![Zyxel MES3500-10 [11/370] Chapter 28 loop guard 36](/img/pdf.png)
Zyxel MES3500-10 [11/370] Chapter 28 loop guard 36
![Zyxel MES3500-10 [11/370] Chapter 28 loop guard 36](/views2/1169482/page11/bgb.png)
Table of Contents
MES3500 Series User’s Guide
11
25.3.2 MVR Modes .........................................................................................................................197
25.3.3 How MVR Works .................................................................................................................197
25.4 General MVR Configuration ..........................................................................................................197
25.4.1 MVR Group Configuration ..................................................................................................199
25.4.2 MVR Configuration Example ...............................................................................................200
Chapter 26
AAA....................................................................................................................................................203
26.1 Authentication, Authorization and Accounting (AAA) ....................................................................203
26.1.1 Local User Accounts ............................................................................................................203
26.1.2 RADIUS and TACACS+ ......................................................................................................204
26.2 AAA Screens .................................................................................................................................204
26.2.1 RADIUS Server Setup .......................................................................................................204
26.2.2 TACACS+ Server Setup ..................................................................................................206
26.2.3 AAA Setup ...........................................................................................................................208
26.2.4 Vendor Specific Attribute ..................................................................................................... 211
26.2.5 Tunnel Protocol Attribute .....................................................................................................212
26.3 Supported RADIUS Attributes .......................................................................................................212
26.3.1 Attributes Used for Authentication .......................................................................................213
26.3.2 Attributes Used for Accounting ............................................................................................213
Chapter 27
IP Source Guard................................................................................................................................216
27.1 IP Source Guard Overview ...........................................................................................................216
27.1.1 DHCP Snooping Overview ..................................................................................................216
27.1.2 ARP Inspection Overview ....................................................................................................218
27.2 IP Source Guard ...........................................................................................................................220
27.3 IP Source Guard Static Binding .....................................................................................................220
27.4 DHCP Snooping ............................................................................................................................222
27.5 DHCP Snooping Configure ...........................................................................................................224
27.5.1 DHCP Snooping Port Configure ..........................................................................................226
27.5.2 DHCP Snooping VLAN Configure .......................................................................................227
27.5.3 DHCP Snooping VLAN Port Configure ................................................................................228
27.6 ARP Inspection Status ..................................................................................................................229
27.6.1 ARP Inspection VLAN Status ..............................................................................................230
27.6.2 ARP Inspection Log Status ..................................................................................................231
27.6.3 ARP Inspection Configure ...................................................................................................232
27.6.4 ARP Inspection Port Configure ............................................................................................233
27.6.5 ARP Inspection VLAN Configure .........................................................................................234
Chapter 28
Loop Guard .......................................................................................................................................236
28.1 Loop Guard Overview ..................................................................................................................236
Содержание
- Default login details 1
- Layer 2 management switch 1
- Mes3500 series 1
- Quick start guide 1
- User s guide 1
- Important 2
- Keep this guide for future reference 2
- Note it is recommended you use the web configurator to configure the switch 2
- Read carefully before use 2
- Related documentation 2
- Contents overview 3
- Technical reference 2 3
- User s guide 7 3
- Chapter 1 getting to know your switch 8 5
- Chapter 2 hardware installation and connection 2 5
- Chapter 3 hardware overview 6 5
- Contents overview 5
- Part i user s guide 17 5
- Table of contents 5
- Chapter 4 the web configurator 5 6
- Chapter 5 initial setup example 3 6
- Chapter 6 tutorials 7 6
- Part ii technical reference 72 6
- Chapter 10 static mac forward setup 08 7
- Chapter 7 system status and port statistics 3 7
- Chapter 8 basic setting 7 7
- Chapter 9 vlan 8 7
- Chapter 11 static multicast forward setup 110 8
- Chapter 12 filtering 113 8
- Chapter 13 spanning tree protocol 115 8
- Chapter 14 bandwidth control 34 8
- Chapter 15 broadcast storm control 37 8
- Chapter 16 mirroring 39 8
- Chapter 17 link aggregation 45 9
- Chapter 18 port authentication 52 9
- Chapter 19 port security 60 9
- Chapter 20 range profile 63 9
- Chapter 21 classifier 68 9
- Chapter 22 policy rule 74 10
- Chapter 23 queuing method 79 10
- Chapter 24 vlan stacking 82 10
- Chapter 25 multicast 89 10
- Chapter 26 aaa 03 11
- Chapter 27 ip source guard 16 11
- Chapter 28 loop guard 36 11
- Chapter 29 vlan mapping 39 12
- Chapter 30 layer 2 protocol tunneling 42 12
- Chapter 31 sflow 46 12
- Chapter 32 pppoe 50 12
- Chapter 33 error disable 58 12
- Chapter 34 private vlan 64 13
- Chapter 35 static route 66 13
- Chapter 36 differentiated services 69 13
- Chapter 37 dhcp 76 13
- Chapter 38 arp learning 90 14
- Chapter 39 maintenance 94 14
- Chapter 40 access control 03 14
- Appendix a customer support 48 15
- Appendix b common services 54 15
- Chapter 41 diagnostic 25 15
- Chapter 42 syslog 26 15
- Chapter 43 cluster management 29 15
- Chapter 44 mac table 36 15
- Chapter 45 arp table 39 15
- Chapter 46 configure clone 41 15
- Chapter 47 troubleshooting 44 15
- Appendix c legal information 57 16
- Index 62 16
- User s guide 17
- Backbone application 18
- Getting to know your switch 18
- Introduction 18
- Bridging example 19
- High performance switching example 19
- Ieee 802 q vlan application examples 20
- Tag based vlan example 20
- Good habits for managing the switch 21
- Ipv6 support 21
- Ways to manage the switch 21
- Desktop installation 22
- Hardware installation and connection 22
- Installation scenarios 22
- Rack mounted installation requirements 22
- Rack mounting 22
- Attaching the mounting brackets to the switch 23
- Mounting the switch on a rack 23
- Precautions 23
- Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws 24
- Wall mounting 24
- Front panel 26
- Hardware overview 26
- Chapter 3 hardware overview 27
- Figure 11 mes3500 24f front panel dc model 27
- Figure 12 mes3500 10 front panel ac model 27
- Label description 27
- Mes3500 series user s guide 27
- Table 3 front panel connections 27
- The following table describes the port labels on the front panel 27
- Console port 28
- Default ethernet negotiation settings 28
- Ethernet ports 28
- Auto crossover 29
- To avoid possible eye injury do not look into an operating fiber optic module s connectors 29
- Transceiver installation 29
- Transceiver slots 29
- Note check the power supply requirements on the panel and make sure you are using an appropriate power source 30
- Power connector 30
- Transceiver removal 30
- Ac power connection 31
- Dc power connection 31
- Exposed power wire is dangerous use extreme care when connecting a dc power source to the device 31
- Keep the power supply switch and the switch s power switch in the off position until you come to the procedure for turning on the power 31
- Note the current rating of the power wires must be greater than 20 amps the power supply to which the switch connects must have a built in circuit breaker or switch to toggle the power 31
- Note when installing the power wire push it wire firmly into the terminal as deep as possible and make sure that no exposed bare wire can be seen or touched 31
- Signal slot 31
- 2 3 11 10 4 5 6 9 8 7 10 32
- Connect a sensor to the signal slot 32
- Door open sensor spring clip 32
- Dry contact 32
- Normal open only 32
- Output pins 32
- Signal connector 32
- Signal input pins signal 32
- 2 3 11 10 33
- Pin assignments 33
- Chapter 3 hardware overview 34
- Led color status description 34
- Mes3500 series user s guide 34
- Table 4 led descriptions continued 34
- Introduction 35
- System login 35
- The web configurator 35
- B d c e 36
- The web configurator layout 36
- Chapter 4 the web configurator 38
- Link description 38
- Mes3500 series user s guide 38
- Table 6 navigation panel links 38
- The following table describes the links in the navigation panel 38
- Chapter 4 the web configurator 39
- Link description 39
- Mes3500 series user s guide 39
- Table 6 navigation panel links continued 39
- Change your password 40
- Note use the save link when you are done with a configuration session 40
- Saving your configuration 40
- Switch lockout 40
- Note be careful not to lock yourself and others out of the switch if you do lock yourself out try using out of band management via the management port to configure the switch 41
- Reload the configuration file 41
- Resetting the switch 41
- Logging out of the web configurator 42
- Creating a vlan 43
- Initial setup example 43
- Overview 43
- Note the vlan group id field in this screen and the vid field in the ip setup screen refer to the same vlan id 44
- Setting port vid 44
- Configuring switch management ip address 45
- How to use dhcp snooping on the switch 47
- Tutorials 47
- Dhcp relay tutorial introduction 50
- How to use dhcp relay on the switch 50
- Creating a vlan 51
- Dhcp server port 2 pvid 102 51
- Vlan 102 51
- Configuring dhcpv4 relay 53
- How to use pppoe ia on the switch 54
- Port 11 trusted 54
- Port 12 trusted 54
- Port 5 untrusted port 12 trusted 54
- Troubleshooting 54
- Configuring switch a 55
- Note for related information about pppoe ia see section 32 on page 252 55
- Configuring switch b 57
- How to use error disable and recovery on the switch 60
- Note refer to section 28 on page 238 and section 33 on page 258 for more information about loop guard and errdiable 60
- Creating a guest vlan 62
- How to set up a guest vlan 62
- Internet 62
- Enabling ieee 802 x port authentication 65
- Enabling guest vlan 66
- How to do port isolation in a vlan 67
- Internet 67
- Creating a vlan 68
- Creating a private vlan rule 70
- Technical reference 72
- Overview 73
- Port status summary 73
- System status and port statistics 73
- Chapter 7 system status and port statistics 74
- Click a number in the port column in the status screen to display individual port statistics use this screen to check status and detailed performance data about an individual port on the switch 74
- Label description 74
- Mes3500 series user s guide 74
- Status port details 74
- Table 9 status continued 74
- Chapter 7 system status and port statistics 75
- Label description 75
- Mes3500 series user s guide 75
- Port details 75
- Table 10 status port details 75
- The following table describes the labels in this screen 75
- Chapter 7 system status and port statistics 76
- Label description 76
- Mes3500 series user s guide 76
- Table 10 status port details continued 76
- Basic setting 77
- System information 77
- Chapter 8 basic setting 78
- General setup 78
- General setup in the navigation panel to display the screen as shown 78
- Label description 78
- Mes3500 series user s guide 78
- System info continued 78
- Chapter 8 basic setting 79
- General setup 79
- Label description 79
- Mes3500 series user s guide 79
- The following table describes the labels in this screen 79
- A vlan virtual local area network allows a physical network to be partitioned into multiple logical networks devices on a logical network belong to one group a device can belong to more than one group with vlan a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router 80
- Chapter 8 basic setting 80
- General setup continued 80
- In mtu multi tenant unit applications vlan is vital in providing isolation and security among the subscribers when properly configured vlan prevents one subscriber from accessing the network resources of another on the same lan thus a user will not see the printers and hard disks of another user in the same building 80
- Introduction to vlans 80
- Label description 80
- Mes3500 series user s guide 80
- Note vlan is unidirectional it only governs outgoing traffic 80
- See chapter 9 on page 88 for information on port based and 802 q tagged vlans 80
- Smart isolation 80
- To block traffic between two specific ports within the switch you can use port isolation or private vlan see chapter 34 on page 264 for more information however it does not work across 80
- Vlan also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain in traditional switched environments all broadcast packets go to each and every individual port with vlan all broadcasts are confined to a specific broadcast domain 80
- After smart isolation 81
- Before smart isolation 81
- Isolated ports 2 6 8 root port 7 designated port 8 81
- Isolated ports 2 6 root port 7 designated port 8 81
- Note the uplink port connected to the internet should be the root port otherwise with smart isolation enabled the isolated ports cannot access the internet 81
- Chapter 8 basic setting 82
- Label description 82
- Mes3500 series user s guide 82
- Note to use smart isolation you should have configured 802 q vlan port isolation or private vlan and m rstp on the switch smart isolation does not work with mstp and or port based vlan 82
- Switch setup 82
- Switch setup in the navigation panel to display the screen as shown the vlan setup screens change depending on whether you choose 802 q or port based in the vlan type field in this screen refer to the chapter on vlan 82
- The following table describes the labels in this screen 82
- Chapter 8 basic setting 83
- Ip setup 83
- Label description 83
- Management ip addresses 83
- Mes3500 series user s guide 83
- Switch setup continued 83
- The switch needs an ip address for it to be managed over the network the factory default in band ip address is 192 68 the subnet mask specifies the network number portion of an ip address the factory default subnet mask is 255 55 55 83
- Use the ip setup screen to configure the switch ip address default gateway device the default domain name server and the management vlan id the default gateway specifies the ip address of the default gateway next hop for outgoing traffic 83
- You can configure up to 64 ip addresses which are used to access and manage the switch from the ports belonging to the pre defined vlan s 83
- Chapter 8 basic setting 84
- Ip setup 84
- Label description 84
- Mes3500 series user s guide 84
- Note you must configure a vlan first 84
- The following table describes the labels in this screen 84
- Chapter 8 basic setting 85
- Ip setup continued 85
- Label description 85
- Mes3500 series user s guide 85
- Port setup 85
- Port setup in the navigation panel to display the configuration screen 85
- Chapter 8 basic setting 86
- Label description 86
- Mes3500 series user s guide 86
- Note changes in this row are copied to all the ports as soon as you make them 86
- Note due to space limitation the port name may be truncated in some web configurator screens 86
- Port setup 86
- The following table describes the labels in this screen 86
- Chapter 8 basic setting 87
- Label description 87
- Mes3500 series user s guide 87
- Port setup continued 87
- Forwarding tagged and untagged frames 88
- Introduction to ieee 802 q tagged vlans 88
- Automatic vlan registration 89
- Chapter 9 vlan 89
- Garp and gvrp are the protocols used to automatically register vlan membership across switches 89
- Garp generic attribute registration protocol allows network switches to register and de register attribute values with other garp participants within a bridged lan garp is a protocol that provides a generic mechanism for protocols that serve a more specific application for example gvrp 89
- Garp timers 89
- Gvrp garp vlan registration protocol is a registration protocol that defines a way for switches to register necessary vlan members on ports across the network enable this function to permit vlan groups beyond the local switch 89
- Mes3500 series user s guide 89
- Please refer to the following table for common ieee 802 q vlan terminology 89
- Switches join vlans by making a declaration a declaration is made by issuing a join message using garp declarations are withdrawn by issuing a leave message a leave all message terminates all registrations garp timers set declaration timeout values 89
- Table 16 ieee 802 q vlan terminology 89
- Vlan parameter term description 89
- Port vlan trunking 90
- Select the vlan type 90
- Static vlan 90
- Chapter 9 vlan 91
- Label description 91
- Mes3500 series user s guide 91
- The following table describes the labels in this screen 91
- Use this screen to view detailed port settings and status of the vlan group see section 9 on page 88 for more information on static vlan click on an index number in the vlan status screen to display vlan details 91
- Vlan details 91
- Vlan from the navigation panel to display the vlan status screen as shown next 91
- Vlan status 91
- Vlan vlan status 91
- Chapter 9 vlan 92
- Configure a static vlan 92
- Label description 92
- Mes3500 series user s guide 92
- The following table describes the labels in this screen 92
- Use this screen to configure and view 802 q vlan parameters for the switch see section 9 on page 88 for more information on static vlan to configure a static vlan click static vlan in the vlan status screen to display the screen as shown next 92
- Vlan detail 92
- Chapter 9 vlan 93
- Label description 93
- Mes3500 series user s guide 93
- Note changes in this row are copied to all the ports as soon as you make them 93
- Static vlan 93
- The following table describes the related labels in this screen 93
- Chapter 9 vlan 94
- Configure vlan port settings 94
- Label description 94
- Mes3500 series user s guide 94
- Static vlan continued 94
- Use the vlan port setting screen to configure the static vlan ieee 802 q settings on a port see section 9 on page 88 for more information on static vlan click the vlan port setting link in the vlan status screen 94
- Vlan port setting 94
- Chapter 9 vlan 95
- For example an isp internet service provider may divide different types of services it provides to customers into different ip subnets traffic for voice services is designated for ip subnet 95
- Label description 95
- Mes3500 series user s guide 95
- Note changes in this row are copied to all the ports as soon as you make them 95
- Subnet based vlans 95
- Subnet based vlans allow you to group traffic into logical vlans based on the source ip subnet you specify when a frame is received on a port the switch checks if a tag is added already and the ip subnet it came from the untagged packets from the same ip subnet are then placed in the same subnet based vlan one advantage of using subnet based vlans is that priority can be assigned to traffic from the same ip subnet 95
- The following table describes the labels in this screen 95
- Vlan port setting 95
- Configuring subnet based vlan 96
- Internet 96
- Note subnet based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 96
- Chapter 9 vlan 97
- Label description 97
- Mes3500 series user s guide 97
- Subnet based vlan 97
- The following table describes the labels in this screen 97
- Chapter 9 vlan 98
- Figure 43 protocol based vlan application example 98
- For example ports 1 2 3 and 4 belong to static vlan 100 and ports 4 5 6 7 belong to static vlan 120 you can configure a protocol based vlan a with priority 3 for arp traffic received on port 1 2 and 3 you can also have a protocol based vlan b with priority 2 for apple talk traffic received on port 6 and 7 all upstream arp traffic from port 1 2 and 3 will be grouped together and all upstream apple talk traffic from port 6 and 7 will be in another group and have higher priority than arp traffic when they go through the uplink port to a backbone switch c 98
- Label description 98
- Mes3500 series user s guide 98
- Note protocol based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 98
- Protocol based vlans 98
- Protocol based vlans allow you to group traffic into logical vlans based on the protocol you specify when an upstream frame is received on a port configured for a protocol based vlan the switch checks if a tag is added already and its protocol the untagged packets of the same protocol are then placed in the same protocol based vlan one advantage of using protocol based vlans is that priority can be assigned to traffic of the same protocol 98
- Subnet based vlan continued 98
- Chapter 9 vlan 99
- Click protocol based vlan in the vlan port setting screen to display the configuration screen as shown 99
- Configuring protocol based vlan 99
- Label description 99
- Mes3500 series user s guide 99
- Note protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based vlans 99
- Protocol based vlan 99
- The following table describes the labels in this screen 99
- Create an ip based vlan example 100
- Example 100
- Label description 101
- Mac based vlan 101
- Chapter 9 vlan 102
- Label description 102
- Mac based vlan continued 102
- Mes3500 series user s guide 102
- Use this screen to set the mac address learning limit on per port and per vlan basis click vlan mac learning in the vlan status screen to display the screen as shown next 102
- Vlan mac learning 102
- Chapter 9 vlan 103
- Label description 103
- Mes3500 series user s guide 103
- The following table describes the related labels in this screen 103
- Vlan mac learning 103
- Chapter 9 vlan 104
- Label description 104
- Mes3500 series user s guide 104
- Note in screens such as ip setup and filtering that require a vid you must enter 1 as the vid 104
- Note when you activate port based vlan the switch uses a default vlan id of 1 you cannot change it 104
- Note you also set the mac address learning limit in the port security screen if you configure two different limits the switch bases on the smaller one 104
- Port based vlan setup 104
- Port based vlans are specific only to the switch on which they were created 104
- Port based vlans are vlans where the packet forwarding decision is based on the destination mac address and its associated port 104
- Port based vlans require allowed outgoing ports to be defined for each port therefore if you wish to allow two subscriber ports to talk to each other for example between conference rooms in a hotel you must define the egress an egress port is an outgoing port that is a port through which a data packet leaves for both ports 104
- The port based vlan setup screen is shown next the cpu management port forms a vlan with all ethernet ports 104
- Vlan mac learning continued 104
- Configure a port based vlan 105
- Chapter 9 vlan 107
- Label description 107
- Mes3500 series user s guide 107
- The following table describes the labels in this screen 107
- Vlan port based vlan setup 107
- Configuring static mac forwarding 108
- Overview 108
- Static mac forward setup 108
- Chapter 10 static mac forward setup 109
- Label description 109
- Mes3500 series user s guide 109
- Note static mac addresses do not age out 109
- Static mac forwarding 109
- The following table describes the labels in this screen 109
- Static multicast forward setup 110
- Static multicast forwarding overview 110
- Configuring static multicast forwarding 111
- Chapter 11 static multicast forward setup 112
- Label description 112
- Mes3500 series user s guide 112
- Static multicast forwarding continued 112
- Configure a filtering rule 113
- Filtering 113
- Chapter 12 filtering 114
- Filtering continued 114
- Label description 114
- Mes3500 series user s guide 114
- Spanning tree protocol 115
- Stp rstp overview 115
- Stp terminology 115
- How stp works 116
- Multiple rstp 116
- Stp port states 116
- Mstp network example 117
- Multiple stp 117
- Note each port can belong to one stp tree only 117
- Mst region 118
- Vlan 1 vlan 2 118
- Common and internal spanning tree cist 119
- Mst instance 119
- Spanning tree configuration 120
- Spanning tree protocol status screen 120
- Chapter 13 spanning tree protocol 121
- Configuration 121
- Configure rapid spanning tree protocol 121
- Label description 121
- Mes3500 series user s guide 121
- Note if you select long all the switches in your network also need to use the long path cost method otherwise the spanning tree may not converge properly 121
- Spanning tree protocol screen 121
- The following table describes the labels in this screen 121
- Chapter 13 spanning tree protocol 122
- Configuration screen to enable rstp on the switch 122
- Label description 122
- Mes3500 series user s guide 122
- The following table describes the labels in this screen 122
- 2 hello time 1 123
- Chapter 13 spanning tree protocol 123
- Label description 123
- Mes3500 series user s guide 123
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 123
- Note changes in this row are copied to all the ports as soon as you make them 123
- Rstp continued 123
- Chapter 13 spanning tree protocol 124
- Label description 124
- Mes3500 series user s guide 124
- Note the listening state does not exist in rstp 124
- Note this screen is only available after you activate rstp on the switch 124
- Rapid spanning tree protocol status 124
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 115 for more information on rstp 124
- Status rstp 124
- The following table describes the labels in this screen 124
- Configure multiple rapid spanning tree protocol 125
- 2 hello time 1 126
- Chapter 13 spanning tree protocol 126
- Label description 126
- Mes3500 series user s guide 126
- Mrstp continued 126
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 126
- Note changes in this row are copied to all the ports as soon as you make them 126
- Chapter 13 spanning tree protocol 127
- Label description 127
- Mes3500 series user s guide 127
- Multiple rapid spanning tree protocol status 127
- Note the listening state does not exist in rstp 127
- Note this screen is only available after you activate mrstp on the switch 127
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 115 for more information on mrstp 127
- Status mrstp 127
- The following table describes the labels in this screen 127
- Configure multiple spanning tree protocol 128
- 2 hello time 1 129
- Chapter 13 spanning tree protocol 129
- Configuration screen to enable mstp on the switch 129
- Label description 129
- Mes3500 series user s guide 129
- The following table describes the labels in this screen 129
- Chapter 13 spanning tree protocol 130
- Label description 130
- Mes3500 series user s guide 130
- Mstp continued 130
- Mstp screen 130
- Multiple spanning tree protocol port configuration 130
- Note changes in this row are copied to all the ports as soon as you make them 130
- Chapter 13 spanning tree protocol 131
- Label description 131
- Mes3500 series user s guide 131
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 131
- Note changes in this row are copied to all the ports as soon as you make them 131
- The following table describes the labels in this screen 131
- Chapter 13 spanning tree protocol 132
- Label description 132
- Mes3500 series user s guide 132
- Multiple spanning tree protocol status 132
- Note this screen is only available after you activate mstp on the switch 132
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 117 for more information on mstp 132
- Status mstp 132
- The following table describes the labels in this screen 132
- Chapter 13 spanning tree protocol 133
- Label description 133
- Mes3500 series user s guide 133
- Status mstp continued 133
- Bandwidth control 134
- Bandwidth control overview 134
- Bandwidth control setup 134
- Cir and pir 134
- Bandwidth control 135
- Chapter 14 bandwidth control 135
- Label description 135
- Mes3500 series user s guide 135
- Note changes in this row are copied to all the ports as soon as you make them 135
- The following table describes the related labels in this screen 135
- Bandwidth control continued 136
- Chapter 14 bandwidth control 136
- Label description 136
- Mes3500 series user s guide 136
- Broadcast storm control 137
- Broadcast storm control setup 137
- Broadcast storm control 138
- Chapter 15 broadcast storm control 138
- Label description 138
- Mes3500 series user s guide 138
- Note changes in this row are copied to all the ports as soon as you make them 138
- The following table describes the labels in this screen 138
- Mirroring 139
- Port mirroring overview 139
- Port rules in port mirroring 140
- Table 41 port rules between different remote port mirroring vlans 140
- Table 42 port rules between remote and local port mirroring 140
- Chapter 16 mirroring 141
- Label description 141
- Local port mirroring screen 141
- Mes3500 series user s guide 141
- Mirroring 141
- Mirroring in the navigation panel to display the mirroring screen use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port 141
- Note changes in this row are copied to all the ports as soon as you make them 141
- The following table describes the labels in this screen 141
- Rmirror source screen 142
- Chapter 16 mirroring 143
- Click the rmirror destination link in the mirroring screen the following screen opens 143
- Label description 143
- Mes3500 series user s guide 143
- Note changes in this row are copied to all the ports as soon as you make them 143
- Rmirror destination screen 143
- Rmirror source 143
- The following table describes the labels in this screen 143
- Use this screen to specify the rmirror vlan id and configure the monitor port when the switch is the destination device in remote port mirroring 143
- Chapter 16 mirroring 144
- Label description 144
- Mes3500 series user s guide 144
- Rmirror destination 144
- The following table describes the labels in this screen 144
- Dynamic link aggregation 145
- Link aggregation 145
- Link aggregation overview 145
- Link aggregation id 146
- Link aggregation status 146
- Chapter 17 link aggregation 147
- Label description 147
- Link aggregation setting 147
- Link aggregation setting to display the screen shown next see section 17 on page 145 for more information on link aggregation 147
- Link aggregation status continued 147
- Mes3500 series user s guide 147
- Chapter 17 link aggregation 148
- Label description 148
- Link aggregation setting 148
- Mes3500 series user s guide 148
- The following table describes the labels in this screen 148
- Link aggregation control protocol 149
- Chapter 17 link aggregation 150
- Label description 150
- Make your physical connections make sure that the ports that you want to belong to the trunk group are connected to the same destination the following figure shows ports 2 5 on switch a connected to switch b 150
- Mes3500 series user s guide 150
- Note changes in this row are copied to all the ports as soon as you make them 150
- Note do not configure this screen unless you want to enable dynamic link aggregation 150
- Static trunking example 150
- The following table describes the labels in this screen 150
- This example shows you how to create a static port trunk group for ports 2 5 150
- Example 151
- Ieee 802 x authentication 152
- Port authentication 152
- Port authentication overview 152
- Mac authentication 153
- Activate ieee 802 x security 154
- Authentication reply 154
- Authentication request authentication request 154
- New connection 154
- Port authentication configuration 154
- Session granted denied 154
- Chapter 18 port authentication 155
- Label description 155
- Mes3500 series user s guide 155
- Note changes in this row are copied to all the ports as soon as you make them 155
- Note you must first enable 802 x authentication on the switch before configuring it on each port 155
- The following table describes the labels in this screen 155
- Guest vlan 156
- Internet 156
- Vlan 100 156
- Vlan 102 156
- Chapter 18 port authentication 157
- Guest vlan 157
- Label description 157
- Mes3500 series user s guide 157
- Note changes in this row are copied to all the ports as soon as you make them 157
- The following table describes the labels in this screen 157
- Activate mac authentication 158
- Chapter 18 port authentication 158
- Guest vlan continued 158
- Label description 158
- Mac authentication 158
- Mes3500 series user s guide 158
- Note you must first enable mac authentication on the switch before configuring it on each port 158
- The following table describes the labels in this screen 158
- Use this screen to activate mac authentication in the port authentication screen click mac authentication to display the configuration screen as shown 158
- Chapter 18 port authentication 159
- Label description 159
- Mac authentication continued 159
- Mes3500 series user s guide 159
- Note changes in this row are copied to all the ports as soon as you make them 159
- Note if the aging time in the switch setup screen is set to a lower value then it supersedes this setting see section 8 on page 82 159
- About port security 160
- Port security 160
- Port security setup 160
- Chapter 19 port security 161
- Label description 161
- Mes3500 series user s guide 161
- Port security 161
- The following table describes the labels in this screen 161
- Chapter 19 port security 162
- Label description 162
- Mes3500 series user s guide 162
- Note changes in this row are copied to all the ports as soon as you make them 162
- Port security continued 162
- Range profile 163
- Range profile overview 163
- Range profile screen 163
- Vlan range profile 163
- Chapter 20 range profile 164
- Label description 164
- Mes3500 series user s guide 164
- Port range profile 164
- The following table describes the labels in this screen 164
- Use this screen to view manage and create port range profiles in the range profile screen click port range to display the screen as shown 164
- Vlan range 164
- Chapter 20 range profile 165
- Ip address range profile 165
- Label description 165
- Mes3500 series user s guide 165
- Port range 165
- The following table describes the labels in this screen 165
- Use this screen to view manage and create ip address range profiles in the range profile screen click ip address range to display the screen as shown 165
- Chapter 20 range profile 166
- Ip address range 166
- Label description 166
- Mes3500 series user s guide 166
- Socket port range profile 166
- The following table describes the labels in this screen 166
- Use this screen to view manage and create socket port range profiles in the range profile screen click socket port range to display the screen as shown 166
- Chapter 20 range profile 167
- Label description 167
- Mes3500 series user s guide 167
- Socket port range 167
- The following table describes the labels in this screen 167
- About the classifier and qos 168
- Classifier 168
- Configuring the classifier 168
- Chapter 21 classifier 170
- Classifier continued 170
- Label description 170
- Mes3500 series user s guide 170
- Chapter 21 classifier 171
- Classifier continued 171
- Classifier summary table 171
- Label description 171
- Mes3500 series user s guide 171
- Note when two rules conflict with each other a higher layer rule has priority over a lower layer rule 171
- Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 171
- Table 60 classifier summary table 171
- The following table describes the labels in this screen 171
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the classifier screen to change the settings of a rule click a number in the index field 171
- Viewing and editing classifier configuration 171
- Chapter 21 classifier 172
- Classifier example 172
- Ethernet type protocol number 172
- Label description 172
- Mes3500 series user s guide 172
- Port number port name 172
- Some of the most common ip ports are 172
- Table 60 classifier summary table 172
- Table 61 common ethernet types and protocol number 172
- Table 62 common ip ports 172
- The following screen shows an example of configuring a classifier that identifies all traffic from mac address 00 50 ba ad 4f 81 on port 2 172
- The following table shows some other common ethernet types and the corresponding protocol number 172
- Example 173
- Configuring policy rules 174
- Diffserv 174
- Dscp and per hop behavior 174
- Policy rule 174
- Policy rules overview 174
- Chapter 22 policy rule 176
- Label description 176
- Mes3500 series user s guide 176
- Policy rule continued 176
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the policy screen to change the settings of a rule click a number in the index field 176
- Viewing and editing policy configuration 176
- Chapter 22 policy rule 177
- Label description 177
- Mes3500 series user s guide 177
- Policy example 177
- Policy rule summary table 177
- Table 64 policy summary table 177
- The figure below shows an example policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the example classifier refer to section 21 on page 172 177
- The following table describes the labels in this screen 177
- Example 178
- Queuing method 179
- Queuing method overview 179
- Strictly priority queuing 179
- Weighted fair queuing 179
- Configuring queuing 180
- Weighted round robin scheduling wrr 180
- Chapter 23 queuing method 181
- Label description 181
- Mes3500 series user s guide 181
- Note changes in this row are copied to all the ports as soon as you make them 181
- Queuing method 181
- The following table describes the labels in this screen 181
- Vlan stacking 182
- Vlan stacking example 182
- Vlan stacking overview 182
- Note static vlan tx tagging must be disabled on a port where you choose normal or access port 183
- Note static vlan tx tagging must be enabled on a port where you choose tunnel port 183
- Vlan stacking port roles 183
- Vlan tag format 183
- Configuring vlan stacking 184
- Frame format 184
- Chapter 24 vlan stacking 185
- Label description 185
- Mes3500 series user s guide 185
- Note changes in this row are copied to all the ports as soon as you make them 185
- Note you can define up to four different tunnel tpids including 8100 in this screen at a time 185
- The following table describes the labels in this screen 185
- Vlan stacking 185
- Chapter 24 vlan stacking 186
- Label description 186
- Mes3500 series user s guide 186
- Port based q in q 186
- Port based q in q lets the switch treat all frames received on the same port as the same vlan flows and add the same outer vlan tag to them even they have different customer vlan ids 186
- Port based qinq 186
- The following table describes the labels in this screen 186
- Vlan stacking screen to display the screen as shown 186
- Chapter 24 vlan stacking 187
- Label description 187
- Mes3500 series user s guide 187
- Note selective q in q rules are only applied to single tagged frames received on the access ports if the incoming frames are untagged or single tagged but received on a tunnel port or cannot match any selective q in q rules the switch applies the port based q in q rules to them 187
- Selective q in q 187
- Selective q in q is vlan based it allows the switch to add different outer vlan tags to the incoming frames received on one port according to their inner vlan tags 187
- Selective qinq 187
- The following table describes the labels in this screen 187
- Vlan stacking screen to display the screen as shown 187
- Chapter 24 vlan stacking 188
- Label description 188
- Mes3500 series user s guide 188
- Selective qinq continued 188
- Igmp filtering 189
- Igmp snooping 189
- Ip multicast addresses 189
- Multicast 189
- Multicast overview 189
- Igmp snooping and vlans 190
- Multicast setting 190
- Multicast status 190
- Chapter 25 multicast 191
- Label description 191
- Mes3500 series user s guide 191
- Multicast setting 191
- The following table describes the labels in this screen 191
- Chapter 25 multicast 192
- Label description 192
- Mes3500 series user s guide 192
- Multicast setting continued 192
- Note changes in this row are copied to all the ports as soon as you make them 192
- Note if you enable igmp filtering you must create and assign igmp filtering profiles for the ports that you want to allow to join multicast groups 192
- Note the timeout value for each igmp report will be halved automatically by the switch because the robustness variable value the number of query messages is set to two by default to cover the possibility of an igmp gsq being missed by igmp host s or an igmp report being missed by the multicast router s due to network congestion 192
- Chapter 25 multicast 193
- Igmp snooping vlan 193
- Label description 193
- Mes3500 series user s guide 193
- Multicast in the navigation panel click the multicast setting link and then the igmp snooping vlan link to display the screen as shown see section 25 on page 190 for more information on igmp snooping vlan 193
- Multicast setting continued 193
- Chapter 25 multicast 194
- Igmp snooping vlan 194
- Label description 194
- Mes3500 series user s guide 194
- Note you cannot configure the same vlan id as in the mvr screen 194
- Note you must also enable igmp snooping in the multicast setting screen first 194
- The following table describes the labels in this screen 194
- Igmp filtering profile 195
- Multicast vlan vlan 1 196
- Mvr overview 196
- Types of mvr ports 196
- Vlan 2 196
- Vlan 3 196
- General mvr configuration 197
- How mvr works 197
- Multicast vlan vlan 1 197
- Mvr modes 197
- Note you can create up to five multicast vlans and up to 256 multicast rules on the switch 197
- Note your switch automatically creates a static vlan with the same vid when you create a multicast vlan in this screen 197
- Chapter 25 multicast 198
- Label description 198
- Mes3500 series user s guide 198
- The following table describes the related labels in this screen 198
- All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group 199
- Chapter 25 multicast 199
- Configure mvr ip multicast group address es in the group configuration screen click group configuration in the mvr screen 199
- Label description 199
- Mes3500 series user s guide 199
- Mvr continued 199
- Mvr group configuration 199
- Note a port can belong to more than one multicast vlan however ip multicast group addresses in different multicast vlans cannot overlap 199
- Note changes in this row are copied to all the ports as soon as you make them 199
- Chapter 25 multicast 200
- Label description 200
- Mes3500 series user s guide 200
- Mvr configuration example 200
- Mvr group configuration 200
- The following figure shows a network example where ports 1 2 and 3 on the switch belong to vlan 1 in addition port 7 belongs to the multicast group with vid 200 to receive multicast traffic the 200
- The following table describes the labels in this screen 200
- Example 201
- Multicast vid 200 vlan 1 201
- Example 202
- Authentication authorization and accounting aaa 203
- Local user accounts 203
- Aaa screens 204
- Radius and tacacs 204
- Radius server setup 204
- Chapter 26 aaa 205
- Label description 205
- Mes3500 series user s guide 205
- Radius server setup 205
- The following table describes the labels in this screen 205
- Chapter 26 aaa 206
- Label description 206
- Mes3500 series user s guide 206
- Radius server setup continued 206
- Tacacs server setup 206
- Use this screen to configure your tacacs server settings see section 26 on page 204 for more information on tacacs servers click on the tacacs server setup link in the authentication and accounting screen to view the screen as shown 206
- Chapter 26 aaa 207
- Label description 207
- Mes3500 series user s guide 207
- Tacacs server setup 207
- The following table describes the labels in this screen 207
- Aaa setup 208
- Chapter 26 aaa 208
- Label description 208
- Mes3500 series user s guide 208
- Tacacs server setup continued 208
- Use this screen to configure authentication authorization and accounting settings on the switch click on the aaa setup link in the aaa screen to view the screen as shown 208
- Aaa setup 209
- Chapter 26 aaa 209
- Label description 209
- Mes3500 series user s guide 209
- The following table describes the labels in this screen 209
- Aaa setup continued 210
- Chapter 26 aaa 210
- Label description 210
- Mes3500 series user s guide 210
- Aaa setup continued 211
- Assign account privilege levels see the cli reference guide for more information on account privilege levels for the authenticated user 211
- Chapter 26 aaa 211
- Label description 211
- Limit bandwidth on incoming or outgoing traffic for the port the user connects to 211
- Mes3500 series user s guide 211
- Note refer to the documentation that comes with your radius server on how to configure vsas for users authenticating via the radius server 211
- Rfc 2865 standard specifies a method for sending vendor specific information between a radius server and a network access device for example the switch a company can create vendor specific attributes vsas to expand the functionality of a radius server 211
- The switch supports vsas that allow you to perform the following actions based on user authentication 211
- The vsas are composed of the following 211
- Vendor data a value you want to assign to the setting 211
- Vendor id an identification number assigned to the company by the iana internet assigned numbers authority zyxel s vendor id is 890 211
- Vendor specific attribute 211
- Vendor type a vendor specified attribute identifying the setting you want to modify 211
- Supported radius attributes 212
- Tunnel protocol attribute 212
- Attributes used by the ieee 802 x authentication 213
- Attributes used for accounting 213
- Attributes used for authenticating privilege access 213
- Attributes used for authentication 213
- Attributes used to login users 213
- Attributes used for accounting exec events 214
- Attributes used for accounting system events 214
- Attributes used for accounting ieee 802 x events 215
- Dhcp snooping overview 216
- Ip source guard 216
- Ip source guard overview 216
- Dhcp snooping database 217
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 217
- Arp inspection overview 218
- Configuring dhcp snooping 218
- Dhcp relay option 82 information 218
- Arp inspection and mac address filters 219
- Configuring arp inspection 219
- Note it is recommended you enable dhcp snooping at least one day before you enable arp inspection so that the switch has enough time to build the binding table 219
- Syslog 219
- Trusted vs untrusted ports 219
- Chapter 27 ip source guard 220
- Ip source guard 220
- Ip source guard static binding 220
- Label description 220
- Mes3500 series user s guide 220
- Static binding 220
- The following table describes the labels in this screen 220
- Chapter 27 ip source guard 221
- Label description 221
- Mes3500 series user s guide 221
- Static binding 221
- The following table describes the labels in this screen 221
- Dhcp snooping 222
- Chapter 27 ip source guard 223
- Dhcp snooping continued 223
- Label description 223
- Mes3500 series user s guide 223
- Chapter 27 ip source guard 224
- Configure 224
- Dhcp snooping configure 224
- Dhcp snooping continued 224
- Label description 224
- Mes3500 series user s guide 224
- Chapter 27 ip source guard 225
- Dhcp snooping configure 225
- Label description 225
- Mes3500 series user s guide 225
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 225
- Note you have to enable dhcp snooping on the dhcp vlan too 225
- The following table describes the labels in this screen 225
- Chapter 27 ip source guard 226
- Dhcp snooping configure continued 226
- Dhcp snooping port configure 226
- Label description 226
- Mes3500 series user s guide 226
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 226
- Use this screen to specify whether ports are trusted or untrusted ports for dhcp snooping 226
- Chapter 27 ip source guard 227
- Dhcp snooping port configure 227
- Dhcp snooping vlan configure 227
- Label description 227
- Mes3500 series user s guide 227
- The following table describes the labels in this screen 227
- Chapter 27 ip source guard 228
- Dhcp snooping vlan configure 228
- Dhcp snooping vlan port configure 228
- Label description 228
- Mes3500 series user s guide 228
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 228
- The following table describes the labels in this screen 228
- Arp inspection 229
- Arp inspection status 229
- Chapter 27 ip source guard 229
- Label description 229
- Mes3500 series user s guide 229
- The following table describes the labels in this screen 229
- Arp inspection status 230
- Arp inspection vlan status 230
- Chapter 27 ip source guard 230
- Label description 230
- Mes3500 series user s guide 230
- The following table describes the labels in this screen 230
- Vlan status 230
- Arp inspection log status 231
- Arp inspection vlan status 231
- Chapter 27 ip source guard 231
- Label description 231
- Log status 231
- Mes3500 series user s guide 231
- The following table describes the labels in this screen 231
- Arp inspection configure 232
- Arp inspection log status continued 232
- Chapter 27 ip source guard 232
- Configure 232
- Label description 232
- Mes3500 series user s guide 232
- Arp inspection configure 233
- Arp inspection port configure 233
- Chapter 27 ip source guard 233
- Label description 233
- Mes3500 series user s guide 233
- The following table describes the labels in this screen 233
- Arp inspection port configure 234
- Arp inspection vlan configure 234
- Chapter 27 ip source guard 234
- Label description 234
- Mes3500 series user s guide 234
- The following table describes the labels in this screen 234
- Arp inspection vlan configure 235
- Chapter 27 ip source guard 235
- Label description 235
- Mes3500 series user s guide 235
- The following table describes the labels in this screen 235
- Loop guard 236
- Loop guard overview 236
- Note after resolving the loop problem on your network you can re activate the disabled port via the web configurator see section 8 on page 85 or via commands see the ethernet switch cli reference guide 237
- Chapter 28 loop guard 238
- Label description 238
- Loop guard 238
- Loop guard in the navigation panel to display the screen as shown 238
- Loop guard setup 238
- Mes3500 series user s guide 238
- Note changes in this row are copied to all the ports as soon as you make them 238
- Note the loop guard feature can not be enabled on the ports that have spanning tree protocol rstp mrstp or mstp enabled 238
- The following table describes the labels in this screen 238
- Enabling vlan mapping 239
- Vlan mapping 239
- Vlan mapping example 239
- Vlan mapping overview 239
- Chapter 29 vlan mapping 240
- Click the vlan mapping configure link in the vlan mapping screen to display the screen as shown use this screen to enable and edit the vlan mapping rule s 240
- Configuring vlan mapping 240
- Label description 240
- Mes3500 series user s guide 240
- The following table describes the labels in this screen 240
- Vlan mapping 240
- Chapter 29 vlan mapping 241
- Label description 241
- Mes3500 series user s guide 241
- The following table describes the labels in this screen 241
- Vlan mapping configuration 241
- Layer 2 protocol tunneling 242
- Layer 2 protocol tunneling overview 242
- Configuring layer 2 protocol tunneling 243
- Layer 2 protocol tunneling mode 243
- Service provider s network c 243
- Chapter 30 layer 2 protocol tunneling 244
- Label description 244
- Layer 2 protocol tunneling 244
- Mes3500 series user s guide 244
- Note all the edge switches in the service provider s network should be set to use the same mac address for encapsulation 244
- Note changes in this row are copied to all the ports as soon as you make them 244
- Note the mac address can be either a unicast mac address or multicast mac address if you use a unicast mac address make sure the mac address does not exist in the address table of a switch on the service provider s network 244
- The following table describes the labels in this screen 244
- Chapter 30 layer 2 protocol tunneling 245
- Label description 245
- Layer 2 protocol tunneling continued 245
- Mes3500 series user s guide 245
- Note you can enable l2pt services for stp lacp vtp cdp udld and pagp on the access port s only 245
- Sflow overview 246
- Sflow port configuration 246
- Chapter 31 sflow 247
- Label description 247
- Mes3500 series user s guide 247
- Note changes in this row are copied to all the ports as soon as you make them 247
- The following table describes the labels in this screen 247
- Chapter 31 sflow 248
- Click the collector link in the sflow screen to display the screen as shown you can configure up to four sflow collectors in this screen you may want to configure more than one collector if the traffic load to be monitored is more than one collector can manage 248
- Collector 248
- Collector screen the sflow collector does not need to be in the same subnet as the switch but it must be accessible from the switch 248
- Label description 248
- Mes3500 series user s guide 248
- Note configure udp port 6343 the default on a nat router to allow port forwarding if the collector is behind a nat router configure a firewall rule for udp port 6343 the default to allow incoming traffic if the collector is behind a firewall 248
- Sflow collector configuration 248
- Sflow continued 248
- The following table describes the labels in this screen 248
- Chapter 31 sflow 249
- Collector continued 249
- Label description 249
- Mes3500 series user s guide 249
- Pppoe intermediate agent overview 250
- Pppoe intermediate agent tag format 250
- Sub option format 250
- Chapter 32 pppoe 251
- Every port is either a trusted port or an untrusted port for the pppoe intermediate agent this setting is independent of the trusted untrusted setting for dhcp snooping or arp inspection you can also specify the agent sub options circuit id and remote id that the switch adds to padi and padr packets from pppoe clients 251
- Flexible circuit id syntax with identifier string and variables 251
- If you do not configure a circuit id string for a vlan on a specific port or for a specific port the switch adds the user defined identifier string and variables into the agent circuit id sub option the variables can be the slot id of the pppoe client the port number of the pppoe client and or the vlan id on the pppoe packet 251
- Intermediate agent screen the switch automatically generates a circuit id string according to the default circuit id syntax which is defined in the dsl forum working text wt 101 the default access node identifier is the host name of the pppoe intermediate agent and the eth indicates ethernet 251
- Mes3500 series user s guide 251
- Port state 251
- Table 108 pppoe ia remote id sub option format 251
- Table 109 pppoe ia circuit id sub option format using identifier string and variables 251
- Table 110 pppoe ia circuit id sub option format defined in wt 101 251
- The 1 in the first field identifies this as an agent circuit id sub option and 2 identifies this as an agent remote id sub option the next field specifies the length of the field the switch takes the circuit id string you manually configure for a vlan on a port as the highest priority and the circuit id string for a port as the second priority in addition the switch puts the pppoe client s mac address into the agent remote id sub option if you do not specify any user defined string 251
- The identifier string slot id port number and vlan id are separated from each other by a pound key semi colon period comma forward slash or space an agent circuit id sub option example is switch 07 0123 and indicates the pppoe packets come from a pppoe client which is connected to the switch s port 7 and belong to vlan 123 251
- Wt 101 default circuit id syntax 251
- Note the switch will drop all pppoe discovery packets if you enable the pppoe intermediate agent and there are no trusted ports 252
- Pppoe intermediate agent 252
- Pppoe screen 252
- Chapter 32 pppoe 253
- Intermediate agent 253
- Label description 253
- Mes3500 series user s guide 253
- The following table describes the labels in this screen 253
- Note the switch will drop all pppoe packets if you enable the pppoe intermediate agent on the switch and there are no trusted ports 254
- Pppoe ia per port 254
- Chapter 32 pppoe 255
- Label description 255
- Mes3500 series user s guide 255
- Port continued 255
- Port screen to display the screen as shown 255
- Pppoe ia per port per vlan 255
- Use this screen to configure pppoe ia settings that apply to a specific vlan on a port 255
- Chapter 32 pppoe 256
- Label description 256
- Mes3500 series user s guide 256
- Note changes in this row are copied to all the vlans as soon as you make them 256
- The following table describes the labels in this screen 256
- Chapter 32 pppoe 257
- Click the vlan link in the intermediate agent screen to display the screen as shown 257
- Label description 257
- Mes3500 series user s guide 257
- Note changes in this row are copied to all the vlans as soon as you make them 257
- Pppoe ia for vlan 257
- The following table describes the labels in this screen 257
- Use this screen to set whether the pppoe intermediate agent is enabled on a vlan and whether the switch appends the circuit id and or remote id to pppoe discovery packets from a specific vlan 257
- Cpu protection overview 258
- Error disable 258
- Error disable recovery overview 258
- Error disable screen 258
- Error disable status 259
- Chapter 33 error disable 260
- Cpu protection configuration 260
- Errdisable detect screen 260
- Errdisable screen to display the screen as shown 260
- Errdisable status 260
- Label description 260
- Mes3500 series user s guide 260
- The following table describes the labels in this screen 260
- Chapter 33 error disable 261
- Cpu protection 261
- Errdisable screen to display the screen as shown 261
- Error disable detect configuration 261
- Label description 261
- Mes3500 series user s guide 261
- Note changes in this row are copied to all the ports as soon as you make them 261
- The following table describes the labels in this screen 261
- Chapter 33 error disable 262
- Errdisable detect 262
- Errdisable screen to display the screen as shown 262
- Error disable recovery configuration 262
- Label description 262
- Mes3500 series user s guide 262
- Note changes in this row are copied to all the entries as soon as you make them 262
- The following table describes the labels in this screen 262
- Chapter 33 error disable 263
- Errdisable recovery 263
- Label description 263
- Mes3500 series user s guide 263
- Note changes in this row are copied to all the entries as soon as you make them 263
- The following table describes the labels in this screen 263
- Configuring private vlan 264
- Private vlan 264
- Private vlan overview 264
- Chapter 34 private vlan 265
- Label description 265
- Mes3500 series user s guide 265
- Private vlan 265
- The following table describes the labels in this screen 265
- Configuring static routing 266
- Static route 266
- Static routing overview 266
- Chapter 35 static route 267
- Label description 267
- Mes3500 series user s guide 267
- Static routing 267
- The following table describes the related labels you use to create a static route 267
- Chapter 35 static route 268
- Label description 268
- Mes3500 series user s guide 268
- Static routing continued 268
- Differentiated services 269
- Diffserv network example 269
- Diffserv overview 269
- Dscp and per hop behavior 269
- P platinum g gold s silver b bronze 270
- Two rate three color marker traffic policing 270
- Activating diffserv 271
- Exceed cir 271
- Exceed pir 271
- Red yellow 271
- Trtcm color aware mode 271
- Trtcm color blind mode 271
- Chapter 36 differentiated services 272
- Configuring 2 rate 3 color marker settings 272
- Diffserv 272
- Label description 272
- Mes3500 series user s guide 272
- Note changes in this row are copied to all the ports as soon as you make them 272
- Note you cannot enable both trtcm and bandwidth control at the same time 272
- The following table describes the labels in this screen 272
- Use this screen to configure trtcm settings click the 2 rate 3 color marker link in the diffserv screen to display the screen as shown next 272
- Chapter 36 differentiated services 273
- Label description 273
- Mes3500 series user s guide 273
- Note changes in this row are copied to all the ports as soon as you make them 273
- Note you must also activate diffserv on the switch and the individual ports for the switch to drop red high loss priority colored packets 273
- Rate 3 color marker 273
- The following table describes the labels in this screen 273
- Chapter 36 differentiated services 274
- Configuring dscp profiles 274
- Dscp profile 274
- Label description 274
- Mes3500 series user s guide 274
- Rate 3 color marker continued 274
- The following table describes the labels in this screen 274
- Use this screen to configure dscp profiles click the dscp profile link in the 2 rate 3 color marker screen to display the screen as shown next 274
- Chapter 36 differentiated services 275
- Configuring dscp settings 275
- Dscp profile continued 275
- Dscp setting 275
- Dscp to ieee 802 p priority settings 275
- Label description 275
- Mes3500 series user s guide 275
- Table 124 default dscp ieee 802 p mapping 275
- The following table describes the labels in this screen 275
- The following table shows the default dscp to ieee802 p mapping 275
- To change the dscp ieee 802 p mapping click the dscp setting link in the diffserv screen to display the screen as shown next 275
- You can configure the dscp to ieee 802 p mapping to allow the switch to prioritize all traffic based on the incoming dscp value according to the diffserv to ieee 802 p mapping table 275
- Dhcp configuration 276
- Dhcp configuration options 276
- Dhcp modes 276
- Dhcp overview 276
- Dhcpv4 relay 277
- Dhcpv4 relay agent information 277
- Dhcpv4 status 277
- Dhcpv4 option 82 profile 278
- Chapter 37 dhcp 279
- Configuring dhcpv4 global relay 279
- Dhcpv4 in the navigation panel and click the global link to display the screen as shown 279
- Label description 279
- Mes3500 series user s guide 279
- Option 82 profile 279
- The following table describes the labels in this screen 279
- Chapter 37 dhcp 280
- Dhcpv4 global relay port configure 280
- Global 280
- Label description 280
- Mes3500 series user s guide 280
- The following table describes the labels in this screen 280
- Chapter 37 dhcp 281
- Global dhcpv4 relay configuration example 281
- Label description 281
- Mes3500 series user s guide 281
- The follow figure shows a network example where the switch is used to relay dhcp requests for the vlan1 and vlan2 domains there is only one dhcp server that services the dhcp clients in both domains 281
- The following table describes the labels in this screen 281
- Configuring dhcpv4 vlan settings 282
- Example 282
- Note you must set up a management ip address for each vlan that you want to configure dhcp settings for on the switch see section 8 on page 83 for information on how to set up management ip addresses for vlans 282
- Vlan1 vlan2 282
- Chapter 37 dhcp 283
- Dhcpv4 vlan port configure 283
- Label description 283
- Mes3500 series user s guide 283
- The following table describes the labels in this screen 283
- Chapter 37 dhcp 284
- Example dhcpv4 relay for two vlans 284
- Label description 284
- Mes3500 series user s guide 284
- The following example displays two vlans vids 1 and 2 for a campus network two dhcp servers are installed to serve each vlan the system is set up to forward dhcp requests from the 284
- The following table describes the labels in this screen 284
- Dhcp 172 6 0 00 285
- Dhcp 192 68 00 285
- Dhcpv6 relay 285
- Chapter 37 dhcp 286
- Dhcpv6 286
- Dhcpv6 in the navigation panel to display the screen as shown 286
- Label description 286
- Mes3500 series user s guide 286
- The following table describes the labels in this screen 286
- Chapter 37 dhcp 287
- Dhcpv6 in the navigation panel and click the options profile link to display the screen as shown 287
- Dhcpv6 options profile 287
- Label description 287
- Mes3500 series user s guide 287
- Options profile 287
- The following table describes the labels in this screen 287
- Chapter 37 dhcp 288
- Dhcpv6 port configure 288
- Label description 288
- Mes3500 series user s guide 288
- Options profile continued 288
- The following table describes the labels in this screen 288
- Chapter 37 dhcp 289
- Label description 289
- Mes3500 series user s guide 289
- Port continued 289
- Arp learning 290
- Arp overview 290
- Arp request 291
- Gratuitous arp 291
- Arp learning 292
- Arp learning 293
- Chapter 38 arp learning 293
- Label description 293
- Mes3500 series user s guide 293
- The following table describes the labels in this screen 293
- Maintenance 294
- The maintenance screen 294
- Load factory default 295
- Note clicking the apply or add button does not save the changes permanently all unsaved changes are erased after you reboot the switch 295
- Reboot system 295
- Save configuration 295
- Chapter 39 maintenance 296
- Label description 296
- Mes3500 series user s guide 296
- Reboot system 296
- The following table describes the labels in this screen 296
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 297
- Firmware upgrade 297
- Restore a configuration file 297
- Backup a configuration file 298
- Tech support 298
- Chapter 39 maintenance 299
- Label description 299
- Mes3500 series user s guide 299
- Tech support 299
- You may need wordpad or similar software to see the log report correctly the table below describes the fields in the above screen 299
- Example ftp commands 300
- Filename conventions 300
- Ftp command line 300
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 301
- Ftp command line procedure 301
- Gui based ftp clients 301
- Ftp restrictions 302
- About snmp 303
- Access control 303
- Access control overview 303
- The access control main screen 303
- Snmp v3 and security 304
- Snmp traps 305
- Supported mibs 305
- Chapter 40 access control 306
- Mes3500 series user s guide 306
- Option object label object id description 306
- Table 143 snmp system traps continued 306
- Chapter 40 access control 307
- Mes3500 series user s guide 307
- Option object label object id description 307
- Table 143 snmp system traps continued 307
- Table 144 snmp interface traps 307
- Chapter 40 access control 308
- Mes3500 series user s guide 308
- Option object label object id description 308
- Table 145 aaa traps 308
- Table 146 snmp ip traps 308
- Chapter 40 access control 309
- Configuring snmp 309
- Mes3500 series user s guide 309
- Option object label object id description 309
- Snmp to view the screen as shown use this screen to configure your snmp settings 309
- Table 147 snmp switch traps 309
- Chapter 40 access control 310
- Label description 310
- Mes3500 series user s guide 310
- Note snmp version 2c is backwards compatible with snmp version 1 310
- The following table describes the labels in this screen 310
- Configuring snmp trap group 311
- Chapter 40 access control 312
- Enabling disabling sending of snmp traps on a port 312
- Label description 312
- Mes3500 series user s guide 312
- Note changes in this row are copied to all the ports as soon as you make them 312
- The following table describes the labels in this screen 312
- Trap group continued 312
- Trap group screen click port to view the screen as shown use this screen to set whether a trap received on the port s would be sent to the snmp manager 312
- Configuring snmp user 313
- Chapter 40 access control 314
- Label description 314
- Mes3500 series user s guide 314
- Note the settings on the snmp manager must be set at the same security level or higher than the security level settings on the switch 314
- User continued 314
- Note it is highly recommended that you change the default administrator password 1234 315
- Setting up login accounts 315
- Chapter 40 access control 316
- Figure 201 ssh communication example 316
- How ssh works 316
- Label description 316
- Logins 316
- Mes3500 series user s guide 316
- Ssh overview 316
- The following table describes the labels in this screen 316
- The following table summarizes how a secure connection is established between two remote hosts 316
- Unlike telnet or ftp which transmit data in clear text ssh secure shell is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network 316
- Ssh implementation on the switch 317
- Introduction to https 318
- Note if you disable http in the service access control screen then the switch blocks all http connection attempts 318
- Requirements for using ssh 318
- Example 319
- Https example 319
- Internet explorer 6 319
- Internet explorer 7 or 8 319
- Internet explorer warning messages 319
- Example 320
- Mozilla firefox warning messages 320
- Example 321
- Example 322
- Service port access control 322
- The main screen 322
- Chapter 40 access control 323
- Label description 323
- Mes3500 series user s guide 323
- Remote management 323
- Remote management to view the screen as shown next 323
- Service access control 323
- The following table describes the fields in this screen 323
- You can specify a group of one or more trusted computers from which an administrator may use a service to manage the switch click access control to return to the access control screen 323
- Chapter 40 access control 324
- Label description 324
- Mes3500 series user s guide 324
- Remote management 324
- The following table describes the labels in this screen 324
- Diagnostic 325
- Syslog 326
- Syslog overview 326
- Syslog setup 326
- Chapter 42 syslog 327
- Label description 327
- Mes3500 series user s guide 327
- Syslog 327
- Syslog server setup 327
- Syslog server setup to view the screen as shown next use this screen to configure a list of external syslog servers 327
- The following table describes the labels in this screen 327
- Chapter 42 syslog 328
- Label description 328
- Mes3500 series user s guide 328
- Syslog server setup 328
- The following table describes the labels in this screen 328
- Cluster management 329
- Cluster management status overview 329
- Cluster management status 330
- Note a cluster can only have one manager 330
- Chapter 43 cluster management 331
- Cluster management status 331
- Cluster member switch management 331
- Go to the clustering management status screen of the cluster manager switch and then select an index hyperlink from the list of members to go to that cluster member switch s web configurator home page this cluster member web configurator home page and the home page that you d see if you accessed it directly are different 331
- Label description 331
- Mes3500 series user s guide 331
- The following table describes the labels in this screen 331
- Example 332
- Uploading firmware to a cluster member switch 332
- Clustering management configuration 333
- Chapter 43 cluster management 334
- Configuration 334
- Label description 334
- Mes3500 series user s guide 334
- The following table describes the labels in this screen 334
- Chapter 43 cluster management 335
- Configuration continued 335
- Label description 335
- Mes3500 series user s guide 335
- Mac table 336
- Mac table overview 336
- Chapter 44 mac table 337
- Label description 337
- Mac table 337
- Mac table in the navigation panel to display the following screen 337
- Mes3500 series user s guide 337
- The following table describes the labels in this screen 337
- Viewing the mac table 337
- Chapter 44 mac table 338
- Label description 338
- Mac table continued 338
- Mes3500 series user s guide 338
- Arp table 339
- Arp table overview 339
- How arp works 339
- The arp table screen 339
- Arp table 340
- Chapter 45 arp table 340
- Label description 340
- Mes3500 series user s guide 340
- The following table describes the labels in this screen 340
- Configure clone 341
- Chapter 46 configure clone 342
- Configure clone 342
- Label description 342
- Mes3500 series user s guide 342
- The following table describes the labels in this screen 342
- Chapter 46 configure clone 343
- Configure clone continued 343
- Label description 343
- Mes3500 series user s guide 343
- Power hardware connections and leds 344
- Troubleshooting 344
- I cannot see or access the login screen in the web configurator 345
- I forgot the ip address for the switch 345
- I forgot the username and or password 345
- One of the leds does not behave as expected 345
- Switch access and login 345
- I can see the login screen but i cannot log in to the switch 346
- Pop up windows javascripts and java permissions 346
- I cannot see some of advanced application submenus at the bottom of the navigation panel 347
- I lost my configuration settings after i restart the switch 347
- Switch configuration 347
- There is unauthorized access to my switch via telnet http and ssh 347
- Customer support 348
- Ppendi 348
- Austria 349
- Belarus 349
- Europe 349
- Malaysia 349
- Pakistan 349
- Philippines 349
- Singapore 349
- Taiwan 349
- Thailand 349
- Vietnam 349
- Belgium 350
- Bulgaria 350
- Czech republic 350
- Denmark 350
- Estonia 350
- Finland 350
- France 350
- Germany 350
- Hungary 350
- Latvia 351
- Lithuania 351
- Netherlands 351
- Norway 351
- Poland 351
- Romania 351
- Russia 351
- Slovakia 351
- Sweden 351
- Switzerland 351
- Argentina 352
- Brazil 352
- Ecuador 352
- Israel 352
- Latin america 352
- Middle east 352
- Turkey 352
- Ukraine 352
- Africa 353
- Australia 353
- North america 353
- Oceania 353
- South africa 353
- Common services 354
- Ppendi 354
- Appendix b common services 355
- Mes3500 series user s guide 355
- Name protocol port s description 355
- Table 166 commonly used services continued 355
- Appendix b common services 356
- Mes3500 series user s guide 356
- Name protocol port s description 356
- Table 166 commonly used services continued 356
- Legal information 357
- Ppendi 357
- Appendix c legal information 358
- List of national codes 358
- Mes3500 series user s guide 358
- Safety warnings 358
- Appendix c legal information 359
- Environment statment 359
- European union disposal and recycling information 359
- Mes3500 series user s guide 359
- Environmental product declaration 360
- Appendix c legal information 361
- Mes3500 series user s guide 361
- Open source licenses 361
- Registration 361
- Trademarks 361
- Viewing certifications 361
- Zyxel limited warranty 361
- 台灣 361
- 警告使用者 這是甲類的資訊產品 在居住的環境中使用時 可能會造成射頻干擾 在這種情況下 使用者會被要求採取某些適當的對策 361
- Numbers 362
Похожие устройства
- Zyxel MES3500-10 Технические характеристики
- HP pavilion 17-f151nr, k1x72ea Инструкция по эксплуатации
- Zyxel MES3500-10 Справочник командного интерфейса
- Zyxel MES3500-24 Инструкция по эксплуатации
- Zyxel MES3500-24 Технические характеристики
- Zyxel MES3500-24 Прошивка Микропрограмма
- Zyxel MES3500-24 DC Инструкция по эксплуатации
- Zyxel MES3500-24F Инструкция по эксплуатации
- Zyxel MES3500-24F Технические характеристики
- Zyxel MES3500-24F Справочник командного интерфейса
- Zyxel MGS3520-28 Инструкция по эксплуатации
- Zyxel MGS3520-28 Технические характеристики
- Zyxel MGS3520-28 Справочник командного интерфейса
- Zyxel MGS3520-28F Инструкция по эксплуатации
- Zyxel MGS3520-28F Справочник командного интерфейса
- Zyxel MGS3520-28F Технические характеристики
- Zyxel MGS3520-50 Инструкция по эксплуатации
- Zyxel MGS3520-50 Технические характеристики
- Zyxel MGS3520-50 Справочник командного интерфейса
- Zyxel MGS-3712F Инструкция по эксплуатации
Скачать
Случайные обсуждения