Zyxel GS1915-24E, GS1915-24EP, GS1915-8, GS1915-8EP Handbook

www.zyxel.com

1/242

Switch Series

Edition 2022.1

Handbook

Default Login Details

LAN Port IP Address

https://192.168.1.1

User Name

admin

Password

1234

www.zyxel.com

2/242

Contents

Basic principles for network management ................................................. 7

1.1 How to change the switch management IP address to avoid

accessing the wrong device ........................................................................ 7

1.1.1 Configuration in the Switch-2 ........................................................ 8

1.1.2 Test the Result ................................................................................. 10

1.2 How to configure the switch with a device name to avoid accessing

the wrong device ........................................................................................ 11

1.2.1 Configuration in Switch-1 ............................................................. 12

1.2.2 Test the Result ................................................................................. 13

1.3 How to configure the switch to update the time from an NTP server14

1.3.1 Configuration in Switch ................................................................ 15

1.3.2 Test the Result ................................................................................. 16

1.3.3 What could go wrong? ................................................................ 18

1.4 How to configure the switch to backup events on a SYSLOG server19

1.4.1 Configure the Switch-1 ................................................................. 20

1.4.2 Test the Result ................................................................................. 22

1.4.3 What could go wrong? ................................................................ 23

1.5 How to configure the switch with a port name to quickly identify

directly connected devices ....................................................................... 24

1.5.1 Configure Switch-1 ........................................................................ 25

1.5.2 Test the Result ................................................................................. 26

1.6 How to collect the Diagnostic Info ....................................................... 27

1.6.1 Collect the Diagnostic Info from web GUI ................................ 28

1.6.2 Test the Result ................................................................................. 29

1.7 How to change the default administrator password .......................... 30

1.7.1 Change the default administrator password ........................... 31

1.7.2 Test the Result ................................................................................. 32

1.8 How to configure a whitelist for remote management to prevent

unauthorized access ................................................................................... 33

1.8.1 Configure the whitelist of the remote management .............. 34

1.8.2 Test the Result ................................................................................. 35

1.8.3 What could go wrong? ................................................................ 35

Designing the Local Area Network ............................................................ 37

2.1 How to configure the switch to separate traffic between

departments using VLAN ............................................................................ 37

2.1.1 Configure Switch-1 ........................................................................ 38

2.1.2 Configure Switch-2 ........................................................................ 41

2.1.3 Test the Result ................................................................................. 43

2.2 How to configure the switch to route traffic across VLANs ................ 44

2.2.1 Configure VLAN 10 ........................................................................ 45

2.2.2 Configure VLAN 20 ........................................................................ 47

www.zyxel.com

3/242

2.2.3 Set the gateway on PC-1 and PC-2 ........................................... 49

2.2.4 Test the Result ................................................................................. 51

2.2.5 What could go wrong .................................................................. 52

2.3 How to configure the switch to perform DHCP service in a VLAN .... 53

2.3.1 Configure VLAN 10 ........................................................................ 54

2.3.2 Configure VLAN 20 ........................................................................ 56

2.3.3 Configure the Switch and PC ...................................................... 58

2.3.4 Test the Result ................................................................................. 61

2.3.5 What Could Go Wrong ................................................................. 62

2.4 How to Configure the Switch to Translate Customer VLAN to Service

Provider VLAN .............................................................................................. 63

2.4.1 Configuration on the Core Switch .............................................. 65

2.4.2 Configuration on the Edge Switch ............................................. 67

2.4.3 Test the Results ............................................................................... 69

Improving Network Reliability .................................................................... 72

3.1 How to configure a stacked switch to ensure high server availability

....................................................................................................................... 72

3.1.1 Configure Switch-1 and Switch-2 for Stacking .......................... 73

3.1.2 Configure Link Aggregation on Stacked switch ....................... 75

3.1.3 Configure Link Aggregation on Switch-3 ................................... 76

3.1.4 Test the Result ................................................................................. 77

3.1.5 What Could Go Wrong ................................................................. 78

3.2 How to configure RSTP in a ring topology ........................................... 79

3.2.1 Configure Switch ........................................................................... 80

3.2.2 Test the Result ................................................................................. 83

3.2.3 What Could Go Wrong ................................................................. 85

3.3 How to configure VRRP to provide hosts with a redundant gateway

....................................................................................................................... 86

3.3.1 Configuration in the Gateway-A ................................................ 87

3.3.2 Configuration in the Gateway-B ................................................. 90

3.3.3 Test the Result ................................................................................. 93

3.3.4 What Could Go Wrong? .............................................................. 95

3.4 How to configure bandwidth control to limit incoming or outgoing

traffic rate ..................................................................................................... 96

3.4.1 Configure Switch ........................................................................... 97

3.4.2 Test the Result ................................................................................. 98

3.5 How to configure ACL to rate limit IP traffic ........................................ 99

3.5.1 Configure VLAN and Route Traffic ........................................... 100

3.5.2 Configure the Classifier ............................................................... 101

3.5.3 Configure the ACL (Policy Rule) ................................................ 103

3.5.4 Test the Result ............................................................................... 105

3.5.5 What Could Go Wrong ............................................................... 107

www.zyxel.com

4/242

3.6 How to Implement VRRP with Multiple Routing Interface Combine

with HA-pro Using Zyxel Enterprise Switch .............................................. 108

3.6.1 Configuration ............................................................................... 110

3.6.2 Verification ................................................................................... 125

3.6.3 What may go wrong? ................................................................. 127

3.7 How to Configure the Switch to Tunnel Layer 2 Protocol Packets

Through Service Provider Network ........................................................... 128

3.7.1 Configuration on the Edge Switch ........................................... 130

3.7.2 Configuration on the Customer Switch ................................... 134

3.7.3 Test the Results ............................................................................. 137

3.7.4 What Could Go Wrong ............................................................... 138

Designing an IPTV Network ....................................................................... 139

4.1 Introduction for IGMP .......................................................................... 139

4.1.1 What are General Queries and Group Specific Queries? .... 139

4.1.2 What are IGMP Snooping Querier Modes? ............................. 139

4.1.3 What are the differences between IGMP Snooping

fast/normal/immediate leave? .......................................................... 139

4.2 How to configure IGMP routing for multicast clients in a different LAN

..................................................................................................................... 141

4.2.1 Configure Switch-1 ...................................................................... 142

4.2.2 Configure Switch-2 ...................................................................... 143

4.2.3 Test the Result ............................................................................... 144

4.2.4 What Could Go Wrong ............................................................... 145

4.3 How to configure IGMP Snooping for multicast clients in the same

LAN .............................................................................................................. 146

4.3.1 Configure Switch ......................................................................... 147

4.3.2 Test the Result ............................................................................... 148

Network Security ........................................................................................ 149

5.1 How to configure the port security to limit the number of connected

devices ....................................................................................................... 149

5.1.1 Configure Switch-1 ...................................................................... 150

5.1.2 Test the Result ............................................................................... 151

5.1.3 What Could Go Wrong ............................................................... 152

5.2 How to configure MAC filter to block unwanted traffic ................... 153

5.2.1 Configure Switch-1 ...................................................................... 154

5.2.2 Test the Result ............................................................................... 155

5.2.3 What Could Go Wrong ............................................................... 156

5.3 How to configure the switch to prevent IP scanning ........................ 157

5.3.1 Configuration in the Switch........................................................ 158

5.3.2 Test the Result ............................................................................... 159

5.3.3 What Could Go Wrong? ............................................................ 162

www.zyxel.com

5/242

5.4 How to Configure the Switch and RADIUS Server to Provide Network

Access through 802.1x Port Authentication ............................................ 163

5.4.1 Configuration in the Switch........................................................ 164

5.4.2 Configuration in the RADIUS-Server .......................................... 165

5.4.3 Test the Result ............................................................................... 166

5.4.4 What May Go Wrong? ............................................................... 169

5.5 How to configure the switch to send unauthorized users in a guest

VLAN ........................................................................................................... 170

5.5.1 Configure 802.1x Port Authentication on the Switch ............. 171

5.5.2 Configure VLAN for Guest VLAN ............................................... 171

5.5.3 Configure Guest VLAN for Failed Authentication .................. 171

5.5.4 Configure the RadiusServer ....................................................... 171

5.5.5 Configure the setting on User-A, User-B and Guest ............... 172

5.5.6 Test the Result ............................................................................... 174

5.5.7 What Could Go Wrong ............................................................... 175

5.6 How to Configure the Switch and RADIUS Server to Provide Network

Access through Device MAC Address .................................................... 177

5.6.1 Configuration in the Switch........................................................ 178

5.6.2 Configuration in the RADIUS-Server .......................................... 180

5.6.3 Test the Result ............................................................................... 181

5.6.4 What Could Go Wrong? ............................................................ 182

5.7 How to configure the switch to prevent ARP spoofing ..................... 183

5.7.1 Configuration in the Switch........................................................ 184

5.7.2 Test the Result ............................................................................... 186

5.7.3 What Could Go Wrong? ............................................................ 187

5.8 How to Configure the Switch to Protect Against Rogue DHCP Servers

..................................................................................................................... 188

5.8.1 Configuration in the Switch........................................................ 189

5.8.2 Test the Result ............................................................................... 192

5.8.3 What Could Go Wrong? ............................................................ 193

5.9 How to configure IPSG static binding for trusted network devices . 194

5.9.1 Configuration in the Switch........................................................ 195

5.9.2 Test the Result ............................................................................... 196

5.10 How to configure ACL to block unwanted traffic ........................... 197

5.10.1 Configure VLAN and Route Traffic ......................................... 198

5.10.2 Configure the Classifier ............................................................. 198

5.10.3 Configure the Policy Rule ......................................................... 200

5.10.4 Test the Result ............................................................................. 201

5.10.5 What Could Go Wrong ............................................................. 202

5.11 How to use ACL to mirror traffic of a specific criteria ..................... 203

5.11.1 Configuration of ACL ................................................................ 205

5.11.2 Test the Result ............................................................................. 209

www.zyxel.com

6/242

5.11.3 What May Go Wrong ................................................................ 210

5.12 How to Separate Traffic through L2 Port Isolation ........................... 211

5.12.1 Configuration in the Switch ..................................................... 214

5.12.2 Test the Result ............................................................................. 216

5.12.3 What May Go Wrong ................................................................ 218

Implementing VOIP ................................................................................... 219

6.1 How to configure an IP Phone's VLAN using LLDP-MED ................... 219

6.1.1 Configure VLAN for IP Phone ..................................................... 220

6.1.2 Configure Switch ......................................................................... 221

6.1.3 Test the Result ............................................................................... 223

6.1.4 What Could Go Wrong ............................................................... 224

6.2 How to configure the switch to separate VOIP traffic from data traffic

..................................................................................................................... 225

6.2.1 Configure VLAN 100 for IP Phone .............................................. 226

6.2.2 Configure Voice VLAN ............................................................... 227

6.2.3 Test the Result ............................................................................... 228

6.2.4 What Could Go Wrong ............................................................... 229

6.3 How to configure the switch to improve Voice traffic quality ......... 230

6.3.1 Configure VLAN for voice traffic ............................................... 231

6.3.2 Configure Voice VLAN ............................................................... 232

6.3.3 Configure Mirroring (For “Test the Result”) ............................... 233

6.3.4 Test the Result ............................................................................... 234

6.3.5 What Could Go Wrong ............................................................... 235

6.4 How to Configure Voice VLAN on Zyxel Switch ................................ 236

6.4.1 Configuration ............................................................................... 237

6.4.2 Test the result ................................................................................ 241

6.4.3 What Could Go Wrong ............................................................... 242

www.zyxel.com

7/242

Basic principles for network management

1.1 How to change the switch management IP address to avoid accessing the wrong device

This example shows administrators how to use the Web GUI to manage the IP addresses of the switches and avoid administrators from unintentionally accessing the wrong devices. As shown below, there are two switches in the environment. Both default IP addresses of the two switches are 192.168.1.1.

Figure 1 Two switches are using the same default IP address

www.zyxel.com

8/242

1.1.1 Configuration in the Switch-2

1 Disconnect the link between Switch-1 and Switch-2.

2 Set the PC’s IP address on to the same subnet as the switches.

For example, set the PC IP address as 192.168.1.100.

3 Open a browser (IE, Chrome, Safari, Firefox, etc….). Go to

website http://192.168.1.1 (default management IP address). Key in “username: admin; password: 1234” and log in.

www.zyxel.com

9/242

4 Enter the webpage and go to Menu > Basic Setting > IP Setup

> IP Configuration. Set the IP address you prefer, for example

192.168.1.2. Then click Add.

5 Log back in using the new IP address 192.168.1.2. After logging

in again, remember to click the Save icon to save the new configurations.

www.zyxel.com

10/242

1.1.2 Test the Result

1 Log in via the web GUI and go to Menu > Basic Setting >

IP Setup > IP Configuration. Check if the IP address is already configured as 192.168.1.2.

www.zyxel.com

11/242

1.2 How to configure the switch with a device name to avoid accessing the wrong device

This example shows administrators how to use the Web GUI to manage device name and avoid accessing the wrong devices. As shown below, the PC connects with Switch-1 in the environment. In the default setting, device name (System Name) will be the model name (XGS4600 in this example).

Figure 2 Change the device name of the switch

www.zyxel.com

12/242

1.2.1 Configuration in Switch-1

1 Enter the web GUI and go to Menu > Basic Setting > General

Setup. Change the System Name (Switch-1 in this example) and click Apply.

2 Click “Save” to save the configuration.

www.zyxel.com

13/242

1.2.2 Test the Result

Enter the web GUI and you will see the page of the switch information. Check if the System Name is the name you configured (Switch-1 in this example) or not.

www.zyxel.com

14/242

1.3 How to configure the switch to update the time from an NTP server

This example shows administrators how to use the NTP server to update the system time of the switch. As shown below, the PC connects with Switch and Switch connects with the USG in the environment.

Figure 3 Set up Switch to get time from NTP Server

Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using XGS4600-32 (Firmware Version: V4.50). We use google free public NTP server (216.239.35.12) to be our NTP server. You can also choose another available NTP server. Furthermore, due to there is routing set up in this configuration, the user interface might be some difference for other models.

www.zyxel.com

15/242

1.3.1 Configuration in Switch

1 Enter the web GUI and go to Menu > Basic Setting > IP Setup

> IP Configuration. Set the default Gateway as USG IP:

192.168.1.1. Then click “Apply”.

2 Go to Menu > Basic Setting > General Setup. Select “Use Time

Server when Bootup” to NTP(RFC-1305) and set the “Time Server IP Address”. In this scenario, we use the google free public NTP server (216.239.35.12) as an example. Also, select the “Time Zone” in your location. Finally, remember to click

“Apply”.

3 Click Save to save the configuration.

www.zyxel.com

16/242

1.3.2 Test the Result

1 Go to Menu > Basic Setting > General Setup. Both the Current

Time and Current Date should be the current time in your location. If the current time is not updated as the correct time, click “Refresh”.

2 Try to select the “User Time Server when Bootup” as None. Few

second later, change back to NTP(RFC-1305). The time will still update to the current time.

www.zyxel.com

17/242

www.zyxel.com

18/242

1.3.3 What could go wrong?

1 Switch may not be able to access the NTP Server successfully.

Follow the step to test if NTP Server is available. Go to Menu > Management > Diagnostic. Select IPv4 as in-band and type

the IP address of NTP Server (216.239.35.12) into the IP Address field. Click “Ping”.

www.zyxel.com

19/242

1.4 How to configure the switch to backup events on a SYSLOG server

The example shows administrators how to set up the switch to send system log events to a remote syslog server.

Figure 4 Upload the syslog automatically to the server

www.zyxel.com

20/242

1.4.1 Configure the Switch-1

1 Enter the web GUI and go to Menu > Management > Syslog

Setup > Syslog Server Setup. Activate the syslog server setup

and set up the server IP address. In this example, it is

192.168.1.200. Choose the Log Level you prefer (Level 0-7 in this example). The wider the range, the more detailed log will be recorded. Remember to click “Add”.

2 In the same page, activate the Syslog and activate the

logging type you prefer. Also, remember to click “Apply”.

Note: Log Level refers to which events should be sent to the Syslog Server. Severity: Emergency (0), Alert (1), Critical (2), Error (3), Warning (4), Notice (5), Informational (6), and Debug (7).

www.zyxel.com

21/242

3 Click Save to save the configuration.

www.zyxel.com

22/242

1.4.2 Test the Result

1 Unplug and re-plug PC-1 from the switch.

2 The Syslog Server should receive an event log from the switch.

3 We can also check the directory (“C:\app\Tftpd64” in this

example) to find out if a text file is created on the Syslog Server.

www.zyxel.com

23/242

1.4.3 What could go wrong?

1 If Switch-1 and Syslog Server are in different subnets, remember

to set default gateway so that Switch-1 and the Syslog Server can communicate with each other.

2 Confirm the service port number of the Switch-1 and the Syslog

Server are the same. (Default service port for the Syslog Server in the Switch-1 is 514).

www.zyxel.com

24/242

1.5 How to configure the switch with a port name to quickly identify directly connected devices

The example shows administrators how to configure the switch with a port name to quickly identify directly connected devices. By doing this, administrators and quickly identify which port connects to which device, location, or section of the network.

Figure 5 Configure the port name of the switch

www.zyxel.com

25/242

1.5.1 Configure Switch-1

1 Enter the web GUI and go to Menu > Basic Setting > Port Setup.

Type the name of each directly connected devices on the corresponding port name. For example, you can type Switch2 in port 2 and AP in port 3. Then click “Apply”.

2 Click Save to save the configuration.

www.zyxel.com

26/242

1.5.2 Test the Result

1 Go to Menu > Maintenance > Port Status. You will see the

name you type in the column of name.

www.zyxel.com

27/242

1.6 How to collect the Diagnostic Info

The example shows local administrators how to collect the Diagnostic Info by web GUI. The Diagnostic Info is a set of logs that includes useful information such as System Information, CPU utilization history, system logs and debug reports for issue analysis.

Figure 6 Collect the Diagnostic Info from web GUI

www.zyxel.com

28/242

1.6.1 Collect the Diagnostic Info from web GUI

1 Enter the web GUI and go to Menu > Management >

Maintenance > Tech-Support > Click Here. Click the Download

button for All. You can also select the specific Diagnostic Info you need. (Ex: Crash, ROM,…..)

www.zyxel.com

29/242

1.6.2 Test the Result

1 Open the file and you can view the Diagnostic Info. (In this

example, we use the Notepad++ to open the .txt file.)

www.zyxel.com

30/242

1.7 How to change the default administrator password

The example shows administrators how to change the default administrator password used for management access. Failure to change the default administrator password is a security risk that allows unauthorized user access to your device’s management.

Figure 7 Change the default administrator password

+ 212 hidden pages

Zyxel GS1915-24E, GS1915-24EP, GS1915-8, GS1915-8EP Handbook

Specifications and Main Features

Frequently Asked Questions

User Manual