Zyxel GS2220-28, GS2220-50, GS2220-10HP, GS2220-50HP, GS2220-10 Handbook

...

1/232

www.zyxel.com

Switch Series

Edition 2023.1

Handbook

Default Login Details

LAN Port IP Address

https://192.168.1.1

User Name

admin

Password

1234

2/232

www.zyxel.com

Contents

Basic principles for network management ................................................. 7

1.1 How to change the switch management IP address to avoid

accessing the wrong device ........................................................................ 7

1.1.1 Configuration in the Switch-2 ......................................................... 8

1.1.2 Test the Result ................................................................................. 10

1.2 How to configure the switch with a device name to avoid accessing

the wrong device ........................................................................................ 11

1.2.1 Configuration in Switch-1 .............................................................. 12

1.2.2 Test the Result ................................................................................. 13

1.3 How to configure the switch to update the time from an NTP server14

1.3.1 Configuration in Switch ................................................................. 15

1.3.2 Test the Result ................................................................................. 16

1.3.3 What could go wrong? ................................................................. 18

1.4 How to configure the switch to backup events on a SYSLOG server19

1.4.1 Configure the Switch-1 ................................................................. 20

1.4.2 Test the Result ................................................................................. 22

1.4.3 What could go wrong? ................................................................. 23

1.5 How to configure the switch with a port name to quickly identify

directly connected devices ....................................................................... 24

1.5.1 Configure Switch-1 ........................................................................ 25

1.5.2 Test the Result ................................................................................. 26

1.6 How to collect the Diagnostic Info ....................................................... 27

1.6.1 Collect the Diagnostic Info from web GUI ................................. 28

1.6.2 Test the Result ................................................................................. 29

1.7 How to change the default administrator password .......................... 30

1.7.1 Change the default administrator password ............................ 31

1.7.2 Test the Result ................................................................................. 32

1.8 How to configure a whitelist for remote management to prevent

unauthorized access ................................................................................... 33

1.8.1 Configure the whitelist of the remote management ............... 34

1.8.2 Test the Result ................................................................................. 35

1.8.3 What could go wrong? ................................................................. 35

Designing the Local Area Network ............................................................ 37

2.1 How to configure the switch to separate traffic between

departments using VLAN ............................................................................ 37

2.1.1 Configure Switch-1 ........................................................................ 38

2.1.2 Configure Switch-2 ........................................................................ 40

2.1.3 Test the Result ................................................................................. 42

2.2 How to configure the switch to route traffic across VLANs ................ 43

2.2.1 Configure VLAN 10 ........................................................................ 44

2.2.2 Configure VLAN 20 ........................................................................ 46

3/232

www.zyxel.com

2.2.3 Set the gateway on PC-1 and PC-2 ........................................... 48

2.2.4 Test the Result ................................................................................. 50

2.2.5 What could go wrong ................................................................... 51

2.3 How to configure the switch to perform DHCP service in a VLAN .... 52

2.3.1 Configure VLAN 10 ........................................................................ 53

2.3.2 Configure VLAN 20 ........................................................................ 55

2.3.3 Configure the Switch and PC ...................................................... 57

2.3.4 Test the Result ................................................................................. 60

2.3.5 What Could Go Wrong ................................................................. 61

2.4 How to Configure the Switch to Translate Customer VLAN to Service

Provider VLAN .............................................................................................. 62

2.4.1 Configuration on the Core Switch .............................................. 64

2.4.2 Configuration on the Edge Switch .............................................. 66

2.4.3 Test the Results ................................................................................ 69

Improving Network Reliability .................................................................... 72

3.1 How to configure a stacked switch to ensure high server availability

....................................................................................................................... 72

3.1.1 Configure Switch-1 and Switch-2 for Stacking .......................... 72

3.1.2 Configure Link Aggregation on Stacked switch ....................... 75

3.1.3 Configure Link Aggregation on Switch-3 ................................... 75

3.1.4 Test the Result ................................................................................. 77

3.1.5 What Could Go Wrong ................................................................. 78

3.2 How to configure RSTP in a ring topology ........................................... 79

3.2.1 Configure Switch ............................................................................ 80

3.2.2 Test the Result ................................................................................. 82

3.2.3 What Could Go Wrong ................................................................. 84

3.3 How to configure VRRP to provide hosts with a redundant gateway

....................................................................................................................... 85

3.3.1 Configuration in the Gateway-A ................................................ 86

3.3.2 Configuration in the Gateway-B ................................................. 89

3.3.3 Test the Result ................................................................................. 92

3.3.4 What Could Go Wrong? ............................................................... 93

3.4 How to configure bandwidth control to limit incoming or outgoing

traffic rate ..................................................................................................... 94

3.4.1 Configure Switch ............................................................................ 95

3.4.2 Test the Result ................................................................................. 96

3.5 How to configure ACL to rate limit IP traffic ........................................ 97

3.5.1 Configure VLAN and Route Traffic .............................................. 98

3.5.2 Configure the Classifier ................................................................. 99

3.5.3 Configure the ACL (Policy Rule) ................................................ 101

3.5.4 Test the Result ............................................................................... 103

3.5.5 What Could Go Wrong ............................................................... 105

4/232

www.zyxel.com

3.6 How to Implement VRRP with Multiple Routing Interface Combine

with HA-pro Using Zyxel Enterprise Switch .............................................. 106

3.6.1 Configuration ............................................................................... 108

3.6.2 Verification .................................................................................... 123

3.6.3 What may go wrong? ................................................................. 125

3.7 How to Configure the Switch to Tunnel Layer 2 Protocol Packets

Through Service Provider Network ........................................................... 126

3.7.1 Configuration on the Edge Switch ............................................ 128

3.7.2 Configuration on the Customer Switch .................................... 131

3.7.3 Test the Results .............................................................................. 134

3.7.4 What Could Go Wrong ............................................................... 136

Designing an IPTV Network ....................................................................... 137

4.1 Introduction for IGMP .......................................................................... 137

4.1.1 What are General Queries and Group Specific Queries? .... 137

4.1.2 What are IGMP Snooping Querier Modes? ............................. 137

4.1.3 What are the differences between IGMP Snooping

fast/normal/immediate leave? .......................................................... 137

4.2 How to configure IGMP routing for multicast clients in a different LAN

..................................................................................................................... 139

4.2.1 Configure Switch-1 ...................................................................... 140

4.2.2 Configure Switch-2 ...................................................................... 141

4.2.3 Test the Result ............................................................................... 142

4.2.4 What Could Go Wrong ............................................................... 143

4.3 How to configure IGMP Snooping for multicast clients in the same

LAN .............................................................................................................. 144

4.3.1 Configure Switch .......................................................................... 145

4.3.2 Test the Result ............................................................................... 146

Network Security ........................................................................................ 147

5.1 How to configure the port security to limit the number of connected

devices ....................................................................................................... 147

5.1.1 Configure Switch-1 ...................................................................... 148

5.1.2 Test the Result ............................................................................... 149

5.1.3 What Could Go Wrong ............................................................... 150

5.2 How to configure MAC filter to block unwanted traffic ................... 151

5.2.1 Configure Switch-1 ...................................................................... 152

5.2.2 Test the Result ............................................................................... 153

5.2.3 What Could Go Wrong ............................................................... 154

5.3 How to configure the switch to prevent IP scanning ........................ 155

5.3.1 Configuration in the Switch ........................................................ 156

5.3.2 Test the Result ............................................................................... 157

5.3.3 What Could Go Wrong? ............................................................. 160

5/232

www.zyxel.com

5.4 How to Configure the Switch and RADIUS Server to Provide Network

Access through 802.1x Port Authentication ............................................ 161

5.4.1 Configuration in the Switch ........................................................ 162

5.4.2 Configuration in the RADIUS-Server .......................................... 162

5.4.3 Test the Result ............................................................................... 164

5.4.4 What May Go Wrong? ................................................................ 167

5.5 How to configure the switch to send unauthorized users in a guest

VLAN ........................................................................................................... 168

5.5.1 Configure 802.1x Port Authentication on the Switch ............. 169

5.5.2 Configure VLAN for Guest VLAN ............................................... 169

5.5.3 Configure Guest VLAN for Failed Authentication ................... 169

5.5.4 Configure the RadiusServer ........................................................ 169

5.5.5 Configure the setting on User-A, User-B and Guest ................ 170

5.5.6 Test the Result ............................................................................... 172

5.5.7 What Could Go Wrong ............................................................... 173

5.6 How to Configure the Switch and RADIUS Server to Provide Network

Access through Device MAC Address .................................................... 175

5.6.1 Configuration in the Switch ........................................................ 176

5.6.2 Configuration in the RADIUS-Server .......................................... 178

5.6.3 Test the Result ............................................................................... 179

5.6.4 What Could Go Wrong? ............................................................. 180

5.7 How to configure the switch to prevent ARP spoofing ..................... 181

5.7.1 Configuration in the Switch ........................................................ 182

5.7.2 Test the Result ............................................................................... 184

5.7.3 What Could Go Wrong? ............................................................. 185

5.8 How to Configure the Switch to Protect Against Rogue DHCP Servers

..................................................................................................................... 186

5.8.1 Configuration in the Switch ........................................................ 187

5.8.2 Test the Result ............................................................................... 190

5.8.3 What Could Go Wrong? ............................................................. 191

5.9 How to configure IPSG static binding for trusted network devices . 192

5.9.1 Configuration in the Switch ........................................................ 193

5.9.2 Test the Result ............................................................................... 194

5.10 How to configure ACL to block unwanted traffic ........................... 195

5.10.1 Configure VLAN and Route Traffic .......................................... 196

5.10.2 Configure the Classifier ............................................................. 197

5.10.3 Configure the Policy Rule ......................................................... 198

5.10.4 Test the Result ............................................................................. 199

5.10.5 What Could Go Wrong ............................................................. 200

5.11 How to use ACL to mirror traffic of a specific criteria ..................... 201

5.11.1 Configuration of ACL ................................................................ 203

5.11.2 Test the Result ............................................................................. 207

6/232

www.zyxel.com

5.11.3 What May Go Wrong ................................................................ 208

5.12 How to Separate Traffic through L2 Port Isolation ........................... 209

5.12.1 Configuration in the Switch ...................................................... 212

5.12.2 Test the Result ............................................................................. 214

5.12.3 What May Go Wrong ................................................................ 216

Implementing VOIP ................................................................................... 217

6.1 How to configure an IP Phone's VLAN using LLDP-MED ................... 217

6.1.1 Configure VLAN for IP Phone ..................................................... 218

6.1.2 Configure Switch .......................................................................... 219

6.1.3 Test the Result ............................................................................... 220

6.1.4 What Could Go Wrong ............................................................... 221

6.2 How to configure the switch to separate VOIP traffic from data traffic

..................................................................................................................... 222

6.2.1 Configure VLAN 100 for IP Phone .............................................. 223

6.2.2 Configure Voice VLAN ................................................................ 224

6.2.3 Test the Result ............................................................................... 225

6.2.4 What Could Go Wrong ............................................................... 226

6.3 How to configure the switch to improve Voice traffic quality ......... 227

6.3.1 Configure VLAN for voice traffic ............................................... 228

6.3.2 Configure Voice VLAN ................................................................ 229

6.3.3 Configure Mirroring (For “Test the Result”) ............................... 230

6.3.4 Test the Result ............................................................................... 231

6.3.5 What Could Go Wrong ............................................................... 232

7/232

www.zyxel.com

Basic principles for network management

1.1 How to change the switch management IP address to avoid accessing the wrong device

This example shows administrators how to use the Web GUI to manage the IP addresses of the switches and avoid administrators from unintentionally accessing the wrong devices. As shown below, there are two switches in the environment. Both default IP addresses of the two switches are 192.168.1.1.

Figure 1 Two switches are using the same default IP address

8/232

www.zyxel.com

1.1.1 Configuration in the Switch-2

1 Disconnect the link between Switch-1 and Switch-2.

2 Set the PC’s IP address on to the same subnet as the switches.

For example, set the PC IP address as 192.168.1.100.

3 Open a browser (IE, Chrome, Safari, Firefox, etc….). Go to

website http://192.168.1.1 (default management IP address).

Key in “username: admin; password: 1234” and log in.

9/232

www.zyxel.com

4 Enter the webpage and go to Menu > SYSTEM > IP Setup > IP

Setup > IP Interface > Add/Edit. Set the IP address you prefer, for example 192.168.1.2. Then click Apply.

5 Log back in using the new IP address 192.168.1.2. After logging

in again, remember to click the Save icon to save the new configurations.

10/232

www.zyxel.com

1.1.2 Test the Result

1 Log in via the web GUI and go to Menu > SYSTEM > IP

Setup > IP Status. Check if the IP address is already

configured as 192.168.1.2.

11/232

www.zyxel.com

1.2 How to configure the switch with a device name to avoid accessing the wrong device

This example shows administrators how to use the Web GUI to manage device name and avoid accessing the wrong devices. As shown below, the PC connects with Switch-1 in the environment. In the default setting, device name (System Name) will be the model name (XGS2220 in this example).

Figure 2 Change the device name of the switch

12/232

www.zyxel.com

1.2.1 Configuration in Switch-1

1 Enter the web GUI and go to Menu > SYSTEM > General

Setup. Change the System Name (Switch-1 in this example) and click Apply.

2 Click “Save” to save the configuration.

13/232

www.zyxel.com

1.2.2 Test the Result

Enter the web GUI and you will see the page of the switch information. Check if the System Name is the name you configured (Switch-1 in this example) or not.

14/232

www.zyxel.com

1.3 How to configure the switch to update the time from an NTP server

This example shows administrators how to use the NTP server to update the system time of the switch. As shown below, the PC connects with Switch and Switch connects with the USG in the environment.

Figure 3 Set up Switch to get time from NTP Server

Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using XGS2220-30 (Firmware Version: V4.80). We use google free public NTP server (216.239.35.12) to be our NTP server. You can also choose another available NTP server. Furthermore, due to there is routing set up in this configuration, the user interface might be some difference for other models.

15/232

www.zyxel.com

1.3.1 Configuration in Switch

1 Enter the web GUI and go to Menu > SYSTEM > IP Setup > IP

Setup > IP Setup. Set the default Gateway as USG IP:

192.168.1.1. Then click “Apply”.

2 Go to Menu > SYSTEM > General Setup. Select “Use Time Server

when Bootup” to NTP(RFC-1305) and set the “Time Server IP Address”. In this scenario, we use the google free public NTP server (216.239.35.12) as an example. Also, select the “Time Zone” in your location. Finally, remember to click “Apply”.

3 Click Save to save the configuration.

16/232

www.zyxel.com

1.3.2 Test the Result

1 Go to Menu > SYSTEM > General Setup. Both the Current Time

and Current Date should be the current time in your location. If the current time is not updated as the correct time, click

“Refresh”.

2 Try to select the “User Time Server when Bootup” as None. Few

second later, change back to NTP(RFC-1305). The time will still update to the current time.

17/232

www.zyxel.com

18/232

www.zyxel.com

1.3.3 What could go wrong?

1 Switch may not be able to access the NTP Server successfully.

Follow the step to test if NTP Server is available. Go to Menu > Maintenance > Diagnostic. Select IPv4 and type the IP address

of NTP Server (216.239.35.12) into the IP Address field. Click “Ping”.

19/232

www.zyxel.com

1.4 How to configure the switch to backup events on a SYSLOG server

The example shows administrators how to set up the switch to send system log events to a remote syslog server.

Figure 4 Upload the syslog automatically to the server

20/232

www.zyxel.com

1.4.1 Configure the Switch-1

1 Enter the web GUI and go to Menu > SYSTEM > Syslog Setup >

Syslog Server Setup > Add/Edit. Enable the Activate setting and

set up the server IP address. In this example, it is 192.168.1.200. Choose the Log Level you prefer (Level 0-7 in this example). The wider the range, the more detailed log will be recorded. Remember to click “Apply”.

2 In the same page, activate the Syslog and activate the

logging type you prefer. Also, remember to click “Apply”.

Note: Log Level refers to which events should be sent to the Syslog Server. Severity: Emergency (0), Alert (1), Critical (2), Error (3), Warning (4), Notice (5), Informational (6), and Debug (7).

21/232

www.zyxel.com

3 Click Save to save the configuration.

22/232

www.zyxel.com

1.4.2 Test the Result

1 Unplug and re-plug PC-1 from the switch.

2 The Syslog Server should receive an event log from the switch.

3 We can also check the directory (“C:\app\Tftpd64” in this

example) to find out if a text file is created on the Syslog Server.

23/232

www.zyxel.com

1.4.3 What could go wrong?

1 If Switch-1 and Syslog Server are in different subnets, remember

to set default gateway so that Switch-1 and the Syslog Server can communicate with each other.

2 Confirm the service port number of the Switch-1 and the Syslog

Server are the same. (Default service port for the Syslog Server in the Switch-1 is 514).

24/232

www.zyxel.com

1.5 How to configure the switch with a port name to quickly identify directly connected devices

The example shows administrators how to configure the switch with a port name to quickly identify directly connected devices. By doing this, administrators and quickly identify which port connects to which device, location, or section of the network.

Figure 5 Configure the port name of the switch

25/232

www.zyxel.com

1.5.1 Configure Switch-1

1 Enter the web GUI and go to Menu > Port > Port Setup. Type the

name of each directly connected devices on the corresponding port name. For example, you can type Switch2 in port 2 and AP in port 3. Then click “Apply”.

2 Click Save to save the configuration.

26/232

www.zyxel.com

1.5.2 Test the Result

1 Go to Menu > Monitor > Port Status. You will see the name you

type in the column of name.

27/232

www.zyxel.com

1.6 How to collect the Diagnostic Info

The example shows local administrators how to collect the Diagnostic Info by web GUI. The Diagnostic Info is a set of logs that includes useful information such as System Information, CPU utilization history, system logs and debug reports for issue analysis.

Figure 6 Collect the Diagnostic Info from web GUI

28/232

www.zyxel.com

1.6.1 Collect the Diagnostic Info from web GUI

1 Enter the web GUI and go to Menu > Maintenance > Tech-

Support. Click the Download button for All. You can also select

the specific Diagnostic Info you need. (Ex: Crash, ROM,…..)

29/232

www.zyxel.com

1.6.2 Test the Result

1 Open the file and you can view the Diagnostic Info. (In this

example, we use the Notepad++ to open the .txt file.)

30/232

www.zyxel.com

1.7 How to change the default administrator password

The example shows administrators how to change the default administrator password used for management access. Failure to change the default administrator password is a security risk that allows unauthorized user access to your device’s management.

Figure 7 Change the default administrator password

+ 202 hidden pages

Zyxel GS2220-28, GS2220-50, GS2220-10HP, GS2220-50HP, GS2220-10 Handbook

Specifications and Main Features

Frequently Asked Questions

User Manual