![Zyxel MGS3520-28 [2/338] Read carefully before use](/img/pdf.png)
Zyxel MGS3520-28 [2/338] Read carefully before use
![Zyxel MGS3520-28 [2/338] Note it is recommended you use the web configurator to configure the switch](/views2/1169495/page2/bg2.png)
MES3500/MGS3520 Series User’s Guide
2
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
Screenshots and graphics in this book may differ slightly from your product due to differences in
your product firmware or your computer operating system. Every effort has been made to ensure
that the information in this manual is accurate.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the Switch and access the Web Configurator.
• CLI Reference Guide
The CLI Reference Guide explains how to use the Command-Line Interface (CLI) and CLI
commands to configure the Switch.
Note: It is recommended you use the Web Configurator to configure the Switch.
• Web Configurator Online Help
Click the help icon in any screen for help in configuring that screen and supplementary
information.
•Knowledge Base
See Support > Knowledge Base at the ZyXEL website for FAQs, application examples,
troubleshooting and other technical information on the Switch.
Содержание
- Default login details 1
- Layer 2 management switch 1
- Mes3500 mgs3520 series 1
- Quick start guide 1
- User s guide 1
- Important 2
- Keep this guide for future reference 2
- Note it is recommended you use the web configurator to configure the switch 2
- Read carefully before use 2
- Related documentation 2
- Contents overview 3
- Technical reference 2 3
- User s guide 6 3
- Chapter 1 getting to know your switch 7 5
- Chapter 2 hardware installation and connection 2 5
- Chapter 3 hardware overview 5 5
- Chapter 4 the web configurator 5 5
- Contents overview 5
- Part i user s guide 16 5
- Table of contents 5
- Chapter 5 initial setup example 3 6
- Chapter 6 tutorials 7 6
- Chapter 7 system status and port statistics 3 6
- Part ii technical reference 72 6
- Chapter 10 static mac forward setup 05 7
- Chapter 8 basic setting 8 7
- Chapter 9 vlan 9 7
- Chapter 11 static multicast forward setup 07 8
- Chapter 12 filtering 110 8
- Chapter 13 spanning tree protocol 112 8
- Chapter 14 bandwidth control 31 8
- Chapter 15 broadcast storm control 33 8
- Chapter 16 mirroring 35 8
- Chapter 17 link aggregation 37 8
- Chapter 18 port authentication 44 9
- Chapter 19 port security 52 9
- Chapter 20 classifier 54 9
- Chapter 21 policy rule 60 9
- Chapter 22 queuing method 65 9
- Chapter 23 vlan stacking 68 10
- Chapter 24 multicast 75 10
- Chapter 25 aaa 89 10
- Chapter 26 ip source guard 02 11
- Chapter 27 loop guard 21 11
- Chapter 28 vlan mapping 24 11
- Chapter 29 layer 2 protocol tunneling 27 11
- Chapter 30 sflow 31 11
- Chapter 31 pppoe 35 12
- Chapter 32 error disable 43 12
- Chapter 33 private vlan 47 12
- Chapter 34 static route 49 12
- Chapter 35 differentiated services 52 12
- Chapter 36 dhcp 60 13
- Chapter 37 maintenance 68 13
- Chapter 38 access control 74 13
- Chapter 39 diagnostic 01 14
- Chapter 40 syslog 02 14
- Chapter 41 cluster management 05 14
- Chapter 42 mac table 311 14
- Chapter 43 arp table 14 14
- User s guide 16
- Backbone application 17
- Getting to know your switch 17
- Introduction 17
- Bridging example 18
- High performance switching example 18
- Ieee 802 q vlan application examples 19
- Tag based vlan example 19
- Ipv6 support 20
- Ways to manage the switch 20
- Good habits for managing the switch 21
- Desktop installation procedure 22
- Hardware installation and connection 22
- Installation scenarios 22
- Mounting the switch on a rack 22
- Rack mounted installation requirements 22
- Attaching the mounting brackets to the switch 23
- Mounting the switch on a rack 23
- Precautions 23
- Front panel 25
- Hardware overview 25
- Chapter 3 hardware overview 26
- Figure 10 mes3500 24f front panel dc model 26
- Figure 11 mes3500 10 front panel ac model 26
- Figure 12 mgs3520 28 front panel ac dc model 26
- Figure 13 mgs3520 28f front panel ac dc model 26
- Mes3500 mgs3520 series user s guide 26
- Chapter 3 hardware overview 27
- Console port 27
- Figure 14 mgs3520 50 front panel ac dc model 27
- Figure 15 mgs3520 50 rear panel ac dc model 27
- For local management you can use a computer with terminal emulation software configured to the following parameters 27
- Label description 27
- Mes3500 mgs3520 series user s guide 27
- Table 2 front panel connections 27
- The following table describes the port labels on the front panel 27
- Auto crossover 28
- Default ethernet negotiation settings 28
- Ethernet ports 28
- To avoid possible eye injury do not look into an operating fiber optic module s connectors 29
- Transceiver installation 29
- Transceiver removal 29
- Transceiver slots 29
- Ac power connection 30
- Keep the power supply switch and the switch s power switch in the off position until you come to the procedure for turning on the power 30
- Note check the power supply requirements on the panel and make sure you are using an appropriate power source 30
- Power connector 30
- Connect a sensor to the signal slot 31
- Dc power connection 31
- Exposed power wire is dangerous use extreme care when connecting a dc power source to the device 31
- Note the current rating of the power wires must be greater than 20 amps the power supply to which the switch connects must have a built in circuit breaker or switch to toggle the power 31
- Note when installing the power wire push it wire firmly into the terminal as deep as possible and make sure that no exposed bare wire can be seen or touched 31
- Signal slot 31
- 2 3 11 10 4 5 6 9 8 7 10 32
- Door open sensor spring clip 32
- Dry contact 32
- Normal open only 32
- Output pins 32
- Signal connector 32
- Signal input pins signal 32
- 2 3 11 10 33
- Pin assignments 33
- Chapter 3 hardware overview 34
- Led color status description 34
- Mes3500 mgs3520 series user s guide 34
- Table 3 led descriptions continued 34
- Introduction 35
- System login 35
- The web configurator 35
- B d c e 36
- The web configurator layout 36
- Chapter 4 the web configurator 38
- Link description 38
- Mes3500 mgs3520 series user s guide 38
- Table 5 navigation panel links continued 38
- Change your password 39
- Chapter 4 the web configurator 39
- Link description 39
- Logins to display the next screen 39
- Mes3500 mgs3520 series user s guide 39
- Table 5 navigation panel links continued 39
- Note use the save link when you are done with a configuration session 40
- Saving your configuration 40
- Switch lockout 40
- Note be careful not to lock yourself and others out of the switch if you do lock yourself out try using out of band management via the management port to configure the switch 41
- Reload the configuration file 41
- Resetting the switch 41
- Logging out of the web configurator 42
- Creating a vlan 43
- Initial setup example 43
- Overview 43
- Note the vlan group id field in this screen and the vid field in the ip setup screen refer to the same vlan id 44
- Setting port vid 44
- Configuring switch management ip address 45
- How to use dhcp snooping on the switch 47
- Tutorials 47
- Dhcp relay tutorial introduction 50
- How to use dhcp relay on the switch 50
- Creating a vlan 51
- Dhcp server port 2 pvid 102 51
- Vlan 102 51
- Configuring dhcp relay 53
- How to use pppoe ia on the switch 54
- Port 11 trusted 54
- Port 12 trusted 54
- Port 5 untrusted port 12 trusted 54
- Troubleshooting 54
- Configuring switch a 55
- Note for related information about pppoe ia see section 31 on page 237 55
- Configuring switch b 57
- How to use error disable and recovery on the switch 60
- Note refer to section 27 on page 223 and section 32 on page 243 for more information about loop guard and errdiable 60
- Creating a guest vlan 62
- How to set up a guest vlan 62
- Internet 62
- Enabling ieee 802 x port authentication 65
- Enabling guest vlan 66
- How to do port isolation in a vlan 67
- Internet 67
- Creating a vlan 68
- Creating a private vlan rule 70
- Technical reference 72
- Overview 73
- Port status summary 73
- System status and port statistics 73
- Chapter 7 system status and port statistics 74
- Click a number in the port column in the status screen to display individual port statistics use this screen to check status and detailed performance data about an individual port on the switch 74
- Label description 74
- Mes3500 mgs3520 series user s guide 74
- Status port details 74
- Table 8 status continued 74
- Chapter 7 system status and port statistics 75
- Label description 75
- Mes3500 mgs3520 series user s guide 75
- Port details 75
- Table 9 status port details 75
- The following table describes the labels in this screen 75
- Chapter 7 system status and port statistics 76
- Label description 76
- Mes3500 mgs3520 series user s guide 76
- Table 9 status port details continued 76
- Chapter 7 system status and port statistics 77
- Label description 77
- Mes3500 mgs3520 series user s guide 77
- Table 9 status port details continued 77
- Basic setting 78
- Overview 78
- System information 78
- Chapter 8 basic setting 79
- General setup 79
- General setup in the navigation panel to display the screen as shown 79
- Label description 79
- Mes3500 mgs3520 series user s guide 79
- System info 79
- The following table describes the labels in this screen 79
- Chapter 8 basic setting 80
- General setup 80
- Label description 80
- Mes3500 mgs3520 series user s guide 80
- The following table describes the labels in this screen 80
- A vlan virtual local area network allows a physical network to be partitioned into multiple logical networks devices on a logical network belong to one group a device can belong to more than one group with vlan a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router 81
- Chapter 8 basic setting 81
- General setup continued 81
- In mtu multi tenant unit applications vlan is vital in providing isolation and security among the subscribers when properly configured vlan prevents one subscriber from accessing the network resources of another on the same lan thus a user will not see the printers and hard disks of another user in the same building 81
- Introduction to vlans 81
- Label description 81
- Mes3500 mgs3520 series user s guide 81
- After smart isolation 82
- Before smart isolation 82
- Isolated ports 2 6 8 root port 7 designated port 8 82
- Isolated ports 2 6 root port 7 designated port 8 82
- Note vlan is unidirectional it only governs outgoing traffic 82
- Smart isolation 82
- Note the uplink port connected to the internet should be the root port otherwise with smart isolation enabled the isolated ports cannot access the internet 83
- Switch setup 83
- Chapter 8 basic setting 84
- Label description 84
- Mes3500 mgs3520 series user s guide 84
- Switch setup continued 84
- Ip setup 85
- Management ip addresses 85
- Note you must configure a vlan first 85
- Chapter 8 basic setting 86
- Ip setup 86
- Label description 86
- Mes3500 mgs3520 series user s guide 86
- The following table describes the labels in this screen 86
- Chapter 8 basic setting 87
- Ip setup continued 87
- Label description 87
- Mes3500 mgs3520 series user s guide 87
- Note changes in this row are copied to all the ports as soon as you make them 87
- Note due to space limitation the port name may be truncated in some web configurator screens 87
- Port setup 87
- Port setup in the navigation panel to display the configuration screen 87
- The following table describes the labels in this screen 87
- Chapter 8 basic setting 88
- Label description 88
- Mes3500 mgs3520 series user s guide 88
- Port setup continued 88
- Forwarding tagged and untagged frames 89
- Introduction to ieee 802 q tagged vlans 89
- Automatic vlan registration 90
- Chapter 9 vlan 90
- Garp and gvrp are the protocols used to automatically register vlan membership across switches 90
- Garp generic attribute registration protocol allows network switches to register and de register attribute values with other garp participants within a bridged lan garp is a protocol that provides a generic mechanism for protocols that serve a more specific application for example gvrp 90
- Garp timers 90
- Gvrp garp vlan registration protocol is a registration protocol that defines a way for switches to register necessary vlan members on ports across the network enable this function to permit vlan groups beyond the local switch 90
- Mes3500 mgs3520 series user s guide 90
- Please refer to the following table for common ieee 802 q vlan terminology 90
- Switches join vlans by making a declaration a declaration is made by issuing a join message using garp declarations are withdrawn by issuing a leave message a leave all message terminates all registrations garp timers set declaration timeout values 90
- Table 15 ieee 802 q vlan terminology 90
- Vlan parameter term description 90
- Port vlan trunking 91
- Select the vlan type 91
- Static vlan 91
- Chapter 9 vlan 92
- Label description 92
- Mes3500 mgs3520 series user s guide 92
- The following table describes the labels in this screen 92
- Use this screen to view detailed port settings and status of the vlan group see section 9 on page 89 for more information on static vlan click on an index number in the vlan status screen to display vlan details 92
- Vlan details 92
- Vlan from the navigation panel to display the vlan status screen as shown next 92
- Vlan status 92
- Vlan vlan status 92
- Chapter 9 vlan 93
- Configure a static vlan 93
- Label description 93
- Mes3500 mgs3520 series user s guide 93
- The following table describes the labels in this screen 93
- Use this screen to configure and view 802 q vlan parameters for the switch see section 9 on page 89 for more information on static vlan to configure a static vlan click static vlan in the vlan status screen to display the screen as shown next 93
- Vlan detail 93
- Chapter 9 vlan 94
- Label description 94
- Mes3500 mgs3520 series user s guide 94
- Note changes in this row are copied to all the ports as soon as you make them 94
- Static vlan 94
- The following table describes the related labels in this screen 94
- Chapter 9 vlan 95
- Configure vlan port settings 95
- Label description 95
- Mes3500 mgs3520 series user s guide 95
- Note changes in this row are copied to all the ports as soon as you make them 95
- Static vlan continued 95
- The following table describes the labels in this screen 95
- Use the vlan port setting screen to configure the static vlan ieee 802 q settings on a port see section 9 on page 89 for more information on static vlan click the vlan port setting link in the vlan status screen 95
- Vlan port setting 95
- Chapter 9 vlan 96
- For example an isp internet service provider may divide different types of services it provides to customers into different ip subnets traffic for voice services is designated for ip subnet 172 6 24 video for 192 68 24 and data for 10 24 the switch can then be configured to group incoming traffic based on the source ip subnet of incoming frames 96
- Label description 96
- Mes3500 mgs3520 series user s guide 96
- Subnet based vlans 96
- Subnet based vlans allow you to group traffic into logical vlans based on the source ip subnet you specify when a frame is received on a port the switch checks if a tag is added already and the ip subnet it came from the untagged packets from the same ip subnet are then placed in the same subnet based vlan one advantage of using subnet based vlans is that priority can be assigned to traffic from the same ip subnet 96
- Vlan port setting continued 96
- You can then configure a subnet based vlan with priority 6 and vid of 100 for traffic received from ip subnet 172 6 24 voice services you can also have a subnet based vlan with priority 5 and vid of 200 for traffic received from ip subnet 192 68 24 video services lastly you can configure vlan with priority 3 and vid of 300 for traffic received from ip subnet 10 24 data services all untagged incoming frames will be classified based on their source ip subnet and prioritized accordingly that is video services receive the highest priority and data the lowest 96
- Configuring subnet based vlan 97
- Internet 97
- Note subnet based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 97
- Chapter 9 vlan 98
- Label description 98
- Mes3500 mgs3520 series user s guide 98
- Protocol based vlans 98
- Protocol based vlans allow you to group traffic into logical vlans based on the protocol you specify when an upstream frame is received on a port configured for a protocol based vlan the switch checks if a tag is added already and its protocol the untagged packets of the same protocol are then placed in the same protocol based vlan one advantage of using protocol based vlans is that priority can be assigned to traffic of the same protocol 98
- Subnet based vlan setup 98
- The following table describes the labels in this screen 98
- Configuring protocol based vlan 99
- Note protocol based vlan applies to un tagged packets and is applicable only when you use ieee 802 q tagged vlan 99
- Activate this protocol based vlan 100
- Chapter 9 vlan 100
- Create an ip based vlan example 100
- Give this protocol based vlan a descriptive name type ip vlan 100
- Label description 100
- Mes3500 mgs3520 series user s guide 100
- Note protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based vlans 100
- Protocol based vlan setup 100
- Select the protocol leave the default value ip 100
- The following table describes the labels in this screen 100
- This example shows you how to create an ip vlan which includes ports 1 4 and 8 follow these steps using the screen below 100
- Type the port number you want to include in this protocol based vlan type 1 100
- Example 101
- Note in screens such as ip setup and filtering that require a vid you must enter 1 as the vid 101
- Note when you activate port based vlan the switch uses a default vlan id of 1 you cannot change it 101
- Port based vlan setup 101
- Configure a port based vlan 102
- Chapter 9 vlan 104
- Label description 104
- Mes3500 mgs3520 series user s guide 104
- The following table describes the labels in this screen 104
- Vlan port based vlan setup 104
- Configuring static mac forwarding 105
- Overview 105
- Static mac forward setup 105
- Chapter 10 static mac forward setup 106
- Label description 106
- Mes3500 mgs3520 series user s guide 106
- Note static mac addresses do not age out 106
- Static mac forwarding 106
- The following table describes the labels in this screen 106
- Static multicast forward setup 107
- Static multicast forwarding overview 107
- Configuring static multicast forwarding 108
- Chapter 11 static multicast forward setup 109
- Label description 109
- Mes3500 mgs3520 series user s guide 109
- Static multicast forwarding continued 109
- Configure a filtering rule 110
- Filtering 110
- Chapter 12 filtering 111
- Filtering continued 111
- Label description 111
- Mes3500 mgs3520 series user s guide 111
- Spanning tree protocol 112
- Stp rstp overview 112
- Stp terminology 112
- How stp works 113
- Multiple rstp 113
- Stp port states 113
- Mstp network example 114
- Multiple stp 114
- Note each port can belong to one stp tree only 114
- Mst region 115
- Vlan 1 vlan 2 115
- Common and internal spanning tree cist 116
- Mst instance 116
- Spanning tree configuration 117
- Spanning tree protocol status screen 117
- Chapter 13 spanning tree protocol 118
- Configuration 118
- Configure rapid spanning tree protocol 118
- Label description 118
- Mes3500 mgs3520 series user s guide 118
- Spanning tree protocol screen 118
- The following table describes the labels in this screen 118
- 2 hello time 1 119
- Chapter 13 spanning tree protocol 119
- Configuration screen to enable rstp on the switch 119
- Label description 119
- Mes3500 mgs3520 series user s guide 119
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 119
- Note changes in this row are copied to all the ports as soon as you make them 119
- The following table describes the labels in this screen 119
- Chapter 13 spanning tree protocol 120
- Label description 120
- Mes3500 mgs3520 series user s guide 120
- Note this screen is only available after you activate rstp on the switch 120
- Rapid spanning tree protocol status 120
- Rstp continued 120
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 112 for more information on rstp 120
- Status rstp 120
- The following table describes the labels in this screen 120
- Chapter 13 spanning tree protocol 121
- Configure multiple rapid spanning tree protocol 121
- Label description 121
- Mes3500 mgs3520 series user s guide 121
- Note the listening state does not exist in rstp 121
- Spanning tree protocol screen see section 13 on page 112 for more information on mrstp 121
- Status rstp continued 121
- The following table describes the labels in this screen 121
- 2 hello time 1 122
- Chapter 13 spanning tree protocol 122
- Configuration screen to enable mrstp on the switch 122
- Label description 122
- Mes3500 mgs3520 series user s guide 122
- Mrstp continued 122
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 122
- Note changes in this row are copied to all the ports as soon as you make them 122
- Chapter 13 spanning tree protocol 123
- Label description 123
- Mes3500 mgs3520 series user s guide 123
- Mrstp continued 123
- Multiple rapid spanning tree protocol status 123
- Note the listening state does not exist in rstp 123
- Note this screen is only available after you activate mrstp on the switch 123
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 112 for more information on mrstp 123
- Status mrstp 123
- The following table describes the labels in this screen 123
- Configure multiple spanning tree protocol 124
- Chapter 13 spanning tree protocol 125
- Label description 125
- Mes3500 mgs3520 series user s guide 125
- The following table describes the labels in this screen 125
- 2 hello time 1 126
- Chapter 13 spanning tree protocol 126
- Configuration screen to enable mstp on the switch 126
- Label description 126
- Mes3500 mgs3520 series user s guide 126
- Mstp continued 126
- Chapter 13 spanning tree protocol 127
- Label description 127
- Mes3500 mgs3520 series user s guide 127
- Mstp continued 127
- Mstp screen 127
- Multiple spanning tree protocol port configuration 127
- Note changes in this row are copied to all the ports as soon as you make them 127
- Chapter 13 spanning tree protocol 128
- Label description 128
- Mes3500 mgs3520 series user s guide 128
- Multiple spanning tree protocol status 128
- Note an edge port becomes a non edge port as soon as it receives a bridge protocol data unit bpdu 128
- Note changes in this row are copied to all the ports as soon as you make them 128
- Spanning tree protocol in the navigation panel to display the status screen as shown next see section 13 on page 114 for more information on mstp 128
- The following table describes the labels in this screen 128
- Chapter 13 spanning tree protocol 129
- Label description 129
- Mes3500 mgs3520 series user s guide 129
- Note this screen is only available after you activate mstp on the switch 129
- Status mstp 129
- The following table describes the labels in this screen 129
- Chapter 13 spanning tree protocol 130
- Label description 130
- Mes3500 mgs3520 series user s guide 130
- Status mstp continued 130
- Bandwidth control 131
- Bandwidth control overview 131
- Bandwidth control setup 131
- Cir and pir 131
- Bandwidth control 132
- Chapter 14 bandwidth control 132
- Label description 132
- Mes3500 mgs3520 series user s guide 132
- Note changes in this row are copied to all the ports as soon as you make them 132
- The following table describes the related labels in this screen 132
- Broadcast storm control 133
- Broadcast storm control setup 133
- Broadcast storm control 134
- Chapter 15 broadcast storm control 134
- Label description 134
- Mes3500 mgs3520 series user s guide 134
- Note changes in this row are copied to all the ports as soon as you make them 134
- The following table describes the labels in this screen 134
- Mirroring 135
- Port mirroring setup 135
- Chapter 16 mirroring 136
- Label description 136
- Mes3500 mgs3520 series user s guide 136
- Mirroring continued 136
- Note changes in this row are copied to all the ports as soon as you make them 136
- Dynamic link aggregation 137
- Link aggregation 137
- Link aggregation overview 137
- Link aggregation id 138
- Link aggregation status 138
- Chapter 17 link aggregation 139
- Label description 139
- Link aggregation setting 139
- Link aggregation setting to display the screen shown next see section 17 on page 137 for more information on link aggregation 139
- Link aggregation status continued 139
- Mes3500 mgs3520 series user s guide 139
- Chapter 17 link aggregation 140
- Label description 140
- Link aggregation setting 140
- Mes3500 mgs3520 series user s guide 140
- The following table describes the labels in this screen 140
- Link aggregation control protocol 141
- Chapter 17 link aggregation 142
- Label description 142
- Make your physical connections make sure that the ports that you want to belong to the trunk group are connected to the same destination the following figure shows ports 2 5 on switch a connected to switch b 142
- Mes3500 mgs3520 series user s guide 142
- Note changes in this row are copied to all the ports as soon as you make them 142
- Note do not configure this screen unless you want to enable dynamic link aggregation 142
- Static trunking example 142
- The following table describes the labels in this screen 142
- This example shows you how to create a static port trunk group for ports 2 5 142
- Example 143
- Ieee 802 x authentication 144
- Port authentication 144
- Port authentication overview 144
- Mac authentication 145
- Activate ieee 802 x security 146
- Authentication reply 146
- Authentication request authentication request 146
- New connection 146
- Port authentication configuration 146
- Session granted denied 146
- Chapter 18 port authentication 147
- Label description 147
- Mes3500 mgs3520 series user s guide 147
- Note changes in this row are copied to all the ports as soon as you make them 147
- Note you must first enable 802 x authentication on the switch before configuring it on each port 147
- The following table describes the labels in this screen 147
- Guest vlan 148
- Internet 148
- Vlan 100 148
- Vlan 102 148
- Chapter 18 port authentication 149
- Guest vlan 149
- Label description 149
- Mes3500 mgs3520 series user s guide 149
- Note changes in this row are copied to all the ports as soon as you make them 149
- The following table describes the labels in this screen 149
- Activate mac authentication 150
- Chapter 18 port authentication 150
- Guest vlan continued 150
- Label description 150
- Mac authentication 150
- Mes3500 mgs3520 series user s guide 150
- Note you must first enable mac authentication on the switch before configuring it on each port 150
- The following table describes the labels in this screen 150
- Use this screen to activate mac authentication in the port authentication screen click mac authentication to display the configuration screen as shown 150
- Chapter 18 port authentication 151
- Label description 151
- Mac authentication continued 151
- Mes3500 mgs3520 series user s guide 151
- Note changes in this row are copied to all the ports as soon as you make them 151
- Note if the aging time in the switch setup screen is set to a lower value then it supersedes this setting see section 8 on page 83 151
- About port security 152
- Port security 152
- Port security setup 152
- Chapter 19 port security 153
- Label description 153
- Mes3500 mgs3520 series user s guide 153
- Note changes in this row are copied to all the ports as soon as you make them 153
- Port security 153
- The following table describes the labels in this screen 153
- About the classifier and qos 154
- Classifier 154
- Configuring the classifier 154
- Chapter 20 classifier 155
- Classifier 155
- Label description 155
- Mes3500 mgs3520 series user s guide 155
- The following table describes the labels in this screen 155
- Chapter 20 classifier 156
- Classifier continued 156
- Label description 156
- Mes3500 mgs3520 series user s guide 156
- Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 156
- Chapter 20 classifier 157
- Classifier continued 157
- Classifier summary table 157
- Label description 157
- Mes3500 mgs3520 series user s guide 157
- Note when two rules conflict with each other a higher layer rule has priority over a lower layer rule 157
- Note you must select either udp or tcp in the ip protocol field before you configure the socket numbers 157
- Table 49 classifier summary table 157
- The following table describes the labels in this screen 157
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the classifier screen to change the settings of a rule click a number in the index field 157
- Viewing and editing classifier configuration 157
- Chapter 20 classifier 158
- Classifier example 158
- Ethernet type protocol number 158
- Mes3500 mgs3520 series user s guide 158
- Port number port name 158
- Some of the most common ip ports are 158
- Table 50 common ethernet types and protocol number 158
- Table 51 common ip ports 158
- The following screen shows an example of configuring a classifier that identifies all traffic from mac address 00 50 ba ad 4f 81 on port 2 158
- The following table shows some other common ethernet types and the corresponding protocol number 158
- Example 159
- Configuring policy rules 160
- Diffserv 160
- Dscp and per hop behavior 160
- Policy rule 160
- Policy rules overview 160
- Chapter 21 policy rule 162
- Label description 162
- Mes3500 mgs3520 series user s guide 162
- Policy rule continued 162
- To view a summary of the classifier configuration scroll down to the summary table at the bottom of the policy screen to change the settings of a rule click a number in the index field 162
- Viewing and editing policy configuration 162
- Chapter 21 policy rule 163
- Label description 163
- Mes3500 mgs3520 series user s guide 163
- Policy example 163
- Policy rule summary table 163
- Table 53 policy summary table 163
- The figure below shows an example policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the example classifier refer to section 20 on page 158 163
- The following table describes the labels in this screen 163
- Example 164
- Queuing method 165
- Queuing method overview 165
- Strictly priority queuing 165
- Weighted fair queuing 165
- Configuring queuing 166
- Weighted round robin scheduling wrr 166
- Chapter 22 queuing method 167
- Label description 167
- Mes3500 mgs3520 series user s guide 167
- Note changes in this row are copied to all the ports as soon as you make them 167
- Queuing method 167
- The following table describes the labels in this screen 167
- Vlan stacking 168
- Vlan stacking example 168
- Vlan stacking overview 168
- Note static vlan tx tagging must be disabled on a port where you choose normal or access port 169
- Note static vlan tx tagging must be enabled on a port where you choose tunnel port 169
- Vlan stacking port roles 169
- Vlan tag format 169
- Configuring vlan stacking 170
- Frame format 170
- Chapter 23 vlan stacking 171
- Label description 171
- Mes3500 mgs3520 series user s guide 171
- Note changes in this row are copied to all the ports as soon as you make them 171
- Note you can define up to four different tunnel tpids including 8100 in this screen at a time 171
- The following table describes the labels in this screen 171
- Vlan stacking 171
- Chapter 23 vlan stacking 172
- Label description 172
- Mes3500 mgs3520 series user s guide 172
- Port based q in q 172
- Port based q in q lets the switch treat all frames received on the same port as the same vlan flows and add the same outer vlan tag to them even they have different customer vlan ids 172
- Port based qinq 172
- Selective q in q 172
- Selective q in q is vlan based it allows the switch to add different outer vlan tags to the incoming frames received on one port according to their inner vlan tags 172
- The following table describes the labels in this screen 172
- Vlan stacking screen to display the screen as shown 172
- Chapter 23 vlan stacking 173
- Label description 173
- Mes3500 mgs3520 series user s guide 173
- Note selective q in q rules are only applied to single tagged frames received on the access ports if the incoming frames are untagged or single tagged but received on a tunnel port or cannot match any selective q in q rules the switch applies the port based q in q rules to them 173
- Selective qinq 173
- The following table describes the labels in this screen 173
- Vlan stacking screen to display the screen as shown 173
- Chapter 23 vlan stacking 174
- Label description 174
- Mes3500 mgs3520 series user s guide 174
- Selective qinq continued 174
- Igmp filtering 175
- Igmp snooping 175
- Ip multicast addresses 175
- Multicast 175
- Multicast overview 175
- Igmp snooping and vlans 176
- Multicast setting 176
- Multicast status 176
- Chapter 24 multicast 177
- Label description 177
- Mes3500 mgs3520 series user s guide 177
- Multicast setting 177
- Note if you enable igmp filtering you must create and assign igmp filtering profiles for the ports that you want to allow to join multicast groups 177
- The following table describes the labels in this screen 177
- Chapter 24 multicast 178
- Label description 178
- Mes3500 mgs3520 series user s guide 178
- Multicast setting continued 178
- Note changes in this row are copied to all the ports as soon as you make them 178
- Note the timeout value for each igmp report will be halved automatically by the switch because the robustness variable value the number of query messages is set to two by default to cover the possibility of an igmp gsq being missed by igmp host s or an igmp report being missed by the multicast router s due to network congestion 178
- Chapter 24 multicast 179
- Igmp snooping vlan 179
- Label description 179
- Mes3500 mgs3520 series user s guide 179
- Multicast in the navigation panel click the multicast setting link and then the igmp snooping vlan link to display the screen as shown see section 24 on page 176 for more information on igmp snooping vlan 179
- Multicast setting continued 179
- Chapter 24 multicast 180
- Igmp snooping vlan 180
- Label description 180
- Mes3500 mgs3520 series user s guide 180
- Note you cannot configure the same vlan id as in the mvr screen 180
- Note you must also enable igmp snooping in the multicast setting screen first 180
- The following table describes the labels in this screen 180
- Igmp filtering profile 181
- Multicast vlan vlan 1 182
- Mvr overview 182
- Types of mvr ports 182
- Vlan 2 182
- Vlan 3 182
- General mvr configuration 183
- How mvr works 183
- Multicast vlan vlan 1 183
- Mvr modes 183
- Note you can create up to five multicast vlans and up to 256 multicast rules on the switch 183
- Note your switch automatically creates a static vlan with the same vid when you create a multicast vlan in this screen 183
- Chapter 24 multicast 184
- Label description 184
- Mes3500 mgs3520 series user s guide 184
- Note changes in this row are copied to all the ports as soon as you make them 184
- The following table describes the related labels in this screen 184
- All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group 185
- Chapter 24 multicast 185
- Configure mvr ip multicast group address es in the group configuration screen click group configuration in the mvr screen 185
- Label description 185
- Mes3500 mgs3520 series user s guide 185
- Mvr continued 185
- Mvr group configuration 185
- Note a port can belong to more than one multicast vlan however ip multicast group addresses in different multicast vlans cannot overlap 185
- Chapter 24 multicast 186
- Figure 106 mvr configuration example 186
- Label description 186
- Mes3500 mgs3520 series user s guide 186
- Multicast vid 200 vlan 1 186
- Mvr configuration example 186
- Mvr group configuration 186
- The following figure shows a network example where ports 1 2 and 3 on the switch belong to vlan 1 in addition port 7 belongs to the multicast group with vid 200 to receive multicast traffic the news and movie channels from the remote streaming media server s computers a b and c in vlan 1 are able to receive the traffic 186
- The following table describes the labels in this screen 186
- To configure the mvr settings on the switch create a multicast group in the mvr screen and set the receiver and source ports 186
- Example 187
- Example 188
- Authentication authorization and accounting aaa 189
- Local user accounts 189
- Aaa screens 190
- Radius and tacacs 190
- Radius server setup 190
- Chapter 25 aaa 191
- Label description 191
- Mes3500 mgs3520 series user s guide 191
- Radius server setup 191
- The following table describes the labels in this screen 191
- Chapter 25 aaa 192
- Label description 192
- Mes3500 mgs3520 series user s guide 192
- Radius server setup continued 192
- Tacacs server setup 192
- Use this screen to configure your tacacs server settings see section 25 on page 190 for more information on tacacs servers click on the tacacs server setup link in the authentication and accounting screen to view the screen as shown 192
- Chapter 25 aaa 193
- Label description 193
- Mes3500 mgs3520 series user s guide 193
- Tacacs server setup 193
- The following table describes the labels in this screen 193
- Aaa setup 194
- Chapter 25 aaa 194
- Label description 194
- Mes3500 mgs3520 series user s guide 194
- Tacacs server setup continued 194
- Use this screen to configure authentication authorization and accounting settings on the switch click on the aaa setup link in the aaa screen to view the screen as shown 194
- Aaa setup 195
- Chapter 25 aaa 195
- Label description 195
- Mes3500 mgs3520 series user s guide 195
- The following table describes the labels in this screen 195
- Aaa setup continued 196
- Chapter 25 aaa 196
- Label description 196
- Mes3500 mgs3520 series user s guide 196
- Aaa setup continued 197
- Assign account privilege levels see the cli reference guide for more information on account privilege levels for the authenticated user 197
- Chapter 25 aaa 197
- Label description 197
- Limit bandwidth on incoming or outgoing traffic for the port the user connects to 197
- Mes3500 mgs3520 series user s guide 197
- Note refer to the documentation that comes with your radius server on how to configure vsas for users authenticating via the radius server 197
- Rfc 2865 standard specifies a method for sending vendor specific information between a radius server and a network access device for example the switch a company can create vendor specific attributes vsas to expand the functionality of a radius server 197
- The switch supports vsas that allow you to perform the following actions based on user authentication 197
- The vsas are composed of the following 197
- Vendor data a value you want to assign to the setting 197
- Vendor id an identification number assigned to the company by the iana internet assigned numbers authority zyxel s vendor id is 890 197
- Vendor specific attribute 197
- Vendor type a vendor specified attribute identifying the setting you want to modify 197
- Supported radius attributes 198
- Tunnel protocol attribute 198
- Attributes used by the ieee 802 x authentication 199
- Attributes used for accounting 199
- Attributes used for authenticating privilege access 199
- Attributes used for authentication 199
- Attributes used to login users 199
- Attributes used for accounting exec events 200
- Attributes used for accounting system events 200
- Attributes used for accounting ieee 802 x events 201
- Dhcp snooping overview 202
- Ip source guard 202
- Ip source guard overview 202
- Dhcp snooping database 203
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 203
- Arp inspection overview 204
- Configuring dhcp snooping 204
- Dhcp relay option 82 information 204
- Arp inspection and mac address filters 205
- Configuring arp inspection 205
- Note it is recommended you enable dhcp snooping at least one day before you enable arp inspection so that the switch has enough time to build the binding table 205
- Syslog 205
- Trusted vs untrusted ports 205
- Chapter 26 ip source guard 206
- Figure 117 ip source guard 206
- Ip source guard 206
- Ip source guard static binding 206
- Label description 206
- Mes3500 mgs3520 series user s guide 206
- Static binding 206
- Table 76 ip source guard 206
- The following table describes the labels in this screen 206
- Chapter 26 ip source guard 207
- Dhcp snooping 207
- Figure 118 ip source guard static binding 207
- Label description 207
- Mes3500 mgs3520 series user s guide 207
- Table 77 ip source guard static binding 207
- The following table describes the labels in this screen 207
- Chapter 26 ip source guard 208
- Figure 119 dhcp snooping 208
- Label description 208
- Mes3500 mgs3520 series user s guide 208
- Table 78 dhcp snooping 208
- The following table describes the labels in this screen 208
- Chapter 26 ip source guard 209
- Label description 209
- Mes3500 mgs3520 series user s guide 209
- Table 78 dhcp snooping continued 209
- Chapter 26 ip source guard 210
- Configure 210
- Dhcp snooping configure 210
- Label description 210
- Mes3500 mgs3520 series user s guide 210
- Table 78 dhcp snooping continued 210
- Chapter 26 ip source guard 211
- Figure 120 dhcp snooping configure 211
- Label description 211
- Mes3500 mgs3520 series user s guide 211
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 211
- Note you have to enable dhcp snooping on the dhcp vlan too 211
- Table 79 dhcp snooping configure 211
- The following table describes the labels in this screen 211
- Chapter 26 ip source guard 212
- Dhcp snooping port configure 212
- Figure 121 dhcp snooping port configure 212
- Label description 212
- Mes3500 mgs3520 series user s guide 212
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 212
- Table 79 dhcp snooping configure continued 212
- Use this screen to specify whether ports are trusted or untrusted ports for dhcp snooping 212
- Chapter 26 ip source guard 213
- Dhcp snooping vlan configure 213
- Figure 122 dhcp snooping vlan configure 213
- Label description 213
- Mes3500 mgs3520 series user s guide 213
- Table 80 dhcp snooping port configure 213
- The following table describes the labels in this screen 213
- Arp inspection 214
- Arp inspection status 214
- Chapter 26 ip source guard 214
- Figure 123 arp inspection status 214
- Label description 214
- Mes3500 mgs3520 series user s guide 214
- Note the switch will drop all dhcp requests if you enable dhcp snooping and there are no trusted ports 214
- Table 81 dhcp snooping vlan configure 214
- Table 82 arp inspection status 214
- The following table describes the labels in this screen 214
- Arp inspection vlan status 215
- Chapter 26 ip source guard 215
- Figure 124 arp inspection vlan status 215
- Label description 215
- Mes3500 mgs3520 series user s guide 215
- Table 82 arp inspection status continued 215
- Table 83 arp inspection vlan status 215
- The following table describes the labels in this screen 215
- Vlan status 215
- Arp inspection log status 216
- Chapter 26 ip source guard 216
- Figure 125 arp inspection log status 216
- Label description 216
- Log status 216
- Mes3500 mgs3520 series user s guide 216
- Table 83 arp inspection vlan status 216
- Table 84 arp inspection log status 216
- The following table describes the labels in this screen 216
- Arp inspection configure 217
- Chapter 26 ip source guard 217
- Configure 217
- Figure 126 arp inspection configure 217
- Label description 217
- Mes3500 mgs3520 series user s guide 217
- Table 84 arp inspection log status continued 217
- Arp inspection port configure 218
- Chapter 26 ip source guard 218
- Label description 218
- Mes3500 mgs3520 series user s guide 218
- Table 85 arp inspection configure 218
- The following table describes the labels in this screen 218
- Arp inspection vlan configure 219
- Chapter 26 ip source guard 219
- Figure 127 arp inspection port configure 219
- Label description 219
- Mes3500 mgs3520 series user s guide 219
- Table 86 arp inspection port configure 219
- The following table describes the labels in this screen 219
- Chapter 26 ip source guard 220
- Figure 128 arp inspection vlan configure 220
- Label description 220
- Mes3500 mgs3520 series user s guide 220
- Table 87 arp inspection vlan configure 220
- The following table describes the labels in this screen 220
- Loop guard 221
- Loop guard overview 221
- Note after resolving the loop problem on your network you can re activate the disabled port via the web configurator see section 8 on page 87 or via commands see the ethernet switch cli reference guide 222
- Chapter 27 loop guard 223
- Label description 223
- Loop guard 223
- Loop guard in the navigation panel to display the screen as shown 223
- Loop guard setup 223
- Mes3500 mgs3520 series user s guide 223
- Note changes in this row are copied to all the ports as soon as you make them 223
- Note the loop guard feature can not be enabled on the ports that have spanning tree protocol rstp mrstp or mstp enabled 223
- The following table describes the labels in this screen 223
- Enabling vlan mapping 224
- Vlan mapping 224
- Vlan mapping example 224
- Vlan mapping overview 224
- Chapter 28 vlan mapping 225
- Click the vlan mapping configure link in the vlan mapping screen to display the screen as shown use this screen to enable and edit the vlan mapping rule s 225
- Configuring vlan mapping 225
- Figure 135 vlan mapping 225
- Label description 225
- Mes3500 mgs3520 series user s guide 225
- Table 89 vlan mapping 225
- The following table describes the labels in this screen 225
- Chapter 28 vlan mapping 226
- Figure 136 vlan mapping configuration 226
- Label description 226
- Mes3500 mgs3520 series user s guide 226
- Table 90 vlan mapping configuration 226
- The following table describes the labels in this screen 226
- Layer 2 protocol tunneling 227
- Layer 2 protocol tunneling overview 227
- Configuring layer 2 protocol tunneling 228
- Layer 2 protocol tunneling mode 228
- Service provider s network c 228
- Chapter 29 layer 2 protocol tunneling 229
- Label description 229
- Layer 2 protocol tunneling 229
- Mes3500 mgs3520 series user s guide 229
- Note all the edge switches in the service provider s network should be set to use the same mac address for encapsulation 229
- Note changes in this row are copied to all the ports as soon as you make them 229
- Note the mac address can be either a unicast mac address or multicast mac address if you use a unicast mac address make sure the mac address does not exist in the address table of a switch on the service provider s network 229
- The following table describes the labels in this screen 229
- Chapter 29 layer 2 protocol tunneling 230
- Label description 230
- Layer 2 protocol tunneling continued 230
- Mes3500 mgs3520 series user s guide 230
- Note you can enable l2pt services for stp lacp vtp cdp udld and pagp on the access port s only 230
- Sflow overview 231
- Sflow port configuration 231
- Chapter 30 sflow 232
- Label description 232
- Mes3500 mgs3520 series user s guide 232
- Note changes in this row are copied to all the ports as soon as you make them 232
- The following table describes the labels in this screen 232
- Chapter 30 sflow 233
- Click the collector link in the sflow screen to display the screen as shown you can configure up to four sflow collectors in this screen you may want to configure more than one collector if the traffic load to be monitored is more than one collector can manage 233
- Collector 233
- Collector screen the sflow collector does not need to be in the same subnet as the switch but it must be accessible from the switch 233
- Label description 233
- Mes3500 mgs3520 series user s guide 233
- Note configure udp port 6343 the default on a nat router to allow port forwarding if the collector is behind a nat router configure a firewall rule for udp port 6343 the default to allow incoming traffic if the collector is behind a firewall 233
- Sflow collector configuration 233
- Sflow continued 233
- The following table describes the labels in this screen 233
- Chapter 30 sflow 234
- Collector continued 234
- Label description 234
- Mes3500 mgs3520 series user s guide 234
- Pppoe intermediate agent overview 235
- Pppoe intermediate agent tag format 235
- Sub option format 235
- Chapter 31 pppoe 236
- Every port is either a trusted port or an untrusted port for the pppoe intermediate agent this setting is independent of the trusted untrusted setting for dhcp snooping or arp inspection you can also specify the agent sub options circuit id and remote id that the switch adds to padi and padr packets from pppoe clients 236
- Flexible circuit id syntax with identifier string and variables 236
- If you do not configure a circuit id string for a vlan on a specific port or for a specific port the switch adds the user defined identifier string and variables into the agent circuit id sub option the variables can be the slot id of the pppoe client the port number of the pppoe client and or the vlan id on the pppoe packet 236
- Intermediate agent screen the switch automatically generates a circuit id string according to the default circuit id syntax which is defined in the dsl forum working text wt 101 the default access node identifier is the host name of the pppoe intermediate agent and the eth indicates ethernet 236
- Mes3500 mgs3520 series user s guide 236
- Port state 236
- Table 96 pppoe ia remote id sub option format 236
- Table 97 pppoe ia circuit id sub option format using identifier string and variables 236
- Table 98 pppoe ia circuit id sub option format defined in wt 101 236
- The 1 in the first field identifies this as an agent circuit id sub option and 2 identifies this as an agent remote id sub option the next field specifies the length of the field the switch takes the circuit id string you manually configure for a vlan on a port as the highest priority and the circuit id string for a port as the second priority in addition the switch puts the pppoe client s mac address into the agent remote id sub option if you do not specify any user defined string 236
- The identifier string slot id port number and vlan id are separated from each other by a pound key semi colon period comma forward slash or space an agent circuit id sub option example is switch 07 0123 and indicates the pppoe packets come from a pppoe client which is connected to the switch s port 7 and belong to vlan 123 236
- Wt 101 default circuit id syntax 236
- Note the switch will drop all pppoe discovery packets if you enable the pppoe intermediate agent and there are no trusted ports 237
- Pppoe intermediate agent 237
- The pppoe screen 237
- Chapter 31 pppoe 238
- Intermediate agent 238
- Label description 238
- Mes3500 mgs3520 series user s guide 238
- The following table describes the labels in this screen 238
- Note the switch will drop all pppoe packets if you enable the pppoe intermediate agent on the switch and there are no trusted ports 239
- Pppoe ia per port 239
- Chapter 31 pppoe 240
- Label description 240
- Mes3500 mgs3520 series user s guide 240
- Port continued 240
- Port screen to display the screen as shown 240
- Pppoe ia per port per vlan 240
- Use this screen to configure pppoe ia settings that apply to a specific vlan on a port 240
- Chapter 31 pppoe 241
- Label description 241
- Mes3500 mgs3520 series user s guide 241
- Note changes in this row are copied to all the vlans as soon as you make them 241
- The following table describes the labels in this screen 241
- Chapter 31 pppoe 242
- Click the vlan link in the intermediate agent screen to display the screen as shown 242
- Label description 242
- Mes3500 mgs3520 series user s guide 242
- Note changes in this row are copied to all the vlans as soon as you make them 242
- Pppoe ia for vlan 242
- The following table describes the labels in this screen 242
- Use this screen to set whether the pppoe intermediate agent is enabled on a vlan and whether the switch appends the circuit id and or remote id to pppoe discovery packets from a specific vlan 242
- Cpu protection overview 243
- Error disable 243
- Error disable recovery overview 243
- The error disable screen 243
- Cpu protection configuration 244
- Errdisable detect screen 244
- Chapter 32 error disable 245
- Cpu protection continued 245
- Errdisable detect 245
- Errdisable screen to display the screen as shown 245
- Error disable detect configuration 245
- Label description 245
- Mes3500 mgs3520 series user s guide 245
- Note changes in this row are copied to all the entries as soon as you make them 245
- The following table describes the labels in this screen 245
- Chapter 32 error disable 246
- Errdisable detect continued 246
- Errdisable recovery 246
- Errdisable screen to display the screen as shown 246
- Error disable recovery configuration 246
- Label description 246
- Mes3500 mgs3520 series user s guide 246
- Note changes in this row are copied to all the entries as soon as you make them 246
- The following table describes the labels in this screen 246
- Configuring private vlan 247
- Private vlan 247
- Private vlan overview 247
- Chapter 33 private vlan 248
- Label description 248
- Mes3500 mgs3520 series user s guide 248
- Private vlan 248
- The following table describes the labels in this screen 248
- Configuring static routing 249
- Static route 249
- Static routing overview 249
- Chapter 34 static route 250
- Label description 250
- Mes3500 mgs3520 series user s guide 250
- Static routing 250
- The following table describes the related labels you use to create a static route 250
- Chapter 34 static route 251
- Label description 251
- Mes3500 mgs3520 series user s guide 251
- Static routing continued 251
- Differentiated services 252
- Diffserv network example 252
- Diffserv overview 252
- Dscp and per hop behavior 252
- P platinum g gold s silver b bronze 253
- Two rate three color marker traffic policing 253
- Activating diffserv 254
- Exceed cir 254
- Exceed pir 254
- Red yellow 254
- Trtcm color aware mode 254
- Trtcm color blind mode 254
- Chapter 35 differentiated services 255
- Configuring 2 rate 3 color marker settings 255
- Diffserv 255
- Label description 255
- Mes3500 mgs3520 series user s guide 255
- Note changes in this row are copied to all the ports as soon as you make them 255
- Note you cannot enable both trtcm and bandwidth control at the same time 255
- The following table describes the labels in this screen 255
- Use this screen to configure trtcm settings click the 2 rate 3 color marker link in the diffserv screen to display the screen as shown next 255
- Chapter 35 differentiated services 256
- Label description 256
- Mes3500 mgs3520 series user s guide 256
- Note changes in this row are copied to all the ports as soon as you make them 256
- Note you must also activate diffserv on the switch and the individual ports for the switch to drop red high loss priority colored packets 256
- Rate 3 color marker 256
- The following table describes the labels in this screen 256
- Chapter 35 differentiated services 257
- Configuring dscp profiles 257
- Dscp profile 257
- Label description 257
- Mes3500 mgs3520 series user s guide 257
- Rate 3 color marker continued 257
- The following table describes the labels in this screen 257
- Use this screen to configure dscp profiles click the dscp profile link in the 2 rate 3 color marker screen to display the screen as shown next 257
- Chapter 35 differentiated services 258
- Configuring dscp settings 258
- Dscp profile continued 258
- Dscp setting 258
- Dscp to ieee 802 p priority settings 258
- Label description 258
- Mes3500 mgs3520 series user s guide 258
- Table 111 default dscp ieee 802 p mapping 258
- The following table describes the labels in this screen 258
- The following table shows the default dscp to ieee802 p mapping 258
- To change the dscp ieee 802 p mapping click the dscp setting link in the diffserv screen to display the screen as shown next 258
- You can configure the dscp to ieee 802 p mapping to allow the switch to prioritize all traffic based on the incoming dscp value according to the diffserv to ieee 802 p mapping table 258
- Chapter 35 differentiated services 259
- Dscp setting continued 259
- Label description 259
- Mes3500 mgs3520 series user s guide 259
- Dhcp configuration options 260
- Dhcp modes 260
- Dhcp overview 260
- Dhcp status 260
- Chapter 36 dhcp 261
- Dhcp in the navigation panel and click the option 82 profile link to display the screen as shown 261
- Label description 261
- Mes3500 mgs3520 series user s guide 261
- Option 82 profile 261
- The following table describes the labels in this screen 261
- Chapter 36 dhcp 262
- Configure dhcp relay on the switch if the dhcp clients and the dhcp server are not in the same broadcast domain during the initial ip address leasing the switch helps to relay network information such as the ip address and subnet mask between a dhcp client and a dhcp server once the dhcp client obtains an ip address and can connect to the network network information renewal is done between the dhcp client and the dhcp server without the help of the switch 262
- Dhcp relay 262
- Label description 262
- Mes3500 mgs3520 series user s guide 262
- Option 82 profile continued 262
- The switch can be configured as a global dhcp relay this means that the switch forwards all dhcp requests from all domains to the same dhcp server you can also configure the switch to relay dhcp information based on the vlan membership of the dhcp clients 262
- Configuring dhcp global relay 263
- Dhcp relay agent information 263
- Global dhcp relay configuration example 264
- Vlan1 vlan2 264
- Configuring dhcp vlan settings 265
- Example 265
- Note you must set up a management ip address for each vlan that you want to configure dhcp settings for on the switch see section 8 on page 85 for information on how to set up management ip addresses for vlans 265
- Chapter 36 dhcp 266
- Dhcp 172 6 0 00 266
- Dhcp 192 68 00 266
- Example dhcp relay for two vlans 266
- Figure 170 dhcp relay for two vlans 266
- For the example network configure the vlan setting screen as shown 266
- Label description 266
- Mes3500 mgs3520 series user s guide 266
- The following example displays two vlans vids 1 and 2 for a campus network two dhcp servers are installed to serve each vlan the system is set up to forward dhcp requests from the dormitory rooms vlan 1 to the dhcp server with an ip address of 192 68 00 requests from the academic buildings vlan 2 are sent to the other dhcp server with an ip address of 172 6 0 00 266
- The following table describes the labels in this screen 266
- Maintenance 268
- The maintenance screen 268
- Load factory default 269
- Note clicking the apply or add button does not save the changes permanently all unsaved changes are erased after you reboot the switch 269
- Reboot system 269
- Save configuration 269
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 270
- Firmware upgrade 270
- Restore a configuration file 270
- Backup a configuration file 271
- Ftp command line 271
- Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 272
- Example ftp commands 272
- Filename conventions 272
- Ftp command line procedure 272
- Ftp restrictions 273
- Gui based ftp clients 273
- About snmp 274
- Access control 274
- Access control overview 274
- The access control main screen 274
- Snmp v3 and security 275
- Mes3500 series 276
- Snmp traps 276
- Supported mibs 276
- Chapter 38 access control 277
- Mes3500 mgs3520 series user s guide 277
- Option object label object id description 277
- Table 122 snmp system traps continued 277
- Chapter 38 access control 278
- Mes3500 mgs3520 series user s guide 278
- Option object label object id description 278
- Table 122 snmp system traps continued 278
- Table 123 snmp interface traps 278
- Chapter 38 access control 279
- Mes3500 mgs3520 series user s guide 279
- Option object label object id description 279
- Table 124 aaa traps 279
- Table 125 snmp ip traps 279
- An oid object id that begins with 1 90 5 is defined in private mibs otherwise it is a standard mib oid 280
- Chapter 38 access control 280
- Mes3500 mgs3520 series user s guide 280
- Mgs3520 series 280
- Option object label object id description 280
- Table 126 snmp switch traps 280
- Table 127 snmp system traps 280
- Chapter 38 access control 281
- Mes3500 mgs3520 series user s guide 281
- Option object label object id description 281
- Table 127 snmp system traps continued 281
- Chapter 38 access control 282
- Mes3500 mgs3520 series user s guide 282
- Option object label object id description 282
- Table 127 snmp system traps continued 282
- Table 128 snmp interfacetraps 282
- Chapter 38 access control 283
- Mes3500 mgs3520 series user s guide 283
- Option object label object id description 283
- Table 128 snmp interfacetraps continued 283
- Chapter 38 access control 284
- Mes3500 mgs3520 series user s guide 284
- Option object label object id description 284
- Table 129 aaa traps 284
- Table 130 snmp ip traps 284
- Chapter 38 access control 285
- Configuring snmp 285
- Mes3500 mgs3520 series user s guide 285
- Option object label object id description 285
- Snmp to view the screen as shown use this screen to configure your snmp settings 285
- Table 131 snmp switch traps 285
- Chapter 38 access control 286
- Label description 286
- Mes3500 mgs3520 series user s guide 286
- Note snmp version 2c is backwards compatible with snmp version 1 286
- The following table describes the labels in this screen 286
- Configuring snmp trap group 287
- Chapter 38 access control 288
- Enabling disabling sending of snmp traps on a port 288
- Label description 288
- Mes3500 mgs3520 series user s guide 288
- Note changes in this row are copied to all the ports as soon as you make them 288
- The following table describes the labels in this screen 288
- Trap group continued 288
- Trap group screen click port to view the screen as shown use this screen to set whether a trap received on the port s would be sent to the snmp manager 288
- Configuring snmp user 289
- Chapter 38 access control 290
- Label description 290
- Mes3500 mgs3520 series user s guide 290
- Note the settings on the snmp manager must be set at the same security level or higher than the security level settings on the switch 290
- User continued 290
- Note it is highly recommended that you change the default administrator password 1234 291
- Setting up login accounts 291
- Chapter 38 access control 292
- Figure 185 ssh communication example 292
- How ssh works 292
- Label description 292
- Logins 292
- Mes3500 mgs3520 series user s guide 292
- Ssh overview 292
- The following table describes the labels in this screen 292
- The following table summarizes how a secure connection is established between two remote hosts 292
- Unlike telnet or ftp which transmit data in clear text ssh secure shell is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network 292
- Ssh implementation on the switch 293
- Introduction to https 294
- Note if you disable http in the service access control screen then the switch blocks all http connection attempts 294
- Requirements for using ssh 294
- Example 295
- Https example 295
- Internet explorer 6 295
- Internet explorer 7 or 8 295
- Internet explorer warning messages 295
- Example 296
- Mozilla firefox warning messages 296
- Example 297
- Example 298
- Internet explore 298
- Service port access control 298
- The main screen 298
- Chapter 38 access control 299
- Label description 299
- Mes3500 mgs3520 series user s guide 299
- Remote management 299
- Remote management to view the screen as shown next 299
- Service access control 299
- The following table describes the fields in this screen 299
- You can specify a group of one or more trusted computers from which an administrator may use a service to manage the switch click access control to return to the access control screen 299
- Chapter 38 access control 300
- Label description 300
- Mes3500 mgs3520 series user s guide 300
- Remote management 300
- The following table describes the labels in this screen 300
- Diagnostic 301
- Syslog 302
- Syslog overview 302
- Syslog setup 302
- Chapter 40 syslog 303
- Label description 303
- Mes3500 mgs3520 series user s guide 303
- Syslog 303
- Syslog server setup 303
- Syslog server setup to view the screen as shown next use this screen to configure a list of external syslog servers 303
- The following table describes the labels in this screen 303
- Chapter 40 syslog 304
- Label description 304
- Mes3500 mgs3520 series user s guide 304
- Syslog server setup 304
- The following table describes the labels in this screen 304
- Cluster management 305
- Cluster management status overview 305
- Cluster management status 306
- Note a cluster can only have one manager 306
- Chapter 41 cluster management 307
- Cluster management status 307
- Cluster member switch management 307
- Example 307
- Figure 202 cluster management cluster member web configurator screen 307
- Go to the clustering management status screen of the cluster manager switch and then select an index hyperlink from the list of members to go to that cluster member switch s web configurator home page this cluster member web configurator home page and the home page that you d see if you accessed it directly are different 307
- Label description 307
- Mes3500 mgs3520 series user s guide 307
- The following table describes the labels in this screen 307
- Clustering management configuration 308
- Uploading firmware to a cluster member switch 308
- Chapter 41 cluster management 309
- Configuration 309
- Label description 309
- Mes3500 mgs3520 series user s guide 309
- The following table describes the labels in this screen 309
- Chapter 41 cluster management 310
- Configuration continued 310
- Label description 310
- Mes3500 mgs3520 series user s guide 310
- Mac table 311
- Mac table overview 311
- Chapter 42 mac table 312
- Label description 312
- Mac table 312
- Mac table in the navigation panel to display the following screen 312
- Mes3500 mgs3520 series user s guide 312
- The following table describes the labels in this screen 312
- Viewing the mac table 312
- Chapter 42 mac table 313
- Label description 313
- Mac table continued 313
- Mes3500 mgs3520 series user s guide 313
- Arp table 314
- Arp table overview 314
- How arp works 314
- The arp table screen 314
- Arp table 315
- Chapter 43 arp table 315
- Label description 315
- Mes3500 mgs3520 series user s guide 315
- The following table describes the labels in this screen 315
- Configure clone 316
- Chapter 44 configure clone 317
- Configure clone 317
- Label description 317
- Mes3500 mgs3520 series user s guide 317
- The following table describes the labels in this screen 317
- Power hardware connections and leds 318
- Troubleshooting 318
- I cannot see or access the login screen in the web configurator 319
- I forgot the ip address for the switch 319
- I forgot the username and or password 319
- One of the leds does not behave as expected 319
- Switch access and login 319
- I can see the login screen but i cannot log in to the switch 320
- Pop up windows javascripts and java permissions 320
- I cannot see some of advanced application submenus at the bottom of the navigation panel 321
- I lost my configuration settings after i restart the switch 321
- Switch configuration 321
- There is unauthorized access to my switch via telnet http and ssh 321
- Common services 322
- Ppendi 322
- Appendix a common services 323
- Mes3500 mgs3520 series user s guide 323
- Name protocol port s description 323
- Table 150 commonly used services continued 323
- Appendix a common services 324
- Mes3500 mgs3520 series user s guide 324
- Name protocol port s description 324
- Table 150 commonly used services continued 324
- Legal information 325
- Ppendi 325
- Appendix b legal information 326
- List of national codes 326
- Mes3500 mgs3520 series user s guide 326
- Notices 326
- Safety warnings 326
- Appendix b legal information 327
- Environment statment 327
- Mes3500 mgs3520 series user s guide 327
- Weee directive 327
- Environmental product declaration 328
- Appendix b legal information 329
- Mes3500 mgs3520 series user s guide 329
- Open source licenses 329
- Registration 329
- Trademarks 329
- Viewing certifications 329
- Zyxel limited warranty 329
- 台灣 329
- Numbers 330
Похожие устройства
- Zyxel MGS3520-28 Технические характеристики
- Zyxel MGS3520-28 Справочник командного интерфейса
- Zyxel MGS3520-28F Инструкция по эксплуатации
- Zyxel MGS3520-28F Справочник командного интерфейса
- Zyxel MGS3520-28F Технические характеристики
- Zyxel MGS3520-50 Инструкция по эксплуатации
- Zyxel MGS3520-50 Технические характеристики
- Zyxel MGS3520-50 Справочник командного интерфейса
- Zyxel MGS-3712F Инструкция по эксплуатации
- Zyxel MGS-3712F Инструкция по установке
- Zyxel MGS-3712F Справочник командного интерфейса
- Zyxel XGS-4728F Инструкция по эксплуатации
- Zyxel XGS-4728F Инструкция по установке
- Zyxel XGS-4728F Справочник командного интерфейса
- Zyxel XGS-4728F Технические характеристики
- Zyxel XGS4700-48F Инструкция по эксплуатации
- Zyxel XGS4700-48F Справочник командного интерфейса
- Zyxel XGS4700-48F Технические характеристики
- HP pavilion 17-f153nr, k1x74ea Инструкция по эксплуатации
- HP pavilion 17-f154nr, k1x75ea Инструкция по эксплуатации
Скачать
Случайные обсуждения