120
- Chapter 11 spanning tree protocol 120
- Configuration screen to enable mstp on the switch 120
- Label description 120
- The following table describes the labels in this screen 120
- Xs3900 48f user s guide 120
- Chapter 11 spanning tree protocol 121
- Label description 121
- Mstp continued 121
- Note changes in this row are copied to all the ports as soon as you make them 121
- Xs3900 48f user s guide 121
- Chapter 11 spanning tree protocol 122
- Label description 122
- Mstp screen 122
- Multiple spanning tree protocol port configuration 122
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 122
- Note changes in this row are copied to all the ports as soon as you make them 122
- The following table describes the labels in this screen 122
- Xs3900 48f user s guide 122
- Chapter 11 spanning tree protocol 123
- Label description 123
- Multiple spanning tree protocol status 123
- Note this screen is only available after you activate mstp on the switch 123
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 11 on page 109 for more information on mstp 123
- Status mstp 123
- The following table describes the labels in this screen 123
- Xs3900 48f user s guide 123
- Chapter 11 spanning tree protocol 124
- Label description 124
- Status mstp continued 124
- Xs3900 48f user s guide 124
- Bandwidth control 125
- Bandwidth control overview 125
- Cir and pir 125
- Bandwidth control 126
- Bandwidth control in the navigation panel to bring up the screen as shown next 126
- Bandwidth control setup 126
- Chapter 12 bandwidth control 126
- Label description 126
- Note changes in this row are copied to all the ports as soon as you make them 126
- The following table describes the related labels in this screen 126
- Xs3900 48f user s guide 126
- Bandwidth control continued 127
- Chapter 12 bandwidth control 127
- Label description 127
- Xs3900 48f user s guide 127
- Broadcast storm control 128
- Broadcast storm control setup 128
- Broadcast storm control continued 129
- Chapter 13 broadcast storm control 129
- Label description 129
- Note changes in this row are copied to all the ports as soon as you make them 129
- Xs3900 48f user s guide 129
- Mirroring 130
- Port mirroring setup 130
- Chapter 14 mirroring 131
- Label description 131
- Mirroring continued 131
- Note changes in this row are copied to all the ports as soon as you make them 131
- Xs3900 48f user s guide 131
- Dynamic link aggregation 132
- Link aggregation 132
- Link aggregation overview 132
- Link aggregation id 133
- Link aggregation status 133
- Chapter 15 link aggregation 134
- Label description 134
- Link aggregation status continued 134
- Xs3900 48f user s guide 134
- Link aggregation setting 135
- Chapter 15 link aggregation 136
- Label description 136
- Link aggregation setting continued 136
- Note when you enable the port security feature on the switch and configure port security settings for a port you cannot include the port in an active trunk group 136
- Xs3900 48f user s guide 136
- Link aggregation control protocol 137
- Chapter 15 link aggregation 138
- Figure 67 trunking example physical connections 138
- Label description 138
- Lacp continued 138
- Make your physical connections make sure that the ports that you want to belong to the trunk group are connected to the same destination the following figure shows ports 2 5 on switch a connected to switch b 138
- Note changes in this row are copied to all the ports as soon as you make them 138
- Static trunking example 138
- This example shows you how to create a static port trunk group for ports 2 5 138
- Xs3900 48f user s guide 138
- Example 139
- Ieee 802 x authentication 140
- Port authentication 140
- Port authentication overview 140
- Mac authentication 141
- Authentication reply 142
- Authentication request authentication request 142
- New connection 142
- Port authentication configuration 142
- Session granted denied 142
- Activate ieee 802 x security 143
- Chapter 16 port authentication 143
- Label description 143
- Note changes in this row are copied to all the ports as soon as you make them 143
- Note you must first enable 802 x authentication on the switch before configuring it on each port 143
- The following table describes the labels in this screen 143
- Use this screen to activate ieee 802 x security in the port authentication screen click 802 x to display the configuration screen as shown 143
- Xs3900 48f user s guide 143
- Chapter 16 port authentication 144
- Figure 73 guest vlan example 144
- Guest vlan 144
- Internet 144
- Label description 144
- Vlan 100 144
- Vlan 102 144
- When 802 x port authentication is enabled on the switch and its ports clients that do not have the correct credentials are blocked from using the port s you can configure your switch to have one vlan that acts as a guest vlan if you enable the guest vlan 102 in the example on a port 2 in the example the user a in the example that is not ieee 802 x capable or fails to enter the correct username and password can still access the port but traffic from the user is forwarded to the guest vlan that is unauthenticated users can have access to limited network resources in the same guest vlan such as the internet the rights granted to the guest vlan depends on how the network administrator configures switches or routers with the guest network feature 144
- X continued 144
- Xs3900 48f user s guide 144
- Activate mac authentication 146
- Chapter 16 port authentication 146
- Guest vlan continued 146
- Label description 146
- Mac authentication 146
- Use this screen to activate mac authentication in the port authentication screen click mac authentication to display the configuration screen as shown 146
- Xs3900 48f user s guide 146
- Chapter 16 port authentication 147
- Label description 147
- Mac authentication 147
- Note changes in this row are copied to all the ports as soon as you make them 147
- Note if the aging time in the switch setup screen is set to a lower value then it supersedes this setting see section 6 on page 74 147
- Note you must first enable mac authentication on the switch before configuring it on each port 147
- The following table describes the labels in this screen 147
- Xs3900 48f user s guide 147
- About port security 148
- Port security 148
- Port security setup 148
- Chapter 17 port security 149
- Label description 149
- Note changes in this row are copied to all the ports as soon as you make them 149
- Port security 149
- The following table describes the labels in this screen 149
- Xs3900 48f user s guide 149
- Chapter 17 port security 150
- Label description 150
- Port security screen to display the screen as shown 150
- The following table describes the labels in this screen 150
- Vlan mac address limit 150
- Xs3900 48f user s guide 150
- About the classifier and qos 151
- Classifier 151
- Configuring the classifier 151
- Chapter 18 classifier 152
- Classifier 152
- Classifier in the navigation panel to display the configuration screen as shown 152
- Label description 152
- The following table describes the labels in this screen 152
- Xs3900 48f user s guide 152
- Chapter 18 classifier 153
- Classifier continued 153
- Label description 153
- Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 153
- Xs3900 48f user s guide 153
- Chapter 18 classifier 154
- Classifier continued 154
- Classifier summary table 154
- Ethernet type protocol number 154
- Label description 154
- Note when two rules conflict with each other a higher layer rule has priority over a lower layer rule 154
- Table 55 classifier summary table 154
- Table 56 common ethernet types and protocol number 154
- The following table describes the labels in this screen 154
- The following table shows some other common ethernet types and the corresponding protocol number 154
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the classifier screen to change the settings of a rule click a number in the index field 154
- Viewing and editing classifier configuration 154
- Xs3900 48f user s guide 154
- Chapter 18 classifier 155
- Ethernet type protocol number 155
- Port number port name 155
- Some of the most common ip ports are 155
- Table 56 common ethernet types and protocol number 155
- Table 57 common ip ports 155
- Xs3900 48f user s guide 155
- Classifier example 156
- Example 156
- Configuring policy rules 157
- Diffserv 157
- Dscp and per hop behavior 157
- Policy rule 157
- Policy rules overview 157
- Chapter 19 policy rule 159
- Label description 159
- Policy rule continued 159
- Xs3900 48f user s guide 159
- Chapter 19 policy rule 160
- Label description 160
- Policy rule continued 160
- Policy rule summary table 160
- Table 59 policy summary table 160
- The following table describes the labels in this screen 160
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the policy screen to change the settings of a rule click a number in the index field 160
- Viewing and editing policy configuration 160
- Xs3900 48f user s guide 160
- Example 161
- Policy example 161
- Queuing method 162
- Queuing method overview 162
- Strictly priority queuing 162
- Weighted fair queuing 162
- Configuring queuing 163
- Weighted round robin scheduling wrr 163
- Chapter 20 queuing method 164
- Label description 164
- Note changes in this row are copied to all the ports as soon as you make them 164
- Queuing method 164
- The following table describes the labels in this screen 164
- Xs3900 48f user s guide 164
- Vlan stacking 165
- Vlan stacking example 165
- Vlan stacking overview 165
- Note static vlan tx tagging must be disabled on a port where you choose normal or access port 166
- Note static vlan tx tagging must be enabled on a port where you choose tunnel port 166
- Vlan stacking port roles 166
- Frame format 167
- Vlan tag format 167
- Chapter 21 vlan stacking 168
- Configuring vlan stacking 168
- Label description 168
- Note changes in this row are copied to all the ports as soon as you make them 168
- Table 63 802 q frame 168
- The following table describes the labels in this screen 168
- Vlan stacking 168
- Vlan stacking to display the screen as shown 168
- Xs3900 48f user s guide 168
- Chapter 21 vlan stacking 169
- Label description 169
- Note you can define up to four different tunnel tpids including 8100 in this screen at a time 169
- Port based q in q 169
- Port based q in q lets the switch treat all frames received on the same port as the same vlan flows and add the same outer vlan tag to them even they have different customer vlan ids 169
- Port based qinq 169
- The following table describes the labels in this screen 169
- Vlan stacking continued 169
- Vlan stacking screen to display the screen as shown 169
- Xs3900 48f user s guide 169
- Note selective q in q rules are only applied to single tagged frames received on the access ports if the incoming frames are untagged or single tagged but received on a tunnel port or cannot match any selective q in q rules the switch applies the port based q in q rules to them 170
- Selective q in q 170
- Chapter 21 vlan stacking 171
- Label description 171
- Selective qinq continued 171
- Xs3900 48f user s guide 171
- Igmp filtering 172
- Igmp snooping 172
- Ip multicast addresses 172
- Multicast 172
- Multicast overview 172
- Igmp snooping and vlans 173
- Multicast status 173
- Chapter 22 multicast 174
- Label description 174
- Multicast setting 174
- Multicast setting link to display the screen as shown see section 22 on page 172 for more information on multicasting 174
- Note if you enable igmp filtering you must create and assign igmp filtering profiles for the ports that you want to allow to join multicast groups 174
- The following table describes the labels in this screen 174
- Xs3900 48f user s guide 174
- Chapter 22 multicast 175
- Label description 175
- Multicast setting continued 175
- Note changes in this row are copied to all the ports as soon as you make them 175
- Xs3900 48f user s guide 175
- Chapter 22 multicast 176
- Label description 176
- Multicast setting continued 176
- Xs3900 48f user s guide 176
- Chapter 22 multicast 177
- Igmp snooping vlan 177
- Label description 177
- Multicast in the navigation panel click the multicast setting link and then the igmp snooping vlan link to display the screen as shown see section 22 on page 173 for more information on igmp snooping vlan 177
- Note you cannot configure the same vlan id as in the mvr screen 177
- Note you must also enable igmp snooping in the multicast setting screen first 177
- The following table describes the labels in this screen 177
- Xs3900 48f user s guide 177
- An igmp filtering profile specifies a range of multicast groups that clients connected to the switch are able to join a profile contains a range of multicast ip addresses which you want clients to be able to join profiles are assigned to ports in the multicast setting screen clients connected to those ports are then able to join the multicast groups specified in the profile each port can be assigned a single profile a profile can be assigned to multiple ports 178
- Chapter 22 multicast 178
- Igmp filtering profile 178
- Igmp filtering profile link to display the screen as shown 178
- Igmp snooping vlan continued 178
- Label description 178
- Xs3900 48f user s guide 178
- Chapter 22 multicast 179
- Igmp filtering profile 179
- Label description 179
- Multicast vlan registration mvr is designed for applications such as media on demand mod that use multicast traffic across an ethernet ring based service provider network 179
- Mvr allows one single multicast vlan to be shared among different subscriber vlans on the network while isolated in different subscriber vlans connected devices can subscribe to and unsubscribe from the multicast stream in the multicast vlan this improves bandwidth utilization with reduced multicast traffic in the subscriber vlans and simplifies multicast group management 179
- Mvr only responds to igmp join and leave control messages from multicast groups that are configured under mvr join and leave reports from other multicast groups are managed by igmp snooping 179
- Mvr overview 179
- The following table describes the labels in this screen 179
- Xs3900 48f user s guide 179
- How mvr works 180
- Multicast vlan vlan 1 180
- Mvr modes 180
- Types of mvr ports 180
- Vlan 2 180
- Vlan 3 180
- General mvr configuration 181
- Multicast vlan vlan 1 181
- Note you can create up to five multicast vlans and up to 256 multicast rules on the switch 181
- Chapter 22 multicast 182
- Label description 182
- Note changes in this row are copied to all the ports as soon as you make them 182
- Note your switch automatically creates a static vlan with the same vid when you create a multicast vlan in this screen 182
- The following table describes the related labels in this screen 182
- Xs3900 48f user s guide 182
- All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group 183
- Chapter 22 multicast 183
- Configure mvr ip multicast group address es in the group configuration screen click group configuration in the mvr screen 183
- Label description 183
- Mvr continued 183
- Mvr group configuration 183
- Xs3900 48f user s guide 183
- Chapter 22 multicast 184
- Label description 184
- Mvr configuration example 184
- Mvr group configuration 184
- Note a port can belong to more than one multicast vlan however ip multicast group addresses in different multicast vlans cannot overlap 184
- The following figure shows a network example where ports 1 2 and 3 on the switch belong to vlan 1 in addition port 7 belongs to the multicast group with vid 200 to receive multicast traffic the 184
- The following table describes the labels in this screen 184
- Xs3900 48f user s guide 184
- Example 185
- Multicast vid 200 vlan 1 185
- Example 186
- Authentication authorization and accounting aaa 187
- Local user accounts 187
- Aaa screens 188
- Radius and tacacs 188
- Radius server setup 188
- Authentication and accounting features on the switch click on the radius server setup link in the aaa screen to view the screen as shown 189
- Chapter 23 aaa 189
- Label description 189
- Radius server setup 189
- The following table describes the labels in this screen 189
- Xs3900 48f user s guide 189
- Chapter 23 aaa 190
- Label description 190
- Radius server setup continued 190
- Xs3900 48f user s guide 190
- Chapter 23 aaa 191
- Label description 191
- Tacacs server setup 191
- The following table describes the labels in this screen 191
- Use this screen to configure your tacacs server settings see section 23 on page 188 for more information on tacacs servers click on the tacacs server setup link in the authentication and accounting screen to view the screen as shown 191
- Xs3900 48f user s guide 191
- Chapter 23 aaa 192
- Label description 192
- Tacacs server setup continued 192
- Xs3900 48f user s guide 192
- Aaa setup 193
- Chapter 23 aaa 193
- Label description 193
- The following table describes the labels in this screen 193
- Use this screen to configure authentication authorization and accounting settings on the switch click on the aaa setup link in the aaa screen to view the screen as shown 193
- Xs3900 48f user s guide 193
- Aaa setup continued 194
- Chapter 23 aaa 194
- Label description 194
- Xs3900 48f user s guide 194
- Aaa setup continued 195
- Assign account privilege levels see the cli reference guide for more information on account privilege levels for the authenticated user 195
- Chapter 23 aaa 195
- Label description 195
- Limit bandwidth on incoming or outgoing traffic for the port the user connects to 195
- Note refer to the documentation that comes with your radius server on how to configure vsas for users authenticating via the radius server 195
- Rfc 2865 standard specifies a method for sending vendor specific information between a radius server and a network access device for example the switch a company can create vendor specific attributes vsas to expand the functionality of a radius server 195
- The switch supports vsas that allow you to perform the following actions based on user authentication 195
- The vsas are composed of the following 195
- Vendor data a value you want to assign to the setting 195
- Vendor id an identification number assigned to the company by the iana internet assigned numbers authority zyxel s vendor id is 890 195
- Vendor specific attribute 195
- Vendor type a vendor specified attribute identifying the setting you want to modify 195
- Xs3900 48f user s guide 195
- Supported radius attributes 196
- Tunnel protocol attribute 196
- Attributes used by the ieee 802 x authentication 197
- Attributes used for accounting 197
- Attributes used for authenticating privilege access 197
- Attributes used for authentication 197
- Attributes used to login users 197
- Attributes used for accounting exec events 198
- Attributes used for accounting system events 198
- Attributes used for accounting ieee 802 x events 199
- Ip source guard 200
- Ip source guard overview 200
- Dhcp snooping database 201
- Dhcp snooping overview 201
- Ip source guard menu overview 201
- Menu sub menu 1 sub menu 2 sub menu 3 201
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 201
- Table 82 ip source guard menu overview 201
- Trusted vs untrusted ports 201
- Configuring dhcp snooping 202
- Dhcp relay option 82 information 202
- Arp inspection and mac address filters 203
- Arp inspection overview 203
- Trusted vs untrusted ports 203
- Configuring arp inspection 204
- Ip source guard 204
- Note it is recommended you enable dhcp snooping at least one day before you enable arp inspection so that the switch has enough time to build the binding table 204
- Syslog 204
- Chapter 24 ip source guard 205
- Figure 109 ip source guard static binding 205
- Label description 205
- Static binding 205
- Table 83 ip source guard continued 205
- Table 84 ip source guard static binding 205
- The following table describes the labels in this screen 205
- Xs3900 48f user s guide 205
- Chapter 24 ip source guard 206
- Label description 206
- Table 84 ip source guard static binding continued 206
- Xs3900 48f user s guide 206
- Dhcp snooping 207
- Chapter 24 ip source guard 208
- Label description 208
- Table 85 dhcp snooping continued 208
- Xs3900 48f user s guide 208
- Chapter 24 ip source guard 209
- Dhcp snooping configure 209
- Label description 209
- Table 85 dhcp snooping continued 209
- Use this screen to enable dhcp snooping on the switch not on specific vlan specify the vlan where the default dhcp server is located and configure the dhcp snooping database the dhcp snooping database stores the current bindings on a secure external tftp server so that they are 209
- Xs3900 48f user s guide 209
- Chapter 24 ip source guard 210
- Configure 210
- Figure 111 dhcp snooping configure 210
- Label description 210
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 210
- Note you have to enable dhcp snooping on the dhcp vlan too 210
- Table 86 dhcp snooping configure 210
- The following table describes the labels in this screen 210
- Xs3900 48f user s guide 210
- Chapter 24 ip source guard 211
- Dhcp snooping port configure 211
- Figure 112 dhcp snooping port configure 211
- Label description 211
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 211
- Table 86 dhcp snooping configure continued 211
- Use this screen to specify whether ports are trusted or untrusted ports for dhcp snooping 211
- Xs3900 48f user s guide 211
- Chapter 24 ip source guard 212
- Dhcp snooping vlan configure 212
- Figure 113 dhcp snooping vlan configure 212
- Label description 212
- Table 87 dhcp snooping port configure 212
- Table 88 dhcp snooping vlan configure 212
- The following table describes the labels in this screen 212
- Xs3900 48f user s guide 212
- Arp inspection 213
- Chapter 24 ip source guard 213
- Figure 114 arp inspection status 213
- Label description 213
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 213
- Table 88 dhcp snooping vlan configure continued 213
- Table 89 arp inspection status 213
- The following table describes the labels in this screen 213
- Xs3900 48f user s guide 213
- Arp inspection vlan status 214
- Chapter 24 ip source guard 214
- Figure 115 arp inspection vlan status 214
- Label description 214
- Table 89 arp inspection status continued 214
- Table 90 arp inspection vlan status 214
- The following table describes the labels in this screen 214
- Vlan status 214
- Xs3900 48f user s guide 214
- Arp inspection log status 215
- Chapter 24 ip source guard 215
- Figure 116 arp inspection log status 215
- Label description 215
- Log status 215
- Table 90 arp inspection vlan status 215
- Table 91 arp inspection log status 215
- The following table describes the labels in this screen 215
- Xs3900 48f user s guide 215
- Arp inspection configure 216
- Chapter 24 ip source guard 216
- Configure 216
- Figure 117 arp inspection configure 216
- Label description 216
- Table 91 arp inspection log status continued 216
- Xs3900 48f user s guide 216
- Arp inspection port configure 217
- Chapter 24 ip source guard 217
- Label description 217
- Table 92 arp inspection configure 217
- The following table describes the labels in this screen 217
- Use this screen to specify whether ports are trusted or untrusted ports for arp inspection you can also specify the maximum rate at which the switch receives arp packets on each untrusted port to 217
- Xs3900 48f user s guide 217
- Chapter 24 ip source guard 218
- Figure 118 arp inspection port configure 218
- Label description 218
- Table 93 arp inspection port configure 218
- The following table describes the labels in this screen 218
- Xs3900 48f user s guide 218
- Arp inspection vlan configure 219
- Chapter 24 ip source guard 219
- Figure 119 arp inspection vlan configure 219
- Label description 219
- Table 94 arp inspection vlan configure 219
- The following table describes the labels in this screen 219
- Xs3900 48f user s guide 219
- Loop guard 220
- Loop guard overview 220
- Loop guard setup 222
- Note after resolving the loop problem on your network you can re activate the disabled port via the web configurator see section 6 on page 78 or via commands see the ethernet switch cli reference guide 222
- Note the loop guard feature can not be enabled on the ports that have spanning tree protocol rstp mrstp or mstp enabled 222
- Chapter 25 loop guard 223
- Label description 223
- Loop guard continued 223
- Xs3900 48f user s guide 223
- Vlan mapping 224
- Vlan mapping example 224
- Vlan mapping overview 224
- Chapter 26 vlan mapping 225
- Click advanced application and then vlan mapping in the navigation panel to display the screen as shown 225
- Enabling vlan mapping 225
- Figure 126 vlan mapping 225
- Label description 225
- Table 96 vlan mapping 225
- The following table describes the labels in this screen 225
- Xs3900 48f user s guide 225
- Chapter 26 vlan mapping 226
- Click the vlan mapping configure link in the vlan mapping screen to display the screen as shown use this screen to enable and edit the vlan mapping rule s 226
- Configuring vlan mapping 226
- Figure 127 vlan mapping configuration 226
- Label description 226
- Table 97 vlan mapping configuration 226
- The following table describes the labels in this screen 226
- Xs3900 48f user s guide 226
- Layer 2 protocol tunneling 228
- Layer 2 protocol tunneling overview 228
- Layer 2 protocol tunneling mode 229
- Service provider s network c 229
- Configuring layer 2 protocol tunneling 230
- Chapter 27 layer 2 protocol tunneling 231
- Label description 231
- Layer 2 protocol tunneling continued 231
- Note you can enable l2pt services for stp lacp vtp cdp udld and pagp on the access port s only 231
- Xs3900 48f user s guide 231
- Sflow overview 232
- Chapter 28 sflow 233
- Label description 233
- Note changes in this row are copied to all the ports as soon as you make them 233
- Sflow in the navigation panel to display the screen as shown 233
- Sflow port configuration 233
- The following table describes the labels in this screen 233
- Xs3900 48f user s guide 233
- Chapter 28 sflow 234
- Click the collector link in the sflow screen to display the screen as shown you can configure up to four sflow collectors in this screen you may want to configure more than one collector if the traffic load to be monitored is more than one collector can manage 234
- Collector 234
- Collector screen the sflow collector does not need to be in the same subnet as the switch but it must be accessible from the switch 234
- Label description 234
- Note configure udp port 6343 the default on a nat router to allow port forwarding if the collector is behind a nat router configure a firewall rule for udp port 6343 the default to allow incoming traffic if the collector is behind a firewall 234
- Sflow collector configuration 234
- Sflow continued 234
- The following table describes the labels in this screen 234
- Xs3900 48f user s guide 234
- Chapter 28 sflow 235
- Collector continued 235
- Label description 235
- Xs3900 48f user s guide 235
- Pppoe intermediate agent overview 236
- Pppoe intermediate agent tag format 236
- Sub option format 236
- Chapter 29 pppoe 237
- Every port is either a trusted port or an untrusted port for the pppoe intermediate agent this setting is independent of the trusted untrusted setting for dhcp snooping or arp inspection you can also specify the agent sub options circuit id and remote id that the switch adds to padi and padr packets from pppoe clients 237
- Flexible circuit id syntax with identifier string and variables 237
- If you do not configure a circuit id string for a vlan on a specific port or for a specific port the switch adds the user defined identifier string and variables into the agent circuit id sub option the variables can be the slot id of the pppoe client the port number of the pppoe client and or the vlan id on the pppoe packet 237
- Intermediate agent screen the switch automatically generates a circuit id string according to the default circuit id syntax which is defined in the dsl forum working text wt 101 the default access node identifier is the host name of the pppoe intermediate agent and the eth indicates ethernet 237
- Port state 237
- Table 103 pppoe ia remote id sub option format 237
- Table 104 pppoe ia circuit id sub option format using identifier string and variables 237
- Table 105 pppoe ia circuit id sub option format defined in wt 101 237
- The 1 in the first field identifies this as an agent circuit id sub option and 2 identifies this as an agent remote id sub option the next field specifies the length of the field the switch takes the circuit id string you manually configure for a vlan on a port as the highest priority and the circuit id string for a port as the second priority in addition the switch puts the pppoe client s mac address into the agent remote id sub option if you do not specify any user defined string 237
- The identifier string slot id port number and vlan id are separated from each other by a pound key semi colon period comma forward slash or space an agent circuit id sub option example is switch 07 0123 and indicates the pppoe packets come from a pppoe client which is connected to the switch s port 7 and belong to vlan 123 237
- Wt 101 default circuit id syntax 237
- Xs3900 48f user s guide 237
- Note the switch will drop all pppoe discovery packets if you enable the pppoe intermediate agent and there are no trusted ports 238
- Pppoe intermediate agent 238
- The pppoe screen 238
- Chapter 29 pppoe 239
- Intermediate agent 239
- Intermediate agent in the navigation panel to display the screen as shown 239
- Label description 239
- The following table describes the labels in this screen 239
- Xs3900 48f user s guide 239
- Note the switch will drop all pppoe packets if you enable the pppoe intermediate agent on the switch and there are no trusted ports 240
- Pppoe ia per port 240
- Chapter 29 pppoe 241
- Label description 241
- Port continued 241
- Pppoe ia per port per vlan 241
- Use this screen to configure pppoe ia settings that apply to a specific vlan on a port 241
- Xs3900 48f user s guide 241
- Chapter 29 pppoe 242
- Label description 242
- Note changes in this row are copied to all the vlans as soon as you make them 242
- Port screen to display the screen as shown 242
- The following table describes the labels in this screen 242
- Xs3900 48f user s guide 242
- Chapter 29 pppoe 243
- Click the vlan link in the intermediate agent screen to display the screen as shown 243
- Label description 243
- Note changes in this row are copied to all the vlans as soon as you make them 243
- Pppoe ia for vlan 243
- The following table describes the labels in this screen 243
- Use this screen to set whether the pppoe intermediate agent is enabled on a vlan and whether the switch appends the circuit id and or remote id to pppoe discovery packets from a specific vlan 243
- Xs3900 48f user s guide 243
- Cpu protection overview 244
- Error disable 244
- Error disable recovery overview 244
- Cpu protection configuration 245
- Errdisable detect screen 245
- The error disable screen 245
- Chapter 30 error disable 246
- Cpu protection 246
- Errdisable detect 246
- Errdisable screen to display the screen as shown 246
- Error disable detect configuration 246
- Label description 246
- Note changes in this row are copied to all the entries as soon as you make them 246
- Note changes in this row are copied to all the ports as soon as you make them 246
- The following table describes the labels in this screen 246
- Xs3900 48f user s guide 246
- Chapter 30 error disable 247
- Errdisable detect continued 247
- Errdisable recovery 247
- Errdisable screen to display the screen as shown 247
- Error disable recovery configuration 247
- Label description 247
- Note changes in this row are copied to all the entries as soon as you make them 247
- The following table describes the labels in this screen 247
- Xs3900 48f user s guide 247
- Chapter 30 error disable 248
- Errdisable recovery continued 248
- Label description 248
- Xs3900 48f user s guide 248
- Private vlan 249
- Private vlan overview 249
- Label description 250
- Table 113 pvlan graphic key continued 250
- Table 114 spanning pvlan graphic key 250
- Chapter 31 private vlan 251
- Configuration 251
- Label description 251
- Note changes in this row are copied to all the entries as soon as you make them 251
- Private vlan 251
- Private vlan to display the following screen 251
- The following table describes the labels in this screen 251
- Vlan port setting enabled will not be able to communicate with each other 251
- Xs3900 48f user s guide 251
- You must go to the static vlan screen first see section on page 98 to create vlan ids for primary isolated or community vlans 251
- Chapter 31 private vlan 252
- Label description 252
- Note the vlan id and mode selected here must be the same as the vlan id and vlan typ 252
- Private vlan continued 252
- Xs3900 48f user s guide 252
- Static route 253
- Static routing overview 253
- Chapter 32 static route 254
- Configuring static routing 254
- Label description 254
- Static routing 254
- Static routing in the navigation panel to display the screen as shown 254
- The following table describes the related labels you use to create a static route 254
- Xs3900 48f user s guide 254
- Chapter 32 static route 255
- Label description 255
- Static routing continued 255
- Xs3900 48f user s guide 255
- Differentiated services 256
- Diffserv network example 256
- Diffserv overview 256
- Dscp and per hop behavior 256
- P platinum g gold s silver b bronze 257
- Two rate three color marker traffic policing 257
- Activating diffserv 258
- Exceed cir 258
- Exceed pir 258
- Red yellow 258
- Trtcm color aware mode 258
- Trtcm color blind mode 258
- Chapter 33 differentiated services 259
- Configuring 2 rate 3 color marker settings 259
- Diffserv 259
- Diffserv in the navigation panel to display the screen as shown 259
- Label description 259
- Note changes in this row are copied to all the ports as soon as you make them 259
- The following table describes the labels in this screen 259
- Use this screen to configure trtcm settings click the 2 rate 3 color marker link in the diffserv screen to display the screen as shown next 259
- Xs3900 48f user s guide 259
- Chapter 33 differentiated services 260
- Label description 260
- Note changes in this row are copied to all the ports as soon as you make them 260
- Note you cannot enable both trtcm and bandwidth control at the same time 260
- Note you must also activate diffserv on the switch and the individual ports for the switch to drop red high loss priority colored packets 260
- Rate 3 color marker 260
- The following table describes the labels in this screen 260
- Xs3900 48f user s guide 260
- Chapter 33 differentiated services 261
- Configuring dscp settings 261
- Dscp setting 261
- Dscp to ieee 802 p priority settings 261
- Label description 261
- Rate 3 color marker continued 261
- Table 119 default dscp ieee 802 p mapping 261
- The following table shows the default dscp to ieee802 p mapping 261
- To change the dscp ieee 802 p mapping click the dscp setting link in the diffserv screen to display the screen as shown next 261
- Xs3900 48f user s guide 261
- You can configure the dscp to ieee 802 p mapping to allow the switch to prioritize all traffic based on the incoming dscp value according to the diffserv to ieee 802 p mapping table 261
- Chapter 33 differentiated services 262
- Dscp setting 262
- Label description 262
- The following table describes the labels in this screen 262
- Xs3900 48f user s guide 262
- Dhcp configuration options 263
- Dhcp overview 263
- Dhcp status 263
- Dhcp relay 264
- Dhcp relay agent information 264
- Chapter 34 dhcp 265
- Configuring dhcp global relay 265
- Dhcp in the navigation panel and click the global link to display the screen as shown 265
- Global 265
- Label description 265
- The following table describes the labels in this screen 265
- Xs3900 48f user s guide 265
- Configuring dhcp vlan settings 266
- Example 266
- Global dhcp relay configuration example 266
- Vlan1 vlan2 266
- Chapter 34 dhcp 267
- Example dhcp relay for two vlans 267
- Label description 267
- Note you must set up a management ip address for each vlan that you want to configure dhcp settings for on the switch see section 6 on page 76 for information on how to do this 267
- The following example displays two vlans vids 1 and 2 for a campus network two dhcp servers are installed to serve each vlan the system is set up to forward dhcp requests from the dormitory rooms vlan 1 to the dhcp server with an ip address of 192 68 00 requests from 267
- The following table describes the labels in this screen 267
- Xs3900 48f user s guide 267
- 3 0 00 268
- Example 268
- Maintenance 269
- The maintenance screen 269
- Load factory default 270
- Note clicking the apply or add button does not save the changes permanently all unsaved changes are erased after you reboot the switch 270
- Reboot system 270
- Save configuration 270
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 271
- Firmware upgrade 271
- Backup a configuration file 272
- Restore a configuration file 272
- Example ftp commands 273
- Filename conventions 273
- Ftp command line 273
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 274
- Ftp command line procedure 274
- Ftp restrictions 274
- Gui based ftp clients 274
- About snmp 276
- Access control 276
- Access control overview 276
- The access control main screen 276
- Snmp v3 and security 277
- An oid object id that begins with 1 90 is defined in private mibs otherwise it is a standard mib oid 278
- Chapter 36 access control 278
- Mibs let administrators collect statistics and monitor status and performance 278
- Note the oids beginning with 1 90 4 are specific to the xs3900 48f switch 278
- Option object label object id description 278
- Rfc 1155 smi 278
- Rfc 1157 snmp v1 278
- Rfc 1493 bridge mibs 278
- Rfc 1643 ethernet mibs 278
- Rfc 1757 rmon 278
- Rfc 2674 snmpv2 snmpv2c 278
- Snmp mib ii rfc 1213 278
- Snmp traps 278
- Snmpv2 snmpv2c or later version compliant with rfc 2011 snmpv2 mib for ip rfc 2012 snmpv2 mib for tcp rfc 2013 snmpv2 mib for udp 278
- Supported mibs 278
- Table 130 snmp system traps 278
- The switch sends traps to an snmp manager when an event occurs the following tables outline the snmp traps by category 278
- The switch supports the following mibs 278
- Xs3900 48f user s guide 278
- Chapter 36 access control 279
- Option object label object id description 279
- Table 130 snmp system traps continued 279
- Table 131 snmp interfacetraps 279
- Xs3900 48f user s guide 279
- Chapter 36 access control 280
- Option object label object id description 280
- Table 131 snmp interfacetraps continued 280
- Table 132 aaa traps 280
- Xs3900 48f user s guide 280
- Chapter 36 access control 281
- Option object label object id description 281
- Table 132 aaa traps continued 281
- Table 133 snmp ip traps 281
- Table 134 snmp switch traps 281
- Xs3900 48f user s guide 281
- Chapter 36 access control 282
- Configuring snmp 282
- From the access control screen display the snmp screen you can click access control to go back to the access control screen 282
- Label description 282
- Note snmp version 2c is backwards compatible with snmp version 1 282
- The following table describes the labels in this screen 282
- Xs3900 48f user s guide 282
- Chapter 36 access control 283
- Configuring snmp trap group 283
- From the snmp screen click trap group to view the screen as shown use the trap group screen to specify the types of snmp traps that should be sent to each snmp manager 283
- Label description 283
- Snmp continued 283
- The following table describes the labels in this screen 283
- Trap group 283
- User screen 283
- Xs3900 48f user s guide 283
- Chapter 36 access control 284
- Configuring snmp user 284
- From the snmp screen click user to view the screen as shown use the user screen to create snmp users for authentication with managers using snmp v3 and associate them to snmp groups an snmp user is an snmp manager 284
- Label description 284
- Note the settings on the snmp manager must be set at the same security level or higher than the security level settings on the switch 284
- Note use the username and password of the login accounts you specify in this screen to create accounts on the snmp v3 manager 284
- The following table describes the labels in this screen 284
- Trap group continued 284
- Xs3900 48f user s guide 284
- An administrator is someone who can both view and configure switch changes the username for the administrator is always admin the default administrator password is 1234 285
- Chapter 36 access control 285
- Label description 285
- Setting up login accounts 285
- Up to five people one administrator and four non administrators may access the switch via web configurator at any one time 285
- User continued 285
- Xs3900 48f user s guide 285
- A non administrator username is something other than admin is someone who can view but not configure switch settings 286
- Chapter 36 access control 286
- Label description 286
- Logins 286
- Logins to view the screen as shown 286
- Note it is highly recommended that you change the default administrator password 1234 286
- The following table describes the labels in this screen 286
- Xs3900 48f user s guide 286
- Service access control overview 287
- Requirements for using ssh 288
- Ssh implementation on the switch 288
- Https example 289
- Internet explorer 7 or 8 289
- Internet explorer warning messages 289
- Note if you disable http in the service access control screen then the switch blocks all http connection attempts 289
- Example 290
- Mozilla firefox warning messages 291
- Example 292
- Internet explore 292
- The main screen 292
- Configuring service port access control 293
- Example 293
- Internet explore 293
- Chapter 36 access control 294
- From the access control screen display the remote management screen as shown next 294
- Label description 294
- Remote management 294
- Service access control 294
- The following table describes the fields in this screen 294
- Xs3900 48f user s guide 294
- You can specify a group of one or more trusted computers from which an administrator may use a service to manage the switch click access control to return to the access control screen 294
- Chapter 36 access control 295
- Label description 295
- Remote management 295
- The following table describes the labels in this screen 295
- Xs3900 48f user s guide 295
- Diagnostic 296
- Syslog 297
- Syslog overview 297
- Chapter 38 syslog 298
- Label description 298
- Syslog 298
- Syslog in the navigation panel to display this screen the syslog feature sends logs to an external syslog server use this screen to configure the device s system logging settings 298
- Syslog setup 298
- The following table describes the labels in this screen 298
- Xs3900 48f user s guide 298
- Chapter 38 syslog 299
- Label description 299
- Server setup 299
- Syslog server setup 299
- Syslog server setup to open the following screen use this screen to configure a list of external syslog servers 299
- The following table describes the labels in this screen 299
- Xs3900 48f user s guide 299
- Cluster management 300
- Clustering management status overview 300
- Cluster management status 301
- Note a cluster can only have one manager 301
- Chapter 39 cluster management 302
- Cluster management 302
- Cluster member switch management 302
- Go to the clustering management status screen of the cluster manager switch and then select an index hyperlink from the list of members to go to that cluster member switch s web 302
- Label description 302
- The following table describes the labels in this screen 302
- Xs3900 48f user s guide 302
- Example 303
- Uploading firmware to a cluster member switch 303
- Clustering management configuration 304
- Example 304
- Chapter 39 cluster management 305
- Configuration 305
- Label description 305
- The following table describes the labels in this screen 305
- Xs3900 48f user s guide 305
- Mac table 306
- Mac table overview 306
- Chapter 40 mac table 307
- Example 307
- Label description 307
- Mac table 307
- Mac table in the navigation panel to display the following screen use this screen to search specific mac addresses you can also directly add dynamic mac address es into the static mac forwarding table or mac filtering table from the mac table using this screen 307
- The following table describes the labels in this screen 307
- Viewing the mac table 307
- Xs3900 48f user s guide 307
- Chapter 40 mac table 308
- Label description 308
- Mac table continued 308
- Xs3900 48f user s guide 308
- Arp table 309
- Arp table overview 309
- How arp works 309
- Arp table 310
- Arp table in the navigation panel to open the following screen use the arp table to view ip to mac address mapping s and remove specific dynamic arp entries 310
- Chapter 41 arp table 310
- Example 310
- Label description 310
- The arp table screen 310
- The following table describes the labels in this screen 310
- Xs3900 48f user s guide 310
- Configure clone 311
- Chapter 42 configure clone 312
- Configure clone 312
- Label description 312
- The following table describes the labels in this screen 312
- Xs3900 48f user s guide 312
- Power hardware connections and leds 313
- Troubleshooting 313
- I cannot see or access the login screen in the web configurator 314
- I forgot the ip address for the switch 314
- I forgot the username and or password 314
- Switch access and login 314
- I can see the login screen but i cannot log in to the switch 315
- I cannot see some submenus at the bottom of the navigation panel 315
- Pop up windows javascripts and java permissions 315
- There is unauthorized access to my switch via telnet http and ssh 315
- I lost my configuration settings after i restart the switch 316
- Switch configuration 316
- Common services 317
- Ppendi 317
- Appendix a common services 318
- Name protocol port s description 318
- Table 152 commonly used services continued 318
- Xs3900 48f user s guide 318
- Appendix a common services 319
- Name protocol port s description 319
- Table 152 commonly used services continued 319
- Xs3900 48f user s guide 319
- Legal information 321
- Ppendi 321
- Appendix b legal information 322
- Xs3900 48f user s guide 322
- Numbers 323
Похожие устройства
- Zyxel XS3900-48F Технические характеристики
- Zyxel XS3900-48F Справочник командного интерфейса
- HP scanjet enterprise 7000 s2 Инструкция по эксплуатации
- HP scanjet professional 3000 s2 Инструкция по эксплуатации
- Zyxel MC1000-SFP-FP Инструкция по эксплуатации
- Zyxel MC1000-SFP-FP Технические характеристики
- HP scanjet g4010 Инструкция по эксплуатации
- HP probook 6570b, c3c70es Инструкция по эксплуатации
- HP laserjet pro 500 m521dw Инструкция по эксплуатации
- Zyxel NXC2500 Инструкция по эксплуатации
- Zyxel NXC2500 Инструкция по установке
- Zyxel NXC2500 Технические характеристики
- Zyxel NXC2500 Справочник командного интерфейса
- HP laserjet pro 500 m521dn Инструкция по эксплуатации
- HP scanjet 300 Инструкция по эксплуатации
- HP scanjet 200 Инструкция по эксплуатации
- HP designjet t120 Инструкция по эксплуатации
- HP envy m6-1262er, d2g42ea Инструкция по эксплуатации
- Zyxel NXC5500 Инструкция по эксплуатации
- Zyxel NXC5500 Инструкция по установке