ZyXEL Communications VES-1616 User Manual

VES-1616/24FA-5x Series

VDSL Switch

Support Notes

Version1.0

Apr. 2008

ZyXEL VES-1616/24FA-5x Series Support Notes

Switch Management and Maintenance ------------------------------------------------------ 3

Firmware Upgrade --------------------------------------------------------------------------- 3 Using the Web Configurator --------------------------------------------------------------- 3 Using the Console Port: -------------------------------------------------------------------- 3 Using FTP: ------------------------------------------------------------------------------------- 4 Restore a Configuration File --------------------------------------------------------------- 4 Using the Web Configurator: -------------------------------------------------------------- 4 Using the Console Port: -------------------------------------------------------------------- 5 Using FTP: ------------------------------------------------------------------------------------- 5 Backing Up a Configuration File ---------------------------------------------------------- 6 Using the Web Configurator: -------------------------------------------------------------- 6 Using the Console Port: -------------------------------------------------------------------- 6 Using FTP: ------------------------------------------------------------------------------------- 7 Load Factory Defaults ----------------------------------------------------------------------- 7 Using the Web Configurator: -------------------------------------------------------------- 7 Using the Console Port: -------------------------------------------------------------------- 8

General Networking ------------------------------------------------------------------------------- 8

DHCP Relay Option 82 Application ------------------------------------------------------ 8 Setting up a DHCP Relay Option 82 Environment ----------------------------------- 9

Separating a physical network into multiple virtual networks ------------------------- 24

What is Virtual LAN? ---------------------------------------------------------------------- 24 VLAN Overview ----------------------------------------------------------------------------- 24 Port-based VLAN --------------------------------------------------------------------------- 25 Port-based VLAN across multiple switches ------------------------------------------ 27 How to configure Port-Based VLAN --------------------------------------------------- 28 What is IEEE 802.1Q Tag-based VLAN? --------------------------------------------- 33 How 802.1Q VLAN works ---------------------------------------------------------------- 34 Connecting Two Switches using VLAN ----------------------------------------------- 37 Setting up VLAN Trunking --------------------------------------------------------------- 40 VLAN Stacking Overview ---------------------------------------------------------------- 44 Configuring Switch A, E, F and H Using the Web Configurator ----------------- 46 Configuring Switch B Using the Web Configurator --------------------------------- 46 Configuring Switch C Using the Web Configurator -------------------------------- 50 Configuring Switch D Using the Web Configurator -------------------------------- 52 Configuring Switch G Using the Web Configurator -------------------------------- 55

Network Scenario -------------------------------------------------------------------------------- 59

Configuring Switches A, E, F and H Using the CLI -------------------------------- 59 Configuring Switch B Using the CLI --------------------------------------------------- 60 Configuring Switch C via CLI ------------------------------------------------------------ 61 Configuring Switch D Using the CLI --------------------------------------------------- 62 IP Multicasting ------------------------------------------------------------------------------ 64

Configuring IGMP snooping in your switch ------------------------------------------------ 64

Configuration of IGMP snooping by web --------------------------------------------- 65 Configuration of IGMP and IGMP snooping by CLI -------------------------------- 66

Overview of MVR -------------------------------------------------------------------------------- 67

MVR Mode ----------------------------------------------------------------------------------- 68

ZyXEL VES-1616/24FA-5x Series Support Notes

Operation Mode ---------------------------------------------------------------------------- 69 Scenario of MVR --------------------------------------------------------------------------- 69

Triple play Application -------------------------------------------------------------------------- 77

Configure VES-1616FA-54 -------------------------------------------------------------- 77 Configure P-870H-51 ---------------------------------------------------------------------- 82 Ringing a network by building redundant links and connections between Switch ----------------------------------------------------------------------------------------- 91

What is Spanning Tree Protocol? ----------------------------------------------------------- 91

Spanning Tree Overview ----------------------------------------------------------------- 91 How STP Works ---------------------------------------------------------------------------- 92 How STP works ----------------------------------------------------------------------------- 94

Switching security -------------------------------------------------------------------------- 96 MAC Limit ----------------------------------------------------------------------------------------- 96 Setting up 802.1x Radius Authentication. ------------------------------------------------- 98

Port Authentication: RADIUS Setup --------------------------------------------------- 98

RADIUS Server Setup -------------------------------------------------------------------- 99

Create User Account ---------------------------------------------------------------------- 99

Supplicant Setup (Windows XP) -------------------------------------------------------- 99

802.1x/MD5-challenge setup ---------------------------------------------------------- 100

Classifier & Policy rule setup on your Switch ------------------------------------------- 102

Classifier Configuration ----------------------------------------------------------------- 103

Policy Rule Configuration -------------------------------------------------------------- 104

Centralized Management -------------------------------------------------------------- 105 Introduction to SNMPc and NetAtlas ----------------------------------------------------- 105

SNMPc Overview ------------------------------------------------------------------------ 106

EMS Overview ---------------------------------------------------------------------------- 107 FAQ ----------------------------------------------------------------------------------------------- 114

What are the default IP parameter settings? -------------------------------------- 114

What is the default login Name and Password to log into the Web

Configurator? ----------------------------------------------------------------- ------------- 114

How to access my SWITCH through the console port? ------------------------ 114

What is default login password for console, telnet, and FTP login? --------- 114

How to change the password? -------------------------------------------------------- 114

How to access the Command Line Interface (CLI)? ----------------------------- 115

If I have forgotten the password, how to reset the password to the default

setting? ------------------------------------------------------------------------------------- 115

How to configure the IP address? ---------------------------------------------------- 115

Is Online Help available on the Web Configurator? ------------------------------ 116

How to restart device from the Web Configurator? ------------------------------ 116

How to check the current running firmware version? ---------------------------- 116

Is the mini GBIC transceiver hot-swappable? ------------------------------------- 117

What is "Dual-Personality interface" on a VDSL Switch? ---------------------- 117

Can I enable IGMP snooping on the Switch which is acting as an IGMP

Router? ------------------------------------------------------------------------------------- 117

Can I enable MVR and IGMP snooping at the same time? -------------------- 117

ZyXEL VES-1616/24FA-5x Series Support Notes

Switch Management and Maintenance

Firmware Upgrade

Using the Web Configurator

1. Download (and unzipped) the correct model firmware to your computer.

2. Click Management > Maintenance in the navigator panel to display the following screen.

3. Click the “Click Here” link for Firmware Upgrade to display the following screen.

4. In the File Path field, click Browse to locate the firmware file.

5. Click Upgrade to start the firmware upgrade process.

Using the Console Port:

ZyXEL VES-1616/24FA-5x Series Support Notes

1. Download (and unzipped) the correct model firmware to your computer.

2. Connect to the console port and launch a Terminal Emulation software

3. Restart the switch to enter the debug mode via the terminal.

4. Enter “ATUR”.

5. Use the X-modem protocol to transfer (Send File) the firmware.

6. Enter “ATGO” to restart the switch after the file transfer is complete and the

firmware upgrade process is done.

Using FTP:

1. Download (and unzipped) the correct model firmware to your computer.

2. Launch the FTP client on your computer to log into switch. (From the command

prompt, type “ftp <Switch IP>”).

3. Press [ENTER] when prompted for a user name.

4. Enter the administrator login password to access the switch and display FTP

prompt.

5. Enter “bin” to set the transfer mode to binary.

6. Use “put” to transfer the firmware from the computer to the switch, for example:

“put firmware.bin ras-0” transfers the firmware on your computer (firmware.bin) to the switch and renames it to “ras-0”.

7. Use “put” to transfer the firmware from the computer to the switch, for example:

“put firmware.bin ras-1” transfers the firmware on your computer (firmware.bin) to the switch and renames it to “ras-1”.

8. Enter “bye” to log out from the switch.

Restore a Configuration File

Using the Web Configurator:

1. Click Management > Maintenance in the navigator panel to display the

following screen.

ZyXEL VES-1616/24FA-5x Series Support Notes

2. Click the “Click Here” link for Restore Configuration to display the following

screen.

3. In the File Path field, click Browse to locate the firmware file.

4. Click Restore to start restoring configuration.

Using the Console Port:

1. Connect to the console port and launch a Terminal Emulation software.

2. Restart the switch to enter the debug mode via the terminal.

3. Enter “ATLC”

4. Use X-modem protocol to transfer (Send File) the configuration file (with a .rom

file extension).

5. Enter “ATGO” to restart the switch after file transfer and the configuration

restore processes are complete.

Using FTP:

1. Download (and unzipped) the correct model firmware to your computer.

2. Launch the FTP client on your computer to log into the switch. (From the

command prompt, type “ftp <Switch IP>”.

3. Press [ENTER] when prompted for a user name

4. Enter the administrator login password to access the switch and display FTP

prompt.

5. Enter “bin” to set the transfer mode to binary.

6. Use “put” to transfer the configuration file from the computer to the switch, for

example: “put comfig.rom config” transfers the configuration file on your computer (config.rom) to the switch and renames it to “config”.

7. Enter “bye” to log out from the switch.

ZyXEL VES-1616/24FA-5x Series Support Notes

Backing Up a Configuration File

Using the Web Configurator:

1. Click Management > Maintenance in the navigator panel to display the

following screen.

2. Click the “Click Here” link for Backup Configuration to display the following

screen.

3. Click Backup to display the File Download dialog. Then, click Save to back up

the configuration text file to a location you specify on your computer.

Using the Console Port:

1. Connect to the console port and launch a Terminal Emulation software.

2. Restart the switch to enter the debug mode via the terminal.

3. Enter “ATTD”.

4. Use X-modem protocol to transfer (Receive File) the configuration file (with

a .rom file extension).

ZyXEL VES-1616/24FA-5x Series Support Notes

5. Enter “ATGO” to restart the switch after file transfer and the configuration

backup processes are complete. .

Using FTP:

1. Download (and unzipped) the correct model firmware to your computer.

2. Launch the FTP client on your PC to log into the switch. (From the command

prompt, type “ftp <Switch IP>”

3. Press [ENTER] when prompted for a user name

4. Enter the administrator login password to access the switch and display FTP

prompt.

5. Enter “bin” to set the transfer mode to binary.

6. Use “get” to transfer the configuration file from the switch to your computer, for

example: “get config config.rom” transfers the configuration file on the switch (config) to your computer and renames it “config.rom”.

7. Enter “bye” to log out from the switch.

Load Factory Defaults

Using the Web Configurator:

1. Click Management > Maintenance in the navigation panel to display the

following screen.

2. Click “Click Here” link for Load Factory Default.

3. A dialog box pops up with the “Are you sure you want to load factory defaults?”

prompt.

ZyXEL VES-1616/24FA-5x Series Support Notes

4. Click OK.

5. Click OK again to start the configuration reset process.

6. Please note that the IP address of the switch is now 192.168.1.1.

Using the Console Port:

1. Connect to the console port and open the Terminal Emulation Software.

2. Enter the administrator login password to log into the CLI. Enter “erase run” to

load the factory default configuration.

General Networking

DHCP Relay Option 82 Application

ISP may want to limit the number of IP address or provide some specific client IP addresses based on the switch ports, VLAN ID and option 82 string. They can easily achieve this with the DHCP Relay Option 82 feature and a DHCP server that supports Option 82. The following figure shows a network example.

ZyXEL VES-1616/24FA-5x Series Support Notes

Network

Port 1

DHCP Server

192.168.1.99

DHCP Client

Setting up a DHCP Relay Option 82 Environment In this example, we will show you how to configure DHCP relay settings to allow a

computer to obtain a specific IP address from a DHCP server based on the VDSL port, VLAN ID and the Option82 string.

In this network environment, we will use a VES-1616FA-5x series with a computer connected to a CPE to the first VDSL port. The Option82 string is set to “VES-1616FA-54”. The IP address of the DHCP server (IP Commander at 192.168.1.99) and it is to assign client IP addresses of 192.168.1.201 and 192.168.1.203 for VLAN ID 1 with Option82 string of “VES-1616FA-54”.

1. Switch settings

In the web configurator, click Advanced Application > DHCP in the navigation panel to display the DHCP screen as shown. Enable the DHCP relay feature and the Option 82 function. Click Information to set “VES-1616FA-54” as the Option

82 string.

ZyXEL VES-1616/24FA-5x Series Support Notes

Next connect a computer to the Ethernet port of the CPE to the 1

VDSL port.

Refer to the previous application for more information.

2. IP Commander setup Launch IP Commander and right-click IP Commander and click Connect New Server.

ZyXEL VES-1616/24FA-5x Series Support Notes

Enter the IP address or domain name for the DHCP server and click OK. For this

example, we enter 192.168.1.99 for the IP address.

ZyXEL VES-1616/24FA-5x Series Support Notes

Enter the user name and password. The default user name is “administrator” and password is “incognito”.

ZyXEL VES-1616/24FA-5x Series Support Notes

A screen displays. Make sure that the status of your DHCP is online. On the top menu, click Wizard > Rule Wizard.

ZyXEL VES-1616/24FA-5x Series Support Notes

Enter a name and description for the new rule.

ZyXEL VES-1616/24FA-5x Series Support Notes

Specify one or a range of IP addresses for this rule. In this example, we configure an IP pool from 192.168.1.201 to 192.168.1.203.

ZyXEL VES-1616/24FA-5x Series Support Notes

Next select DHCP Option in the Keywords field.

ZyXEL VES-1616/24FA-5x Series Support Notes

An Add DHCP Option Rule screen displays. Select Option 82 Relay Agent Information, set sub-option 1and use binary data.

For port 1, VLAN 1 with option82 string of “VES-1616FA-54”, enter

“0019000147532d33303132” as the key value and click OK. Note that the first

two bytes define the port number, the second two bytes is the VLAN ID and the rest of the bytes are the Option 82 string.

ZyXEL VES-1616/24FA-5x Series Support Notes

After setting the fields, you should see the following screen.

ZyXEL VES-1616/24FA-5x Series Support Notes

Click Next in the screen that displays.

ZyXEL VES-1616/24FA-5x Series Support Notes

Optionally, you can create a new DHCP template with information such as gateway, DNS server, etc.

ZyXEL VES-1616/24FA-5x Series Support Notes

Here, enter “192.168.1.1” as gateway IP address for DHCP clients.

ZyXEL VES-1616/24FA-5x Series Support Notes

You can choose to enable DDNS service on the DHCP server.

ZyXEL VES-1616/24FA-5x Series Support Notes

Click Finish to complete the rule creation.

ZyXEL VES-1616/24FA-5x Series Support Notes

After the DHCP server configuration, your computer should be able to get an IP address of 192.168.1.201 when a DHCP request is sent.

Separating a physical network into multiple

virtual networks

What is Virtual LAN?

VLAN Overview A VLAN (Virtual Local Area Network) allows a physical network to be partitioned

into multiple logical networks. Stations on a logical network belong to a group

ZyXEL VES-1616/24FA-5x Series Support Notes

known as the VLAN Group. A station can belong to more than one group. Stations in the same VLAN group can communicate with each other. With VLAN, a station cannot directly communicate with stations that are not in the same VLAN group(s); the traffic must first go through a router. In GePON applications, VLAN is vital in providing isolation and security among subscribers. When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN. Thus a user will not see the printers and hard disks of another user in the same building. VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. A VLAN group is a broadcast domain. In traditional Layer-2 switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. There are two VLAN implementations: Port-based VLAN and IEEE 802.1q Tagged VLAN. VES-1616F-3X supports both VLAN implementations. The major difference between both VLAN implementations is that Tagged VLAN can cross Layer-2 switches but Port-based VLAN cannot.

Port-based VLAN

Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. You must define outgoing

ports allowed for each port when using port-based VLANs.

Note that VLAN only governs the outgoing traffic. In the other word, it is unidirectional. Therefore, if you wish to allow two subscriber ports to talk to each other, e.g., between conference rooms in a hotel, you must define the egress (outgoing port) for both ports. An egress port is an outgoing port, that is, a port through which a data packet leaves. In the following figure, five hosts (A, B, C, D and E) are connected to a 5-port layer-2 switch which supported port-based VLAN.

Case 1:

Hosts A and B can communicate with each other, because they are in the same VLAN group. But Hosts A and B cannot communicate with Hosts C, D, and E.

ZyXEL VES-1616/24FA-5x Series Support Notes

Port-based VLAN definition:

z Egress port for port 1: port 2

z Egress port for port 2: port 1

Case 2:

In this network example, there are three VLAN groups in the physical network. Hosts A and B can communicate with each other since they are in the same VLAN group (VLAN 1). Hosts B and C are in VLAN group 2. Hosts A, D and E are in VLAN group 3.

Port-based VLAN definition:

z Egress port for port 1: port 2, port 4, port 5 z Egress port for port 2: port 1, port 3 z Egress port for port 3: port 2 z Egress port for port 4: port 1, port 5

z Egress port for port 5: port 1, port 4

ZyXEL VES-1616/24FA-5x Series Support Notes

Port-based VLAN across multiple switches

Port-based VLAN is specific only to the switch on which it was created. Thus, port-based VLAN cannot cross multiple switches. The following figure shows an MTU network example. For network security, subscribers are isolated from each other except for the gateway. There are two switches, Switch-2 and Switch-3, that support port-based VLAN and an uplink to a non-port-based VLAN switch, Switch-1.

For Switch-2, ports 1, 2, and 3 are allowed to communicate with uplink port 4, but not with other ports.

z Switch-2 VLAN 1 member port: port 1 and port 4 z Switch-2 VLAN 2 member port: port 2 and port 4 z Switch-2 VLAN 3 member port: port 3 and port 4

For Switch-3, ports 2, 3, and 4 are allowed to communicate with uplink port 1, but not with other ports.

z Switch-3 VLAN 1 member port: port 2 and port 1 z Switch-3 VLAN 2 member port: port 3 and port 1 z Switch-2 VLAN 3 member port: port 4 and port 1

Host A cannot communicate with Host B due to the port-based VLAN implementation on Switch-2. Host C cannot communicate with Host D due to the port-based VLAN implementation on Switch-3. However, the uplink ports on both Switch-2 and Switch-3 connect to the non- VLAN Switch-1. Hosts A and B is able to communicate with Hosts C and D through the non-VLAN switch because port-based VLAN cannot cross multiple switches. To provide security between switches, you must install another port-based VLAN switch for the uplink. Each port on the uplink switch also should be separated into different VLANs, except for the port connection to the gateway. So subscribers can only connect to the gateway for Internet access but not communicate with each other.

ZyXEL VES-1616/24FA-5x Series Support Notes

For Switch-1, ports 1, 2, and 3 are allowed to communicate with uplink port 4, but not with other ports.

z Switch-1 VLAN 1 member port: port 1 and port 4 z Switch-1 VLAN 2 member port: port 2 and port 4

z Switch-1 VLAN 3 member port: port 3 and port 4

How to configure Port-Based VLAN

Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.

ZyXEL VES-1616/24FA-5x Series Support Notes

PC Z

Port 1 ~ 4

PC A

In this scenario, Port Based VLAN is used to separate one physical switch into two smaller logical switches. Ports 1~4 and 17, 18 belong to the same VLAN group, and ports 5~8 are in another group. Port-based VLANs are specific only to the switch on which they were created.

PC B PC C PC D

Port 5 ~ 8

Configuring the Switch Using the Web Configurator

1. Use an RJ-45 Ethernet cable to connect a computer to the management port on the switch.

2. By default the management IP address of the switch is 192.168.0.1/24

3. Set the IP settings on your computer to 192.168.0.2/24

4. Open a web browser such as IE and enter http://192.168.0.1 as the URL.

5. When prompted, enter “admin” as the username and “1234” as the password.

6. After you have logged in successfully, the main web configurator screen displays.

+ 88 hidden pages