ZyXEL Communications MES3500-24, MES3500-24F User Manual

Download

MES3500-24/24F

Layer 2 Management Switch

Default Login Details

IP Address http://192.168.1.1 User Name admin Password 1234

Firmware Version 4.00 Edition 1, 12/2011

www.zyxel.com

About This User's Guide

IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

Intended Audience

This manual is intended for people who want to configure the Switch using the web configurator.

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

Note: Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The MES3500-24/24F may be referred to as the “Switch”, the “device”, the “sys tem” or the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

Document Conventions

Warnings tell you about things that could harm you or your device.

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device.

The Switch Computer Notebook computer Server

DSLAM Firewall Telephone Switch

Router

MES3500-24/24F User’s Guide

Safety Warnings

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Do NOT expose your device to dampness, dust or corrosive liquids .

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

• For continued protection against risk of fire replace only with same type and rating of fuse.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the pro duct where an yone can walk on the power adaptor or cord.

• Do NOT use the devi ce if the power adaptor or cord is damaged as it might cause electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

• Do no t use the device outside, and make sure all the connections are indoors. There i s a remote risk of electric shock from lightning.

• Do NOT obstruct the devi ce ventilation slots, as insufficient airflow may harm your device.

Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately.

MES3500-24/24F User’s Guide

Safety Warnings

MES3500-24/24F User’s Guide

Contents Overview

User’s Guide ...........................................................................................................................21

Getting to Know Your Switch ......................................................................................................23

Hardware Installation and Connection .......................................................................................27

Hardware Overview ....................................................................................................................30

The Web Configurator ................................................................................................................39

Initial Setup Example .................................................................................................................49

Tutorials .....................................................................................................................................53

Technical Reference ..............................................................................................................79

System Status and Port Statistics .......... ... ... ... ... .... ....................................................................81

Basic Setting .............................................................................................................................86

VLAN ..................................... ................................. ................................ ....................................97

Static MAC Forward Setup .......................................................................................................114

Static Multicast Forward Setup .................................................................................................116

Filtering ....................................................................................................................................120

Spanning Tree Protocol ................... ... .... ... ... ... .........................................................................122

Bandwidth Control . ... .... ... ... ... .... ...............................................................................................141

Broadcast Storm Control ..........................................................................................................144

Mirroring ....................................... .................................................................... ........................146

Link Aggregation ................................ .... ... ... ... ... ......................................................................148

Port Authentication ... .... ... ... ......................................................................................................156

Port Security .............................. ... ... ... .............................................. ... ... ... ... .... ... .....................164

Classifier ..................................................................................................................................166

Policy Rule ..............................................................................................................................171

Queuing Method ..................................... ... ... ... ... .... ..................................................................176

VLAN Stacking .........................................................................................................................179

Multicast ............................. ................................................................. .....................................186

AAA ..........................................................................................................................................201

IP Source Guard ... ... .... ... ... ......................................................................................................214

Loop Guard ..................................... ... .... ... ... ... ... .... ... ...............................................................233

VLAN Mapping .........................................................................................................................237

Layer 2 Protocol Tunneling .................................... ... ... ... .... ... ..................................................241

sFlow ............................... ................................ ................................. ........................................245

PPPoE ......................................................................................................................................249

Error Disable ............................................................................................................................257

Private VLAN ......................... .... ... ... ... .... ............................................. ... ... ... .... ........................262

Static Route ..............................................................................................................................265

Differentiated Services .......... .... ... ... ... .... ... ... ... ... .... ..................................................................268

MES3500-24/24F User’s Guide

Contents Overview

DHCP ................................. .............................................................. ........................................276

Maintenance .................................... ....... ...... ...... ....... ...... ....... ...... ....... ...... ....... ... ...... ...............283

Access Control .........................................................................................................................290

Diagnostic ................................................................................................................................312

Syslog ......................................................................................................................................313

Cluster Management ....... ... ................................................. ... ... ...............................................316

MAC Table ................................................................................................................................322

ARP Ta ble ................................................. ... ... ... .... ............................................. ... ... ...............325

Configure Clone .......................................................................................................................327

Troubleshooting .......................................................................................................................329

MES3500-24/24F User’s Guide

Table of Contents

About This User's Guide..........................................................................................................3

Document Conventions ...........................................................................................................4

Safety Warnings........................................................................................................................5

Contents Overview ..................................................................................................................7

Table of Contents .....................................................................................................................9

Part I: User’s Guide ................................................................................21

Chapter 1

Getting to Know Your Switch.................................................................................................23

1.1 Introduction ............................................... ... .... ............................................. ... ... .... .............23

1.1.1 Backbone Application ................................... ... .... ... ... ... .... ..........................................23

1.1.2 Bridging Example ............................... .... ... ... ... .... ... ... ... .... ... ... ... ... ..............................24

1.1.3 High Performance Switching Example .......................................................................24

1.1.4 IEEE 802.1Q VLAN Application Examples .................................................................25

1.1.5 IPv6 Support ........................... ... ... ... ... .... ... ... ............................................. .... ... ... ... ....25

1.2 Ways to Manage the Switch ......................... .... ............................................. ... ... .... ... ... ... ....26

1.3 Good Habits for Managing the Switch ..................................................................................26

Chapter 2

Hardware Installation and Connection.................................................................................27

2.1 Installation Scenarios ................ ... .... ... ... ... ... .... ... ... ... .... .......................................................27

2.2 Desktop Installation Procedure ...........................................................................................27

2.3 Mounting the Switch on a Rack ...........................................................................................27

2.3.1 Rack-mounted Installation Requirements ......................................... .......................... 27

2.3.2 Attaching the Mounting Brackets to the Switch ..........................................................28

2.3.3 Mounting the Switch on a Rack ..................................................................................29

Chapter 3

Hardware Overview ................................................................................................................30

3.1 Front Panel ...................................... ... ... ............................................. ... .... ... ... ... .... .............30

3.1.1 Console Port ........................... ... ... ... ... .... ... ... ... .... ... ....................................................31

3.1.2 Ethernet Ports .............. ... ... .... ....................................................................................32

3.1.3 Transceiver Slots ....................... ... ... ... ........................................................................32

3.1.4 Power Connector ....................... ... ... ... .... ... ... ... .... ... ....................................................34

MES3500-24/24F User’s Guide

Table of Contents

3.1.5 Signal Slot ................................. ... ... ............................................. .... ... ... ... .... ... ..........35

3.2 LEDs ............................................... ... ... ... ... .... ... ... ............................................. .................37

Chapter 4

The Web Configurator............................................................................................................39

4.1 Introduction ............................................... ... .... ............................................. ... ... .... .............39

4.2 System Login ....................................................................................................................39

4.3 The Web Configurator Layout .............. ... ... .... ... ... ... ...........................................................40

4.3.1 Change Your Password ...........................................................................................44

4.4 Saving Your Configuration ...................................................................................................44

4.5 Switch Lockout .................. ... ... ... .... ... ... ... ............................................. .... ... ... ... .... ... ..........44

4.6 Resetting the Switch .............................................. .... ... ... ... .... ... .......................................45

4.6.1 Reload the Configuration File ....................................................................................45

4.7 Logging Out of the Web Configurator .................................................................................46

4.8 Help ....... ............................................. ... ... ... .... ............................................. ... ... .................46

Chapter 5

Initial Setup Example..............................................................................................................49

5.1 Overview ............................. ... ... ... .............................................. ... ... ... ... .... ... .......................49

5.1.1 Creating a VLAN .........................................................................................................49

5.1.2 Setting Port VID ..........................................................................................................50

5.2 Configuring Switch Management IP Address .......................................................................51

Chapter 6

Tutorials...................................................................................................................................53

6.1 How to Use DHCP Snooping on the Switch .........................................................................53

6.2 How to Use DHCP Relay on the Switch ...............................................................................56

6.2.1 DHCP Relay Tutorial Introduction ...............................................................................57

6.2.2 Creating a VLAN .........................................................................................................57

6.2.3 Configuring DHCP Relay .................... .... ... ... ... ...........................................................59

6.2.4 Troubleshooting ................................................................ ... ... ... ... .... ... .......................60

6.3 How to Use PPPoE IA on the Switch ...................................................................................60

6.3.1 Configuring Switch A .... ... ... .... ... ... ... ...........................................................................61

6.3.2 Configuring Switch B .... ... ... .... ... ... ... ...........................................................................63

6.4 How to Use Error Disable and Recovery on the Switch .......................................................66

6.5 How to Set Up a Guest VLAN ..............................................................................................68

6.5.1 Creating a Guest VLAN ..............................................................................................68

6.5.2 Enabling IEEE 802.1x Port Authentication .................................................................71

6.5.3 Enabling Guest VLAN .................................................................................................72

6.6 How to Do Port Isolation in a VLAN .....................................................................................73

6.6.1 Creating a VLAN .........................................................................................................74

6.6.2 Creating a Private VLAN Rule ....................................................................................76

MES3500-24/24F User’s Guide

Table of Contents

Part II: Technical Reference...................................................................79

Chapter 7

System Status and Port Statistics.........................................................................................81

7.1 Overview ............................. ... ... ... .............................................. ... ... ... ... .... ... .......................81

7.2 Port Status Summary ..................... ... ... ............................................. .... ... ... ... .... ... ... .......81

7.2.1 Status: Port Details ................................................................................................83

Chapter 8

Basic Setting ..........................................................................................................................86

8.1 Overview ............................. ... ... ... .............................................. ... ... ... ... .... ... .......................86

8.2 System Information ...........................................................................................................86

8.3 General Setup .......................... ........................................................................................88

8.4 Introduction to VLANs ........................... ... ... .... ... ... ... .... .......................................................89

8.4.1 Smart Isolation .............. ... ... ........................................................................................90

8.5 Switch Setup ................................. ... ... ... ... .... ... ............................................. ... .... .............91

8.6 IP Setup ..............................................................................................................................93

8.6.1 Management IP Addresses ........................................................................................93

8.7 Port Setup ...........................................................................................................................95

Chapter 9

VLAN........................................................................................................................................97

9.1 Introduction to IEEE 802.1Q Tagged VLANs .............................. ....................................97

9.1.1 Forwarding Tagged and Untagged Frames ................................................................97

9.2 Automatic VLAN Registration ................................ ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... .......... 98

9.2.1 GARP ........................ ... ... ... .............................................. ... ... ... .................................98

9.2.2 GVRP ........................ ... ... ... .............................................. ... ... ... .................................98

9.3 Port VLAN Trunking ............................................................................................................99

9.4 Select the VLAN Type . ... .... ... ... ............................................. .... ... ... ... ... ..............................99

9.5 Static VLAN .. ... ... .... ... ............................................. ... .... ... ....................................................99

9.5.1 VLAN Status ............................................................................................................100

9.5.2 VLAN Details ...... ... .... ... ............................................. ... .... ... ... ... ... ............................101

9.5.3 Configure a Static VLAN .......................................................................................102

9.5.4 Configure VLAN Port Settings ..............................................................................103

9.6 Subnet Based VLANs .......................................................................................................104

9.7 Configuring Subnet Based VLAN .....................................................................................105

9.8 Protocol Based VLANs .................................... ... ... ............................................................107

9.9 Configuring Protocol Based VLAN ................. ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ..................108

9.10 Create an IP-based VLAN Example .................................................................................109

9.11 Port-based VLAN Setup ...............................................................................................110

9.11.1 Configure a Port-based VLAN ....................................... ... ... ... ... .... ........................ 111

MES3500-24/24F User’s Guide

Table of Contents

Chapter 10

Static MAC Forward Setup...................................................................................................114

10.1 Overview ..........................................................................................................................114

10.2 Configuring Static MAC Forwarding ............................................................................114

Chapter 11

Static Multicast Forward Setup ...........................................................................................116

11.1 Static Multicast Forwarding Overview ..............................................................................116

11.2 Configuring Static Multicast Forwarding ...........................................................................117

Chapter 12

Filtering..................................................................................................................................120

12.1 Configure a Filtering Rule ..............................................................................................120

Chapter 13

Spanning Tree Protocol........................................................................................................122

13.1 STP/RSTP Overview ......................................................................................................122

13.1.1 STP Terminology ...................................................................................................122

13.1.2 How STP Works ....................................................................................................123

13.1.3 STP Port States .....................................................................................................123

13.1.4 Multiple RSTP .......................................................................................................124

13.1.5 Multiple STP ...........................................................................................................124

13.2 Spanning Tree Protocol Status Screen ............................................................................127

13.3 Spanning Tree Configuration ..........................................................................................127

13.4 Configure Rapid Spanning Tree Protocol .................................... ............................. ..... 128

13.5 Rapid Spanning Tree Protocol Status ...........................................................................130

13.6 Configure Multiple Rapid Spanning Tree Protocol ........................................................131

13.7 Multiple Rapid Spanning Tree Protocol Status ...........................................................133

13.8 Configure Multiple Spanning Tree Protocol ...................................................................135

13.8.1 Multiple Spanning Tree Protocol Port Configuration ..............................................138

13.9 Multiple Spanning Tree Protocol Status .....................................................................139

Chapter 14

Bandwidth Control................................................................................................................141

14.1 Bandwidth Control Overview ..........................................................................................141

14.1.1 CIR and PIR ...........................................................................................................141

14.2 Bandwidth Control Setup .................................................................................................142

Chapter 15

Broadcast Storm Control.....................................................................................................144

15.1 Broadcast Storm Control Setup .......................................................................................144

MES3500-24/24F User’s Guide

Table of Contents

Chapter 16

Mirroring................................................................................................................................146

16.1 Port Mirroring Setup ........................................................................................................146

Chapter 17

Link Aggregation..................................................................................................................148

17.1 Link Aggregation Overview ............................................................................................. 148

17.2 Dynamic Link Aggregation ..............................................................................................148

17.2.1 Link Aggregation ID ...............................................................................................149

17.3 Link Aggregation Status ..................................................................................................149

17.4 Link Aggregation Setting ..................... ............................................................. ...............151

17.5 Link Aggregation Control Protocol ................................................................................153

17.6 Static Trunking Example ..................................................................................................154

Chapter 18

Port Authentication ..............................................................................................................156

18.1 Port Authentication Overview ..........................................................................................156

18.1.1 IEEE 802.1x Authentication ....................................................................................156

18.1.2 MAC Authentication ................................................................................................157

18.2 Port Authentication Configuration ....................................................................................158

18.2.1 Activate IEEE 802.1x Security ............................................................................159

18.2.2 Guest VLAN ...........................................................................................................160

18.2.3 Activate MAC Authentication .................................................................................162

Chapter 19

Port Security .........................................................................................................................164

19.1 About Port Security ..........................................................................................................164

19.2 Port Security Setup ..........................................................................................................164

Chapter 20

Classifier................................................................................................................................166

20.1 About the Classifier and QoS ...........................................................................................166

20.2 Configuring the Classifier .............................. ..................................................................166

20.3 Viewing and Editing Classifier Configuration .................................... ... .... ... ... ... .... ...........168

20.4 Classifier Example ...........................................................................................................170

Chapter 21

Policy Rule ...........................................................................................................................171

21.1 Policy Rules Overview ....................................................................................................171

21.1.1 DiffServ ...................................................................................................................171

21.1.2 DSCP and Per-Hop Behavior .................................................................................171

21.2 Configuring Policy Rules ..................................................................................................171

21.3 Viewing and Editing Policy Configuration ................................. ................... ................ .....174

MES3500-24/24F User’s Guide

Table of Contents

21.4 Policy Example .................................................................................................................175

Chapter 22

Queuing Method ...................................................................................................................176

22.1 Queuing Method Overview ..............................................................................................176

22.1.1 Strictly Priority Queuing ..........................................................................................176

22.1.2 Weighted Fair Queuing .................................. ................................. ........................176

22.1.3 Weighted Round Robin Scheduling (WRR) ................................ ............................ 177

22.2 Configuring Queuing ........................................................................................................177

Chapter 23

VLAN Stacking......................................................................................................................179

23.1 VLAN Stacking Overview .............. ... ... ............................................................................179

23.1.1 VLAN Stacking Example .........................................................................................179

23.2 VLAN Stacking Port Roles ................................ ... ... .... ... ... ... .... ... ... ... ... .... ... ... ..................180

23.3 VLAN Tag Format . ... ... ... ...................................................................................................181

23.3.1 Frame Format .........................................................................................................181

23.4 Configuring VLAN Stacking ..............................................................................................182

23.4.1 Port-based Q-in-Q ..................................................................................................183

23.4.2 Selective Q-in-Q ....................................................................................................184

Chapter 24

Multicast ................................................................................................................................186

24.1 Multicast Overview ..........................................................................................................186

24.1.1 IP Multicast Addresses ...........................................................................................186

24.1.2 IGMP Filtering .........................................................................................................186

24.1.3 IGMP Snooping .....................................................................................................186

24.1.4 IGMP Snooping and VLANs ...................................................................................187

24.2 Multicast Status ...............................................................................................................187

24.3 Multicast Setting ........ ... .... ... ... ... ................................................. ... ... ... ............................188

24.4 IGMP Snooping VLAN ....................................................................................................191

24.5 IGMP Filtering Profile ......................................................................................................192

24.6 MVR Overview ................................................................................................................193

24.6.1 Types of MVR Ports ................................................................................................194

24.6.2 MVR Modes ............................................................................................................194

24.6.3 How MVR Works ....................................................................................................194

24.7 General MVR Configuration .............................................................................................195

24.8 MVR Group Configuration ...............................................................................................197

24.8.1 MVR Configuration Example ..................................................................................198

Chapter 25

AAA........................................................................................................................................201

25.1 Authentication, Authorization and Accounting (AAA) .......................................................201

MES3500-24/24F User’s Guide

Table of Contents

25.1.1 Local User Accounts ................ ... ... ... .... ... ... ................................................. ... ... ..... 201

25.1.2 RADIUS and TACACS+ .........................................................................................202

25.2 AAA Screens ....................................................................................................................202

25.2.1 RADIUS Server Setup ..........................................................................................202

25.2.2 TACACS+ Server Setup .....................................................................................205

25.2.3 AAA Setup ..............................................................................................................207

25.2.4 Vendor Specific Attribute ........................................................................................209

25.2.5 Tunnel Protocol Attribute ........................................................................................210

25.3 Supported RADIUS Attributes ..........................................................................................210

25.3.1 Attributes Used for Authentication .......................................................................... 211

25.3.2 Attributes Used for Accounting ............................................................................... 211

Chapter 26

IP Source Guard....................................................................................................................214

26.1 IP Source Guard Overview ..............................................................................................214

26.1.1 DHCP Snooping Overview .....................................................................................214

26.1.2 ARP Inspection Overview ................. .................................................... .................. 216

26.2 IP Source Guard ..............................................................................................................218

26.3 IP Source Guard Static Binding ................................................................ ......... .......... .....218

26.4 DHCP Snooping ...............................................................................................................220

26.5 DHCP Snooping Configure ..................................... .... ... ... ...............................................222

26.5.1 DHCP Snooping Port Configure .............................................................................224

26.5.2 DHCP Snooping VLAN Configure ..........................................................................225

26.6 ARP Inspection Status .....................................................................................................226

26.6.1 ARP Inspection VLAN Status .................................................................................227

26.6.2 ARP Inspection Log Status ...................................................... ............................... 228

26.7 ARP Inspection Configure ................................................................................................229

26.7.1 ARP Inspection Port Configure .......................... ...................... ....................... ........230

26.7.2 ARP Inspection VLAN Configure ....................... ..................................................... 232

Chapter 27

Loop Guard ...........................................................................................................................233

27.1 Loop Guard Overview .....................................................................................................233

27.2 Loop Guard Setup ............................................................................................................235

Chapter 28

VLAN Mapping ......................................................................................................................237

28.1 VLAN Mapping Overview ................................................................................................237

28.1.1 VLAN Mapping Example ........................................................................................237

28.2 Enabling VLAN Mapping ..................................................................................................238

28.3 Configuring VLAN Mapping ..............................................................................................239

Chapter 29

Layer 2 Protocol Tunneling..................................................................................................241

MES3500-24/24F User’s Guide

Table of Contents

29.1 Layer 2 Protocol Tunneling Overview .............................................................................241

29.1.1 Layer-2 Protocol Tunneling Mode ...........................................................................242

29.2 Configuring Layer 2 Protocol Tunneling ...................................... ... ... ... ............................243

Chapter 30

sFlow......................................................................................................................................245

30.1 sFlow Overview ................................................................................................................245

30.2 sFlow Port Configuration ..................................................................................................246

30.2.1 sFlow Collector Configuration ........................ .......................... ....................... ........247

Chapter 31

PPPoE....................................................................................................................................249

31.1 PPPoE Intermediate Agent Overview .............................................................................249

31.1.1 PPPoE Intermediate Agent Tag Format .................................................................249

31.1.2 Sub-Option Format ................................................................................................. 249

31.1.3 Port State ................................................................................................................250

31.2 The PPPoE Screen ..........................................................................................................251

31.3 PPPoE Intermediate Agent .............................................................................................251

31.3.1 PPPoE IA Per-Port ................................................................................................253

31.3.2 PPPoE IA Per-Port Per-VLAN ...............................................................................254

31.3.3 PPPoE IA for VLAN ...............................................................................................256

Chapter 32

Error Disable.........................................................................................................................257

32.1 CPU Protection Overview ................................................................................................257

32.2 Error-Disable Recovery Overview ....................................................................................257

32.3 The Error Disable Screen .................................................................................................258

32.4 CPU Protection Configuration .........................................................................................258

32.5 Error-Disable Detect Configuration .................................................................................259

32.6 Error-Disable Recovery Configuration ............................................................................260

Chapter 33

Private VLAN.........................................................................................................................262

33.1 Private VLAN Overview ...................................................................................................262

33.2 Configuring Private VLAN ................................................................................................263

Chapter 34

Static Route...........................................................................................................................265

34.1 Static Routing Overview ...................................................................................................265

34.2 Configuring Static Routing ................................................................................................266

Chapter 35

Differentiated Services.........................................................................................................268

MES3500-24/24F User’s Guide

Table of Contents

35.1 DiffServ Overview ...........................................................................................................268

35.1.1 DSCP and Per-Hop Behavior .................................................................................268

35.1.2 DiffServ Network Example .....................................................................................268

35.2 Two Rate Three Color Marker Traffic Policing .................................................................269

35.2.1 TRTCM-Color-blind Mode .......................................................................................270

35.2.2 TRTCM-Color-aware Mode ....................................................................................270

35.3 Activating DiffServ ...........................................................................................................270

35.3.1 Configuring 2-Rate 3 Color Marker Settings ..........................................................271

35.3.2 Configuring DSCP Profiles ....................................................................................273

35.4 DSCP-to-IEEE 802.1p Priority Settings .........................................................................274

35.4.1 Configuring DSCP Settings ....................................................................................274

Chapter 36

DHCP......................................................................................................................................276

36.1 DHCP Overview ..............................................................................................................276

36.1.1 DHCP Modes .........................................................................................................276

36.1.2 DHCP Configuration Options ..................................................................................276

36.2 DHCP Status ....................................................................................................................276

36.3 DHCP Relay .... .... ... ... ... .... ... ... ... .... ... ...............................................................................277

36.3.1 DHCP Relay Agent Information ..................... ....................................................... ..277

36.3.2 Configuring DHCP Global Relay ............................................................................278

36.3.3 Global DHCP Relay Configuration Example ..........................................................279

36.4 Configuring DHCP VLAN Settings ................................................................................280

36.4.1 Example: DHCP Relay for Two VLANs ..................................................................281

Chapter 37

Maintenance..........................................................................................................................283

37.1 The Maintenance Screen ...............................................................................................283

37.2 Load Factory Default .......................................................................................................284

37.3 Save Configuration ............................... ... ............................................. .... ... ... ... .... ... ... .....284

37.4 Reboot System .................................. ... ... ... .... ... ...............................................................284

37.5 Firmware Upgrade ........................................................................................................285

37.6 Restore a Configuration File .........................................................................................286

37.7 Backup a Configuration File ..........................................................................................286

37.8 FTP Command Line .........................................................................................................287

37.8.1 Filename Conventions ...........................................................................................287

37.8.2 FTP Command Line Procedure .............................................................................288

37.8.3 GUI-based FTP Clients ...........................................................................................288

37.8.4 FTP Restrictions ....................................................................................................288

Chapter 38

Access Control .....................................................................................................................290

38.1 Access Control Overview .............................................................................................290

MES3500-24/24F User’s Guide

Table of Contents

38.2 The Access Control Main Screen .....................................................................................290

38.3 About SNMP ..................................................................................................................290

38.3.1 SNMP v3 and Security ...........................................................................................291

38.3.2 Supported MIBs .....................................................................................................292

38.3.3 SNMP Traps ...........................................................................................................292

38.3.4 Configuring SNMP .................................................................................................296

38.3.5 Configuring SNMP Trap Group ............................................................................297

38.3.6 Configuring SNMP User ......................................................................................298

38.4 Setting Up Login Accounts ...........................................................................................299

38.5 SSH Overview ..................................................................................................................301

38.6 How SSH works ................................ ... ... ... .... ... ... ............................................................302

38.7 SSH Implementation on the Switch ..................................................................................303

38.7.1 Requirements for Using SSH ................................... ... .... ... ... ... ... ............................303

38.8 Introduction to HTTPS ......................................................................................................303

38.9 HTTPS Example ..............................................................................................................304

38.9.1 Internet Explorer Warning Messages .....................................................................304

38.9.2 Mozilla Firefox Warning Messages .........................................................................307

38.9.3 The Main Screen ....................................................................................................308

38.10 Service Port Access Control .......................................................................................309

38.11 Remote Management ................................................................................................310

Chapter 39

Diagnostic .............................................................................................................................312

39.1 Diagnostic .......................................................................................................................312

Chapter 40

Syslog....................................................................................................................................313

40.1 Syslog Overview ..............................................................................................................313

40.2 Syslog Setup ...................................................................................................................314

40.3 Syslog Server Setup .......................................................................................................315

Chapter 41

Cluster Management ............................................................................................................316

41.1 Cluster Management Status Overview ............................................................................316

41.2 Cluster Management Status ............................................................................................317

41.2.1 Cluster Member Switch Management .............................. ... ... ... .... ... .....................318

41.3 Clustering Management Configuration ...........................................................................320

Chapter 42

MAC Table .............................................................................................................................322

42.1 MAC Table Overview . ... .... ... ... ................................................. ... ... ... ...............................322

42.2 Viewing the MAC Table ...................................................................................................323

MES3500-24/24F User’s Guide

Table of Contents

Chapter 43

ARP Table..............................................................................................................................325

43.1 ARP Table Overview .......................................................................................................325

43.1.1 How ARP Works ............................ ... .... ... ... ... .... ... ... ... .... ... ... ..................................325

43.2 The ARP Table Screen ....................................................................................................326

Chapter 44

Configure Clone....................................................................................................................327

44.1 Configure Clone ..............................................................................................................327

Chapter 45

Troubleshooting....................................................................................................................329

45.1 Power, Hardware Connections, and LEDs ............................... ........................................329

45.2 Switch Access and Login .................................................................................................330

45.3 Switch Configuration ........................................................................................................332

Appendix A Common Services............................................................................................333

Appendix B Legal Information..............................................................................................337

Index ......................................................................................................................................341

MES3500-24/24F User’s Guide

Table of Contents

MES3500-24/24F User’s Guide

PART I

User’s Guide

This chapter introduces the main features and applications of the Switch.

1.1 Introduction

The Switch is a layer-2 standalone Ethernet switch. The MES3500-24 has 24 10/100 Mbps fast Ethernet ports. The MES3500-24F has 24 100 Mbps fast Ethernet SFP slots. Both also have four GbE dual personality interfaces with each interface comprising one mini-GBIC slot and one 100/ 1000 Mbps RJ-45 port, with either port or slot active at a time.

With its built-in web configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed via Telnet, any terminal emulator program on the console port, or third-party SNMP management.

CHAPTER 1

Getting to Know Your Switch

See Chapter 46 on page 333 for a full list of software features available on the Switch.

This section shows a few examples of using the Switch in various network environments.

1.1.1 Backbone Application

The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch.

In this example, all computers can share high-speed applications on the server. To expand the network, simply add more networking devices such as switches, routers, computers, print servers etc.

Figure 1 Backbone Application

MES3500-24/24F User’s Guide 23

Chapter 1 Getting to Know Your Switch

1.1.2 Bridging Example

In this example, the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch.

Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location.

Figure 2 Bridging Application

1.1.3 High Performance Switching Example

The Switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks.

Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance. The Switch can provide the same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches. Moreover, the current LAN structure can be retained as all ports can freely communicate with each other.

Figure 3 High Performance Switched Workgroup Application

MES3500-24/24F User’s Guide

1.1.4 IEEE 802.1Q VLAN Application Examples

A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group. A station can belong to more than one group. With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s) unless such traffic first goes through a router.

For more information on VLANs, refer to Chapter 9 on page 97.

1.1.4.1 Tag-based VLAN Example

Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re-cabling.

Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too.

Figure 4 Shared Server Using VLAN Example

Chapter 1 Getting to Know Your Switch

1.1.5 IPv6 Support

IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses. At the time of writing, the Switch supports the following features.

• Static address assignment and stateless auto-configuration

• Neighbor Discovery Protocol (a protocol used to discover other IPv6 devices in a network)

• Remote Management using ping SNMP, telnet, HTTP and FTP services

• ICMPv6 to report errors encountered in packet processing and perform diagnostic functions, such as "ping”

• IPv4/IPv6 dual stack; the Switch can run IPv4 and IPv6 at the same time

• DHCPv6 client and relay

• Multicast Listener Discovery (MLD) snooping and proxy

For more information on IPv6, refer to the CLI Reference Guide.

MES3500-24/24F User’s Guide

Chapter 1 Getting to Know Your Switch

1.2 Ways to Manage the Switch

Use any of the following methods to manage the Switch.

• Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page 39 .

• Command Line Interface. Line commands offer an alternative to the web configurator and in some cases are necessary to configure advanced features. See the CLI Reference Guide.

• FTP. Use FTP for firmware upgrades and configuration backup/restore. See Section 37.8 on page

287.

• SNMP. The Switch can be monitored by an SNMP manager. See Section 38.3 on page 290.

• Cluster Management. Cluster Management allows you to manage multiple switches through one switch, called the cluster manager. See Chapter 41 on page 316.

1.3 Good Habits for Managing the Switch

Do the following things regularly to make the Switch more secure and to manage the Switch more effectively.

• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.

• Write down the password and put it in a safe place.

• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Sw itch. Y ou could simply restore your last configuration.

MES3500-24/24F User’s Guide

Hardware Installation and Connection

This chapter shows you how to install and connect the Switch.

2.1 Installation Scenarios

The Switch can be placed on a desktop or rack-mounted on a standard EIA rack. Use the rubber feet in a desktop installation and the brackets in a rack-mounted installation.

Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and

3.4 inches (8 cm) at the back of the Switch. This is especially imp o rtant for enclosed rack installations.

CHAPTER 2

2.2 Desktop Installation Procedure

1 Make sure the Switch is clean and dry.

2 Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and

the connected cables. Make sure there is a power outlet nearby.

3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment

of cables and the power cord.

2.3 Mounting the Switch on a Rack

The Switch can be mounted on an EIA standard size, 19-inch rack or in a wiring closet with other equipment. Follow the steps below to mount your Switch on a standard EIA rack using a rackmounting kit.

2.3.1 Rack-mounted Installation Requirements

• Two mounting brackets.

• Eight M3 flat head screws and a #2 Philips screwdriver.

• Four M5 flat head screws and a #2 Philips screwdriver.

Failure to use the proper screws may damage the unit.

MES3500-24/24F User’s Guide 27

Chapter 2 Hardware Installation and Connection

2.3.1.1 Precautions

• Make sure the rack will safely support the combined weight of all the equipment it contains.

• Make sure the position of the Switch does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.

2.3.2 Attaching the Mounting Brackets to the Switch

1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the br acket

with the screw holes on the side of the Switch.

Figure 5 Attaching the Mounting Brackets

2 Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes

into the Switch.

3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch.

4 You may now mount the Switch on a rack. Proceed to the next section.

MES3500-24/24F User’s Guide

2.3.3 Mounting the Switch on a Rack

1 Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining

up the two screw holes on the bracket with the screw holes on the side of the rack. Figure 6 Mounting the Switch on a Rack

Chapter 2 Hardware Installation and Connection

2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes

into the rack.

3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack.

MES3500-24/24F User’s Guide

This chapter describes the front panel and rear panel of the Switch and shows you how to make the

Fast Ethernet Ports

Dual Personality Interfaces

Console Port

LEDs

Power Connection

Signal slot

Fast Ethernet Ports

Dual Personality Interfaces

Console Port

LEDs

Power Connection

Power Switch

Signal slot

Fast SFP Slots

Dual Personality Interfaces

Console Port

LEDs

Signal slot

Power Connection

hardware connections.

3.1 Front Panel

The following figure shows the front panel of the Switch.

Figure 7 MES3500-24 Front Panel: AC Model

CHAPTER 3

Hardware Overview

Figure 8 MES3500-24 Front Panel: DC Model

Figure 9 MES3500-24F Front Panel: AC Model

MES3500-24/24F User’s Guide 30

Chapter 3 Hardware Overview

Fast SFP Slots

Dual Personality Interfaces

Console Port

LEDs

Signal slot

Power Connection

Power Switch

Figure 10 MES3500-24F Front Panel: DC Model

The following table describes the port labels on the front panel.

Table 1 Front Panel Connections

LABEL DESCRIPTION

Power Switch This is for DC model only. After you connect the DC power properly (see Section 3.1.4.2 on

Power Connection

24 10/100 Mbps RJ-45 Fast Ethernet Ports (MES3500-24)

24 100 Mbps Fast SFP Slots (MES3500-24F)

Four Dual Personality Interfaces

Console Port The console port is for local configuration of the Switch. Signal slot Connect the signal input pins to signal output terminals on other pieces of equipment.

page 35.), put the power switch in the ON position to turn on the Switch.

Connect an appropriate power supply to this port.

Connect these ports to a computer, a hub, an Ethernet switch or router.

Use transceivers in these sl ots for fi ber -optic or copper c onnect ions t o a comput er, a hub, a switch or router.

Each interface has one 1000BASE-T RJ-45 port and one Small Form-Factor Pluggable (SFP) slot (also called a mini-GBIC slot), with one port or transceiver active at a time.

• Four 100/1000 Mbps RJ-45 Ports: Connect these ports to high-bandwidth backbone network Ethernet switches using

1000BASE-T compatible Category 5/5e/6 copper cables.

•Four Mini-GBIC Slots: Use mini-GBIC transceivers in these slots for connections to backbone Ethernet

switches.

3.1.1 Console Port

MES3500-24/24F User’s Guide

Connect the signal output pins to a signal input terminal on another piece of equipment.

For local management, you can use a computer with terminal emulation software configured to the following parameters:

• VT100

• Terminal emulation

• 9600 bps

• No parity, 8 data bits, 1 stop bit

• No flow control

Chapter 3 Hardware Overview

Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer.

3.1.2 Ethernet Ports

The Switch has 24 10/100 Mbps auto-negotiating, auto-crossover Ethernet ports. In 10/100 Mbps Fast Ethernet, the speed can be 10 Mbps or 100 Mbps and the duplex mode can be half duplex or full duplex.

An auto-negotiating port can detect and adjust to the optimum Ethernet speed (10/100 Mbps) and duplex mode (full duplex or half duplex) of the connected device.

An auto-crossover (auto-MDI/MDI-X) port automatically works with a str aight -through or crossov er Ethernet cable.

The Switch has four 1000Base-T Ethernet ports, which are paired with a mini-GBIC slot to create a dual personality interface. The Switch uses up to one connection for each mini-GBIC and 1000BaseT Ethernet pair. The mini-GBIC slots have priority over the Gigabit ports. This means that if a miniGBIC slot and the corresponding GbE port are connected at the same time, the GbE port will be disabled.

When auto-negotiation is turned on, an Ethernet port negotiates with the peer automatically to determine the connection speed and d upl ex mod e. If the peer Ethernet port does not support autonegotiation or turns off this feature, the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the Switch’s auto-negotiation is turned off, an Ethernet port uses the pre-configured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect.

3.1.2.1 Default Ethernet Negotiation Settings

The factory default negotiation settings for the Gigabit ports on the Switch are:

• Speed: Auto

•Duplex: Auto

• Flow control: Off

• Link Aggregation: Disabled

3.1.2.2 Auto-crossover

All ports are auto-crossover, that is auto-MDIX ports (Media Dependent Interface Crossover), so you may use either a straight-through Ethernet cable or crossover Ethernet cable for all Gigabit port connections. Auto-crossover ports automatically sense whether they need to function as crossover or straight ports, so crossover cables can connect both computers and switches/hubs.

3.1.3 Transceiver Slots

These are slots for mini-GBIC (Gigabit Interface Converter) transceivers or 100 Mbps Small Formfactor Pluggable (SFP) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The Switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details.

MES3500-24/24F User’s Guide

You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors.

To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors.

• Type: SFP connection interface

• Connection speed: 1 Gigabit per second (Gbps) or 1 Megabit per second (Mbps)

3.1.3.1 Transceiver Installation

Use the following steps to install a mini-GBIC transceiver (SFP module).

1 Insert the transceiver into the slot with the exposed section of PCB board facing down.

2 Press the transceiver firmly until it clicks into place.

3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is

functioning properly.

4 Close the transceiver’s latch (latch styles vary).

Chapter 3 Hardware Overview

5 Connect the fiber optic cables to the transceiver.

Figure 11 Transceiver Installation Example

Figure 12 Connecting the Fiber Optic Cables

3.1.3.2 Transceiver Removal

Use the following steps to remove a mini-GBIC transceiver (SFP module).

1 Remove the fiber optic cables from the transceiver.

2 Open the transceiver’s latch (latch styles vary).

MES3500-24/24F User’s Guide

Chapter 3 Hardware Overview

3 Pull the transceiver out of the slot.

Figure 13 Removing the Fiber Optic Cables

Figure 14 Opening the Transceiver’s Latch Example

Figure 15 Transceiver Removal Example

3.1.4 Power Connector

Make sure you are using the correct power source as shown on the panel and that no objects obstruct the airflow of the fans.

Use the following procedures to connect the Switch to a power source after you have installed it.

Note: Check the power supply requirements in Chapter 46 on page 333, and make sure

you are using an appropriate power source.

Keep the power supply switch and the Switch’s power switch in the OFF position until you come to the procedure for turning on the power.

Use only power wires of the required diameter for connecting the Switch to a power supply.

3.1.4.1 AC Power Connection

Connect the female end of the power cord to the power socket of your Switch. Connect the other end of the cord to a power outlet.

MES3500-24/24F User’s Guide

3.1.4.2 DC Power Connection

The Switch uses a single ETB series terminal block plug with four pins which allows you to connect up to two separate power supplies. If one power supply fails the system can operate on the remaining power supply . Use two wires to connect to a single terminal pair, one wire for the positive terminal and one wire for the negative terminal.

Note: The current rating of the power wires must be greater than 20 Amps. The power

supply to which the Switch connects must have a built-in circuit breaker or switc h to toggle the power.

Note: When installing the power wire, push it wire firmly into the terminal as deep as

possible and make sure that no exposed (bare) wire can be seen or touched.

Exposed power wire is dangerous. Use extreme care when connecting a DC power source to the device.

To connect a power supply:

1 Use a screwdriver to loosen the terminal block captive screws.

Chapter 3 Hardware Overview

2 Connect one end of a power wire to the Switch’s RTN (return) pin and tighten the captive screw.

3 Connect the other end of the power wire to the positive terminal on the power supply.

4 Connect one end of a power wire to the Switch’s -48V (input) pin and tighten the captive screw.

5 Connect the other end of the power wire to the negative terminal on the power supply.

6 Insert the terminal block plug in the Switch’s terminal block header.

3.1.5 Signal Slot

The Signal slot (fitted with the signal connector) allows you to connect devices to the Switch, such as sensors or other ZyXEL switches which support the external alarm feature. This feature is in addition to the system alarm, which detects abnormal temperatures, and voltage levels on the Switch.

Your Switch can respond to an external signal in four ways.

•The ALM LED shows an alert.

•The Signal slot can send an external alarm on to another device. By daisy-chaining the signal sensor cables from one Switch to another ZyXEL switch which supports this feature, the external alarm alert (but not the system alarm) is received on each Switch.

• The Switch can be configured to send an SNMP trap to the SNMP server. See Section 38.3 on

page 290 for more information on using SNMP.

• The Switch can be configured to create an error log of the alarm. See Section 40.1 on page 313 for more information on using the system log.

3.1.5.1 Connect a Sensor to the Signal Slot

This section shows you how to connect an external sensor device to the Switch.

MES3500-24/24F User’s Guide

Chapter 3 Hardware Overview

12311 10 45698710

Door Open Sensor

Spring Clip

Signal Connector

Signal Input Pins

Signal

(Dry contact,

Output Pins

normal open only)

1 Use a connector to connect wires of the correct gauge to the sensor’s signal output pins. See

Chapter 46 on page 333 for the wire specifications. Check the sensor’s documentation to identify its

two signal output pins.

2 Connect these two wires to any one of the following pairs of signal input pins on the Switch’s Signal

connector--(4,5) (6,7) (8,9) (10,11). The pin numbers run from the right side of the connector to the left.

2a Connect each of the sensor’s two signal output wires to the Signal connector by depressing

the spring clip corresponding to the pin you are connecting to.

2b Insert the wire and release the spring clip. 2c Repeat the process for the sensor’s other signal output wire. A total of four sensors may be

connected to the Signal connector in this way using the remaining signal input pins.

3 Insert the alarm connector into the Signal slot.

Figure 16 Connecting a Sensor to the Signal Slot

4 To connect an output devicel, repeat the previous steps but th is time connect to either pins (1,2) or

(2,3) on the Signal connector.

You can also daisy-chain the external alarm to another ZyXEL Switch which supports the external alarm feature. If daisy-chaining to a ZyXEL switch that is a different model, check your switch’s documentation for the correct pin assignments.

1 Use wires of the correct gauge to connect either of the signal output pin pairs (1-normal close, 2-

common) or (2-common, 3-normal open) on the Signal connector to the input signal pin pairs of

an Signal connector on another ZyXEL Switch.

MES3500-24/24F User’s Guide

2 When daisy-chaining further Switches ensure that the signal output pins you use are the same as

12311 10

.........

12311 10

.........

12311 10

.........

Pin Assignments

those you used when connecting to the first switch, as shown in the diagram below.

Figure 17 Daisy-chaining an External Alarm Sensor to Other Switches of the Same Model

3.2 LEDs

Chapter 3 Hardware Overview

After you connect the power to the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting.

Table 2 LED Descriptions

LED COLOR STATUS DESCRIPTION

PWR Green On The system is turned on.

Off The system is off.

SYS Green On The system is on and functioning properly.

Blinking The system is rebooting and performing self-diagnostic tests. Off The power is off or the system is not ready/malfunctioning.

ALM Red On A hardware failure is detected, or an external alarm is active.

Off The system is functioning normally. 10/100 Mbps Fast Ethernet Ports (MES3500-24) 1 ~ 24 Green Blinking The system is transmitting/receiving to/from a 10 Mbps Ethernet

network.

on The link to a 10 Mbps Ethernet network is up.

Amber Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet

On The link to a 100 Mbps Ethernet network is up.

Off The link to an Ethernet network is down. 100 Mbps Fast SFP Ports (MES3500-24F) 1 ~ 24 Amber On The port has a successfule connection.

Off No Ethernet device is connected to this port.

Blinking This port is receiving or transmitting data. Mini-GBIC Slots

network.

MES3500-24/24F User’s Guide

Chapter 3 Hardware Overview

Table 2 LED Descriptions (continued)

LED COLOR STATUS DESCRIPTION

LNK Green On The link to this port is up.

ACT Green Blinking This port is receiving or transmitting data. 1000Base-T Ethernet Ports (in Dual Personality Interface) LNK/ACT Green Blinking The system is transmitting/receiving to/from a 1000 Mbps Ethernet

Amber Blinking The system is transmitting/receiving to/from a 10 Mbps or a 100 Mbps

FDX Amber On The Gigabit port is negotiating in full-duplex mode.

Off The link to this port is down.

network.

On The link to a 1000 Mbps Ethernet network is up.

Ethernet network. On The link to a 10 Mbps or a 100 Mbps Ethernet network is up. Off The link to an Ethernet network is down.

Off The Gigabit port is negotiating in half-duplex mode.

MES3500-24/24F User’s Guide

This section introduces the configuration and functions of the web configurator.

4.1 Introduction

The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Firefox 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScript (enabled by default).

• Java permissions (enabled by default).

CHAPTER 4

The Web Configurator

4.2 System Login

1 Start your web browser.

2 T ype “http://” and the IP address of the Switch (for example, the default management IP address is

192.168.1.1) in the Location or Address field. Press [ENTER].

MES3500-24/24F User’s Guide 39

Chapter 4 The Web Configurator

BDC

3 The login screen appears. The default username is admin and associated default password is

1234. The date and time display as shown if you have not configured a time server nor manually

entered a time and date in the General Setup screen.

Figure 18 Web Configurator: Login

4 Click OK to view the first web configurator screen.

4.3 The Web Configurator Layout

The Status screen is the first screen that displays when you access the web configurator.

The following figure shows the navigating components of a web configurator screen.

Figure 19 The Web Configurator Layout

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.

B, C, D, E - These are quick links which allow you to perform certain tasks no matter which screen you are currently working in.

B - Click this link to save your configuration into the Switch’s nonvolatile memory. Nonvolatile memory is saved in the configuration file from which the Switch booted from and it stays the same even if the Switch’s power is turned off. See Section 37.3 on page 284 for information on saving your settings to a specific configuration file.

C - Click this link to go to the status page of the Switch.

D - Click this link to log out of the web configurator.

E - Click this link to display web help pages. The help pages provide descriptions for all of the

configuration screens.

In the navigation panel, click a main link to reveal a list of submenu links.

Table 3 Navigation Panel Sub-links Overview

BASIC SETTING

ADVANCED APPLICATION

IP APPLICATION MANAGEMENT

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

The following table describes the links in the navigation panel.

Table 4 Navigation Panel Links

LINK DESCRIPTION

Basic Settings System Info This link takes you to a screen that displays general system and hardware

General Setup This link takes you to a screen where you can configure general identification

Switch Setup This link takes you to a screen where you can set up global Switch parameters

IP Setup This link takes you to a screen where you can configure the management IP

Port Setup This link takes you to screens where you can configure speed, flow control and

Advanced Application VLAN This link takes you to screens where you can configure port-based or 802.1Q

Static MAC Forwarding

Static Multicast Forwarding

Filtering This link t a kes you to a screen to set up filtering rules. Spanning Tree

Protocol Bandwidth

Control Broadcast Storm

Control Mirroring This link takes you to screens where you can copy traffic from one port or ports to

Link Aggregation This link takes you to screen where you can logically aggregate physical links to

Port Authentication

Port Security This link takes you to a screen where you can activate MAC address learning and

Classifier This link takes you to a screen where you can configure the Switch to group

Policy Rule This link takes you to a screen where you can configure the Switch to perform

Queuing Method This link takes you to a screen where you can configure queuing with associated

VLAN Stacking This link takes you to screens where you can activate and configure VLAN

Multicast This link takes you to screen where you can configure various multicast features,

monitoring information.

information and time settings for the Switch.

such as VLAN type, MAC address learning, GARP and priority queues.

address, subnet mask (necessary for Switch management) and DNS (domain name server).

priority settings for individual Switch ports.

VLAN (depending on what you configured in the Switch Setup menu). You can also configure a protocol based VLAN or a subnet based VLAN in these screens.

This link takes you to screens where you can configure static MAC addresses for a port. These static MAC addresses do not age out.

This link takes you to a screen where you can configure static multicast MAC addresses for port(s). These static multicast MAC addresses do not age out.

This link takes you to screens where you can configure the RSTP/M RSTP /MS TP to prevent network loops.

This link takes you to screens where you can cap the maximum bandwidth allowed on a port.

This link takes you to a screen to set up broadcast filters.

another port in order that you can examine the traffic from the first port without interference.

form one logical, higher-bandwidth link. This link takes you to a screen where you can configure IEEE 802.1x port

authentication as well as MAC authentication for clients communicating via the Switch.

set the maximum number of MAC addresses to learn on a port.

packets based on the specified criteria.

special treatment on the grouped packets.

queue weights for each port.

stacking.

IGMP snooping and create multicast VLANs.

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

Table 4 Navigation Panel Links (continued)

LINK DESCRIPTION

AAA This link takes you to a screen where you can configure authentication,

authorization and accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access-Control System Plus).

IP Source Guard This link takes you to screens where you can configure filtering of unauthorized

DHCP and ARP packets in your network.

Loop Guard This link takes you to a screen where you can configure protection against

network loops that occur on the edge of your network.

VLAN Mapping This link takes you to scre ens where you can configure VLAN mapping settings on

Layer 2 Protocol Tunneling

sFlow This link takes you to screens where you can configure sFlow settings on the

PPPoE This link takes you to screens where you can configure how the Switch gives a

Errdisable This link takes you to a screen where you can configure CPU protection and error

Private VLAN This link takes you to a screen where you can block traffic between ports in a

IP Application Static Routing This link takes you to a screen where you can configure static routes. A static

DiffServ This link takes you to screens where you can enable DiffServ, configure marking

DHCP This link takes you to screens where you can configure the DHCP settings. Management Maintenance This link takes you to screens where you can perform firmware and configuration

Access Control This link takes you to screens where you can change the system login password

Diagnostic This link takes you to screens where you can view system logs and can test

Syslog This link takes you to sc re en s whe re you can setup system logs and a sys te m log

Cluster Management

MAC T able This link takes you to a screen where you can view the MAC address and VLAN ID

ARP T able This link takes you to a screen where you can view the MAC address – IP address

Configure Clone This link takes you to a screen where you can copy attributes of one port to

the Switch. This link takes you to a screen where you can configure L2PT (Layer 2 Protocol

Tunneling) settings on the Switch.

Switch.

PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client.

disable recovery.

VLAN on the Switch.

route defines how the Switch should forward traffic by configuring the TCP/IP parameters manually.

rules and set DSCP-to-IEEE802.1p mappings.

file maintenance as well as reboot the system.

and configure SNMP and remote management.

port(s).

server. This link takes you to a screen where you can configure clustering management

and view its status.

of a device attached to a port. You can also view what kind of MAC address it is.

resolution table.

(an)other port(s).

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

4.3.1 Change Your Password

After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen.

Figure 20 Change Administrator Login Password

4.4 Saving Your Configuration

When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the S w itc h’s power is turned off.

Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory. Nonvolatile memory refers to the Switch’s storage that remains even if the Switch’s power is turned off.

Note: Use the Save link when you are done with a configuration session.

4.5 Switch Lockout

You could block yourself (and all others) from using in-band-management (managing through the data ports) if you do one of the following:

1 Delete the management VLAN (default is VLAN 1).

2 Delete all port-based VLANs with the CPU port as a member. The “CPU port” is the management

port of the Switch.

3 Filter all traffic to the CPU port.

MES3500-24/24F User’s Guide

4 Disable all ports.

5 Misconfigure the text configuration file.

6 Forget the password and/or IP address.

7 Prevent all services from accessing the Switch.

8 Change a service port number but forget it.

Note: Be careful not to lock yourself and others out of the Switch. If you do lock yourself

out, try using out-of-band management (via the management port) to configure the Switch.

4.6 Resetting the Switch

If you lock yourself (and others) from the Switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the S w itch back to the factory defaults.

Chapter 4 The Web Configurator

4.6.1 Reload the Configuration File

Uploading the factory-default configuration file replaces the current configuration file with the factory-default configuration file. This means that you will lose all previous configurations and the speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity , one stop bit and flow control set to none. The password will also be reset to “1234” and the IP address to

192.168.1.1.

To upload the configuration file, do the following:

1 Connect to the console port using a computer with terminal emulation software. See Section 3.1 on

page 30 for details.

2 Disconnect and reconnect the Switch’s power to begin a session. When you reconnect the Switch’s

power, you will see the initial screen.

3 When you see the message “Press any key to enter Debug Mode within 3 seconds ...” press

any key to enter debug mode.

4 Type atlc after the “Enter Debug Mode” message.

5 Wait for the “Starting XMODEM upload” message before activating XMODEM upload on your

terminal.

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

6 After a configuration file upload, type atgo to restart the Switch.

Figure 21 Resetting the Switch: Via the Console Port

Bootbase Version: V1.00 | 11/02/2011 11:09:37 RAM: Size = 65536 Kbytes DRAM POST: Testing: 65536K OK DRAM Test SUCCESS !

ZyNOS Version: VMES3500-24_4.00(AABB.0)b1 | 11/04/2011 17:32:28

Press any key to enter debug mode within 3 seconds.

............................................................

Enter Debug Mode ras> atlc

Starting XMODEM upload (CRC mode)....

CCCCCCCCCCCCCCCC Total 393216 bytes received. Erasing..

................................................................

OK ras> atgo

The Switch is now reinitialized with a default configuration file including the default password of “1234”.

4.7 Logging Out of the Web Configurator

Click Logout in a screen to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session for security reasons.

Figure 22 Web Configurator: Logout Screen

4.8 Help

The web configurator’s online help has descriptions of individual screens and some supplementary information.

Click the Help link from a web configurator screen to view an online help description of that screen.

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

MES3500-24/24F User’s Guide

Chapter 4 The Web Configurator

MES3500-24/24F User’s Guide

This chapter shows how to set up the Switch for an example network.

5.1 Overview

The following lists the configuration steps for the initial setup:

• Create a VLAN

• Set port VLAN ID

• Configure the Switch IP management address

5.1.1 Creating a VLAN

CHAPTER 5

Initial Setup Example

VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members.

In this example, you want to configure port 1 as a member of VLAN 2.

Figure 23 Initial Setup Network Example: VLAN

MES3500-24/24F User’s Guide 49

Chapter 5 Initial Setup Example

1 Click Advanced Application > VLAN in the navigation panel and click the Static VLAN link.

2 In the Static VLAN screen, select ACTIVE,

enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network.

Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen

refer to the same VLAN ID.

3 Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to

be a permanent member of the VLAN only.

4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly,

clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.

5 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost

when the Switch’s power is turned off.

5.1.2 Setting Port VID

Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.

MES3500-24/24F User’s Guide

Chapter 5 Initial Setup Example

In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2.

Figure 24 Initial Setup Network Example: Port VID

1 Click Advanced Applications >

VLAN in the navigation panel. Then click the VLAN Port Setting link.

2 Enter 2 in the PVID field for port 1

and click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.

5.2 Configuring Switch Management IP Address

The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example.

Figure 25 Initial Setup Example: Management IP Address

MES3500-24/24F User’s Guide

Chapter 5 Initial Setup Example

1 Connect your computer to the Switch’s port which is not in VLAN 2.

2 Open your web browser and enter 192.168.1.1 (the default management IP address) in the address

bar to access the web configurator. See Section 4.2 on page 39 for more information.

3 Click Basic Setting > IP Setup in the

navigation panel.

4 Configure the related fields in the IP

Setup screen.

5 For the VLAN2 network, enter

192.168.2.1 as the IP address and

255.255.255.0 as the subnet mask.

6 In the VID field, enter the ID of the VLAN

group to which you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen.

7 Click Add to save your changes back to

the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.

MES3500-24/24F User’s Guide

CHAPTER 6

VLAN 100

This chapter provides some examples of using the web configurator to set up and use the Switch. The tutorials include:

• How to Use DHCP Snooping on the Switch

• How to Use DHCP Relay on the Switch

• How to Use PPPoE IA on the Switch

• How to Use Error Disable and Recovery on the Switch

• How to Set Up a Guest VLAN

• How to Do Port Isolation in a VLAN

6.1 How to Use DHCP Snooping on the Switch

Tutorials

You only w ant DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN 100. Create a VLAN containing ports 5, 6 and 7. Connect a computer (M) to the Switch’s port which is not in VLAN 100.

Note: For related information about DHCP snoopi ng, see Section 26.1 on page 214.

The settings in this tutorial are as the following.

Table 5 Settings in this Tutorial

HOST

DHCP Server (A) 5 1 and 100 100 Yes DHCP Client (B) 6 1 and 100 100 No DHCP Client (C) 7 1 and 100 100 No

PORT CONNECTED

VLAN PVID

DHCP SNOOPING PORT TRUSTED

1 Access the Switch through http://192.168.1.1. Log into the Switch by entering the username

MES3500-24/24F User’s Guide 53

(default: admin) and password (default: 1234).

Chapter 6 Tutorials

2 Go to Advanced Application > VLAN > Static VLAN, and create a VLAN with ID of 100. Add

ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add.

3 Go to Advanced Application > VLAN > VLAN Port Setting, and set the PVID of the ports 5, 6

and 7 to 100. This tags untagged incoming frames on ports 5, 6 and 7 with the tag 100.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

4 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and

specify VLAN 100 as the DHCP VLAN as shown. Click Apply.

5 Click the Port link at the top right corner.

6 The DHCP Snooping Port Configure screen appears.

Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5. Keep ports 6 and 7 Untrusted because they are connected to DHCP clients. Click Apply.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

7 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure > VLAN,

show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply. Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen.

If you want to add more information in the DHCP request packets such as source VLAN ID or system name, you can also select the Option82 and Information fields in the entry. See Section

26.1.1.3 on page 216.

8 Click Save at the top right corner of the web configurator to save

the configuration permanently.

9 Connect your DHCP server to port 5 and a computer (as DHCP client) to either port 6 or 7. The

computer should be able to get an IP address from the DHCP server. If you put the DHCP server on port 6 or 7, the computer will not able to get an IP address.

10 To check if DHCP snooping works, go to Advanced Application > IP Source Guard, you should

see an IP assignment with the type dhcp-snooping as shown.

You can also telnet or log into the Switch’s console. Use the command “show dhcp snooping

binding” to see the DHCP snooping binding table as shown next.

sysname# show dhcp snooping binding MacAddress IpAddress Lease Type VLAN Port

----------------- --------------- ------------ ------------- ---- ---- 00:02:00:00:00:1c 10.10.1.16 6d23h59m20s dhcp-snooping 100 7 Total number of bindings: 1

6.2 How to Use DHCP Relay on the Switch

This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server. The DHCP server can then assign a specific IP address based on the information in the DHCP requests.

MES3500-24/24F User’s Guide

6.2.1 DHCP Relay Tutorial Introduction

VLAN 102

DHCP Server

Port 2

PVID=102

172.16.1.18

192.168.2.3

In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) and gateway information to DHCP client A based on the system name, VLAN ID and port number in the DHCP request. Client A connects to the Switch’s port 2 in VLAN 102.

Chapter 6 Tutorials

6.2.2 Creating a VLAN

Follow the steps below to configure port 2 as a member of VLAN 102.

1 Access the web configurator through the Switch’s port which is not in VLAN 102.

2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q . Click Apply to save the

settings to the run-time memory.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

3 Click Advanced Application > VLAN > Static VLAN.

4 In the Static VLAN screen, select ACTIVE, enter a descriptive name (VALN 102 for example) in

the Name field and enter 102 in the VLAN Group ID field.

5 Select Fixed to configure port 2 to be a permanent member of this VLAN.

6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.

7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost

when the Switch’s power is turned off.

8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the

VLAN Status screen.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that

port so that the frames are forwarded to the VLAN group that the tag defines.

10 Click Apply to save your changes back to the run-time memory.

11 Click the Save link in the upper right corner of the web configurator to save your configuration

permanently.

6.2.3 Configuring DHCP Relay

Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information (such as the VLAN ID) to DHCP requests.

1 Click IP Application > DHCP and then the Global link to open the DHCP Relay screen.

2 Select the Active check box.

3 Enter the DHCP server’s IP address (192.168.2.3 in this example) in the Remote DHCP Server 1

field.

4 Select the Option 82 and the Information check boxes.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

5 Click Apply to save your changes back to the run-time memory.

6 Click the Save link in the upper right corner of the web configurator to save your configuration

permanently.

7 The DHCP server can then assign a specific IP address based on the DHCP request.

6.2.4 Troubleshooting

Check the client A’s IP address. If it did not receive the IP address 172.16.1.18, make sure:

1 Client A is connected to the Switch’s port 2 in VLAN 102.

2 You configured the correct VLAN ID, port number and system name for DHCP relay on both the

DHCP server and the Switch.

3 You clicked the Save link on the Switch to have your settings take effect.

6.3 How to Use PPPoE IA on the Switch

You want to configure PPPoE Intermediate Agent on the Switch (A) to pass a subscriber’s information to a PPPoE server (S). There is another switch (B) between switch A and server S.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

Port 5 - Untrusted

Port 12 - Trusted

Port 11 - Trusted

Port 12 - Trusted

Switch B is connected to switch A. In this way, PPPoE server S can identify subscriber C and may apply different settings to it.

Note: For related information about PPPoE IA, see Section 31.3 on page 251.

The settings in this tutorial are as follows:

Table 6 Settings in this Tutorial

SWITCH PORT CONNECTED VLAN CIRCUIT-ID REMOTE-ID PPPOE IA PORT TRUSTED

A Port 5 (to C)

Port 12 (to B)

B Port 11 (to A)

1 1

userC N/A

N/A

00134900000A N/A

N/A

Untrusted Trusted

Trusted

Port 12 (to S)

6.3.1 Configuring Switch A

1 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply.

N/A

Trusted

Click Port on the top of the screen.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

2 Select Untrusted for port 5 and enter userC as Circuit-id and 00134900000A as Remote-id.

Select Trusted for port 12 and then leave the other fields empty. Click Apply.

Then Click Intermediate Agent on the top of the screen.

3 The Intermediate Agent screen appears. Click VLAN on the top of the screen.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in

this example. Click Apply.

5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow

the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server. Click Apply.

6.3.2 Configuring Switch B

The example uses another MES3500-24/24F as switch B.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

1 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply.

Click Port on the top of the screen.

2 Select Trusted for ports 11 and 12 and then click Apply.

Then Click Intermediate Agent on the top of the screen.

MES3500-24/24F User’s Guide

3 The Intermediate Agent screen appears. Click VLAN on the top of the screen.

4 Enter 1 for both Start VID and End VID. Click Apply.

Chapter 6 Tutorials

5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow

the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server. Click Apply.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

The settings are completed now. If you miss some settings above, subscriber C could not successfully receive an IP address assigned by the PPPoE Server. If this happens, make sure you follow the steps exactly in this tutorial.

6.4 How to Use Error Disable and Recovery on the Switch

This tutorial shows you how to shut down a port when:

• there is a loop occurred

• too many ARP requests (over 100 packets per second) received on a port

You also want the Switch to wait for a period of time (10 minutes) before resuming the port automatically, after the problem(s) are gone. Loop guard and Errdiable features are helpful for this demand.

Note: Refer to Section 27.2 on page 235 and Section 32.3 on page 258 for more

information about Loop Guard and Errdiable.

To configure the settings:

1 First, click Advanced Application > Loop Guard. Select the Active option in the first section to

enable loop guard on the Switch. Then select the Active option of the first entry (port *) to enable loop guard for all ports. Click Apply.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

2 Click Advanced Application > Errdisable > CPU Protection, select ARP as the reason, enter

100 as the rate limit (packets per second) for the first entry (port *) to apply the setting to all ports. Then click Apply.

3 Click Advanced Application > Errdisable > Errdisable Detect, select Active for cause ARP

and inactive-port as the mode. Then click Apply.

4 Click Advanced Application > Errdisable > Errdisable Recovery, select Active and Timer

Status for loopguard and ARP entries. Also enter 180 (180 seconds = 3 minutes) in the Interval field for both entries. Then click Apply.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

Internet

Guest VLAN 200 Ports 1, 2, 3 and 10

VLAN 1

6.5 How to Set Up a Guest VLAN

All ports on the Switch are in VLAN 1 by default. Say you enable IEEE 802.1x authentication on ports 1 to 8. Clients that connect to these ports should provide the correct user name and password in order to access the ports. You want to assign clients that connect to ports 1, 2 or 3 to a guest VLAN (200 for example) before they can authenticate with the authentication server. In this guest VLAN, clients can surf the Internet through the default gateway attached to port 10, but are not allowed to access other network resources, such as the mail server or local data base.

6.5.1 Creating a Guest VLAN

Follow the steps below to configure port 1, 2, 3 and 10 as a member of VLAN 200.

1 Access the web configurator through the Switch’s port which is not in VLAN 200.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the

settings to the run-time memory.

3 Click Advanced Application > VLAN > Static VLAN.

4 In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 200 for example) in

the Name field and enter 200 in the VLAN Group ID field.

5 Select Fixed to configure ports 1, 2, 3 and 10 to be permanent members of this VLAN.

6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out

of these ports.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost

when the Switch’s power is turned off.

8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the

VLAN Status screen.

9 Enter 200 in the PVID field for ports 1, 2, 3 and 10 to add a tag to incoming untagged frames

received on these ports so that the frames are forwarded to the VLAN group that the tag defines.

MES3500-24/24F User’s Guide

10 Click Apply to save your changes back to the run-time memory.

Chapter 6 Tutorials

11 Click the Save link in the upper right corner of the web configurator to save your configuration

permanently.

6.5.2 Enabling IEEE 802.1x Port Authentication

Follow the steps below to enable port authentication to validate access to ports 1~8 to clients based on a RADIUS server.

1 Click Advanced Application > Port Authentication and then the Click Here link for 802.1x.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

2 Select the first Active checkbox to enable 802.1x authentication on the Switch.

Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports.

Click Apply.

6.5.3 Enabling Guest VLAN

1 Click the Guest Vlan link in the 802.1x screen.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

2 Select Active and enter the guest VLAN ID (200 in this example) on ports 1, 2 and 3. The Switch

puts unauthenticated clients in the specified guest VLAN. Set Host-mode to Multi-Secure to have the Switch authenticate each client that connects to one

of these ports, and specify the maximum number of clients that the Switch will authenticate on each of these port (5 in this example).

Click Apply.

3 Click the Save link in the upper right corner of the web configurator to save your configuration

permanently.

Clients that attach to port 1, 2 or 3 and fail to authenticate with the RADIUS server now should be in VLAN 200 and can access the Internet, but cannot communicate with devices in VLAN 1.

6.6 How to Do Port Isolation in a VLAN

You want to prevent communications between ports in a VLAN but still allow them to access the Internet or network resources through the uplink port in the same VLAN. You use private VLAN to

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

Internet

do port isolation in a VLAN instead of assigning each port to a separate VLAN and creating a different IP routing domain for each individual port.

In this example, you put ports 2 to 4 and 25 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2, 3 and 4.

6.6.1 Creating a VLAN

Follow the steps below to configure port 2, 3, 4 and 25 as a member of VLAN 123.

1 Access the web configurator through the Switch’s port which is not in VLAN 123.

2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the

settings to the run-time memory.

3 Click Advanced Application > VLAN > Static VLAN.

4 In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 123 for example) in

the Name field and enter 123 in the VLAN Group ID field.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

5 Select Fixed to configure ports 2, 3, 4 and 25 to be permanent members of this VLAN.

6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out

of these ports.

7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost

when the Switch’s power is turned off.

8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the

VLAN Status screen.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

9 Enter 123 in the PVID field for ports 2, 3, 4 and 25 to add a tag to incoming untagged frames

received on these ports so that the frames are forwarded to the VLAN group that the tag defines.

10 Click Apply to save your changes back to the run-time memory.

11 Click the Save link in the upper right corner of the web configurator to save your configuration

permanently.

6.6.2 Creating a Private VLAN Rule

Follow the steps below to configure private VLAN for VLAN 123.

1 Click Advanced Application > Private VLAN.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

2 In the Private VLAN screen, select Active.

Enter a descriptive name (PrivateVLAN123 for example) in the Name field and enter 123 in the VLAN ID field.

Click Add.

3 Click the Save link in the upper right corner of the web configurator to save your configuration

permanently. Ports 2, 3 and 4 in this VLAN will be added to the isolated port list automatically and cannot send

traffic to each other.

From port 2, 3, or 4, you should be able to access the device that attachs to port 25, such as a server or default gateway.

MES3500-24/24F User’s Guide

Chapter 6 Tutorials

MES3500-24/24F User’s Guide

PART II

Technical Reference

System Status and Port Statistics

This chapter describes the system status (web configurator home page) and port details screens.

7.1 Overview

The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.

7.2 Port Status Summary

To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.

CHAPTER 7

Figure 26 Status

MES3500-24/24F User’s Guide 81

Chapter 7 System Status and Port Statistics

The following table describes the labels in this screen.

Table 7 Status

LABEL DESCRIPTION

Port This identifies the Ethernet port. Click a port number to display the Port Details

Name This is the name you assigned to this port in the Basic Setting > Port Setup

Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or

State If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the

LACP This fields displays whether LACP (Link Aggregation Control Protocol) has been

TxPkts This field shows the number of transmitted frames on this port. RxPkts This field shows the number of received frames on this port. Errors This field shows the number of received errors on this port. Tx KB/s This field shows the number of kilobytes per second transmitted on this port. Rx KB/s This field shows the number of kilobytes per second received on this port. Up Time This field shows the total amount of time in hours, minutes and seconds the port

Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical

screen (refer to Figure 27 on page 83).

screen.

1000M for 1000Mbps) and the duplex (F for full duplex or H for half). It also shows the cable type (Copper or Fiber) for the combo ports.

This field displays Down if the port is not connected to any device.

port (see Section 13.1 on page 122 for more information). If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it

displays STOP.

enabled on the port.

has been up.

information for that port, or select Any to clear statistics for all ports.

MES3500-24/24F User’s Guide

7.2.1 Status: Port Details

Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch.

Figure 27 Status > Port Details

Chapter 7 System Status and Port Statistics

The following table describes the labels in this screen.

Table 8 Status: Port Details

LABEL DESCRIPTION

Port Info

Port NO. This field displays the port number you are viewing. Name This field displays the name of the port. Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for

MES3500-24/24F User’s Guide

1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber).

This field displays Down if the port is not connected to any device.

Chapter 7 System Status and Port Statistics

Table 8 Status: Port Details (continued)

LABEL DESCRIPTION

Status If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port (see

Section 13.1 on page 122 for more information).

If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays

STOP. LACP This field shows if LACP is enabled on this port or not. TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port. Tx KB/s This field shows the number kilobytes per second transmitted on this port. Rx KB/s This field shows the number of kilobytes per second received on this port. Up Time This field shows the total amount of time the connection has been up.

Tx Packet The following fields display detailed information about packets transmitted.

Unicast This field shows the number of good unicast packets transmitted. Multicast This field shows the number of good multicast packets transmitted. Broadcast This field shows the number of good broadcast packets transmitted. Pause This field shows the number of 802.3x Pause packets transmitted.

Rx Packet The following fields display detailed information about packets received.

Unicast This field shows the number of good unicast packets received. Multicast This field shows the number of good multicast packets received. Broadcast This field shows the number of good broadcast packets received. Pause This field shows the number of 802.3x Pause packets received.

TX Collision The following fields display info rmation on collisions while transmitting.

Single This is a count of successfully transmitted packets for which transmission is inhibited by

exactly one collision. Multiple This is a count of successfully transmitted packets for which transmission was inhibited by

more than one collision. Excessive This is a count of packets for which tr ans mis sion failed due to excessive collisions. Excessive

Late This is the number of times a late collision is detected, that is, after 512 bits of the packets

Error Packet The following fields display detailed information about packets received that were in error.

RX CRC This field shows the number of packets received with CRC (Cyclic Redundant Check) error(s). Length This field shows the number of packets received with a length that was out of range. Runt This field shows the number of packets received that were too short (shorter than 64 oc tets),

Distribution

64 This field shows the number of packets (including bad packets) received that were 64 octets

65-127 This field shows the number of packets (including bad packets) received that were between

collision is defined as the number of maximum collisions before the retransmission count is

reset.

have already been transmitted.

including the ones with CRC errors.

in length.

65 and 127 octets in length.

MES3500-24/24F User’s Guide

Chapter 7 System Status and Port Statistics

Table 8 Status: Port Details (continued)

LABEL DESCRIPTION

128-255 This fie ld shows the number of packets (including bad packets) received that were between

128 and 255 octets in length. 256-511 This fie ld shows the number of packets (including bad packets) received that were between

256 and 511 octets in length. 512-1023 This field shows the number of packets (including bad packets) received that were between

1024-1518 This field shows the number of packets (including bad packets) received that were between

Giant This field shows the number of packets (including bad packets) received that were between

512 and 1023 octets in length.

1024 and 1518 octets in length.

1519 octets and the maximum frame size.

The maximum frame size varies depending on your switch model. See Chapter 46 on page

333.

MES3500-24/24F User’s Guide

This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens.

8.1 Overview

The System Info screen displays general Switch information (such as firmware version number) and hardware polling information (such as temperatures). The General Setup screen allows you to configure general Switch identification information. The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch. The real time is then displayed in the Switch logs. The Switch Setup screen allows you to set up and configure global Switch features. The IP Setup screen allows you to configure a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes. The Port Setup screen allows you to enable or disable a port on the Switch and configure the port settings, such as the speed and duplex mode.

CHAPTER 8

Basic Setting

8.2 System Information

In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature and voltage in this screen.

Figure 28 Basic Setting > System Info

MES3500-24/24F User’s Guide 86

Chapter 8 Basic Setting

The following table describes the labels in this screen.

Table 9 Basic Setting > System Info

LABEL DESCRIPTION

System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the model number of the Switch. ZyNOS F/W

Version Ethernet

Address Hardware Monitor Temperature

Unit

Temperature BOARD, MAC and PHY refer to the location of the temperature sensors on the Switch

Current This shows the current temperature at this sensor. MAX This field displays the maximum temperature measured at this sensor. MIN This field displays the minimum temperature measured at this sensor. Threshold This field displays the upper temperature limit at this sensor. Status This field displays Normal for temperatures below the threshold and Error for those above. Voltage(V) The power supply for each voltage has a sensor that is capable of detecting and reporting if

Current This is the current voltage reading. MAX This field displays the maximum voltage measured at this point. MIN This field displays the minimum voltage measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point;

This field displays the version number of the Switch 's current firmware including the date

created.

This field refers to the Ethernet MAC (Media Access Control) address of the Switch.

The Switch has temperature sensors that are capable of detecting and reporting if the

temperature rises abo ve the threshold. You may choose the temperature unit (Centigrade or

Fahrenheit) in this field.

printed circuit board.

the voltage falls out of the tolerance range.

otherwise Error is displayed.

MES3500-24/24F User’s Guide

Chapter 8 Basic Setting

8.3 General Setup

Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown.

Figure 29 Basic Setting > General Setup

The following table describes the labels in this screen.

Table 10 Basic Setting > General Setup

LABEL DESCRIPTION

System Name Choose a descriptive name for identification purposes. This name consists of up to 64

Location Enter the geographic location of your Switch. You can use up to 32 printable ASCII

Contact Person's Name

Use Time Server when Bootup

Time Server IP Address

Current Time This field displays the time you open this menu (or refresh the menu).

printable characters; spaces are allowed.

characters; spaces are allowed. Enter the name of the person in charge of this Switch. You can use up to 32 printable

ASCII characters; spaces are allowed. Enter the time service protocol that your timeserver uses. Not all time servers support all

protocols, so you may have to use trial and error to find a protocol that works. The main differences between them are the time format.

When you select the Daytime (RFC 867) format, the Switch displays the day, month, year and time with no time zone adjustment. When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone.

Time (RFC-868) format displays a 4-byte integer giving the total number of seconds since 1970/1/1 at 0:0:0.

NTP (RFC-1305) is similar to Time (RFC-868). None is the default value. Enter the time manually . Each time you turn on the Switch, the

time and date will be reset to 1970-1-1 0:0. Enter the IP address of your timeserver. The Switch searches for the timeserver for up to

60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds. Please wait.

MES3500-24/24F User’s Guide

Chapter 8 Basic Setting

Table 10 Basic Setting > General Setup (continued)

LABEL DESCRIPTION

New Time (hh:min:ss)

Current Date This field displays the date you open this menu. New Date (yyyy-

mm-dd) Time Zone Select the time difference between UTC (Universal Time Coordinated, formerly known as

Daylight Saving Time

Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight

End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight

Enter the new time in hour, minute and second format. The new time then appears in the Current Time field after you click Apply.

Enter the new date in year, month and day format. The new date then appears in the Current Date field after you click Apply.

GMT, Greenwich Mean Time) and your time zone from the drop-down list box. Daylight saving is a period from late spring to early fall when many countries set their

clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time.

Saving Time. The time is displayed in the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of

March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in the United States yo u would select Second, Sunday, March and 2:00.

Daylight Saving Time starts in the European Union on the last Sunday of March. All of the time zones in the European Union start using Daylight Saving Time at the same moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, March and the last field depends on your time zone. In Germany for instance, you would select

2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).

Saving Time. The time field uses the 24 hour format. Here are a couple of examples:

Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in the United States you would select First, Sunday, November and 2:00.

Daylight Saving Time ends in the European Union on the last Sunday of October. All of the time zones in the European Union stop using Dayl ight Saving Time at the s ame moment (1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, October and the last field depends on your time zone. In Germany for instance, you would select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these

changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

Cancel Click Cancel to begin configuring this screen afresh.

8.4 Introduction to VLANs

A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s); the traffic must first go through a router.

In MTU (Multi-Tenant Unit) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building.

MES3500-24/24F User’s Guide

Chapter 8 Basic Setting

Isolated ports: 2~6 Root port: 7 Designated port: 8

Before Smart Isolation:

Isolated ports: 2~6, 8 Root port: 7 Designated port: 8

After Smart Isolation:

VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain.

Note: VLAN is unidirection al; it only governs outgoing traffic.

See Chapter 9 on page 97 for information on port-based and 802.1Q tagged VLANs.

8.4.1 Smart Isolation

To block traffic between two specific ports within the Switch, you can use port isolation or private VLAN (see Chapter 33 on page 262 for more information). However, it does not work across multiple switches. For example, broadcast traffic from isolated ports on a switch (say B) can be forwarded to all ports on other switches (A and C), including the isolated ports.

Smart isolation allows you to prevent isolated ports on different switches from transmitting traffic to each other. After you enable RSTP/MRSTP and smart isolation on the Switch, the designated port(s) will be added to the isolated port list. In the following example, switch A is the root bridge. Switch B’s root port 7 connects to switch A and switch B’s designated port 8 connects to switch C. T raffic from isolated ports on switch B can only be sent through non-isolated port 1 or root port 7 to switch A. This prevents isolated ports on switch B sending traffic through designated port 8 to switch C. Traffic received on designated port 8 from switch C will not be forwarded to any other isolated ports on switch B.

MES3500-24/24F User’s Guide

You should enable RSTP or MRSTP bef ore you can use smart isolation on the Sw itch. If the network topology changes, the Switch automatically updates the isolated port list with the latest designated port information.

Note: The uplink port connected to the Internet should be the root port. Otherwise, with

smart isolation enabled, the isolated ports cannot access the Internet.

8.5 Switch Setup

Click Basic Setting > Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.

Figure 30 Basic Setting > Switch Setup

Chapter 8 Basic Setting

The following table describes the labels in this screen.

Table 11 Basic Setting > Switch Setup

LABEL DESCRIPTION

VLAN Type Choose 802.1Q or Port Based. The VLAN Setup screen changes depending on

Smart Isolation Select Active to enable smart isolation on the Switch. The des ignated port(s) then

MAC Address Learning

MES3500-24/24F User’s Guide

whether you choose 802.1Q VLAN type or Port Based VLAN type in this screen. See Chapter 9 on page 97 for more information.

becomes the isolated port. Smart isolation allows you to prevent isolated ports on different switches from transmitting traffic to each other.

Note: To use smart isolation, you should have configured 802.1Q VLAN port

isolation or private VLAN and (M)RSTP on the Switch. Smart isolation does not work with MSTP and/or port-based VLAN.

MAC address learning reduces outgoing traffic broadcasts. For MAC address learning to occur on a port, the port must be active.

Chapter 8 Basic Setting

Table 11 Basic Setting > Switch Setup (continued)

LABEL DESCRIPTION

Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamically learned

GARP Timer: Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration ti meout values. See th e chapter on VLAN setup for more background information.

Join Timer Join Timer sets the durat ion of the Join P eriod timer for GVRP in milliseconds. Each

Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds.

Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in

Priority Queue Assignment IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that

contains bits to define class of service. Frames without an explicit priority tag are given the default priority of the ingress port. Use the next fields to configure the priority level-to-physical queue mapping.

The Switch has eight physical queues that you can map to the 8 priority levels. On the Switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.

Priority Level (The following descriptions are based on the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p).

Level 7 Typically used for network control traffic such as router configuration messages. Level 6 Typically used for voice traffic that is especially sensitive to jitter (jitter is the

Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter. Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems

Level 3 Typically used for “excellent effort” or better than best effort and would include

Level 2 This is for “spare bandwidth”. Level 1 This is typically used for non-critical “background” traffic such as bulk transfers

Level 0 Typically used for best-effort traffic. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch

Cancel Click Cancel to reset the fields.

MAC addresses remain in the MAC address table before they age out (and must be relearned).

port has a Join Period timer. The allowed Join Time range is between 100 and 65535 milliseconds; the default is 200 milliseconds. See the chapter on VLAN setup for more background information.

Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 millisecon ds.

milliseconds. Each port has a single Leave All Period timer. Leave All Timer must be larger than Leave Timer.

variations in delay).

Network Architecture) transactions.

important business traffic that can tolerate some delay.

that are allowed but that should not affect other applications and users.

loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

MES3500-24/24F User’s Guide

8.6 IP Setup

Use the IP Setup screen to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic.

8.6.1 Management IP Addresses

The Switch needs an IP address for it to be managed over the network. The factory default in-band IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0.

You can configu re up to 64 IP addresses which are used to access and manage the S witch from the ports belonging to the pre-defined VLAN(s).

Note: You must configure a VLAN first.

Figure 31 Basic Setting > IP Setup

Chapter 8 Basic Setting

MES3500-24/24F User’s Guide

Chapter 8 Basic Setting

The following table describes the labels in this screen.

Table 12 Basic Setting > IP Setup

LABEL DESCRIPTION

Domain Name Server

Default Management IP Address DHCP Client Select this option if you have a DHCP server that can assign the Switch an IP address,

Static IP Address Select this option if you don’t have a DHCP server or if you wish to assign static IP

IP Address Enter the IP address of your Switch in dotted decimal notation for example

IP Subnet Mask Enter the IP subnet mask of your Switch in dotted decimal notation for example

Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation, for

VID Enter the VLAN identification number associated with the Switch IP address. This is the

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses

Cancel Click Cancel to begin configuring the fields again. Management IP Addresses

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address.

subnet mask, a default gateway IP address and a domain name server IP address automatically.

address information to the Switch. You need to fill in the following fields when you select this option.

192.168.1.1.

255.255.255.0.

example 192.168.1.254.

VLAN ID of the CPU and is used for management only. The default is "1". All ports, by default, are fixed members of this "management VLAN" in order to mana ge the device from any port. If a port is not a member of this VLAN, then users on that port cannot access the device. To access the Switch make sure the port that you are connected to i s a member of Management VLAN.

these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

You can create up to 64 IP addresses, which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). You must configure a VLAN first.

IP Address Enter the IP address for managing the Switch by the members of the VLAN specified in

the VID field below. IP Subnet Mask Enter the IP subnet mask in dotted decimal notation. VID Type the VLAN group identification number. Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation. Add Click Add to insert the entry to the summary table below and save your changes to the

Switch’s run-time memory. The Switch loses these changes if it is turned off or loses

power, so use the Save link on the top navigation panel to save your changes to the

non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. Index This field displays the index number of the rule. Click an index number to edit the rule. IP Address This field displays the IP address. IP Subnet Mask This field displays the subnet mask. VID This field displays the ID number of the VLAN group. Default Gateway This field displays the IP address of the default gateway.

MES3500-24/24F User’s Guide

Table 12 Basic Setting > IP Setup (continued)

LABEL DESCRIPTION

Delete Check the management IP addresses that you want to remove in the Delete column,

Cancel Click Cancel to clear the selected check boxes in the Delete column.

8.7 Port Setup

Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen.

Figure 32 Basic Setting > Port Setup

Chapter 8 Basic Setting

then click the Delete button.

The following table describes the labels in this screen.

Table 13 Basic Setting > Port Setup

LABEL DESCRIPTION

Port This is the port index number. * Settings in this row apply to all ports.

Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.

Note: Changes in this row are copied to all the ports as soon as you make them.

Active Select this check box to enable a port. The factory default for all ports is enabled. A port must

Name Enter a descriptive name that identifies this port. You can enter up to 64 alpha-numerical

Type This field displays 10/100M for Fast Ethernet connections and 10/100/1000M for Gigabit

be enabled for data transmission to occur.

characters.

Note: Due to space limitation, the port name may be truncated in some web configurator

screens.

connections.

MES3500-24/24F User’s Guide

Chapter 8 Basic Setting

Table 13 Basic Setting > Port Setup (continued)

LABEL DESCRIPTION

Speed/Duplex Select the speed and the duplex mode of the Ethernet connection on this port. Choices are

Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory

Auto, 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, 100M/Full Duplex and 1000M/Full Duplex (Gigabit connections only).

Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When autonegotiation is turned on, a port on the Switch negotiates wi th the peer automatically to determine the connection speed and duplex mode. If the peer port does not support autonegotiation or turns off this feature, the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the Switch’s autonegotiation is turned off, a port uses the pre-configured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer port are the same in order to connect.

causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port.

The Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode.

IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill.

Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later. Select Flow Control to enable it.

802.1p Priority

Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these

Cancel Click Cancel to begin configuring this screen afresh.

This priority value is added to incoming frames without a (802.1p) priority queue tag. See Priority Queue Assignment in Table 11 on page 91 for more information.

changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.

MES3500-24/24F User’s Guide

CHAPTER 9

The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs.

9.1 Introduction to IEEE 802.1Q Tagged VLANs

A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes for the TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) and two bytes for the TCI (Tag Control Information, starting after the source address field of the Ethernet frame).

VLAN

The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum number of 4,096 VLANs. Note that user priority and VLAN ID are independent of each other. A frame with VID (VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and the value 4095 (FFF) is reserved, so the maximum possible number of VLAN configurations is 4,094.

TPID 2 Bytes

User Priority 3 Bits

CFI 1 Bit

VLAN ID 12 bits

9.1.1 Forwarding Tagged and Untagged Frames

Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware switch, the Switch first decides where to forward the frame and then strips off the VLAN tag. To forward a frame from an 802.1Q VLANunaware switch to an 802.1Q VLAN-aware switch, the Switch first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.

A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain.

MES3500-24/24F User’s Guide 97

Chapter 9 VLAN

9.2 Automatic VLAN Registration

GARP and GVRP are the protocols used to automatically register VLAN membership across switches.

9.2.1 GARP

GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP.

9.2.1.1 GARP Timers

Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values.

9.2.2 GVRP

GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch.

Please refer to the following table for common IEEE 802.1Q VLAN terminology.

Table 14 IEEE 802.1Q VLAN Terminology

VLAN PARAMETER TERM DESCRIPTION

VLAN Type Permanent VLAN This is a static VLAN cre a ted manually.

Dynamic VLAN This is a VLAN configured by a GVRP registration/deregistration

process.

VLAN Administrative Control

VLAN Tag Control Tagged Ports belonging to the specified VLAN tag all outgoing frames

VLAN Port Port VID This is the VLAN ID assigned to untagged frames that this port

Registration Fixed Fixed registration ports are permanent VLAN members.

Registration Forbidden

Normal Registration Ports dynamically join a VLAN using GVRP.

Untagged Ports belonging to the specified VLAN don't tag all outgoing

Acceptable Frame Type

Ingress filtering If set, the Switch discards incoming frames for VLANs that do not

Ports with registration forbidden are forbidden to join the specified VLAN.

transmitted.

frames transmitted.

received. You may choose to accept both tagged and untagged incoming

frames, just tagged incoming frames or just untagged incoming frames on a port.

have this port as a member.

MES3500-24/24F User’s Guide

9.3 Port VLAN Trunking

Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices.

The following figure describes VLAN Trunking. Suppose you want to create VLAN groups 1 and 2 (V1 and V2) on devices A and B. Without VLAN Trunking, you must configure VLAN groups 1 and 2 on all intermediary switches C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with VLAN group tags 1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s).

Figure 33 Port VLAN Trunking

Chapter 9 VLAN

9.4 Select the VLAN Type

Select a VLAN type in the Basic Setting > Switch Setup screen.

Figure 34 Switch Setup: Select VLAN Type

9.5 Static VLAN

Use a static VLAN to decide whether an incoming frame on a port should be

• sent to a VLAN group as normal depending on its VLAN tag.

• sent to a group whether it has a VLAN tag or not.

• blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing fr ames (that were previously untagged) from a port with the specified

VID.

MES3500-24/24F User’s Guide

Chapter 9 VLAN

9.5.1 VLAN Status

See Section 9.1 on page 97 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next.

Figure 35 Advanced Application > VLAN: VLAN Status

The following table describes the labels in this screen.

Table 15 Advanced Application > VLAN: VLAN Status

LABEL DESCRIPTION

VLAN Search by VID

The Number of VLAN

The Number of Search Results

Index This is the VLAN index number. Click on an index number to view more VLAN details. VID This is the VLAN identification number that was configured in the Static VLAN screen.

Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN

Status This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static -

Change Pages Click Previous or Next to show the pr evious/ne xt screen if all status information cannot be

Enter an existing VLAN ID number(s) (separated by a comma) and click Search to display only the specified VLAN(s) in the list below.

Leave this field blank and click Search to display all VLANs configured on the Switch. This is the number of VLANs configured on the Switch.

This is the number of VLANs that match the searching criteria and display in the list below. This field displays only when you use t he Search button to look for certain VLANs.

was set up.

added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR).

seen in one screen.

100

MES3500-24/24F User’s Guide

ZyXEL Communications MES3500-24, MES3500-24F User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

MES3500-24/24F

About This User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

User’s Guide

1.1 Introduction

Getting to Know Your Switch

1.1.1 Backbone Application

1.1.2 Bridging Example

1.1.3 High Performance Switching Example

1.1.4 IEEE 802.1Q VLAN Application Examples

1.1.5 IPv6 Support

1.2 Ways to Manage the Switch

1.3 Good Habits for Managing the Switch

Hardware Installation and Connection

2.1 Installation Scenarios

2.2 Desktop Installation Procedure

2.3 Mounting the Switch on a Rack

2.3.1 Rack-mounted Installation Requirements

2.3.2 Attaching the Mounting Brackets to the Switch

2.3.3 Mounting the Switch on a Rack

3.1 Front Panel

Hardware Overview

3.1.1 Console Port

3.1.2 Ethernet Ports

3.1.3 Transceiver Slots

3.1.4 Power Connector

3.1.5 Signal Slot

3.2 LEDs

4.1 Introduction

The Web Configurator

4.2 System Login

4.3 The Web Configurator Layout

4.3.1 Change Your Password

4.4 Saving Your Configuration

4.5 Switch Lockout

4.6 Resetting the Switch

4.6.1 Reload the Configuration File

4.7 Logging Out of the Web Configurator

4.8 Help

5.1 Overview

5.1.1 Creating a VLAN

Initial Setup Example

5.1.2 Setting Port VID

5.2 Configuring Switch Management IP Address

6.1 How to Use DHCP Snooping on the Switch

Tutorials

6.2 How to Use DHCP Relay on the Switch

6.2.1 DHCP Relay Tutorial Introduction

6.2.2 Creating a VLAN

6.2.3 Configuring DHCP Relay

6.2.4 Troubleshooting

6.3 How to Use PPPoE IA on the Switch

6.3.1 Configuring Switch A

6.3.2 Configuring Switch B

6.4 How to Use Error Disable and Recovery on the Switch

6.5 How to Set Up a Guest VLAN

6.5.1 Creating a Guest VLAN

6.5.2 Enabling IEEE 802.1x Port Authentication

6.5.3 Enabling Guest VLAN

6.6 How to Do Port Isolation in a VLAN

6.6.1 Creating a VLAN

6.6.2 Creating a Private VLAN Rule

Technical Reference

System Status and Port Statistics

7.1 Overview

7.2 Port Status Summary

7.2.1 Status: Port Details

8.1 Overview

Basic Setting

8.2 System Information

8.3 General Setup

8.4 Introduction to VLANs

8.4.1 Smart Isolation