Zyxel ES-2024 user manual

Download

ES-2024 Series

Ethernet Switch

User’s Guide

Version 3.80 11/2 007 Edition 2

DEFAULT LOGIN

IP Address http://192.168.1.1

User Name admin

Password 1234

www.zyxel.com

About This User's Guide

Intended Audience

This manual is intended for people who want to configure the ES-2024 using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

1 Warnings tell you about things that could harm you or your device.

" Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ES-2024A and ES-2024PWR may be referred to as the “ES-2024”, “Switch”, the “device”, the “system” or the “product” in this User’s Guide. Differentiation is made where needed.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.

• Command keywords are in

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• An arrow (-->) indicates that this line is a continuation of the previous line.

• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

courier new font.

ES-2024 Series User’s Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device.

Switch Computer Notebook computer

Server DSLAM Firewall

Telephone Switch Router

ES-2024 Series User’s Guide

Safety Warnings

1 For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

• The PoE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors.

ES-2024 Series User’s Guide

This product is recyclable. Dispose of it properly.

Safety Warnings

ES-2024 Series User’s Guide

Safety Warnings

ES-2024 Series User’s Guide

Contents Overview

Introduction ............................................................................................................................27

Getting to Know Your Switch ..................................................................................................... 29

Hardware Installation and Connection ....................................................................................... 33

Hardware Overview ................................................................................................................... 37

Basic Configuration ...............................................................................................................43

The Web Configurator ............................................................................................................... 45

Initial Setup Example ................................................................................................................. 55

System Status and Port Statistics ..............................................................................................59

Basic Setting ............................................................................................................................. 65

Advanced Setup .....................................................................................................................77

VLAN ......................................................................................................................................... 79

Static MAC Forward Setup ........................................................................................................ 91

Filtering ...................................................................................................................................... 93

Spanning Tree Protocol ............................................................................................................. 95

Bandwidth Control ................................................................................................................... 109

Broadcast Storm Control .......................................................................................................... 111

Mirroring ...................................................................................................................................113

Link Aggregation .......................................................................................................................115

Port Authentication .................................................................................................................. 121

Port Security ............................................................................................................................ 125

Queuing Method ...................................................................................................................... 129

Multicast .................................................................................................................................. 131

Authentication & Accounting ....................................................................................................145

IP Source Guard ...................................................................................................................... 159

Loop Guard .............................................................................................................................. 169

IP Application ....................................................................................................................... 173

Static Route ............................................................................................................................. 175

Differentiated Services ............................................................................................................. 179

DHCP ...................................................................................................................................... 183

Management .........................................................................................................................189

Maintenance ............................................................................................................................ 191

Access Control ........................................................................................................................ 197

Diagnostic ................................................................................................................................ 215

ES-2024 Series User’s Guide

Contents Overview

Syslog ...................................................................................................................................... 217

Cluster Management ............................................................................................................... 221

MAC Table ............................................................................................................................... 227

ARP Table ................................................................................................................................ 229

Configure Clone ....................................................................................................................... 231

Appendices and Index ......................................................................................................... 233

ES-2024 Series User’s Guide

Table of Contents

About This User's Guide ..........................................................................................................3

Document Conventions............................................................................................................4

Safety Warnings........................................................................................................................6

Contents Overview ...................................................................................................................9

Table of Contents....................................................................................................................11

List of Figures .........................................................................................................................19

List of Tables...........................................................................................................................23

Part I: Introduction................................................................................. 27

Chapter 1

Getting to Know Your Switch.................................................................................................29

1.1 Introduction .......................................................................................................................... 29

1.1.1 Backbone Application ................................................................................................. 29

1.1.2 Bridging Example ....................................................................................................... 30

1.1.3 High Performance Switching Example ....................................................................... 30

1.1.4 IEEE 802.1Q VLAN Application Examples ................................................................ 31

1.2 Ways to Manage the Switch ................................................................................................ 32

1.3 Good Habits for Managing the Switch ................................................................................. 32

Chapter 2

Hardware Installation and Connection .................................................................................33

2.1 Freestanding Installation ..................................................................................................... 33

2.2 Mounting the Switch on a Rack ........................................................................................... 34

2.2.1 Rack-mounted Installation Requirements ................................................................. 34

2.2.2 Attaching the Mounting Brackets to the Switch .......................................................... 34

2.2.3 Mounting the Switch on a Rack .................................................................................. 35

Chapter 3

Hardware Overview.................................................................................................................37

3.1 Front Panel Connection ....................................................................................................... 37

3.1.1 Console Port .............................................................................................................. 38

3.1.2 Ethernet Ports ............................................................................................................ 38

ES-2024 Series User’s Guide

Table of Contents

3.1.3 Mini-GBIC Slots ..........................................................................................................39

3.2 Rear Panel ........................................................................................................................... 40

3.2.1 Power Connector ....................................................................................................... 40

3.3 LEDs .................................................................................................................................... 41

Part II: Basic Configuration................................................................... 43

Chapter 4

The Web Configurator ............................................................................................................45

4.1 Introduction .......................................................................................................................... 45

4.2 System Login .................................................................................................................... 45

4.3 The Status Screen .......................................................................................................... 46

4.3.1 Change Your Password .......................................................................................... 50

4.4 Saving Your Configuration ................................................................................................... 51

4.5 Switch Lockout .................................................................................................................. 51

4.6 Resetting the Switch ......................................................................................................... 51

4.6.1 Reload the Configuration File .................................................................................... 52

4.7 Logging Out of the Web Configurator ................................................................................. 52

4.8 Help .................................................................................................................................... 53

Chapter 5

Initial Setup Example..............................................................................................................55

5.1 Overview .............................................................................................................................. 55

5.1.1 Creating a VLAN ........................................................................................................ 55

5.1.2 Setting Port VID .........................................................................................................56

5.1.3 Configuring Switch Management IP Address ............................................................. 57

Chapter 6

System Status and Port Statistics......................................................................................... 59

6.1 Overview .............................................................................................................................. 59

6.2 Port Status Summary ...................................................................................................... 59

6.2.1 Status: Port Details ................................................................................................60

Chapter 7

Basic Setting ..........................................................................................................................65

7.1 Overview .............................................................................................................................. 65

7.2 System Information ........................................................................................................... 65

7.3 General Setup ................................................................................................................. 67

7.4 Introduction to VLANs ......................................................................................................... 69

7.5 Switch Setup Screen ........................................................................................................ 70

7.6 IP Setup ............................................................................................................................ 71

ES-2024 Series User’s Guide

Table of Contents

7.6.1 IP Interfaces ............................................................................................................... 72

7.7 Port Setup ........................................................................................................................... 74

Part III: Advanced Setup........................................................................ 77

Chapter 8

VLAN ........................................................................................................................................79

8.1 Introduction to IEEE 802.1Q Tagged VLANs .................................................................. 79

8.1.1 Forwarding Tagged and Untagged Frames ................................................................ 79

8.2 Automatic VLAN Registration ............................................................................................. 80

8.2.1 GARP ......................................................................................................................... 80

8.2.2 GVRP ......................................................................................................................... 80

8.3 Port VLAN Trunking ............................................................................................................ 81

8.4 Select the VLAN Type ........................................................................................................ 81

8.5 Static VLAN ......................................................................................................................... 81

8.5.1 Static VLAN Status .................................................................................................... 82

8.5.2 Static VLAN Details ................................................................................................... 82

8.5.3 Configure a Static VLAN ........................................................................................ 83

8.5.4 Configure VLAN Port Settings ................................................................................ 84

8.6 Port-based VLAN Setup .................................................................................................86

8.6.1 Configure a Port-based VLAN ................................................................................... 86

Chapter 9

Static MAC Forward Setup.....................................................................................................91

9.1 Overview .............................................................................................................................. 91

9.2 Configuring Static MAC Forwarding ............................................................................... 91

Chapter 10

Filtering....................................................................................................................................93

10.1 Configure a Filtering Rule ............................................................................................... 93

Chapter 11

Spanning Tree Protocol..........................................................................................................95

11.1 STP/RSTP Overview .......................................................................................................95

11.1.1 STP Terminology ..................................................................................................... 95

11.1.2 How STP Works ...................................................................................................... 96

11.1.3 STP Port States ....................................................................................................... 97

11.1.4 Multiple STP ............................................................................................................. 97

11.2 Spanning Tree Configuration Screen ................................................................................. 99

11.3 Configure Rapid Spanning Tree Protocol ..................................................................... 100

11.4 Rapid Spanning Tree Protocol Status ........................................................................ 102

ES-2024 Series User’s Guide

Table of Contents

11.5 Configure Multiple Spanning Tree Protocol .................................................................. 103

11.6 Multiple Spanning Tree Protocol Status ..................................................................... 105

Chapter 12

Bandwidth Control................................................................................................................109

12.1 Bandwidth Control Setup ................................................................................................ 109

Chapter 13

Broadcast Storm Control ..................................................................................................... 111

13.1 Broadcast Storm Control Setup ....................................................................................... 111

Chapter 14

Mirroring ................................................................................................................................ 113

14.1 Port Mirroring Setup ........................................................................................................113

Chapter 15

Link Aggregation .................................................................................................................. 115

15.1 Link Aggregation Overview ..............................................................................................115

15.2 Dynamic Link Aggregation ...............................................................................................115

15.2.1 Link Aggregation ID ................................................................................................116

15.3 Link Aggregation Status ...................................................................................................116

15.4 Link Aggregation Setting .................................................................................................117

15.5 Link Aggregation Control Protocol .................................................................................118

15.6 Static Trunking Example ...................................................................................................119

Chapter 16

Port Authentication...............................................................................................................121

16.1 Port Authentication Overview ......................................................................................... 121

16.1.1 IEEE 802.1x Authentication ................................................................................... 121

16.2 Port Authentication Configuration .................................................................................... 122

16.2.1 Activate IEEE 802.1x Security ........................................................................... 122

Chapter 17

Port Security..........................................................................................................................125

17.1 Port Security Overview ...................................................................................................125

17.2 Port Security Setup .......................................................................................................... 125

17.3 Port Security Example .....................................................................................................127

Chapter 18

Queuing Method....................................................................................................................129

18.1 Queuing Method Overview ............................................................................................. 129

18.1.1 Strictly Priority Queuing .......................................................................................... 129

18.1.2 Weighted Round Robin Scheduling (WRR) ........................................................... 129

ES-2024 Series User’s Guide

Table of Contents

18.2 Configuring Queuing ........................................................................................................ 130

Chapter 19

Multicast ................................................................................................................................131

19.1 Multicast Overview ......................................................................................................... 131

19.1.1 IP Multicast Addresses ........................................................................................... 131

19.1.2 IGMP Filtering ........................................................................................................ 131

19.1.3 IGMP Snooping ..................................................................................................... 131

19.1.4 IGMP Snooping and VLANs ................................................................................... 132

19.2 Multicast Status .............................................................................................................. 132

19.3 Multicast Setting ............................................................................................................. 132

19.4 IGMP Snooping VLAN .................................................................................................... 134

19.5 IGMP Filtering Profile ..................................................................................................... 136

19.6 MVR Overview ................................................................................................................ 137

19.6.1 Types of MVR Ports ............................................................................................... 137

19.6.2 MVR Modes ........................................................................................................... 138

19.6.3 How MVR Works .................................................................................................... 138

19.7 General MVR Configuration ............................................................................................ 138

19.8 MVR Group Configuration .............................................................................................. 140

19.8.1 MVR Configuration Example .................................................................................. 141

Chapter 20

Authentication & Accounting ..............................................................................................145

20.1 Authentication, Authorization and Accounting ................................................................ 145

20.1.1 Local User Accounts .............................................................................................. 145

20.1.2 RADIUS and TACACS+ ........................................................................................ 146

20.2 Authentication and Accounting Screens .......................................................................... 146

20.2.1 RADIUS Server Setup ........................................................................................ 146

20.2.2 TACACS+ Server Setup ..................................................................................... 148

20.2.3 Authentication and Accounting Setup ................................................................ 150

20.2.4 Vendor Specific Attribute ........................................................................................ 153

20.3 Supported RADIUS Attributes ......................................................................................... 154

20.3.1 Attributes Used for Authentication .......................................................................... 155

20.3.2 Attributes Used for Accounting ............................................................................... 155

Chapter 21

IP Source Guard....................................................................................................................159

21.1 IP Source Guard Overview .............................................................................................. 159

21.1.1 ARP Inspection Overview ...................................................................................... 159

21.2 IP Source Guard .............................................................................................................. 161

21.3 IP Source Guard Static Binding ....................................................................................... 161

21.4 ARP Inspection Status .....................................................................................................163

21.4.1 ARP Inspection Log Status .................................................................................... 163

ES-2024 Series User’s Guide

Table of Contents

21.5 ARP Inspection Configure ............................................................................................... 164

21.5.1 ARP Inspection Port Configure .............................................................................. 166

21.5.2 ARP Inspection VLAN Configure ........................................................................... 167

Chapter 22

Loop Guard............................................................................................................................169

22.1 Loop Guard Overview ..................................................................................................... 169

22.2 Loop Guard Setup ........................................................................................................... 171

Part IV: IP Application.......................................................................... 173

Chapter 23

Static Route ........................................................................................................................... 175

23.1 Static Routing Overview ................................................................................................. 175

23.2 Configuring Static Routing ............................................................................................. 175

Chapter 24

Differentiated Services.........................................................................................................179

24.1 DiffServ Overview ........................................................................................................... 179

24.1.1 DSCP and Per-Hop Behavior ................................................................................ 179

24.1.2 DiffServ Network Example .................................................................................... 180

24.2 Activating DiffServ .......................................................................................................... 180

24.3 DSCP-to-IEEE 802.1p Priority Settings ...................................................................... 181

24.3.1 Configuring DSCP Settings .................................................................................... 182

Chapter 25

DHCP......................................................................................................................................183

25.1 DHCP Overview ............................................................................................................. 183

25.1.1 DHCP Modes ........................................................................................................ 183

25.1.2 DHCP Configuration Options ................................................................................. 183

25.2 DHCP Status ................................................................................................................... 183

25.3 DHCP Relay ................................................................................................................... 184

25.3.1 DHCP Relay Agent Information ............................................................................. 184

25.3.2 Configuring DHCP Global Relay ............................................................................ 185

25.3.3 Global DHCP Relay Configuration Example .......................................................... 185

25.4 Configuring DHCP VLAN Settings ................................................................................ 186

25.4.1 Example: DHCP Relay for Two VLANs .................................................................. 188

Part V: Management............................................................................. 189

ES-2024 Series User’s Guide

Table of Contents

Chapter 26

Maintenance ..........................................................................................................................191

26.1 The Maintenance Screen ............................................................................................... 191

26.2 Load Factory Default ...................................................................................................... 192

26.3 Save Configuration .......................................................................................................... 192

26.4 Reboot System ................................................................................................................ 193

26.5 Firmware Upgrade ........................................................................................................ 193

26.6 Restore a Configuration File ......................................................................................... 194

26.7 Backup a Configuration File ......................................................................................... 194

26.8 FTP Command Line ........................................................................................................ 195

26.8.1 Filename Conventions .......................................................................................... 195

26.8.2 FTP Command Line Procedure ............................................................................ 195

26.8.3 GUI-based FTP Clients .......................................................................................... 196

26.8.4 FTP Restrictions .................................................................................................... 196

Chapter 27

Access Control......................................................................................................................197

27.1 Access Control Overview ............................................................................................ 197

27.2 The Access Control Main Screen .................................................................................... 197

27.3 About SNMP .................................................................................................................. 198

27.3.1 SNMP v3 and Security ........................................................................................... 199

27.3.2 Supported MIBs ................................................................................................... 199

27.3.3 SNMP Traps .......................................................................................................... 199

27.3.4 Configuring SNMP .............................................................................................. 202

27.3.5 Configuring SNMP Trap Group ........................................................................... 204

27.3.6 Setting Up Login Accounts ................................................................................. 205

27.4 SSH Overview ................................................................................................................. 207

27.5 How SSH works ............................................................................................................... 207

27.6 SSH Implementation on the Switch ................................................................................. 208

27.6.1 Requirements for Using SSH ................................................................................. 208

27.7 Introduction to HTTPS .....................................................................................................208

27.8 HTTPS Example .............................................................................................................. 209

27.8.1 Internet Explorer Warning Messages ..................................................................... 209

27.8.2 Netscape Navigator Warning Messages ................................................................ 210

27.8.3 The Main Screen .................................................................................................... 210

27.9 Service Port Access Control ..........................................................................................211

27.10 Remote Management ............................................................................................... 212

Chapter 28

Diagnostic..............................................................................................................................215

28.1 Diagnostic ....................................................................................................................... 215

ES-2024 Series User’s Guide

Table of Contents

Chapter 29

Syslog ....................................................................................................................................217

29.1 Syslog Overview .............................................................................................................. 217

29.2 Syslog Setup .................................................................................................................. 217

29.3 Syslog Server Setup ....................................................................................................... 218

Chapter 30

Cluster Management.............................................................................................................221

30.1 Clustering Management Status Overview ...................................................................... 221

30.2 Cluster Management Status ........................................................................................... 222

30.2.1 Cluster Member Switch Management ................................................................... 223

30.3 Clustering Management Configuration .......................................................................... 224

Chapter 31

MAC Table..............................................................................................................................227

31.1 MAC Table Overview ...................................................................................................... 227

31.2 Viewing the MAC Table ................................................................................................... 228

Chapter 32

ARP Table ..............................................................................................................................229

32.1 ARP Table Overview .......................................................................................................229

32.1.1 How ARP Works .................................................................................................... 229

32.2 Viewing the ARP Table ................................................................................................... 229

Chapter 33

Configure Clone....................................................................................................................231

33.1 Configure Clone .............................................................................................................. 231

Part VI: Appendices and Index ........................................................... 233

Appendix A Product Specifications.......................................................................................235

Appendix B IP Addresses and Subnetting ...........................................................................243

Appendix C Legal Information ..............................................................................................251

Appendix D Customer Support............................................................................................. 255

Index.......................................................................................................................................261

ES-2024 Series User’s Guide

List of Figures

Figure 1 Backbone Application .............................................................................................................. 29

Figure 2 Bridging Application ................................................................................................................ 30

Figure 3 High Performance Switched Workgroup Application ............................................................... 31

Figure 4 Shared Server Using VLAN Example ...................................................................................... 31

Figure 5 Attaching Rubber Feet ............................................................................................................ 33

Figure 6 Attaching the Mounting Brackets ............................................................................................. 34

Figure 7 Mounting the Switch on a Rack ............................................................................................... 35

Figure 8 Front Panel: ES-2024A ........................................................................................................... 37

Figure 9 Front Panel: ES-2024PWR ..................................................................................................... 37

Figure 10 Transceiver Installation Example ........................................................................................... 39

Figure 11 Installed Transceiver .............................................................................................................. 39

Figure 12 Opening the Transceiver’s Latch Example ............................................................................ 40

Figure 13 Transceiver Removal Example .............................................................................................. 40

Figure 14 AC Rear Panel ...................................................................................................................... 40

Figure 15 DC Rear Panel ...................................................................................................................... 40

Figure 16 Web Configurator: Login ....................................................................................................... 46

Figure 17 Web Configurator Home Screen (Status) .............................................................................. 46

Figure 18 Change Administrator Login Password .................................................................................50

Figure 19 Resetting the Switch: Via the Console Port ........................................................................... 52

Figure 20 Web Configurator: Logout Screen ......................................................................................... 53

Figure 21 Initial Setup Network Example: VLAN ................................................................................... 55

Figure 22 Initial Setup Network Example: Port VID ............................................................................... 57

Figure 23 Initial Setup Example: Management IP Address ................................................................... 57

Figure 24 Status .................................................................................................................................... 59

Figure 25 Status: Port Details ................................................................................................................. 61

Figure 26 Basic Setting > System Info .................................................................................................. 66

Figure 27 Basic Setting > General Setup .............................................................................................. 68

Figure 28 Basic Setting > Switch Setup ................................................................................................ 70

Figure 29 Basic Setting > IP Setup ......................................................................................................... 72

Figure 30 Basic Setting > Port Setup .................................................................................................... 74

Figure 31 Port VLAN Trunking ............................................................................................................... 81

Figure 32 Switch Setup: Select VLAN Type .......................................................................................... 81

Figure 33 Advanced Application > VLAN: VLAN Status ......................................................................... 82

Figure 34 Advanced Application > VLAN > VLAN Detail ........................................................................ 82

Figure 35 Advanced Application > VLAN > Static VLAN ...................................................................... 83

Figure 36 Advanced Application > VLAN > VLAN Port Setting ............................................................. 85

Figure 37 Advanced Application > VLAN: Port Based VLAN Setup (All Connected) ............................ 87

Figure 38 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) ............................. 88

ES-2024 Series User’s Guide

List of Figures

Figure 39 Advanced Application > Static MAC Forwarding ................................................................... 91

Figure 40 Advanced Application > Filtering ........................................................................................... 93

Figure 41 STP/RSTP Network Example ................................................................................................ 98

Figure 42 MSTP Network Example ........................................................................................................ 98

Figure 43 MSTIs in Different Regions ................................................................................................... 99

Figure 44 MSTP and Legacy RSTP Network Example ......................................................................... 99

Figure 45 Advanced Application > Spanning Tree Protocol ................................................................ 100

Figure 46 Advanced Application > Spanning Tree Protocol > RSTP ................................................... 100

Figure 47 Advanced Application > Spanning Tree Protocol > Status: RSTP ....................................... 102

Figure 48 Advanced Application > Spanning Tree Protocol > MSTP .................................................. 103

Figure 49 Advanced Application > Spanning Tree Protocol > Status: MSTP ...................................... 106

Figure 50 Advanced Application > Bandwidth Control ........................................................................ 109

Figure 51 Advanced Application > Broadcast Storm Control ...............................................................111

Figure 52 Advanced Application > Mirroring .........................................................................................113

Figure 53 Advanced Application > Link Aggregation Status .................................................................116

Figure 54 Advanced Application > Link Aggregation > Link Aggregation Setting ................................117

Figure 55 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP ...................118

Figure 56 Trunking Example - Physical Connections ........................................................................... 120

Figure 57 Trunking Example - Configuration Screen ............................................................................ 120

Figure 58 IEEE 802.1x Authentication Process ................................................................................... 122

Figure 59 Advanced Application > Port Authentication ....................................................................... 122

Figure 60 Advanced Application > Port Authentication > 802.1x ........................................................ 123

Figure 61 Advanced Application > Port Security ................................................................................. 126

Figure 62 Port Security Example ......................................................................................................... 127

Figure 63 Advanced Application > Queuing Method ........................................................................... 130

Figure 64 Advanced Application > Multicast ........................................................................................ 132

Figure 65 Advanced Application > Multicast > Multicast Setting ......................................................... 133

Figure 66 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN ................. 135

Figure 67 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile ................... 136

Figure 68 MVR Network Example ....................................................................................................... 137

Figure 69 MVR Multicast Television Example ..................................................................................... 138

Figure 70 Advanced Application > Multicast > Multicast Setting > MVR ............................................. 139

Figure 71 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration ............ 141

Figure 72 MVR Configuration Example ............................................................................................... 142

Figure 73 MVR Configuration Example ............................................................................................... 142

Figure 74 MVR Group Configuration Example ................................................................................... 143

Figure 75 MVR Group Configuration Example .................................................................................... 143

Figure 76 AAA Server .......................................................................................................................... 145

Figure 77 Advanced Application > Auth and Acct ............................................................................... 146

Figure 78 Advanced Application > Auth and Acct > RADIUS Server Setup ........................................ 147

Figure 79 Advanced Application > Auth and Acct > TACACS+ Server Setup ..................................... 149

Figure 80 Advanced Application > Auth and Acct > Auth and Acct Setup .......................................... 151

Figure 81 Example: Man-in-the-middle Attack ..................................................................................... 159

ES-2024 Series User’s Guide

List of Figures

Figure 82 IP Source Guard ................................................................................................................... 161

Figure 83 IP Source Guard Static Binding ............................................................................................ 162

Figure 84 ARP Inspection Status .......................................................................................................... 163

Figure 85 ARP Inspection Log Status ................................................................................................... 164

Figure 86 ARP Inspection Configure .................................................................................................... 165

Figure 87 ARP Inspection Port Configure ............................................................................................ 166

Figure 88 ARP Inspection VLAN Configure .......................................................................................... 167

Figure 89 Loop Guard vs. STP ............................................................................................................. 169

Figure 90 Switch in Loop State ............................................................................................................. 170

Figure 91 Loop Guard - Probe Packet .................................................................................................. 170

Figure 92 Loop Guard - Network Loop ................................................................................................. 170

Figure 93 Advanced Application > Loop Guard ....................................................................................171

Figure 94 Static Routing Overview ...................................................................................................... 175

Figure 95 IP Application > Static Routing ............................................................................................ 176

Figure 96 DiffServ: Differentiated Service Field .................................................................................... 179

Figure 97 DiffServ Network ................................................................................................................. 180

Figure 98 IP Application > DiffServ ...................................................................................................... 181

Figure 99 IP Application > DiffServ > DSCP Setting ........................................................................... 182

Figure 100 IP Application > DHCP Status ........................................................................................... 184

Figure 101 IP Application > DHCP > Global ........................................................................................ 185

Figure 102 Global DHCP Relay Network Example ............................................................................. 186

Figure 103 DHCP Relay Configuration Example ................................................................................. 186

Figure 104 IP Application > DHCP > VLAN ....................................................................................... 187

Figure 105 DHCP Relay for Two VLANs ............................................................................................. 188

Figure 106 DHCP Relay for Two VLANs Configuration Example ........................................................ 188

Figure 107 Management > Maintenance ............................................................................................. 191

Figure 108 Load Factory Default: Start ................................................................................................ 192

Figure 109 Reboot System: Confirmation ........................................................................................... 193

Figure 110 Management > Maintenance > Firmware Upgrade ........................................................... 193

Figure 111 Management > Maintenance > Restore Configuration ...................................................... 194

Figure 112 Management > Maintenance > Backup Configuration ...................................................... 194

Figure 113 Management > Access Control ......................................................................................... 197

Figure 114 SNMP Management Model .............................................................................................. 198

Figure 115 Management > Access Control > SNMP ........................................................................... 202

Figure 116 Management > Access Control > SNMP > Trap Group ..................................................... 204

Figure 117 Management > Access Control > Logins ........................................................................... 206

Figure 118 SSH Communication Example ...........................................................................................207

Figure 119 How SSH Works ................................................................................................................. 207

Figure 120 HTTPS Implementation ...................................................................................................... 209

Figure 121 Security Alert Dialog Box (Internet Explorer) ...................................................................... 209

Figure 122 Security Certificate 1 (Netscape) ........................................................................................ 210

Figure 123 Security Certificate 2 (Netscape) ........................................................................................ 210

Figure 124 Example: Lock Denoting a Secure Connection ...................................................................211

ES-2024 Series User’s Guide

List of Figures

Figure 125 Management > Access Control > Service Access Control ..................................................211

Figure 126 Management > Access Control > Remote Management .................................................. 212

Figure 127 Management > Diagnostic ................................................................................................. 215

Figure 128 Management > Syslog ....................................................................................................... 218

Figure 129 Management > Syslog > Server Setup ............................................................................. 219

Figure 130 Clustering Application Example ......................................................................................... 222

Figure 131 Management > Cluster Management ................................................................................ 222

Figure 132 Cluster Management: Cluster Member Web Configurator Screen .................................... 223

Figure 133 Example: Uploading Firmware to a Cluster Member Switch ............................................. 224

Figure 134 Management > Clustering Management > Configuration .................................................. 225

Figure 135 MAC Table Flowchart ........................................................................................................ 227

Figure 136 Management > MAC Table ................................................................................................ 228

Figure 137 Management > ARP Table ................................................................................................ 230

Figure 138 Management > Configure Clone .......................................................................................231

Figure 139 DC Power Plug ................................................................................................................... 235

Figure 140 Network Number and Host ID ............................................................................................ 244

Figure 141 Subnetting Example: Before Subnetting ............................................................................ 246

Figure 142 Subnetting Example: After Subnetting ............................................................................... 247

ES-2024 Series User’s Guide

List of Tables

Table 1 Front Panel ............................................................................................................................... 38

Table 2 LEDs ......................................................................................................................................... 41

Table 3 Navigation Panel Sub-links Overview ....................................................................................... 47

Table 4 Web Configurator Screen Sub-links Details .............................................................................. 48

Table 5 Navigation Panel Links ............................................................................................................. 49

Table 6 Status ........................................................................................................................................ 59

Table 7 Status > Port Details ................................................................................................................. 61

Table 8 Basic Setting > System Info ...................................................................................................... 66

Table 9 Basic Setting > General Setup .................................................................................................. 68

Table 10 Basic Setting > Switch Setup .................................................................................................. 70

Table 11 Basic Setting > IP Setup ......................................................................................................... 72

Table 12 Basic Setting > Port Setup ...................................................................................................... 74

Table 13 IEEE 802.1Q VLAN Terminology ............................................................................................ 80

Table 14 Advanced Application > VLAN: VLAN Status .......................................................................... 82

Table 15 Advanced Application > VLAN > VLAN Detail ........................................................................ 83

Table 16 Advanced Application > VLAN > Static VLAN ......................................................................... 84

Table 17 Advanced Application > VLAN > VLAN Port Setting ............................................................... 85

Table 18 Advanced Application > VLAN: Port Based VLAN Setup ....................................................... 89

Table 19 Advanced Application > Static MAC Forwarding ..................................................................... 92

Table 20 Advanced Application > Filtering ............................................................................................. 93

Table 21 STP Path Costs ...................................................................................................................... 96

Table 22 STP Port States ...................................................................................................................... 97

Table 23 Advanced Application > Spanning Tree Protocol > RSTP .................................................... 100

Table 24 Advanced Application > Spanning Tree Protocol > Status: RSTP ........................................ 102

Table 25 Advanced Application > Spanning Tree Protocol > MSTP .................................................... 104

Table 26 Advanced Application > Spanning Tree Protocol > Status: MSTP ........................................ 106

Table 27 Advanced Application > Bandwidth Control .......................................................................... 109

Table 28 Advanced Application > Broadcast Storm Control .................................................................112

Table 29 Advanced Application > Mirroring ..........................................................................................114

Table 30 Link Aggregation ID: Local Switch .........................................................................................116

Table 31 Link Aggregation ID: Peer Switch ..........................................................................................116

Table 32 Advanced Application > Link Aggregation Status ..................................................................116

Table 33 Advanced Application > Link Aggregation > Link Aggregation Setting ..................................117

Table 34 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP .....................119

Table 35 Advanced Application > Port Authentication > 802.1x .......................................................... 123

Table 36 Advanced Application > Port Security ................................................................................... 126

Table 37 Port Security Example .......................................................................................................... 128

Table 38 Physical Queue Priority ......................................................................................................... 129

ES-2024 Series User’s Guide

List of Tables

Table 39 Advanced Application > Queuing Method ............................................................................. 130

Table 40 Multicast Status ..................................................................................................................... 132

Table 41 Advanced Application > Multicast > Multicast Setting ........................................................... 133

Table 42 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN ................... 135

Table 43 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile .................... 136

Table 44 Advanced Application > Multicast > Multicast Setting > MVR ............................................... 139

Table 45 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration ............ 141

Table 46 RADIUS vs. TACACS+ ......................................................................................................... 146

Table 47 Advanced Application > Auth and Acct > RADIUS Server Setup ......................................... 147

Table 48 Advanced Application > Auth and Acct > TACACS+ Server Setup ...................................... 149

Table 49 Advanced Application > Auth and Acct > Auth and Acct Setup ............................................ 151

Table 50 Supported VSAs ................................................................................................................... 153

Table 51 Supported Tunnel Protocol Attribute ..................................................................................... 154

Table 52 RADIUS Attributes - Exec Events via Console ..................................................................... 156

Table 53 RADIUS Attributes - Exec Events via Telnet/SSH ................................................................ 156

Table 54 RADIUS Attributes - Exec Events via Console ..................................................................... 156

Table 55 IP Source Guard ................................................................................................................... 161

Table 56 IP Source Guard Static Binding ............................................................................................ 162

Table 57 ARP Inspection Status .......................................................................................................... 163

Table 58 ARP Inspection Log Status ................................................................................................... 164

Table 59 ARP Inspection Configure ..................................................................................................... 165

Table 60 ARP Inspection Port Configure ............................................................................................. 167

Table 61 ARP Inspection VLAN Configure .......................................................................................... 167

Table 62 Advanced Application > Loop Guard ....................................................................................171

Table 63 IP Application > Static Routing .............................................................................................. 176

Table 64 IP Application > DiffServ ....................................................................................................... 181

Table 65 Default DSCP-IEEE 802.1p Mapping ................................................................................... 182

Table 66 IP Application > DiffServ > DSCP Setting .............................................................................182

Table 67 IP Application > DHCP Status ............................................................................................... 184

Table 68 Relay Agent Information ....................................................................................................... 184

Table 69 IP Application > DHCP > Global ........................................................................................... 185

Table 70 IP Application > DHCP > VLAN ............................................................................................ 187

Table 71 Management > Maintenance ................................................................................................ 191

Table 72 Filename Conventions .......................................................................................................... 195

Table 73 General Commands for GUI-based FTP Clients .................................................................. 196

Table 74 Access Control Overview ...................................................................................................... 197

Table 75 SNMP Commands ................................................................................................................ 198

Table 76 SNMP System Traps ............................................................................................................. 199

Table 77 SNMP Interface Traps ........................................................................................................... 200

Table 78 AAA Traps ............................................................................................................................. 201

Table 79 SNMP IP Traps ..................................................................................................................... 201

Table 80 SNMP Switch Traps .............................................................................................................. 201

Table 81 Management > Access Control > SNMP .............................................................................. 203

ES-2024 Series User’s Guide

List of Tables

Table 82 Management > Access Control > SNMP > Trap Group ........................................................ 205

Table 83 Management > Access Control > Logins .............................................................................. 206

Table 84 Management > Access Control > Service Access Control ................................................... 212

Table 85 Management > Access Control > Remote Management ...................................................... 212

Table 86 Management > Diagnostic .................................................................................................... 215

Table 87 Syslog Severity Levels .......................................................................................................... 217

Table 88 Management > Syslog .......................................................................................................... 218

Table 89 Management > Syslog > Server Setup ................................................................................. 219

Table 90 ZyXEL Clustering Management Specifications ..................................................................... 221

Table 91 Management > Cluster Management .................................................................................... 223

Table 92 FTP Upload to Cluster Member Example ............................................................................. 224

Table 93 Management > Clustering Management > Configuration ..................................................... 225

Table 94 Management > MAC Table ................................................................................................... 228

Table 95 Management > ARP Table .................................................................................................... 230

Table 96 Management > Configure Clone ........................................................................................... 232

Table 97 Hardware Specifications ....................................................................................................... 235

Table 98 Feature Descriptions ............................................................................................................. 236

Table 99 Firmware Specifications ........................................................................................................ 238

Table 100 Standards Supported .......................................................................................................... 240

Table 101 IP Address Network Number and Host ID Example ........................................................... 244

Table 102 Subnet Masks ..................................................................................................................... 245

Table 103 Maximum Host Numbers .................................................................................................... 245

Table 104 Alternative Subnet Mask Notation ....................................................................................... 245

Table 105 Subnet 1 .............................................................................................................................. 247

Table 106 Subnet 2 .............................................................................................................................. 248

Table 107 Subnet 3 .............................................................................................................................. 248

Table 108 Subnet 4 .............................................................................................................................. 248

Table 109 Eight Subnets ...................................................................................................................... 248

Table 110 24-bit Network Number Subnet Planning ............................................................................ 249

Table 111 16-bit Network Number Subnet Planning ............................................................................ 249

ES-2024 Series User’s Guide

List of Tables

ES-2024 Series User’s Guide

PART I

Introduction

Getting to Know Your Switch (29)

Hardware Installation and Connection (33)

Hardware Overview (37)

CHAPTER 1

Getting to Know Your Switch

This chapter introduces the main features and applications of the Switch.

1.1 Introduction

The Switch is a stand-alone layer-2 Ethernet switch with 24 10/100Mbps ports and two Gigabit Ethernet/mini-GBIC ports. The ES-2024PWR comes with the Power-over-Ethernet (PoE) feature.

With its built-in web configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed via Telnet, SSH (Secure SHell), any terminal emulator program on the console port, or third-party SNMP management.

See Appendix A on page 235 for a full list of software features available on the Switch.

1.1.1 Backbone Application

The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch.

In this example, all computers can share high-speed applications on the server. To expand the network, simply add more networking devices such as switches, routers, computers, print servers etc.

Figure 1 Backbone Application

ES-2024 Series User’s Guide

Chapter 1 Getting to Know Your Switch

1.1.2 Bridging Example

In this example application the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server

and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch.

Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location.

Figure 2 Bridging Application

1.1.3 High Performance Switching Example

The Switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks.

Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance. The Switch can provide the same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches. Moreover, the current LAN structure can be retained as all ports can freely communicate with each other.

ES-2024 Series User’s Guide

Chapter 1 Getting to Know Your Switch

Figure 3 High Performance Switched Workgroup Application

1.1.4 IEEE 802.1Q VLAN Application Examples

A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group. A station can belong to more than one group. With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s) unless such traffic first goes through a router.

For more information on VLANs, refer to Chapter 8 on page 79.

Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re-cabling.

Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too.

Figure 4 Shared Server Using VLAN Example

ES-2024 Series User’s Guide

Chapter 1 Getting to Know Your Switch

1.2 Ways to Manage the Switch

Use any of the following methods to manage the Switch.

• Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page 45.

• Command Line Interface. Line commands offer an alternative to the Web Configurator and may be necessary to configure advanced features. See the CLI Reference Guide.

• FTP. Use File Transfer Protocol for firmware upgrades and configuration backup/restore. See Section 26.8 on page 195.

• SNMP. The device can be monitored and/or managed by an SNMP manager. See Section

27.3 on page 198.

1.3 Good Habits for Managing the Switch

Do the following things regularly to make the Switch more secure and to manage the Switch more effectively.

• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.

• Write down the password and put it in a safe place.

• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration.

ES-2024 Series User’s Guide

CHAPTER 2

Hardware Installation and

Connection

This chapter shows you how to install and connect the Switch.

2.1 Freestanding Installation

1 Make sure the Switch is clean and dry. 2 Set the Switch on a smooth, level surface strong enough to support the weight of the

Switch and the connected cables. Make sure there is a power outlet nearby.

3 Make sure there is enough clearance around the Switch to allow air circulation and the

attachment of cables and the power cord.

4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help

protect the Switch from shock or vibration and ensure space between devices when stacking.

Figure 5 Attaching Rubber Feet

ES-2024 Series User’s Guide

Chapter 2 Hardware Installation and Connection

" Do NOT block the ventilation holes. Leave space between devices when

stacking.

For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations.

2.2 Mounting the Switch on a Rack

This section lists the rack mounting requirements and precautions and describes the installation steps.

2.2.1 Rack-mounted Installation Requirements

• Two mounting brackets.

• Eight M3 flat head screws and a #2 Philips screwdriver.

• Four M5 flat head screws and a #2 Philips screwdriver.

" Failure to use the proper screws may damage the unit.

2.2.1.1 Precautions

• Make sure the rack will safely support the combined weight of all the equipment it contains.

• Make sure the position of the Switch does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.

2.2.2 Attaching the Mounting Brackets to the Switch

1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on

the bracket with the screw holes on the side of the Switch.

Figure 6 Attaching the Mounting Brackets

ES-2024 Series User’s Guide

2 Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting

bracket holes into the Switch.

3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the

Switch.

4 You may now mount the Switch on a rack. Proceed to the next section.

2.2.3 Mounting the Switch on a Rack

1 Position a mounting bracket (that is already attached to the Switch) on one side of the

rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack.

Figure 7 Mounting the Switch on a Rack

Chapter 2 Hardware Installation and Connection

2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting

bracket holes into the rack.

3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack.

ES-2024 Series User’s Guide

Chapter 2 Hardware Installation and Connection

ES-2024 Series User’s Guide

CHAPTER 3

Hardware Overview

This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections.

3.1 Front Panel Connection

The figure below shows the front panel of the Switch.

Figure 8 Front Panel: ES-2024A

Console Port

10/100 Mbps Ethernet Ports

Figure 9 Front Panel: ES-2024PWR

10/100 Mbps Ethernet Ports

Gigabit Ethernet/ Mini-GBIC Ports

Console Port

Gigabit Ethernet/ Mini-GBIC Ports

ES-2024 Series User’s Guide

Chapter 3 Hardware Overview

The following table describes the port labels on the front panel.

Table 1 Front Panel

LABEL DESCRIPTION

CONSOLE Only connect this port if you want to configure the Switch using the command line

24 10/100 Mbps RJ-45 Ethernet Ports

Gigabit Ethernet/ mini GBIC ports

3.1.1 Console Port

For local management, you can use a computer with terminal emulation software configured to the following parameters:

• VT100 terminal emulation

• 9600 bps

• No parity, 8 data bits, 1 stop bit

• No flow control

interface (CLI) via the console port.

Connect these ports to a computer, a hub, an Ethernet switch or router.

Connect these Gigabit Ethernet ports to high-bandwidth backbone network Ethernet switches or use them to daisy-chain other switches.

Alternatively, use mini-GBIC transceivers in these slots for fiber-optical connections to backbone Ethernet switches

Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.

3.1.2 Ethernet Ports

The Switch has 24 10/100-Mbps auto-negotiating, auto-crossover Ethernet ports. In 10/100 Mbps Fast Ethernet, the speed can be 10 Mbps or 100 Mbps and the duplex mode can be half duplex or full duplex.

There are two pairs of Gigabit Ethernet/mini-GBIC ports. The mini-GBIC ports have priority over the Gigabit ports. This means that if a mini-GBIC port and the corresponding Gigabit port are connected at the same time, the Gigabit port will be disabled. The speed of the Gigabit Ethernet/mini-GBIC ports can be 100 Mbps or 1000 Mbps and the duplex mode can be half duplex (at 100 Mbps) or full duplex.

An auto-negotiating port can detect and adjust to the optimum Ethernet speed (10/100 Mbps) and duplex mode (full duplex or half duplex) of the connected device.

An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable.

3.1.2.1 Default Ethernet Settings

The factory default negotiation settings for the Ethernet ports on the Switch are:

• Speed: Auto

• Duplex: Auto

• Flow control: off

ES-2024 Series User’s Guide

Chapter 3 Hardware Overview

3.1.3 Mini-GBIC Slots

These are slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The Switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details.

You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic connectors.

• Type: SFP connection interface

• Connection speed: 1 Gigabit per second (Gbps)

" To avoid possible eye injury, do not look into an operating fiber-optic module’s

connectors.

3.1.3.1 Transceiver Installation

Use the following steps to install a mini GBIC transceiver (SFP module).

1 Insert the transceiver into the slot with the exposed section of PCB board facing down.

Figure 10 Transceiver Installation Example

2 Press the transceiver firmly until it clicks into place. 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that

it is functioning properly.

Figure 11 Installed Transceiver

3.1.3.2 Transceiver Removal

Use the following steps to remove a mini GBIC transceiver (SFP module).

1 Open the transceiver’s latch (latch styles vary).

ES-2024 Series User’s Guide

Chapter 3 Hardware Overview

Figure 12 Opening the Transceiver’s Latch Example

2 Pull the transceiver out of the slot.

Figure 13 Transceiver Removal Example

3.2 Rear Panel

The following figures show the rear panel of the Switch. The power receptacle is on the rear panel.

Figure 14 AC Rear Panel

Figure 15 DC Rear Panel

3.2.1 Power Connector

Make sure you are using the correct power source as shown on the panel.

To connect the power to the Switch, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to the power source.

ES-2024 Series User’s Guide

3.3 LEDs

The LEDs are located on the front panel. The following table describes the LEDs on the front panel.

Table 2 LEDs

LED COLOR STATUS DESCRIPTION

PWR Green On The system is turned on.

SYS Green Blinking The system is rebooting and performing self-diagnostic tests.

ALM Red On There is a hardware failure.

Ethernet Ports

LNK/ACT Amber Blinking The system is transmitting/receiving to/from a 10/100 Mbps

FDX/COL (ES-

2024A)

POE (ES-

2024PWR)

Gigabit Ports

100/1000 Green On The link to a 1000 Mbps Ethernet network is up.

ACT Green Blinking The port is receiving or transmitting data.

Mini-GBIC Ports

LNK Green On The port has a successful connection.

ACT Green Blinking The port is sending or receiving data.

Chapter 3 Hardware Overview

Off The system is off.

On The system is on and functioning properly.

Off The power is off or the system is not ready/malfunctioning.

Off The system is functioning normally.

Ethernet network.

On The link to a 10/100 Mbps Ethernet network is up.

Off The link to an Ethernet network is down.

Amber Blinking The Ethernet port is negotiating in half-duplex mode and

collisions are occurring; the more collisions that occur the faster the LED blinks.

On The Ethernet port is negotiating in full-duplex mode.

Off The Ethernet port is negotiating in half-duplex mode and no

collisions are occurring.

Amber On Power is supplied to the port.

Off Power is not supplied to the port.

Amber On The link to a 100 Mbps Ethernet network is up.

Off The link to an Ethernet network is down.

On The port has a connection to an Ethernet network but not

receiving or transmitting data.

Off The link to an Ethernet network is down.

Off No Ethernet device is connected to this port.

Off The port is not sending or receiving data.

ES-2024 Series User’s Guide

Chapter 3 Hardware Overview

ES-2024 Series User’s Guide

PART II

Basic Configuration

The Web Configurator (45)

Initial Setup Example (55)

System Status and Port Statistics (59)

Basic Setting (65)

CHAPTER 4

The Web Configurator

This section introduces the configuration and functions of the web configurator.

4.1 Introduction

The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScript (enabled by default).

• Java permissions (enabled by default).

4.2 System Login

1 Start your web browser. 2 Type “http://” and the IP address of the Switch (for example, the default is 192.168.1.1)

in the Location or Address field. Press [ENTER].

3 The login screen appears. The default username is admin and associated default

password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen.

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

Figure 16 Web Configurator: Login

4 Click OK to view the first web configurator screen.

4.3 The Status Screen

The Status screen is the first screen that displays when you access the web configurator.

The following figure shows the navigating components of a web configurator screen.

Figure 17 Web Configurator Home Screen (Status)

A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.

B, C, D, E - These are quick links which allow you to perform certain tasks no matter which screen you are currently working in.

ES-2024 Series User’s Guide

B - Click this link to save your configuration into the Switch’s nonvolatile memory. Nonvolatile memory is saved in the configuration file from which the Switch booted from and it stays the same even if the Switch’s power is turned off. See Section 26.3 on page 192 for information on saving your settings to a specific configuration file.

C - Click this link to go to the status page of the Switch.

D - Click this link to logout of the web configurator.

E - Click this link to display web help pages. The help pages provide descriptions for all of the

configuration screens.

In the navigation panel, click a main link to reveal a list of submenu links.

Table 3 Navigation Panel Sub-links Overview

BASIC SETTING

ADVANCED APPLICATION

Chapter 4 The Web Configurator

IP APPLICATION MANAGEMENT

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

The following table lists the various web configurator screens within the sub-links.

Table 4 Web Configurator Screen Sub-links Details

BASIC SETTING

System Info General Setup Switch Setup IP Setup Port Setup

ADVANCED APPLICATION

VLAN Status

Static MAC Forwarding Filtering Spanning Tree Protocol

Status

Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Status

Port Authentication

Port Security Queuing Method Multicast Status

Authentication and Accounting

IP Source Guard

Loop Guard

VLAN Port Setting Static VLAN VLAN Detail

Configuration RSTP MSTP

Link Aggregation Setting

Ling Aggregation Control Protocol

802.1x

Multicast Setting IGMP Snooping VLAN IGMP Filtering Profile MVR Group Configuration

RADIUS Server Setup TACACS+ Server

Setup Auth and Acct Setup

IP Source Guard Static Binding ARP Inspection Status

ARP Inspection Log Status

ARP Inspection Configure ARP Inspection Port Configure

ARP Inspection VLAN Configure

IP APPLICATION MANAGEMENT

Static Routing DiffServ

DSCP Setting

DHCP Status

DHCP Relay VLAN Setting

Maintenance

Firmware Upgrade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System

Access Control

SNMP Trap Group Logins Service Access Control

Remote Management Diagnostic Syslog Setup

Syslog Server Setup Clustering Management Status

Clustering Management

Configuration MAC Table

ARP Table Configure Clone

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

The following table describes the links in the navigation panel.

Table 5 Navigation Panel Links

LINK DESCRIPTION

Basic Settings

System Info This link takes you to a screen that displays general system and hardware

monitoring information.

General Setup This link takes you to a screen where you can configure general identification

information about the Switch.

Switch Setup This link takes you to a screen where you can set up global Switch parameters

such as VLAN type, MAC address learning, GARP and priority queues.

IP Setup This link takes you to a screen where you can configure the IP address, subnet

Port Setup This link takes you to screens where you can configure settings for individual

Advanced Application

VLAN This link takes you to screens where you can configure port-based or 802.1Q VLAN

Static MAC Forwarding

Filtering This link takes you to a screen to set up filtering rules.

Spanning Tree Protocol

Bandwidth Control

Broadcast Storm Control

Mirroring This link takes you to screens where you can copy traffic from one port or ports to

Link Aggregation This link takes you to a screen where you can logically aggregate physical links to

Port Authentication

Port Security This link takes you to a screen where you can activate MAC address learning and

Queuing Method This link takes you to a screen where you can configure queuing with associated

Multicast This link takes you to a screen where you can configure various multicast features

Auth and Acct This link takes you to a screen where you can configure authentication and

IP Source Guard This link takes you to a screen where you can configure filtering of unauthorized

Loop Guard This link takes you to a screen where you can configure protection against network

IP Application

mask (necessary for Switch management) and DNS (domain name server) and set up IP routing domains.

Switch ports.

(depending on what you configured in the Switch Setup menu).

This link takes you to screens where you can configure static MAC addresses for a port. These static MAC addresses do not age out.

This link takes you to screens where you can configure the RSTP/MSTP to prevent network loops.

This link takes you to screens where you can cap the maximum bandwidth allowed from specified source(s) to specified destination(s).

This link takes you to a screen to set up broadcast filters.

another port in order that you can examine the traffic from the first port without interference

form one logical, higher-bandwidth link.

This link takes you to a screen where you can configure IEEE 802.1x port authentication.

set the maximum number of MAC addresses to learn on a port.

queue weights.

and create multicast VLANs.

accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access-Control System Plus).

ARP packets in your network.

loops that occur on the edge of your network.

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

Table 5 Navigation Panel Links (continued)

LINK DESCRIPTION

Static Route This link takes you to screens where you can configure static routes. A static route

defines how the Switch should forward traffic by configuring the TCP/IP parameters manually.

DiffServ This link takes you to screens where you can enable DiffServ and set DSCP-to-

IEEE802.1p mappings.

DHCP This link takes you to a screen where you can configure the DHCP settings.

Management

Maintenance This link takes you to screens where you can perform firmware and configuration

file maintenance as well as reboot the system.

Access Control This link takes you to screens where you can change the system login password

and configure SNMP and remote management.

Diagnostic This link takes you to screens where you can view system logs and test port(s).

Syslog This link takes you to screens where you can setup system logs and a system log

server.

Cluster Management

MAC Table This link takes you to a screen where you can view the MAC addresses (and types)

ARP Table This link takes you to a screen where you can view the MAC addresses – IP

Configure Clone This link takes you to a screen where you can copy attributes of one port to other

This link takes you to a screen where you can configure clustering management and view its status.

of devices attached to what ports and VLAN IDs.

address resolution table.

ports.

4.3.1 Change Your Password

After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen.

Figure 18 Change Administrator Login Password

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

4.4 Saving Your Configuration

When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.

Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory. Nonvolatile memory refers to the Switch’s storage that remains even if the Switch’s power is turned off.

" Use the Save link when you are done with a configuration session.

4.5 Switch Lockout

You could block yourself (and all others) from using in-band-management (managing through the data ports) if you do one of the following:

1 Delete the management VLAN (default is VLAN 1). 2 Delete all port-based VLANs with the CPU port as a member. The “CPU port” is the

management port of the Switch.

3 Filter all traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it.

" Be careful not to lock yourself and others out of the Switch.

4.6 Resetting the Switch

If you lock yourself (and others) from the Switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the Switch back to the factory defaults.

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

4.6.1 Reload the Configuration File

Uploading the factory-default configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all previous configurations and the speed of the console port will be reset to the default of 9600 bps with 8 data bits, no parity, one stop bit and flow control set to none. The password will also be reset to “1234” and the IP address to 192.168.1.1.

To upload the configuration file, do the following:

1 Connect to the console port using a computer with terminal emulation software. See

Section 3.1.1 on page 38 for details.

2 Disconnect and reconnect the Switch’s power to begin a session. When you reconnect

the Switch’s power, you will see the initial screen.

3 When you see the message “

seconds ...

4 Type

atlc after the “Enter Debug Mode” message.

5 Wait for the “

” press any key to enter debug mode.

Starting XMODEM upload” message before activating XMODEM

upload on your terminal.

6 After a configuration file upload, type

Press any key to enter Debug Mode within 3

atgo to restart the Switch.

An example is shown below.

Figure 19 Resetting the Switch: Via the Console Port

Bootbase Version: V1.07 | 04/20/2005 13:38:02 RAM: Size = 32768 Kbytes FLASH: AMD 32M *1

ZyNOS Version: V3.70(TX.0)| 07/11/2006 19:59:04 Press any key to enter debug mode within 3 seconds.

....................

Enter Debug Mode sysname> atlc

Starting XMODEM upload (CRC mode)....

CCCCCCCCCCCCCCCC Total 49152 bytes received. Erasing..

................................................................

OK sysname> atgo

The Switch is now reinitialized with a default configuration file including the default password of “1234”.

4.7 Logging Out of the Web Configurator

Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session for security reasons.

ES-2024 Series User’s Guide

Figure 20 Web Configurator: Logout Screen

4.8 Help

The web configurator’s online help has descriptions of individual screens and some supplementary information.

Click the Help link from a web configurator screen to view an online help description of that screen.

Chapter 4 The Web Configurator

ES-2024 Series User’s Guide

Chapter 4 The Web Configurator

ES-2024 Series User’s Guide

CHAPTER 5

Initial Setup Example

This chapter shows how to set up the Switch for an example network.

5.1 Overview

The following lists the configuration steps for the initial setup:

• Create a VLAN

• Set port VLAN ID

• Configure the Switch IP management address

Before you begin, you should log in to the web configurator.

1 Connect your computer to any Ethernet port on the Switch. Make sure your computer is

in the same subnet as the Switch.

2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar

to access the web configurator.

See Section 4.2 on page 45 for more information.

5.1.1 Creating a VLAN

VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members.

In this example, you want to configure port 10 as a member of VLAN 2.

Figure 21 Initial Setup Network Example: VLAN

ES-2024 Series User’s Guide

Chapter 5 Initial Setup Example

1 Click Advanced Application

and VLAN in the navigation panel and click the Static VLAN link.

2 In the Static VLAN screen,

select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network.

" The VLAN Group ID field in this screen and the VID field in the IP Setup

screen refer to the same VLAN ID.

3 Since the VLAN2 network is connected to port 10 on the Switch, select Fixed to

configure port 10 to be a permanent member of the VLAN only.

4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames

properly, clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.

5 Click Add to create the static VLAN and click the Save button to save the settings.

5.1.2 Setting Port VID

Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.

In the example network, configure 2 as the port VID on port 10 so that any untagged frames received on that port get sent to VLAN 2.

ES-2024 Series User’s Guide

Figure 22 Initial Setup Network Example: Port VID

1 Click Advanced

Applications and VLAN in the navigation panel. Then click the VLAN Port Setting link.

2 Enter 2 in the PVID field

for port 10 and click Apply to set the VLAN port setting and click the Save button to save the settings.

Chapter 5 Initial Setup Example

5.1.3 Configuring Switch Management IP Address

The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example.

Figure 23 Initial Setup Example: Management IP Address

ES-2024 Series User’s Guide

Chapter 5 Initial Setup Example

1 Click Basic Setting and IP Setup

in the navigation panel.

2 Configure the related fields in the

IP Setup screen. For the VLAN2 network, enter

192.168.2.1 as the IP address and

255.255.255.0 as the subnet mask.

3 In the VID field, enter the ID of

the VLAN group to which you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen.

4 Click Add.

ES-2024 Series User’s Guide

CHAPTER 6

System Status and Port

Statistics

This chapter describes the system status (web configurator home page) and port details screens.

6.1 Overview

The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.

6.2 Port Status Summary

To view the port statistics, click Status in any web configurator screen to display the Status screen as shown next.

Figure 24 Status

The following table describes the labels in this screen.

Table 6 Status

LABEL DESCRIPTION

Port This identifies the Ethernet port. Click a port number to display the Port Details

Name This is the name you assigned to this port in the Basic Setting, Port Setup screen.

Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M

screen (refer to Figure 25 on page 61).

for 1000Mbps) and the duplex (F for full duplex or H for half). It also shows the cable type (Copper or Fiber) for the combo ports.

ES-2024 Series User’s Guide

Chapter 6 System Status and Port Statistics

Table 6 Status (continued)

LABEL DESCRIPTION

State If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the

port (see Section 11.1.3 on page 97 for more information). If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it

displays STOP.

PD (PWR model only)

LACP This fields displays whether LACP (Link Aggregation Control Protocol) has been

TxPkts This field shows the number of transmitted frames on this port.

RxPkts This field shows the number of received frames on this port.

Errors This field shows the number of received errors on this port.

Tx KB/s This field shows the number of kilobytes per second transmitted on this port.

Rx KB/s This field shows the number of kilobytes per second received on this port.

Up Time This field shows the total amount of time in hours, minutes and seconds the port has

Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical

This field displays the current amount of power consumed by devices (powered devices, or PD) that use Power over Ethernet (PoE) to get power from the Switch on this port.

enabled on the port.

been up.

information for that port, or select Any to clear statistics for all ports.

6.2.1 Status: Port Details

Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch.

ES-2024 Series User’s Guide

Figure 25 Status: Port Details

Chapter 6 System Status and Port Statistics

The following table describes the labels in this screen.

Table 7 Status > Port Details

LABEL DESCRIPTION

Port Info

Port NO. This field displays the port number you are viewing.

Name This field displays the name of the port.

Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for

1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber).

Status If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port

(see Section 11.1.3 on page 97 for more information). If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it

displays STOP.

PD PowerCon sumption

PD MaxCurre nt

This field is available for the PWR model only. This field displays the current amount of power consumed by devices (powered

devices, or PD) that use Power over Ethernet (PoE) to get power from the Switch on this port.

This field is available for the PWR model only. This field displays the maximum amount of current drawn by devices (powered

devices, or PD) that use Power over Ethernet (PoE) to get power from the Switch on this port.

ES-2024 Series User’s Guide

Chapter 6 System Status and Port Statistics

Table 7 Status > Port Details (continued)

LABEL DESCRIPTION

PD MaxPower

LACP This field shows if LACP is enabled on this port or not.

TxPkts This field shows the number of transmitted frames on this port

RxPkts This field shows the number of received frames on this port

Errors This field shows the number of received errors on this port.

Tx KB/s This field shows the number kilobytes per second transmitted on this port.

Rx KB/s This field shows the number of kilobytes per second received on this port.

Up Time This field shows the total amount of time the connection has been up.

Tx Packet The following fields display detailed information about packets transmitted.

TX Packets This field shows the number of good packets (unicast, multicast and broadcast)

Multicast This field shows the number of good multicast packets transmitted.

Broadcast This field shows the number of good broadcast packets transmitted.

Pause This field shows the number of 802.3x Pause packets transmitted.

Rx Packet The following fields display detailed information about packets received.

RX Packets This field shows the number of good packets (unicast, multicast and broadcast)

Multicast This field shows the number of good multicast packets received.

Broadcast This field shows the number of good broadcast packets received.

Pause This field shows the number of 802.3x Pause packets received.

TX Collision The following fields display information on collisions while transmitting.

Single This is a count of successfully transmitted packets for which transmission is inhibited

Multiple This is a count of successfully transmitted packets for which transmission was

Excessive This is a count of packets for which transmission failed due to excessive collisions.

Late This is the number of times a late collision is detected, that is, after 512 bits of the

Error Packet The following fields display detailed information about packets received that were in

RX CRC This field shows the number of packets received with CRC (Cyclic Redundant Check)

Runt This field shows the number of packets received that were too short (shorter than 64

Distribution

This field is available for the PWR model only. This field displays the maximum amount of power consumed by devices (powered

devices, or PD) that use Power over Ethernet (PoE) to get power from the Switch on this port.

transmitted.

received.

by exactly one collision.

inhibited by more than one collision.

Excessive collision is defined as the number of maximum collisions before the retransmission count is reset.

packets have already been transmitted.

error.

error(s).

octets), including the ones with CRC errors.

ES-2024 Series User’s Guide

Chapter 6 System Status and Port Statistics

Table 7 Status > Port Details (continued)

LABEL DESCRIPTION

64 This field shows the number of packets (including bad packets) received that were 64

octets in length.

65-127 This field shows the number of packets (including bad packets) received that were

between 65 and 127 octets in length.

128-255 This field shows the number of packets (including bad packets) received that were

between 128 and 255 octets in length.

256-511 This field shows the number of packets (including bad packets) received that were

between 256 and 511 octets in length.

512-1023 This field shows the number of packets (including bad packets) received that were

10241518

Giant This field shows the number of packets dropped because they were bigger than the

between 512 and 1023 octets in length.

This field shows the number of packets (including bad packets) received that were between 1024 and 1518 octets in length.

maximum frame size.

ES-2024 Series User’s Guide

Chapter 6 System Status and Port Statistics

ES-2024 Series User’s Guide

CHAPTER 7

Basic Setting

This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens.

7.1 Overview

The System Info screen displays general Switch information (such as firmware version number) and hardware polling information (such as fan speeds). The General Setup screen allows you to configure general Switch identification information. The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch. The real time is then displayed in the Switch logs. The Switch Setup screen allows you to set up and configure global Switch features. The IP Setup screen allows you to configure a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes.

7.2 System Information

In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Figure 26 Basic Setting > System Info

The following table describes the labels in this screen.

Table 8 Basic Setting > System Info

LABEL DESCRIPTION

System Name This field displays the descriptive name of the Switch for identification purposes.

ZyNOS F/W Ver si on

Ethernet Address

PoE Status (This section is available for the PWR model only.)

Total Power This field displays the total power the Switch can provide to the connected PoE-

Consuming Power

Allocated Power

Remaining Power

This field displays the version number of the Switch's current firmware including the date created.

This field refers to the Ethernet MAC (Media Access Control) address of the Switch.

enabled devices on the PoE ports.

This field displays the amount of power the Switch is currently supplying to the connected PoE-enabled devices.

This field displays the total amount of power the Switch has reserved for PoE after negotiating with the connected PoE device(s).

This field displays the amount of power the Switch can still provide for PoE.

Note: The Switch must have at least 16 W of remaining power in order

to supply power to a PoE device; even if the PoE device requested for a lower power supply than 16W.

Hardware Monitor

Temperature Unit

Temperature MAC, CPU and LOCAL refer to the location of the temperature sensors on the Switch

The Switch has temperature sensors that are capable of detecting and reporting if the temperature rises above the threshold. You may choose the temperature unit (Centigrade or Fahrenheit) in this field.

printed circuit board.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Table 8 Basic Setting > System Info (continued)

LABEL DESCRIPTION

Current This shows the current temperature at this sensor.

MAX This field displays the maximum temperature measured at this sensor.

MIN This field displays the minimum temperature measured at this sensor.

Threshold This field displays the upper temperature limit at this sensor.

Status This field displays Normal for temperatures below the threshold and Error for those

above.

Fan Speed (RPM)

Current This field displays this fan's current speed in Revolutions Per Minute (RPM).

MAX This field displays this fan's maximum speed measured in Revolutions Per Minute

MIN This field displays this fan's minimum speed measured in Revolutions Per Minute

Threshold This field displays the minimum speed at which a normal fan should work.

Status Normal indicates that this fan is functioning above the minimum speed. Error

Voltage(V) The power supply for each voltage has a sensor that is capable of detecting and

Current This is the current voltage reading.

MAX This field displays the maximum voltage measured at this point.

MIN This field displays the minimum voltage measured at this point.

Threshold This field displays the percentage tolerance of the voltage with which the Switch still

Status Normal indicates that the voltage is within an acceptable operating range at this

A properly functioning fan is an essential component (along with a sufficiently ventilated, cool operating environment) in order for the device to stay within the temperature threshold. Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown.

(RPM).

(RPM). "<41" is displayed for speeds too small to measure (under 2000 RPM).

indicates that this fan is functioning below the minimum speed.

reporting if the voltage falls out of the tolerance range.

works.

point; otherwise Error is displayed.

7.3 General Setup

Use this screen to configure general settings such as the system name and time. Click Basic Setting and General Setup in the navigation panel to display the screen as shown.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Figure 27 Basic Setting > General Setup

The following table describes the labels in this screen.

Table 9 Basic Setting > General Setup

LABEL DESCRIPTION

System Name Choose a descriptive name for identification purposes. This name consists of up to

64 printable characters; spaces are allowed.

Location Enter the geographic location of your Switch. You can use up to 32 English

keyboard characters; spaces are allowed.

Contact Person's Name

Use Time Server when Bootup

Time Server IP Address

Current Time This field displays the time you open this menu (or refresh the menu).

New Time (hh:min:ss)

Current Date This field displays the date you open this menu.

New Date (yyyymm-dd)

Enter the name of the person in charge of this Switch. You can use up to 32 English keyboard characters; spaces are allowed.

Enter the time service protocol that your timeserver uses. Not all time servers support all protocols, so you may have to use trial and error to find a protocol that works. The main differences between them are the time format.

When you select the Daytime (RFC 867) format, the Switch displays the day, month, year and time with no time zone adjustment. When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone.

Time (RFC-868) format displays a 4-byte integer giving the total number of seconds since 1970/1/1 at 0:0:0.

NTP (RFC-1305) is similar to Time (RFC-868). None is the default value. Enter the time manually. Each time you turn on the

Switch, the time and date will be reset to 1970-1-1 0:0:0.

Enter the IP address of your timeserver. The Switch searches for the timeserver for up to 60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds. Please wait.

Enter the new time in hour, minute and second format. The new time then appears in the Current Time field after you click Apply.

Enter the new date in year, month and day format. The new date then appears in the Current Date field after you click Apply.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Table 9 Basic Setting > General Setup (continued)

LABEL DESCRIPTION

Time Zone Select the time difference between UTC (Universal Time Coordinated, formerly

known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box.

Daylight Saving Time

Start Date Configure the day and time when Daylight Saving Time starts if you selected

End Date Configure the day and time when Daylight Saving Time ends if you selected

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch

Cancel Click Cancel to begin configuring this screen afresh.

Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.

Select this option if you use Daylight Saving Time.

Daylight Saving Time. The time is displayed in the 24 hour format. Here are a couple of examples:

Daylight Saving Time starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in the United States you would select Second, Sunday, March and 2:00.

Daylight Saving Time starts in the European Union on the last Sunday of March. All of the time zones in the European Union start using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, March and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).

Daylight Saving Time. The time field uses the 24 hour format. Here are a couple of examples:

Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in the United States you would select First, Sunday, November and 2:00.

Daylight Saving Time ends in the European Union on the last Sunday of October. All of the time zones in the European Union stop using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, October and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).

loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

7.4 Introduction to VLANs

A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s); the traffic must first go through a router.

In MTU (Multi-Tenant Unit) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain.

" VLAN is unidirectional; it only governs outgoing traffic.

See Chapter 8 on page 79 for information on port-based and 802.1Q tagged VLANs.

7.5 Switch Setup Screen

Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port

Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.

Figure 28 Basic Setting > Switch Setup

The following table describes the labels in this screen.

Table 10 Basic Setting > Switch Setup

LABEL DESCRIPTION

VLAN Type Choose 802.1Q or Port Based. The VLAN Setup screen changes depending on

whether you choose 802.1Q VLAN type or Port Based VLAN type in this screen. See Chapter 8 on page 79 for more information.

MAC Address Learning

Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamically learned MAC

MAC address learning reduces outgoing traffic broadcasts. For MAC address learning to occur on a port, the port must be active.

addresses remain in the MAC address table before they age out (and must be relearned).

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Table 10 Basic Setting > Switch Setup (continued)

LABEL DESCRIPTION

GARP Timer: Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. See the chapter on VLAN setup for more background information.

Join Timer Join Timer sets the duration of the Join Period timer for GVRP in milliseconds. Each

port has a Join Period timer. The allowed Join Time range is between 100 and 65535 milliseconds; the default is 200 milliseconds. See the chapter on VLAN setup for more background information.

Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds.

Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in

Priority Queue Assignment IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that

contains bits to define class of service. Frames without an explicit priority tag are given the default priority of the ingress port. Use the following fields to configure the priority level-to-physical queue mapping.

The Switch has four physical queues that you can map to the 8 priority levels. On the Switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.

Priority Level (The following descriptions are based on the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p).

Level 7 Typically used for network control traffic such as router configuration messages.

Level 6 Typically used for voice traffic that is especially sensitive to jitter (jitter is the

Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter.

Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems

Level 3 Typically used for “excellent effort” or better than best effort and would include

Level 2 This is for “spare bandwidth”.

Level 1 This is typically used for non-critical “background” traffic such as bulk transfers that

Level 0 Typically used for best-effort traffic.

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch

Cancel Click Cancel to begin configuring this screen afresh.

Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 milliseconds.

milliseconds. Each port has a single Leave All Period timer. Leave All Timer must be larger than Leave Timer.

variations in delay).

Network Architecture) transactions.

important business traffic that can tolerate some delay.

are allowed but that should not affect other applications and users.

loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

7.6 IP Setup

Use the IP Setup screen to configure the default gateway device, the default domain name server and add IP domains.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

7.6.1 IP Interfaces

The Switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0.

Configure IP addresses for accessing and managing the Switch from the ports belonging to the pre-defined VLAN(s). See Table 99 on page 238 for how many IP addresses you can configure.

Figure 29 Basic Setting > IP Setup

The following table describes the labels in this screen.

Tabl e 11 Basic Setting > IP Setup

LABEL DESCRIPTION

Domain Name Server

Default Management IP Address Configure the fields to set the default management IP address.

DHCP Client Select this option if you have a DHCP server that can assign the Switch an IP

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address.

address and subnet mask, a default gateway IP address and a domain name server IP address.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Tabl e 11 Basic Setting > IP Setup (continued)

LABEL DESCRIPTION

Static IP Address

IP Address Enter the IP address of your Switch in dotted decimal notation for example

IP Subnet Mask

Default Gateway

VID Enter the VLAN identification number associated with the Switch IP address. This is

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses

Cancel Click Cancel to reset the fields to your previous configuration.

Management IP Addresses Configure the fields to set additional management IP address.

IP Address Enter the IP address for managing the Switch by the members of the VLAN specified

IP Subnet Mask

VID Enter the VLAN identification number.

Default Gateway

Add Click Add to save the new rule to the Switch. It then displays in the summary table at

Cancel Click Cancel to reset the fields to your previous configuration.

Index This field displays the index number of an entry.

IP Address This field displays the management IP address of the Switch.

IP Subnet Mask

VID This field displays the VLAN identification number of the network.

Default Gateway

Delete Click Delete to remove the selected entry from the summary table.

Cancel Click Cancel to clear the Delete check boxes.

Select this option if you don't have a DHCP server or if you wish to assign static IP address information to the Switch. You need to fill in the following fields when you select this option.

192.168.1.1.

Enter the IP subnet mask of your Switch in dotted decimal notation for example

255.255.255.0.

Enter the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254

the VLAN ID of the CPU and is used for management only. The default is "1". All ports, by default, are fixed members of this "management VLAN" in order to manage the device from any port. If a port is not a member of this VLAN, then users on that port cannot access the device. To access the Switch, make sure the port that you are connected to is a member of Management VLAN.

these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

in the VID field below.

Enter the IP subnet mask in dotted decimal notation. For example, 255.255.255.0.

Enter the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254

the bottom of the screen. The Switch loses these changes if it is turned off or loses power, so use the Save link

on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

This field displays the subnet mask for the corresponding IP address.

This field displays the IP address of default gateway.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

7.7 Port Setup

Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen.

Figure 30 Basic Setting > Port Setup

The following table describes the labels in this screen.

Table 12 Basic Setting > Port Setup

LABEL DESCRIPTION

Port This is the port index number.

* Settings in this row apply to all ports.

Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

Note: Changes in this row are copied to all the ports as soon as you

make them.

Active Select this check box to enable a port. The factory default for all ports is enabled. A

Name Enter a descriptive name that identifies this port. You can enter up to 64 alpha-

port must be enabled for data transmission to occur.

numerical characters.

Note: Due to space limitation, the port name may be truncated in

some web configurator screens.

Type This field displays 10/100M for an Ethernet/Fast Ethernet connection and 10/100/

Speed/Duplex Select the speed and the duplex mode of the Ethernet connection on this port.

1000M for Gigabit connections.

Choices are Auto, 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, 100M/ Full Duplex and 1000M/Full Duplex (for Gigabit ports only).

Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the Switch’s auto-negotiation is turned off, a port uses the preconfigured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer port are the same in order to connect.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

Table 12 Basic Setting > Port Setup (continued)

LABEL DESCRIPTION

Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer

memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port.

The Switch uses IEEE 802.3x flow control in full duplex mode and backpressure flow control in half duplex mode.

IEEE 802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill.

Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later. Select Flow Control to enable it.

802.1p Priority This priority value is added to incoming frames without a (802.1p) priority queue tag. See Priority Queue Assignment in Table 10 on page 70 for more information.

PD This field is only available on the PWR model but not available for the Gigabit or mini-

PD Priority This field is only available on the PWR model but not available for the Gigabit or mini-

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses

Cancel Click Cancel to begin configuring this screen afresh.

GBIC ports. A powered device (PD) is a device such as an access point or a switch, that supports

PoE (Power over Ethernet) so that it can receive power from another device through a 10/100Mbps Ethernet port.

Select the check box to allow a powered device (connected to the port) to receive power from the Switch.

GBIC ports. When the total power requested by the PDs exceeds the total PoE power budget on

the Switch, you can set the PD priority to allow the Switch to provide power to ports with higher priority.

Select Critical to give the highest PD priority on the port. Select High to set the Switch to assign the remaining power to the port after all critical

priority ports are served. Select Low to set the Switch to assign the remaining power to the port after all the

critical and high priority ports are served.

these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

ES-2024 Series User’s Guide

Chapter 7 Basic Setting

ES-2024 Series User’s Guide

PART III

Advanced Setup

VLAN (79)

Static MAC Forward Setup (91)

Filtering (93)

Spanning Tree Protocol (95)

Bandwidth Control (109)

Broadcast Storm Control (111)

Mirroring (113)

Link Aggregation (115)

Port Authentication (121)

Port Security (125)

Queuing Method (129)

Multicast (131)

Authentication & Accounting (145)

IP Source Guard (159)

Loop Guard (169)

CHAPTER 8

VLAN

The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs.

8.1 Introduction to IEEE 802.1Q Tagged VLANs

A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag Control Information, starts after the source address field of the Ethernet frame).

The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum number of 4,096 VLANs. Note that user priority and VLAN ID are independent of each other. A frame with VID (VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094.

TPID 2 Bytes

User Priority 3 Bits

CFI 1 Bit

VLAN ID 12 bits

8.1.1 Forwarding Tagged and Untagged Frames

Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware switch, the Switch first decides where to forward the frame and then strips off the VLAN tag. To forward a frame from an 802.1Q VLAN-unaware switch to an 802.1Q VLAN-aware switch, the Switch first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.

A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain.

ES-2024 Series User’s Guide

Chapter 8 VLAN

8.2 Automatic VLAN Registration

GARP and GVRP are the protocols used to automatically register VLAN membership across switches.

8.2.1 GARP

GARP (Generic Attribute Registration Protocol) allows network switches to register and deregister attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP.

8.2.1.1 GARP Timers

Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values.

8.2.2 GVRP

GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch.

Please refer to the following table for common IEEE 802.1Q VLAN terminology.

Table 13 IEEE 802.1Q VLAN Terminology

VLAN PARAMETER TERM DESCRIPTION

VLAN Type Permanent VLAN This is a static VLAN created manually.

Dynamic VLAN This is a VLAN configured by a GVRP registration/

deregistration process.

VLAN Administrative Control

VLAN Tag Control Tagged Ports belonging to the specified VLAN tag all outgoing

VLAN Port Port VID This is the VLAN ID assigned to untagged frames that

Registration Fixed Fixed registration ports are permanent VLAN members.

Registration Forbidden

Normal Registration Ports dynamically join a VLAN using GVRP.

Untagged Ports belonging to the specified VLAN don't tag all

Acceptable Frame Type

Ingress filtering If set, the Switch discards incoming frames for VLANs

Ports with registration forbidden are forbidden to join the specified VLAN.

frames transmitted.

outgoing frames transmitted.

this port received.

You may choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port.

that do not have this port as a member

ES-2024 Series User’s Guide

8.3 Port VLAN Trunking

Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.

Refer to the following figure. Suppose you want to create VLAN groups 1 and 2 (V1 and V2) on devices A and B. Without VLAN Trunking, you must configure VLAN groups 1 and 2 on all intermediary switches C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).

Figure 31 Port VLAN Trunking

Chapter 8 VLAN

8.4 Select the VLAN Type

Select a VLAN type in the Basic Setting > Switch Setup screen.

Figure 32 Switch Setup: Select VLAN Type

8.5 Static VLAN

Use a static VLAN to decide whether an incoming frame on a port should be

• sent to a VLAN group as normal depending on its VLAN tag.

• sent to a group whether it has a VLAN tag or not.

• blocked from a VLAN group regardless of its VLAN tag.

You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID.

ES-2024 Series User’s Guide

Chapter 8 VLAN

8.5.1 Static VLAN Status

See Section 8.1 on page 79 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown

next.

Figure 33 Advanced Application > VLAN: VLAN Status

The following table describes the labels in this screen.

Table 14 Advanced Application > VLAN: VLAN Status

LABEL DESCRIPTION

The Number of VLAN

Index This is the VLAN index number. Click on an index number to view more VLAN

VID This is the VLAN identification number that was configured in the Static VLAN

Elapsed Time This field shows how long it has been since a normal VLAN was registered or a

Status This field shows how this VLAN was added to the Switch; Dynamic - using GVRP,

Change Pages Click Previous or Next to show the previous/next screen if all status information

This is the number of VLANs configured on the Switch.

details.

screen.

static VLAN was set up.

Static - added as a permanent entry or Other - added in another way such as via Multicast VLAN Registration (MVR).

cannot be seen in one screen.

8.5.2 Static VLAN Details

Use this screen to view detailed port settings and status of the VLAN group. See Section 8.1

on page 79 for more information on static VLAN. Click on an index number in the VLAN

Status screen to display VLAN details.

Figure 34 Advanced Application > VLAN > VLAN Detail

ES-2024 Series User’s Guide

The following table describes the labels in this screen.

Table 15 Advanced Application > VLAN > VLAN Detail

LABEL DESCRIPTION

VLAN Status Click this to go to the VLAN Status screen.

VID This is the VLAN identification number that was configured in the Static VLAN

screen.

Port Number This column displays the ports that are participating in a VLAN. A tagged port is

marked as T, an untagged port is marked as U and ports not participating in a VLAN are marked as “–“.

Elapsed Time This field shows how long it has been since a normal VLAN was registered or a

static VLAN was set up.

Status This field shows how this VLAN was added to the Switch; dynamic - using GVRP,

static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR).

8.5.3 Configure a Static VLAN

Use this screen to configure and view 802.1Q VLAN parameters for the Switch. See Section

8.1 on page 79 for more information on static VLAN. To configure a static VLAN, click Static

VLAN in the VLAN Status screen to display the screen as shown next.

Chapter 8 VLAN

Figure 35 Advanced Application > VLAN > Static VLAN

ES-2024 Series User’s Guide

Chapter 8 VLAN

The following table describes the related labels in this screen.

Table 16 Advanced Application > VLAN > Static VLAN

LABEL DESCRIPTION

ACTIVE Select this check box to activate the VLAN settings.

Name Enter a descriptive name for the VLAN group for identification purposes. This name

VLAN Group ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094.

Port The port number identifies the port you are configuring.

* Settings in this row apply to all ports.

Control Select Normal for the port to dynamically join this VLAN group using GVRP. This is

Tagging Select TX Tagging if you want the port to tag all outgoing frames transmitted with

Add Click Add to save your changes to the Switch’s run-time memory. The Switch loses

Cancel Click Cancel to begin configuring this screen afresh.

Clear Click Clear to start configuring the screen again.

VID This field displays the ID number of the VLAN group. Click the number to edit the

Active This field indicates whether the VLAN settings are enabled (Yes) or disabled (No).

Name This field displays the descriptive name for this VLAN group.

Delete Click Delete to remove the selected entry from the summary table.

Cancel Click Cancel to clear the Delete check boxes.

consists of up to 64 printable characters; spaces are allowed.

Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

Note: Changes in this row are copied to all the ports as soon as you

make them.

the default selection. Select Fixed for the port to be a permanent member of this VLAN group. Select Forbidden if you want to prohibit the port from joining this VLAN group.

this VLAN Group ID.

these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

VLAN settings.

8.5.4 Configure VLAN Port Settings

Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 8.1 on page 79 for more information on static VLAN. Click the VLAN Port Setting link in the VLAN Status screen.

ES-2024 Series User’s Guide

Chapter 8 VLAN

Figure 36 Advanced Application > VLAN > VLAN Port Setting

The following table describes the labels in this screen.

Table 17 Advanced Application > VLAN > VLAN Port Setting

LABEL DESCRIPTION

GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a

way for switches to register necessary VLAN members on ports across the network.

Select this check box to permit VLAN groups beyond the local Switch.

Port Isolation Port Isolation allows each port to communicate only with the CPU management

port and the Gigabit uplink ports but not communicate with each other. This option is the most limiting but also the most secure.

Ingress Check Select this check box to activate ingress filtering on the Switch.

Clear this check box to disable ingress filtering the Switch.

Port This field displays the port number.

* Settings in this row apply to all ports.

Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

PVID Enter a number between 1and 4094 as the port VLAN ID.

GVRP Select this check box to allow GVRP on this port.

Acceptable Frame Type

VLAN Trunking Enable VLAN Trunking on ports connected to other switches or routers (but not

ES-2024 Series User’s Guide

Note: Changes in this row are copied to all the ports as soon as you

make them.

Specify the type of frames allowed on a port. Choices are All and Tag On ly. Select All from the drop-down list box to accept all untagged or tagged frames on

this port. This is the default setting. Select Tag Only to accept only tagged frames on this port. All untagged frames will

be dropped.

ports directly connected to end users) to allow frames belonging to unknown VLAN groups to pass through the Switch.

Chapter 8 VLAN

Table 17 Advanced Application > VLAN > VLAN Port Setting (continued)

LABEL DESCRIPTION

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch

loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

Cancel Click Cancel to begin configuring this screen afresh.

8.6 Port-based VLAN Setup

Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.

Port-based VLANs require allowed outgoing ports to be defined for each port. Therefore, if you wish to allow two subscriber ports to talk to each other, for example, between conference rooms in a hotel, you must define the egress (an egress port is an outgoing port, that is, a port through which a data packet leaves) for both ports.

Port-based VLANs are specific only to the Switch on which they were created.

" When you activate port-based VLAN, the Switch uses a default VLAN ID of 1.

You cannot change it.

" In screens (such as IP Setup and Filtering) that require a VID, you must enter

1 as the VID.

The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports.

8.6.1 Configure a Port-based VLAN

Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the next screen.

ES-2024 Series User’s Guide

Chapter 8 VLAN

Figure 37 Advanced Application > VLAN: Port Based VLAN Setup (All Connected)

ES-2024 Series User’s Guide

Chapter 8 VLAN

Figure 38 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation)

ES-2024 Series User’s Guide

Chapter 8 VLAN

The following table describes the labels in this screen.

Table 18 Advanced Application > VLAN: Port Based VLAN Setup

LABEL DESCRIPTION

Setting Wizard Choose All connected or Port isolation.

All connected means all ports can communicate with each other, that is, there are no

virtual LANs. All incoming and outgoing ports are selected. This option is the most flexible but also the least secure.

Port isolation means that each port can only communicate with the CPU management port and cannot communicate with each other. All incoming ports are selected while only the CPU outgoing port is selected. This option is the most limiting but also the most secure.

After you make your selection, click Apply (top right of screen) to display the screens as mentioned above. You can still customize these settings by adding/deleting incoming or outgoing ports, but you must also click Apply at the bottom of the screen.

Incoming These are the ingress ports; an ingress port is an incoming port, that is, a port through

which a data packet enters. If you wish to allow two subscriber ports to talk to each other, you must define the ingress port for both ports. The numbers in the top row denote the incoming port for the corresponding port listed on the left (its outgoing port). CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port.

Outgoing These are the egress ports; an egress port is an outgoing port, that is, a port through

which a data packet leaves. If you wish to allow two subscriber ports to talk to each other, you must define the egress port for both ports. CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port.

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses

these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

Cancel Click Cancel to begin configuring this screen afresh.

ES-2024 Series User’s Guide

Chapter 8 VLAN

ES-2024 Series User’s Guide

CHAPTER 9

Static MAC Forward Setup

Use these screens to configure static MAC address forwarding.

9.1 Overview

This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network.

9.2 Configuring Static MAC Forwarding

A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When you set up static MAC address rules, you are setting static MAC addresses for a port. This may reduce the need for broadcasting.

Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See Chapter 17 on page 125 for more information on port security.

Click Advanced Applications > Static MAC Forwarding in the navigation panel to display the configuration screen as shown.

Figure 39 Advanced Application > Static MAC Forwarding

ES-2024 Series User’s Guide

Chapter 9 Static MAC Forward Setup

The following table describes the labels in this screen.

Table 19 Advanced Application > Static MAC Forwarding

LABEL DESCRIPTION

Active Select this check box to activate your rule. You may temporarily deactivate a rule

Name Enter a descriptive name for identification purposes for this static MAC address

MAC Address Enter the MAC address in valid MAC address format, that is, six hexadecimal

without deleting it by clearing this check box.

forwarding rule.

character pairs.

Note: Static MAC addresses do not age out.

VID Enter the VLAN identification number.

Port Enter the port where the MAC address entered in the previous field will be

automatically forwarded.

Add Click Add to save your rule to the Switch’s run-time memory. The Switch loses this

Cancel Click Cancel to begin configuring this screen afresh.

Clear Click Clear to begin configuring this screen afresh.

Index Click an index number to modify a static MAC address rule for a port.

Active This field displays whether this static MAC address forwarding rule is active (Yes) or

Name This field displays the descriptive name for identification purposes for this static MAC

MAC Address This field displays the MAC address that will be forwarded and the VLAN

VID This field displays the ID number of the VLAN group.

Port This field displays the port where the MAC address shown in the next field will be

Delete Click Delete to remove the selected entry from the summary table.

Cancel Click Cancel to clear the Delete check boxes.

rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

not (No). You may temporarily deactivate a rule without deleting it.

address-forwarding rule.

identification number to which the MAC address belongs.

forwarded.

ES-2024 Series User’s Guide

CHAPTER 10

Filtering

This chapter discusses MAC address port filtering.

10.1 Configure a Filtering Rule

Filtering means sifting traffic going through the Switch based on the MAC addresses and VLAN group (ID).

Click Advanced Application > Filtering in the navigation panel to display the screen as shown next.

Figure 40 Advanced Application > Filtering

The following table describes the related labels in this screen.

Table 20 Advanced Application > Filtering

LABEL DESCRIPTION

Active Make sure to select this check box to activate your rule. You may temporarily deactivate

a rule without deleting it by deselecting this check box.

Name Type a descriptive name (up to 32 English keyboard characters) for this rule. This is for

identification only.

MAC Type a MAC address in valid MAC address format, that is, six hexadecimal character

pairs.

VID Type the VLAN group identification number.

Add Click Add to save your changes to the Switch’s run-time memory. The Switch loses

these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

ES-2024 Series User’s Guide

Chapter 10 Filtering

Table 20 Advanced Application > Filtering (continued)

LABEL DESCRIPTION

Cancel Click Cancel to begin configuring this screen afresh.

Clear Click Clear to clear the fields to the factory defaults.

Index This field displays the index number of the rule. Click an index number to change the

Active This field displays Yes when the rule is activated and No when is it deactivated.

Name This field displays the descriptive name for this rule. This is for identification purpose

MAC Address

VID This field displays the VLAN group identification number.

Delete Check the rule(s) that you want to remove in the Delete column and then click the

Cancel Click Cancel to clear the selected checkbox(es) in the Delete column.

settings.

only.

This field displays the MAC address with the VLAN identification number to which the MAC address belongs.

Delete button.

ES-2024 Series User’s Guide

CHAPTER 11

Spanning Tree Protocol

The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards.

• IEEE 802.1D Spanning Tree Protocol

• IEEE 802.1w Rapid Spanning Tree Protocol

• IEEE 802.1s Multiple Spanning Tree Protocol

The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees.

11.1 STP/RSTP Overview

(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a Switch to interact with other (R)STP-compliant switches in your network to ensure that only one path exists between any two stations on the network.

The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster convergence of the spanning tree than STP (while also being backwards compatible with STPonly aware bridges). In RSTP, topology change information is directly propagated throughout the network from the device that generates the topology change. In STP, a longer delay is required as the device that causes a topology change first notifies the root bridge that then notifies the network. Both RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding.

" In this user’s guide, “STP” refers to both STP and RSTP.

11.1.1 STP Terminology

The root bridge is the base of the spanning tree.

ES-2024 Series User’s Guide

Chapter 11 Spanning Tree Protocol

Path cost is the cost of transmitting a frame onto a LAN through that port. The recommended cost is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost.

Table 21 STP Path Costs

LINK SPEED

Path Cost

4Mbps 250 100 to 1000 1 to 65535

10Mbps 100 50 to 600 1 to 65535

16Mbps 62 40 to 400 1 to 65535

100Mbps 19 10 to 60 1 to 65535

1Gbps 4 3 to 10 1 to 65535

10Gbps 2 1 to 5 1 to 65535

On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this Switch with the lowest path cost to the root (the root path cost). If there is no root port, then this Switch has been accepted as the root bridge of the spanning tree network.

RECOMMENDED VALUE

RECOMMENDED RANGE

ALLOWED RANGE

For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN.

11.1.2 How STP Works

After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP. Network packets are therefore only forwarded between enabled ports, eliminating any possible network loops.

STP-aware switches exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, a new spanning tree is constructed.

Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.

ES-2024 Series User’s Guide

11.1.3 STP Port States

STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops.

Table 22 STP Port States

PORT STATE DESCRIPTION

Disabled STP is disabled (default).

Blocking Only configuration and management BPDUs are received and processed.

Listening All BPDUs are received and processed.

Note: The listening state does not exist in RSTP.

Learning All BPDUs are received and processed. Information frames are submitted to the

learning process but not forwarded.

Forwarding All BPDUs are received and processed. All information frames are received and

forwarded.

11.1.4 Multiple STP

Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include the following features:

Chapter 11 Spanning Tree Protocol

• One Common and Internal Spanning Tree (CIST) that represents the entire network’s connectivity.

• Grouping of multiple bridges (or switching devices) into regions that appear as one single bridge on the network.

• A VLAN can be mapped to a specific Multiple Spanning Tree Instance (MSTI). MSTI allows multiple VLANs to use the same spanning tree.

• Load-balancing is possible as traffic from different VLANs can use distinct paths in a region.

11.1.4.1 MSTP Network Example

The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link.

ES-2024 Series User’s Guide

Chapter 11 Spanning Tree Protocol

Figure 41 STP/RSTP Network Example

VLAN 1

VLAN 2

With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the network example using MSTP.

Figure 42 MSTP Network Example

VLAN 1

VLAN 2

11.1.4.2 MST Region

An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network. Each MSTP-enabled device can only belong to one MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region.

Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings. These include the following parameters:

• Name of the MST region

• Revision level as the unique number for the MST region

• VLAN-to-MST Instance mapping

ES-2024 Series User’s Guide

11.1.4.3 MST Instance

An MST Instance (MSTI) is a spanning tree instance. VLANs can be configured to run on a specific MSTI. Each created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Thus an MSTI does not span across MST regions.

The following figure shows an example where there are two MST regions. Regions 1 and 2 have 2 spanning tree instances.

Figure 43 MSTIs in Different Regions

Chapter 11 Spanning Tree Protocol

11.1.4.4 Common and Internal Spanning Tree (CIST)

A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions and single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP.

Figure 44 MSTP and Legacy RSTP Network Example

11.2 Spanning Tree Configuration Screen

Use this screen to select the STP mode for the Switch. To open this screen, click Advanced Application > Spanning Tree Protocol > Configuration.

ES-2024 Series User’s Guide

Chapter 11 Spanning Tree Protocol

Figure 45 Advanced Application > Spanning Tree Protocol

Select the STP mode you want to configure on the Switch.

11.3 Configure Rapid Spanning Tree Protocol

Use this screen to configure RSTP settings, see Section 11.1 on page 95 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen.

Figure 46 Advanced Application > Spanning Tree Protocol > RSTP

100

The following table describes the labels in this screen.

Table 23 Advanced Application > Spanning Tree Protocol > RSTP

LABEL DESCRIPTION

Status Click Status to display the RSTP Status screen (see Figure 47 on page 102).

Active Select this check box to activate RSTP. Clear this check box to disable RSTP.

ES-2024 Series User’s Guide

Zyxel ES-2024 user manual

Specifications and Main Features

Frequently Asked Questions

User Manual

User’s Guide

About This User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

List of Figures

List of Tables

Introduction

Getting to Know Your Switch

1.1 Introduction

1.1.1 Backbone Application

1.1.2 Bridging Example

1.1.3 High Performance Switching Example

1.1.4 IEEE 802.1Q VLAN Application Examples

1.2 Ways to Manage the Switch

1.3 Good Habits for Managing the Switch

2.1 Freestanding Installation

2.2 Mounting the Switch on a Rack

2.2.1 Rack-mounted Installation Requirements

2.2.2 Attaching the Mounting Brackets to the Switch

2.2.3 Mounting the Switch on a Rack

Hardware Overview

3.1 Front Panel Connection

3.1.1 Console Port

3.1.2 Ethernet Ports

3.1.3 Mini-GBIC Slots

3.2 Rear Panel

3.2.1 Power Connector

3.3 LEDs

Basic Configuration

The Web Configurator

4.1 Introduction

4.2 System Login

4.3 The Status Screen

4.3.1 Change Your Password

4.4 Saving Your Configuration

4.5 Switch Lockout

4.6 Resetting the Switch

4.6.1 Reload the Configuration File

4.7 Logging Out of the Web Configurator

4.8 Help

Initial Setup Example

5.1 Overview

5.1.1 Creating a VLAN

5.1.2 Setting Port VID

5.1.3 Configuring Switch Management IP Address

6.1 Overview

6.2 Port Status Summary

6.2.1 Status: Port Details

Basic Setting

7.1 Overview

7.2 System Information

7.3 General Setup

7.4 Introduction to VLANs

7.5 Switch Setup Screen

7.6 IP Setup

7.6.1 IP Interfaces

7.7 Port Setup

Advanced Setup

VLAN

8.1 Introduction to IEEE 802.1Q Tagged VLANs

8.1.1 Forwarding Tagged and Untagged Frames

8.2 Automatic VLAN Registration

8.2.1 GARP

8.2.2 GVRP

8.3 Port VLAN Trunking

8.4 Select the VLAN Type

8.5 Static VLAN

8.5.1 Static VLAN Status

8.5.2 Static VLAN Details

8.5.3 Configure a Static VLAN

8.5.4 Configure VLAN Port Settings

8.6 Port-based VLAN Setup

8.6.1 Configure a Port-based VLAN

Static MAC Forward Setup