Manuale d’uso / di manutenzione del prodotto MES3500-24 del fabbricante ZyXEL Communications
Vai alla pagina of 349
www .zyxel.com www .zyxel.com MES3500-24/24F Layer 2 Management Switch Copyright © 201 1 ZyXEL Communications Corporation Firmware V ersion 4.00 Edition 1, 12/2011 Default Login Details IP Address http://192.
.
About This User's Guide MES3500-24/24F U ser’s Guide 3 About This User's Guide IMPORT ANT! READ CAREFULL Y BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Intended Audience This manual is intended for people who want to configure the S witch using the web configurator .
Document Conventions MES3500-24/24F U ser’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User’ s Guide.
Safety Warnings MES3500-24/24F U ser’s Guide 5 Safety Warnings • Do NOT use this pro duct near water , for example, in a wet basement or near a swimmi ng pool. • Do NOT expose y our device to da mpness, dust or c orrosive liquids. • Do NOT stor e things on the device.
Safety Warnings MES3500-24/24F U ser’s Guide 6.
Contents Overvi ew MES3500-24/24F U ser’s Guide 7 Contents Overview User ’ s Guide ......................................................................................... ......................... ......... 21 Getting to Know Y our Switch . ....
Contents Overview MES3500-24/24F U ser’s Guide 8 DHCP ........... ............ ................. ............. ................ ............. ................ ............. ........... ............. 276 Maintenance ............. ....... ...... .....
Table of Contents MES3500-24/24F U ser’s Guide 9 Table of Contents About This User's Guide ................................................. ....................................................... .. 3 Document Conventions .....................
Table of Contents MES3500-24/24F U ser’s Guide 10 3.1.5 Signal Slot .......... ... .... ............. ... ... ... ... .... ............. ... ... ... .... ... ... ............. ... ... .... ... ... .. ..... 35 3.2 LEDs ........................ ... ..
Table of Contents MES3500-24/24F U ser’s Guide 11 Part II: T echnical Referenc e ..................................... .............................. 79 Chapter 7 System St atus and Port St atistics ..................................................
Table of Contents MES3500-24/24F U ser’s Guide 12 Chapter 10 St atic MAC Forward Setup ........................................................ ........................................... 1 14 10.1 Overview . ................ ............. .........
Table of Contents MES3500-24/24F U ser’s Guide 13 Chapter 16 Mirroring ................................. .................................................... ................................. .......... 146 16.1 Port Mirroring Setup ................
Table of Contents MES3500-24/24F U ser’s Guide 14 21.4 Policy Example ........ ................ ............. ...... ............. ............. ................ ............. ......... ...... 175 Chapter 22 Queuing Method ..........................
Table of Contents MES3500-24/24F U ser’s Guide 15 25.1.1 Local User Accounts ...... ... .... ... ... ... ... .... ... ... ... .... ... ............. ... ... ... .... ... ... ... .... ... ... ..... 201 25.1.2 RADIUS and T ACACS+ .......... ..........
Table of Contents MES3500-24/24F U ser’s Guide 16 29.1 Layer 2 Protocol Tunneling Overview .... .......... ............. ................ ............. ................ ..... 241 29.1.1 Layer-2 Protocol Tunne ling Mode ......... ................ ...
Table of Contents MES3500-24/24F U ser’s Guide 17 35.1 DiffServ Overview ............... ................ ............. ............. ................ ............. ................ . .... 268 35.1.1 DSCP and Per-Hop Behavior ............... .......
Table of Contents MES3500-24/24F U ser’s Guide 18 38.2 The Access Co nt rol Main Screen ...... ............. ................ ................ ................ ............. ..... 290 38.3 About SNMP ...................... ................ .........
Table of Contents MES3500-24/24F U ser’s Guide 19 Chapter 43 ARP T able .................................................... ..................................................... ............. ........ 325 43.1 ARP T able Overview ..................
Table of Contents MES3500-24/24F U ser’s Guide 20.
21 P ART I User ’ s Guide.
22.
MES3500-24/24F U ser’s Guide 23 C HAPTER 1 Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction The Switch is a layer-2 standalone Ethernet switch. The MES3500-24 has 24 10/100 Mbps fast Ethernet ports.
Chapter 1 Getting to Know Your Switch MES3500-24/24F U ser’s Guide 24 1.1.2 Bridging Example In this example, the Switch connects different company departments ( RD and Sales ) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks.
Chapter 1 Getting to Know Your Switch MES3500-24/24F U ser’s Guide 25 1.1.4 IEEE 802.1Q VLAN Application Examples A VLAN (Virtual Local Area Network) allows a ph ysic al network to be partitioned into multiple logical networks. Stations on a logical network belong to one group.
Chapter 1 Getting to Know Your Switch MES3500-24/24F U ser’s Guide 26 1.2 W ays to Manage the Switch Use any of the following methods to manage the S witch. • W eb Configur ator . This is recommended for everyday management of the Switch using a (supported) web browser .
MES3500-24/24F U ser’s Guide 27 C HAPTER 2 Hardware Installation and Connection This chapter shows you how to install and connect the Sw itch. 2.1 Inst allation Scenarios The Switch can be placed on a desktop or r ack -mounted on a standard EIA r ack.
Chapter 2 Hardware Installation and Connection MES3500-24/24F U ser’s Guide 28 2.3.1.1 Precautions • Make sure the r ack will safely support the comb ined weight of all the equipment it contains. • Make sure the position of the S witch does not make the r ack unstable or top-heav y .
Chapter 2 Hardware Install ation and Conne ction MES3500-24/24F U ser’s Guide 29 2.3.3 Mounting the Switch on a Rack 1 Po sition a mounting bracket (that is already attach ed to the Switch) on one side of the r ack, lining up the two screw holes on the brack et with the screw holes on the side of the r ack.
MES3500-24/24F U ser’s Guide 30 C HAPTER 3 Hardware Overview This chapter describes the front panel and rear pa nel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel The following figure shows the front panel of the S witch.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 31 Figure 10 MES3500-24F Front Panel: DC Model The following table describes the port labels on the front panel.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 32 Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer . 3.1.2 Ethernet Port s The Switch has 24 10/100 Mbps auto-negotiating, auto-crossover Ethernet ports.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 33 Y ou can change transceivers while the Switch is operating. Y ou can use different transceivers to connect to Ethernet switches with different types of fiber -optic or even copper cable connectors.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 34 3 Pull the transceiver out of the slot. Figure 13 Removing the Fiber Optic Cables Figure 14 Opening the T ransceiv er’s Latch Example Figure 15 T ran sceiver Remov al Example 3.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 35 3.1.4.2 DC Power Connection The Switch uses a single ETB series terminal block plug with four pins which allow s you to connect up to two separate power supplies. If one powe r supply fails the system can oper ate on the remaining power supply .
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 36 1 Use a connector to connect wires of the correct gauge to the sensor’s signal output pins. See Chapter 46 on page 333 for the wire specifications. Check the sensor’s documentation to identify its two signal output pins.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 37 2 When daisy-chaining further S witches ensure that the signal output pins you use are the same as those you used when connecting to the first switch, as shown in the diagram below . Figure 17 Daisy-chaining an External Alarm Sensor to Other S witches of the Same Model 3.
Chapter 3 Hardware Ove rview MES3500-24/24F U ser’s Guide 38 LNK Green On The link to this port is up . Off The link to th is port is down. ACT Green Blinking This port is receiving or transmitting data.
MES3500-24/24F U ser’s Guide 39 C HAPTER 4 The Web Configurator This section introduces the configur ation and functions of the web configur ator . 4.1 Introduction The web configurator is an HTML -based management interface that allows easy Switch setup and management via Internet browser .
Chapter 4 The Web Configurator MES3500-24/24F U ser’s Guide 40 3 The login screen appears. The default username is admin and associated default password is 1234 . The date and time display as shown if you have not conf igured a time server nor manually entered a time and date in the General Setup screen.
Chapter 4 The Web Con figurator MES3500-24/24F U ser’s Guide 41 A - Click the menu items to open submenu links, an d then click on a submenu link to open the screen in the main window . B , C , D , E - These are quick links which allow you to perform certain tasks no matter which scree n you are currently working in.
Chapter 4 The Web Configurator MES3500-24/24F U ser’s Guide 42 The following table describes the links in the navigation panel. T able 4 Navigation Panel Links LINK DESCRIPTION Basic Settin gs System Info This link takes you to a screen that displa ys general system and hardw are monitoring information.
Chapter 4 The Web Con figurator MES3500-24/24F U ser’s Guide 43 AAA This link takes you to a screen wh ere you can configure authen tication, authorization and accounting services via external serv ers.
Chapter 4 The Web Configurator MES3500-24/24F U ser’s Guide 44 4.3.1 Change Y our Password After you log in for the first time, it is recommended y ou change the default adm inistrator password. Click Management > Access Control > Logins to display the next screen.
Chapter 4 The Web Con figurator MES3500-24/24F U ser’s Guide 45 4 Disable all ports. 5 Misconfigure the text configuration file. 6 F orge t the passw ord and/o r IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it.
Chapter 4 The Web Configurator MES3500-24/24F U ser’s Guide 46 6 After a configuration file upload, type atgo to restart the Switch. Figure 21 Resetting the Switch: Via the Console Port The Switch is now reinitialized with a default configur ation file includin g the default password of “1234” .
Chapter 4 The Web Con figurator MES3500-24/24F U ser’s Guide 47.
Chapter 4 The Web Configurator MES3500-24/24F U ser’s Guide 48.
MES3500-24/24F U ser’s Guide 49 C HAPTER 5 Initial Setup Example This chapter shows how to set up th e Switch for an example network. 5.1 Overview The following lists the configuration steps fo r the initial setup: • Create a VLAN • Set port VLAN ID • Configure the Switch IP management address 5.
Chapter 5 Initial Setup Example MES3500-24/24F U ser’s Guide 50 1 Click Advanced Application > VL AN in the navigation panel and click the Static VLAN link. 2 In the Static VLAN screen, select ACTIVE , enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network.
Chapter 5 Initial Se tup Example MES3500-24/24F U ser’s Guide 51 In the example netw ork, conf igure 2 as the port VID on port 1 so that an y untagged frames received on that port get sent to VLAN 2. Figure 24 Initial Setup Network Example: Port VID 1 Click Advanced Applications > VLAN in the navigation panel.
Chapter 5 Initial Setup Example MES3500-24/24F U ser’s Guide 52 1 Connect your computer to the S witch’ s port which is not in VLAN 2. 2 Open your web browse r and enter 192.168.1.1 (the default management IP ad dress) in the address bar to access the web configurator .
MES3500-24/24F U ser’s Guide 53 C HAPTER 6 Tutorials This chapter provides some examples of using th e web configur ator to set up and use the S witch.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 54 2 Go to Advanced Application > VLAN > Static VLAN , and create a VL AN with ID of 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control fie ld as show n. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 55 4 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure , activate and specify VLAN 100 as the DHCP VLAN as shown. C lick Apply . 5 Click the Port link at the top right corner .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 56 7 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure > VLAN , show VLAN 100 by entering 100 in the St art VID and End VID fiel ds an d click Ap ply . Then select Yes in the Enabl ed field of the VLAN 100 entry shown at the bottom section of the screen.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 57 6.2.1 DHCP Relay T u torial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) an d gateway information to DHCP client A based on the system name, VLAN ID and port number in the DHCP request.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 58 3 Click Advanced Application > VLAN > Static VLAN . 4 In the Static VLAN screen, select ACTIVE , enter a descriptive name (V ALN 102 for example) in the Name field and enter 1 02 in the VLAN Group ID field.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 59 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are fo rwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 60 5 Click Apply to save your changes back to the run-time memory . 6 Click the Save link in the upper right corner of the web configurator to save your conf iguration permanently . 7 The DHCP server can then assign a specif ic IP address based on the DHCP request.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 61 Switc h B is connected to switch A . In this way , PPPoE server S can identify subscriber C and may apply different settings to it. Note: For related information about PPPoE IA, see Section 31.3 on page 251 .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 62 2 Select Untrus ted for port 5 and enter userC as Circuit-id and 001 34900000A as Remote-id . Select Trusted for port 12 and then leave the other fiel ds em pty . Click Apply . Then Click Interm e diate Agent on the top of the screen.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 63 4 Enter 1 for both Start VID an d End VID since both the Switch and PPP oE server are in VLAN 1 in this example.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 64 1 Click Advanced Application > PPPoE > Intermediate Agent . Se lect Active then click Apply . Click Port on the top of the screen. 2 Select Trusted for ports 11 and 12 and then click Apply . Then Click Interm e diate Agent on the top of the screen.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 65 3 The Intermediate Agent screen appears. Click VLAN on the top of the screen. 4 Enter 1 for both Start VID an d End VID .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 66 The settings are completed now. If you miss some settings above, subscriber C could not successfully receive an IP address assigned by th e PPP oE Serv er . If this happe ns, make sure you follow the steps exactly in this tutorial.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 67 2 Click Advanced Application > Errdisable > CPU Protecti on , select ARP as the reason, enter 100 as the rate limit (packets per second) for the first entry (port *) to apply the setting to all ports.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 68 6.5 How to Set Up a Guest VLAN All ports on the Switch are in VLAN 1 by default. Say you enable IEEE 802.1x authentication on ports 1 to 8. Clients that connect to these ports should provide the correct user name and password in order to access the ports.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 69 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q . Click Apply to sa ve the settings to the run-time memory .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 70 7 Click Add to save the settings to the run-time memory . Settings in the run-time memory are lost when the Switch’ s power is turned off . 8 Click the VLAN Status link in the Static V LAN screen and then the VLAN Port Setting link in the VLAN Status screen.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 71 10 Click Apply to save your changes back to the run-time memory . 11 Click the Save link in the upper right corner of the web configurator to save your conf iguration permanently . 6.5.2 Enabling IEEE 802.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 72 2 Select the first Active checkbox to enable 802.1x au thentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 73 2 Select Active and enter the guest VLAN ID (200 in this example) on ports 1, 2 and 3. The Switch puts unauthenticated clients in the specified guest VLAN.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 74 do port isolation in a VLAN instead of assigning each port to a separate VLAN and creating a different IP routing domain for each indiv idu al port. In this example, you put ports 2 to 4 and 25 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2, 3 and 4.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 75 5 Select Fixed to configure ports 2, 3, 4 and 25 to be permanent members of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remov e VLAN tags before sending frames out of these ports.
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 76 9 Enter 123 in the PVID field for ports 2, 3, 4 and 25 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 77 2 In the Private VLAN screen, select Active . Enter a descriptive name (Priv ateVLAN123 for example) in the Name field and enter 123 in the VLAN ID field. Click Add . 3 Click the Save link in the upper right corner of the web configurator to save your conf iguration permanently .
Chapter 6 Tutorials MES3500-24/24F U ser’s Guide 78.
79 P ART II T echnical Reference.
80.
MES3500-24/24F U ser’s Guide 81 C HAPTER 7 System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
Chapter 7 System Status and Port Statistics MES3500-24/24F U ser’s Guide 82 The following table describes the labels in this screen. T able 7 Status LABEL DESCRIPTION Port This identif ies the Et hernet port. Click a port number to display the Port Details screen (refe r to Figure 27 on page 83 ).
Chapter 7 System Status and Port Statistics MES3500-24/24F U ser’s Guide 83 7.2.1 St atus: Port Det ails Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch.
Chapter 7 System Status and Port Statistics MES3500-24/24F U ser’s Guide 84 Status If STP (Spanning T ree Protoc ol) is enabled, th is field dis p lays the STP state of the port ( se e Sectio n 13.1 on pag e 122 for more information). If STP is disabled, this field displays FORWARDING if the link is up, otherwi se, it displays STOP .
Chapter 7 System Status and Port Statistics MES3500-24/24F U ser’s Guide 85 128-255 This field shows t he number of packets (inc ludin g bad packets) rece ived that were between 128 and 255 octets in length. 256-511 This field shows t he number of packets (inc ludin g bad packets) rece ived that were between 256 and 511 octets in length.
MES3500-24/24F U ser’s Guide 86 C HAPTER 8 Basic Setting This chapter describes how to configure the System Info, Ge neral Setup , Switch Setup , IP Setup and Port Setup screens. 8.1 Overview The System Info screen displays general S witch information (such as firmw are version number) and hardware polling information (such as temper atures).
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 87 The following table describes the labels in this screen. T able 9 Basic Setting > System Info LABEL DESCRIPTION System Name This field displa ys the descriptive name of the Swit ch for identification purposes.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 88 8.3 General Setup Use this screen to configure general settings such as the system name and time. Click Bas ic Setting > General Se tup in the navigation panel to display the screen as shown.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 89 8.4 Introduction to VLANs A VLAN (Virtual Local Area Network) allows a ph ysic al network to be partitioned into multiple logical networks. Devices on a logical network belong to on e gr ou p. A d ev i ce ca n be lo ng t o m or e t ha n on e group.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 90 VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast pack ets go to each and every individual port.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 91 Y ou should enable RSTP or MRSTP before you can use smart isolation on the S witch. If th e network topology changes, the Switch automatically updates the isolated port list with the latest designated port information.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 92 Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamica lly learned MAC addresses remain in the MAC address ta ble before they age out (and must be relearned). GARP Timer: Swit ches join VLANs by m aking a declaration.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 93 8.6 IP Setup Use the IP Setup screen to configure the Switch IP addres s, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 94 The following table describes the labels in this screen. T able 12 Basic Setting > IP Setup LABEL DESCRIPTION Domain Nam e Serve r DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 95 8.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to displa y the configuration screen. Figure 32 Basic Setting > Port Setup The following table describes the labels in this screen.
Chapter 8 Basic Setting MES3500-24/24F U ser’s Guide 96 Speed/Duplex Select the spee d and the duplex mode of the Ethernet c onnection on this port. Choices are Auto , 10M/Half Duplex , 10M /Full D uplex , 100M/Half Duplex , 100M/Full Duplex and 1000M/Full Duplex (Gigabit con nections only).
MES3500-24/24F U ser’s Guide 97 C HAPTER 9 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you h ow to conf igure 802.1Q tagged and port-based VLANs. 9.1 Introduction to IEEE 8 02.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 98 9.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automati cally register VLAN membership across switches.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 99 9.3 Port VLAN T runking Enable VLAN Trunking on a port to allow fr ames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without ha ving to configure the same VLAN grou ps on intermediary devices.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 100 9.5.1 VLAN S t atus See Section 9.1 on page 97 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 101 9.5.2 VLAN Det ails Use this screen to view detailed port setti ngs and status of the VLAN group. See Section 9.1 on page 97 for more information on static VLAN. Click on an index number in the VL AN Status screen to display VLAN details.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 102 9.5.3 Configure a St atic VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. See Section 9.1 on page 97 for more information on static VLAN. T o configure a static VLAN, click St atic VLAN in the VLAN Status screen to display the screen as shown next.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 103 9.5.4 Configure VLAN Port Settings Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 9.1 on page 97 for more information on static VLAN. Click the VLAN Port Se tting link in the VLAN Status screen.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 104 9.6 Subnet Based VLANs Subnet based VLANs allow you to group traffic into logical VLANs based on the source IP subnet you specify . When a fr ame is received on a port, the Sw itch checks if a tag is added already and the IP subnet it c ame from.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 105 services). All untagged incoming fr ames will be classified based on their source IP subnet and prioritized accordingly . That is, video services receive the highest priori ty and data the lowest. Figure 39 Subnet Based VLAN Application Example 9.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 106 Note: Subnet based VLAN applies to un-tagge d packet s and is applicable only when y ou use IEEE 802.1Q tagged VLAN. Figure 40 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes the labels in this screen.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 107 9.8 Protocol Based VLANs Protocol based VLANs allow you to grou p traffic into logical VLANs based on the protocol y ou specify . When an upstream frame is received on a port (configured for a protocol based VLAN), the Switch checks if a tag is added already and its protocol.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 108 9.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Se tting screen to display the configu ration screen as shown. Figure 42 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN The following table describes the labels in this screen.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 109 9.10 Create an IP -based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. F ollow these steps using the screen below: 1 Activate this protocol based VLAN. 2 T ype the port number you want to include in this protocol based VLAN.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 11 0 6 Leave the priority set to 0 an d click Add . Figure 43 Protocol Based VLAN Configuration Example T o add more ports to this protocol based VLAN. 1 Click the index number of the protocol based VLAN entry .
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 111 9.1 1.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the following screen. Select either All Connected or Port Isolated from the drop-down list depending on your VLAN and VLAN security requirements.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 11 2 The following screen shows users on a port -based, port-isolated VLAN configur ation. Figure 45 Advanced Application > VLAN: P ort Based VLAN Setu.
Chapter 9 VLAN MES3500-24/24F U ser’s Guide 11 3 The following table describes the labels in this screen. T able 21 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation . All connected me ans all ports can communi cate with each ot her , that is, th ere are no virtual LANs.
MES3500-24/24F U ser’s Guide 11 4 C HAPTER 10 Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 10.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your net wor k.
Chapter 10 Static MAC Forward Setup MES3500-24/24F U ser’s Guide 11 5 The following table describes the labels in this screen. T able 22 Advanced Application > Static MAC F orwarding LABEL DESCRIPTION Active Select this ch eck box to activ ate your ru le.
MES3500-24/24F U ser’s Guide 11 6 C HAPTER 11 Static Multicast Forward Setup Use these screens to configure static multicast address forwarding. 1 1.1 S t atic Multicast Forwarding Overview A multicast MAC address is the MAC address of a member of a multicast group.
Chapter 11 Static Multicast Forward Setup MES3500-24/24F U ser’s Guide 11 7 within a VLAN group. Figure 48 shows frames being fo rwarded to devices connected to port 3.
Chapter 11 Static Multicast Forward Setup MES3500-24/24F U ser’s Guide 11 8 Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown. Figure 50 Advanced Application > Static Multicast F orwarding The following table describes the labels in this screen.
Chapter 11 Static Multicast Forward Setup MES3500-24/24F U ser’s Guide 11 9 Port This field displays the port(s) within a identi fied VLAN group to which frames containi ng the specified mult icast MAC a ddress will be forwarded. Delete Click Delete to remove the selected entry from the summary table.
MES3500-24/24F U ser’s Guide 120 C HAPTER 12 Filtering This chapter discusses MAC address port filtering. 12.1 Configure a Filtering Rule Configure the Switch to filter tr affic based on the tr affic’ s source, destination MAC addresses and/or VLAN group (ID).
Chapter 12 Filtering MES3500-24/24F U ser’s Guide 121 MAC T ype a MAC address in a valid MAC address fo rmat, that is, six hexa decimal character pairs. VID T ype the VLAN group ide ntification numbe r . Add Click Ad d to save your changes to the Switch’ s run-ti me memory .
MES3500-24/24F U ser’s Guide 122 C HAPTER 13 Spanning Tree Protocol The Switch supports Spanning T ree Protocol (S TP), R apid Spanning T ree Protocol (RSTP) and Multiple Spanning T ree Protocol (MSTP) as defined in the following standards. • IEEE 802.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 123 On each bridge, the bridge communicates with the r oot through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost).
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 124 13.1.4 Multiple RSTP MRSTP (Multiple RSTP) is Z yXEL ’s proprietary featur e that is compatible with RSTP and STP . With MRSTP , you can have more than one spanning tree on y our S w itch and assign port(s) to each tree.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 125 13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches.
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 126 Devices that belong to the same MST region are configu red to have the same MSTP configur ation identification settings.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 127 13.2 S p anning T ree Protocol S t atus Screen The Spanning T ree Protocol status screen change s depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown.
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 128 The following table describes the labels in this screen. 13.4 Configure Rapid S p anning T ree Protocol Use this screen to configure RSTP settings, see Section 13.1 on page 122 for more information on RSTP .
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 129 The following table describes the labels in this screen. T able 28 Advanced Application > Spanning T ree Protocol > RSTP LABEL DESCRIPTION Status Cl ick Statu s to display the RSTP Status screen (s ee Figure 60 on page 130 ).
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 130 13.5 Rapid S p anning T ree Protocol S t atus Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 131 13.6 Configure Multiple Ra pid S p anning T ree Protocol T o configure MRSTP , click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1 on page 122 for more information on MRSTP .
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 132 Active Select this check box to activate an STP tree. Clea r t his checkbox to disable an STP tree. Note: Y ou must also activate Multiple Rapid Sp anning T ree in the Advanced Applicatio n > Sp anning T ree Protocol > C onfiguratio n screen to enable MRSTP on the Switch.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 133 13.7 Multiple Rapid S p anning T r ee Protocol S t atus Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 134 Cost to Bridge This is the path cost from the root port on this Switch to the root switch. Port ID Th is is the priori ty and number o f the p o rt on the Switch through which this Switch must communicate with the root of th e Span ning T ree.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 135 13.8 Configure Multiple S p anning T ree Protocol T o configure MSTP , click MSTP in the Advanced Application > Span ning Tree Pr otocol screen. See Section 13.1.5 on page 124 for more information on MSTP .
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 136 The following table describes the labels in this screen. T able 32 Advanced Application > Spanning T ree Protocol > MSTP LABEL DESCRIPTION Port Cl ic k Port to display the MSTP Port Configuration sc reen (see Figure 64 on page 138 ).
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 137 VLAN Range Enter the start of the VLAN ID range th at you want to add or remove from the VLAN r ange edit area i n the Start field. Enter the end of the VLAN ID r ange that y ou want to a dd or remove from the VLAN r ange edit area in the End field.
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 138 13.8.1 Multiple S p anning T ree Protocol Port Configuration T o configure MSTP ports, click Po rt in the Advanced Appl ication > Spanning Tree Protocol > MSTP screen.
Chapter 13 Spanning T ree Protocol MES3500-24/24F U ser’s Guide 139 13.9 Multiple S p anning T ree Protocol S t atus Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.
Chapter 13 Spanning Tree Pr otocol MES3500-24/24F U ser’s Guide 140 Port ID This is the priority and number o f the port on the S witch through whi ch t hi s S w it ch mu s t communicate with the root of th e Span ning T ree. Configur atio n Name This field displays the configuration name for this MST re gion.
MES3500-24/24F U ser’s Guide 141 C HAPTER 14 Bandwidth Control This chapter shows you how y ou can cap the maximum bandwidth using th e Ban dwidth Control screen. 14.1 Bandwid th Control Overview Bandwidth c o ntrol mea n s defining a m a ximum allowable ba ndwidth fo r incoming an d/ o r out-going traffic flows on a port.
Chapter 14 Bandwidth Control MES3500-24/24F U ser’s Guide 142 14.2 Bandwid th Control Setup Click Ad vanced Applic ation > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 66 Advanced Application > Bandwidth Control The following table describes the related labels in this screen.
Chapter 14 Bandwidth Control MES3500-24/24F U ser’s Guide 143 Apply Click Apply to save your changes to the Switch’s run-time memory . The Switch lo ses these changes if it is turned off or loses power , so use the Save link on the top navigation panel to save y our change s to the non- volat ile memory when y ou are done c onfiguring.
MES3500-24/24F U ser’s Guide 144 C HAPTER 15 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature.
Chapter 15 Broadcast Storm Control MES3500-24/24F U ser’s Guide 145 * Settings in this row apply to all ports. Use this row only if you w ant to make some settings th e same for all ports. Use this row first to set the c ommon settin gs an d then ma ke adjustments on a port-b y-port basis.
MES3500-24/24F U ser’s Guide 146 C HAPTER 16 Mirroring This chapter discusses port mirroring setup screens. 16.1 Port Mirroring Setup Po rt mirroring allows you to copy a tr affic flow to a monitor port (the port y ou copy the tr affic to) in order that you can examine the tr affic from the monitor port without interference.
Chapter 16 Mirroring MES3500-24/24F U ser’s Guide 147 * Settings in this row apply to all ports. Use this row only if you wa nt to make some sett ings th e same for all ports. Use this row first to set the common se ttings and then ma ke adjustments on a port-by-port basis.
MES3500-24/24F U ser’s Guide 148 C HAPTER 17 Link Aggregation This chapter shows you how to logically aggregate ph ysical links to form one logical, higher- bandwidth link. 17.1 Link Aggregation Overview Link aggregation (trunking) is the groupin g of ph ysical ports into one logical higher-capacit y link.
Chapter 17 Link Aggrega tion MES3500-24/24F U ser’s Guide 149 Configure trunk groups or LACP before y ou connect the Ethernet switch to av oid causing network topology loops. 17.2.1 Link Aggregation ID LACP aggregation ID consists of the following information 1 : 17.
Chapter 17 Link Aggregation MES3500-24/24F U ser’s Guide 150 Aggregator ID Link Aggregator ID cons ists o f the following: sy stem priori ty , MAC address, key , port priority and port number . R efer to Section 17.2.1 on page 149 for more information on thi s field.
Chapter 17 Link Aggrega tion MES3500-24/24F U ser’s Guide 151 17.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 17.1 on page 148 for more information on link aggregation.
Chapter 17 Link Aggregation MES3500-24/24F U ser’s Guide 152 Criteria Select the outgo ing traffic distribution ty pe. Packets from the s ame source an d/or to the sa me destination are sent over th e same link within th e trunk. By default, th e Switch uses t he src- dst-mac distribution type.
Chapter 17 Link Aggrega tion MES3500-24/24F U ser’s Guide 153 17.5 Link Aggregation Control Protocol Click in the Advanced Applic ation > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 17.2 on page 148 for more information on dynamic link aggregation.
Chapter 17 Link Aggregation MES3500-24/24F U ser’s Guide 154 17.6 S t atic T runking Example This example shows you how to create a static port trunk group for ports 2-5. 1 Make your physical connections - make sure that the ports that y ou want to belong to the trunk group are connected to the same destination.
Chapter 17 Link Aggrega tion MES3500-24/24F U ser’s Guide 155 2 Configure static trunking - Click Advanced Application > Link A ggregation > Link Aggregation Setting .
MES3500-24/24F U ser’s Guide 156 C HAPTER 18 Port Authentication This chapter describes the IEEE 802. 1x and MAC authentication methods. 18.1 Port Authentication Overview Port authentication is a way to v alidate access to po rts on the Switch to clients based on an external server (authentication server).
Chapter 18 Port Authenticati on MES3500-24/24F U ser’s Guide 157 provides the login credentials, the Switch sends an authentication request to a RADIUS server . The RADIUS server v alidates whether this client is allowed access to the port. Figure 74 IEEE 802.
Chapter 18 Port Authen tication MES3500-24/24F U ser’s Guide 158 on the source MAC address of the client connectin g to a po rt on the Switch along with a password configured specifically for MAC auth entication on the S witch. Figure 75 MAC Authentication Process 18.
Chapter 18 Port Authenticati on MES3500-24/24F U ser’s Guide 159 18.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x securit y . In the Po rt Authenti cation screen click 802.1x to display the configur ation screen as shown.
Chapter 18 Port Authen tication MES3500-24/24F U ser’s Guide 160 18.2.2 Guest VLAN When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the correct credentials are blocked from using the port(s). Y ou can configure your Switch to have on e VLAN that acts as a guest VLAN.
Chapter 18 Port Authenticati on MES3500-24/24F U ser’s Guide 161 Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 79 Advanced Application > P ort Authentication > 802.
Chapter 18 Port Authen tication MES3500-24/24F U ser’s Guide 162 18.2.3 Activate MAC Authentication Use this screen to activate MAC authentication. In th e Port Authentication screen click MAC Authentication to display the configur ation screen as shown.
Chapter 18 Port Authenticati on MES3500-24/24F U ser’s Guide 163 The following table describes the labels in this screen. T able 45 Advanced Application > Port Auth entication > MAC Authentication LABEL DESCRIPTION Active Se lect this check bo x to permit MAC au thentication on the Switch.
MES3500-24/24F U ser’s Guide 164 C HAPTER 19 Port Security This chapter shows you how to set up port security . 19.1 About Port Security Po rt security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the S witch.
Chapter 19 Port Security MES3500-24/24F U ser’s Guide 165 The following table describes the labels in this screen. T able 46 Advanced Application > P ort Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which y ou want to enable port security and disable MAC addr ess learning.
MES3500-24/24F U ser’s Guide 166 C HAPTER 20 Classifier This chapter introduces and shows you how to co nfigure the packet classifier on the Sw itch.
Chapter 20 Classifier MES3500-24/24F U ser’s Guide 167 Click Advanced Application > Classifier in the navigation panel to display the configur ation screen as shown. Figure 82 Advanced Application > Classifier The following table describes the labels in this screen.
Chapter 20 Classifier MES3500-24/24F U ser’s Guide 168 20.3 V iewing and Editing Classifier Configuration T o view a summary of the classifier configuration, scroll down to the summary table at the botto m of the Classifier screen. T o change the settings of a rule, click a number in the Index field.
Chapter 20 Classifier MES3500-24/24F U ser’s Guide 169 Note: When two rules conflict with each other , a higher layer rule has priority over a lower layer rule. Figure 83 Advanced Application > Classifier: Summary T able The following table describes the labels in this screen.
Chapter 20 Classifier MES3500-24/24F U ser’s Guide 170 20.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2.
MES3500-24/24F U ser’s Guide 171 C HAPTER 21 Policy Rule This chapter shows you how to configure policy rules. 21.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the con figured criteria (refer to Chapter 20 on page 166 for more information).
Chapter 21 Policy Rule MES3500-24/24F U ser’s Guide 172 Click Advanced Applications > Policy Rule in the navigation panel to displa y the screen as shown. Figure 85 Advanced Application > P olicy Rule The following table describes the labels in this screen.
Chapter 21 Policy Rule MES3500-24/24F U ser’s Guide 173 Gener al Egress Port T ype the numbe r of an outgoing port. Priority Specify a priority lev el. DSCP Specify a DSCP (DiffServ Code Point) number between 0 and 63. TOS Specify the type of service (TOS) priority level.
Chapter 21 Policy Rule MES3500-24/24F U ser’s Guide 174 21.3 V iewing and Editing Policy Configuration T o view a summary of the classifier configuration, scroll down to the summary table at the botto m of the Policy screen. T o change the settings of a rule, click a number in the Index field.
Chapter 21 Policy Rule MES3500-24/24F U ser’s Guide 175 21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.
MES3500-24/24F U ser’s Guide 176 C HAPTER 22 Queuing Method This chapter introduces the queuing methods supported. 22.1 Queuing Method Overview Queuing is used to help solve performance degr ad ation when there is network conge stion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic.
Chapter 22 Queuing Meth od MES3500-24/24F U ser’s Guide 177 22.1.3 We ighted Round Robin Scheduling (WRR) Round R ob in Scheduling services queues on a rotating basis and is activated only when a port has more traffi c than it can handle. A queue is a given an am ount of bandwidth irrespective of the incoming traffic on that port.
Chapter 22 Queuing Method MES3500-24/24F U ser’s Guide 178 The following table describes the labels in this screen. T able 53 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. * Settings in this row apply to all ports.
MES3500-24/24F U ser’s Guide 179 C HAPTER 23 VLAN Stacking This chapter shows you how to con figu re VLAN stac king on your Switch. See the chapter on VLANs for more background information on Virtual LAN 23.
Chapter 23 VLAN Stacking MES3500-24/24F U ser’s Guide 180 adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data fr ames leave the network. Figure 89 VLAN Stacking Exampl e 23.
Chapter 23 VLAN Stacking MES3500-24/24F U ser’s Guide 181 23.3 VLAN T ag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Type is a standard Ethernet type code identifying the fr ame and indicates that whether the fr ame carries IEEE 802.
Chapter 23 VLAN Stacking MES3500-24/24F U ser’s Guide 182 23.4 Configuring VLAN S t acking Click Advanced Applications > VLAN Stacking to display the screen as shown. Figure 90 Advanced Application > VLAN Stacking The following table describes the labels in this screen.
Chapter 23 VLAN Stacking MES3500-24/24F U ser’s Guide 183 23.4.1 Port-based Q-in-Q Po rt-based Q-in-Q lets the Switch treat all fr ames received on the same port as the same VLAN flows and add the same outer VLAN tag to them, ev en they have different customer VLAN IDs.
Chapter 23 VLAN Stacking MES3500-24/24F U ser’s Guide 184 23.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Sw itch to add different outer VLAN tags to the incoming fr ames received on one port according to their inner VLAN tags.
Chapter 23 VLAN Stacking MES3500-24/24F U ser’s Guide 185 Active This sh ows whether this rule is acti vated or not. Name This is the descript ive name for this rule. Port This is the port number to which this rule is applied. CVID This is the customer VLAN ID in the inco ming packets.
MES3500-24/24F U ser’s Guide 186 C HAPTER 24 Multicast This chapter shows you how to configure v arious multicast features. 24.1 Multicast Overview T raditionally , IP packets are transmitted in one of either two wa ys - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to ev erybody on the networ k).
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 187 24.1.4 IGMP Snooping and VLANs The Switch can perform IGMP snooping on up to 16 VLANs. Y ou can configure the Switch to automatically learn multicast group membership of any VLANs. The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 188 24.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 189 Unknown Multicast Fr ame Specify the action to perform when the Swit ch receives an unknown multicast frame. Select Drop to discard the frame(s). Select Floo ding to send the frame(s) to all ports.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 190 Throttling IGMP throttling controls how the Swit ch deals with the IGMP reports wh en the maximum number of the IGMP gro ups a port can join is reached. Select Deny to drop any new IGMP join repor t rece ived on this port until an existing multicast forwarding table entry is aged out.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 191 24.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 192 24.5 IGMP Filtering Profile An IGMP filtering profile specifie s a range of multicast groups that clients connected to the S witch are able to join. A profile contains a r ange of mu lticast IP addresses which you want clients to be able to join.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 193 The following table describes the labels in this screen. 24.6 MVR Overview Multicast VLAN Registr ation (MVR) is designed for applications (such as Media-on-Demand (MoD)) that use multicast traffic across an Ethern et ring-based service prov ider network.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 194 The following figure shows a network example. The subscriber VLAN ( 1 , 2 and 3 ) information is hidden from the streaming media server , S . In addition, the multicast VLAN information is only visible to the Switch and S .
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 195 port in the same subscriber VLAN , the receiving port will still be on the list of forwarding destination for the multicast tr affic. Otherwise, the Switch removes the receiver port from the forw arding table.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 196 Note: Y our Switch automatically creates a st atic VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 99 Advanced Application > Multic ast > Multicast Setting > MVR The following table describes the related labels in this screen.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 197 24.8 MVR Group Configuration All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Configure MVR IP multicast group address(es) in the Group Configuration screen.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 198 Note: A port can belong to more than one multicast VLAN. However , IP multicast group addresses in different mult icas t VLANs cannot overlap .
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 199 News and Movie channels) from the remote streaming media server , S . Computers A, B and C in VLAN 1 are able to receive the traffic.
Chapter 24 Multicast MES3500-24/24F U ser’s Guide 200 T o set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an exam ple where two multicast groups ( News and Movie ) are configured for the multicast VLAN 200.
MES3500-24/24F U ser’s Guide 201 C HAPTER 25 AAA This chapter describes how to configure authenti cation, authorization and accounting settings on the Switch. 25.1 Authentication, Author ization and Accounting (AAA) Authentication is the process of determining who a user is and v alidating access to the Sw itch.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 202 25.1.2 RADIUS and T ACACS+ RADIUS and T ACACS+ are security protocols used to authenticate users by means of an extern al server instead of (or in addition to) an internal de vice user database th at is limited to the memory capacity of the device.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 203 authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 107 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 204 Shared Secret Specify a password (up to 32 alphanumer ic characters) as the key to be shared betwe en the e x t e r n a l R A D I U S s e r v e r a n d t h e S w i t c h . T h i s k e y i s n o t s e n t o v e r t h e n e t w o r k .
Chapter 25 AAA MES3500-24/24F U ser’s Guide 205 25.2.2 T ACACS+ Server Setup Use this screen to configure your T ACACS+ server settings. See Section 25.1.2 on page 202 for more information on T ACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounti ng screen to view the scre en as shown.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 206 TCP P ort The default port of a T ACACS+ server for authentication is 49 . Y ou need not change this value unless your network administ rator instructs y ou to do so.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 207 25.2.3 AAA Setup Use this screen to configure authentication, authorization an d accounting settings on the Switch.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 208 Login These fields specif y which database the S witch should use (fi rst, second and third) to authenticat e administrator accounts (users for Switch management). Configure t he local us er account s in the Access Control > Logins screen.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 209 25.2.4 V endor S pecific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device (for exampl e, th e Switch). A company can create V endor Specific Attributes (VSAs) to expand the functionality of a RADIUS server .
Chapter 25 AAA MES3500-24/24F U ser’s Guide 210 The following table describes the VS As supported on the Switch. Note that these attributes only work when you enable authorization (see Section 25.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 21 1 Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authenti cation and accounting functions on the Sw itch.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 212 25.3.2.1 Attributes Used fo r Accounting System Event s NAS-IP- Address NAS-Identifier Acct-S tatus- T ype Acct-S ession-ID - The format of Acct- Session-Id is date+time+8-di git sequenti al number , for example, 200704191721030000 0001.
Chapter 25 AAA MES3500-24/24F U ser’s Guide 213 25.3.2.3 Attributes Used for A ccounting IEEE 802.1x Event s The attributes are listed in the following table al ong with the time of the session they.
MES3500-24/24F U ser’s Guide 214 C HAPTER 26 IP Source Guard Use IP source guard to filter unauthoriz ed DHCP and ARP packets in y our network. 26.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in y our network.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 215 T rusted ports are connec ted to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the r ate at which DHCP packets arrive is too high. The S witch learns dynamic bindings from trusted ports.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 216 26.1.1.3 DHCP Rela y Option 82 Information The Switch can add information to DHCP requests th at it does not discard. This provides the DHCP server more information about the source of the requests.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 217 • It pretends to be computer A and responds to computer B . • It pretends to be computer B and sends a message to computer A . As a result, all the communication between computer A and com puter B passes through computer X .
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 218 26.2 IP Source Guard Us e t h is sc re e n t o l o ok at t he cu rr e nt bi n di ng s f o r D H CP sn oo p in g a n d A RP in s pe ct io n . B i nd in g s a re used by DHCP snooping and ARP inspection to distinguish between authorized and unauthoriz ed packets in the network.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 219 ID as an existing static binding, the new static binding replaces the original one. T o open this screen, click Advanced Application > IP Source Guard > Static Bindi ng . Figure 1 13 IP Source Guard Static Binding The following table describes the labels in this screen.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 220 26.4 DHCP Snooping Use this screen to look at various statistics abou t the DHCP snooping database. T o open this screen, click Advanced Application > IP So urce Guard > DHCP Snooping .
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 221 Write delay timer This field disp lays how long (in sec o nds) the Switch tries t o complete a specifi c update in the DHCP snooping da tabase before it gives up.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 222 26.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Sw itch (not on specific VLAN), specify the V LAN where the defau lt DH CP server is loca ted , and configure the DHCP snooping database.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 223 still av ailable after a restart. T o open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure . Figure 1 15 DH CP Snooping Conf igure The following table describes the labels in this screen.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 224 26.5.1 DHCP Snooping Port Configure Use this screen to specify whether ports are tr usted or untrusted ports for DHCP snooping. Note: The Swit ch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 225 The following table describes the labels in this screen. 26.5.2 DHCP Snooping VLAN Configure Use this screen to enable DHCP snooping on ea.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 226 26.6 ARP Inspection S t atus Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unautho rized ARP packet.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 227 26.6.1 ARP Inspection VLAN S t atus Use this screen to look at various statistics about ARP packets in each VLAN. T o open this screen, click Advanced Applicati on > IP Source Gu ard > ARP In s p ect ion > VLAN Status .
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 228 26.6.2 ARP Inspection Log St atus Use this screen to look at log messages that were gener ated by ARP packets and that ha ve not been sent to the syslog server yet. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status .
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 229 26.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Sw itch. Y ou can also configure the length of time the Switch stores records of discarded ARP pack ets and global settings for the ARP inspection log.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 230 The following table describes the labels in this screen. 26.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 231 open this screen, click Advanced Application > IP Sour ce Guard > ARP Inspection > Configure > Port . Figure 122 ARP Inspection Port Con figure The following table describes the labels in this screen.
Chapter 26 IP Source Guard MES3500-24/24F U ser’s Guide 232 26.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN.
MES3500-24/24F U ser’s Guide 233 C HAPTER 27 Loop Guard This chapter shows you how to configure the Switch to guard against loops on th e edge of your network. 27.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
Chapter 27 Loop Guard MES3500-24/24F U ser’s Guide 234 The following figure shows port N on switch A connected to switch B . Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B , they are sent back to port N on A as they are rebroadcast from B .
Chapter 27 Loop Guard MES3500-24/24F U ser’s Guide 235 Note: After resolving the loop problem on yo ur network y ou can re-activ ate the disabled port via the web configur ator (see S ection 8.7 on page 95 ) or via commands (see the Ethernet Switch CLI R eference Guide).
Chapter 27 Loop Guard MES3500-24/24F U ser’s Guide 236 Apply Click Apply to sa ve your ch anges to the S witch’ s run-time memory . The Sw itch loses the se changes if it is turned off or loses power , so use th e Save link on the top navigation panel to save your changes to the non-v olatile memor y when you ar e done configur ing.
MES3500-24/24F U ser’s Guide 237 C HAPTER 28 VLAN Mapping This chapter shows you how to configure VLAN mapping on the S witch. 28.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network.
Chapter 28 VLAN Mapping MES3500-24/24F U ser’s Guide 238 28.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the na vigation panel to display the screen as shown. Figure 130 VLAN Mapping The following table describes the labels in this screen.
Chapter 28 VLAN Mapping MES3500-24/24F U ser’s Guide 239 28.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to displa y the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). Figure 131 VLAN Mapping Configuration The following table describes the labels in this screen.
Chapter 28 VLAN Mapping MES3500-24/24F U ser’s Guide 240.
MES3500-24/24F U ser’s Guide 241 C HAPTER 29 Layer 2 Protocol Tunneling This chapter shows you how to configure la yer-2 protocol tunneling on the Switch. 29.1 Layer 2 Protocol T unneling Overview Layer-2 pr otocol tunneling (L2PT) is used on the se rvice prov ider's edge devices.
Chapter 29 Layer 2 Protocol Tunnel ing MES3500-24/24F U ser’s Guide 242 T o emulate a point-to-point topology between two custome r switches at different sites, such as A and B , you can enable protocol tunneling on edge switches 1 and 2 for P AgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection).
Chapter 29 Layer 2 Protocol Tunneling MES3500-24/24F U ser’s Guide 243 29.2 Configuring Layer 2 Prot ocol T unneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown.
Chapter 29 Layer 2 Protocol Tunnel ing MES3500-24/24F U ser’s Guide 244 STP Select this o ption to have the Swit ch tunnel STP (Spann ing T ree Protocol ) packets so that STP can run properly across the service provider ’s network and spanning trees can be set up based on bridge information from all (local and remote) networks.
MES3500-24/24F U ser’s Guide 245 C HAPTER 30 sFlow This chapter shows you how to configure sFlow to ha ve the Switch monitor tr affic in a network and send information to an sFlow collector for analysis. 30.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched n etworks.
Chapter 30 sFlow MES3500-24/24F U ser’s Guide 246 30.2 sFlow Port Configuration Click Advanced Application > sFlow in the navigation panel to display the screen as shown. Figure 136 Advanced Application > sFlow The following table describes the labels in this screen.
Chapter 30 sFlow MES3500-24/24F U ser’s Guide 247 30.2.1 sFlow Collector Configuration Click the Collector link in the sFlow screen to display the screen as shown.
Chapter 30 sFlow MES3500-24/24F U ser’s Guide 248 Clear Clic k Clear to clear the fields to the factory defaults. Index This field displays the index number of this entry . Collecto r Address This field displa ys IP address of the s Flow collector .
MES3500-24/24F U ser’s Guide 249 C HAPTER 31 PPPoE This chapter describes how the Switch give s a PPP oE termination server additional information that the server can use to identify and authenticate a PPP oE client.
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 250 The 1 in the first field identifies this as an Agent Circu it ID sub-option and 2 identifies this as an Agent Remote ID sub-option.
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 251 T rusted ports are connec ted to PPPoE serv ers. • If a P ADO (PPP oE Active Discov ery Offer), P ADS (PPPoE Active Disco very Session-confirmatio.
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 252 Click Advanced Application > PPPoE > Intermediate Ag ent in the navigation panel to displa y the screen as shown. Figure 139 Advanced Application > PPP oE > Intermediate Agent The following table describes the labels in this screen.
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 253 31.3.1 PPPoE IA Per-Port Use this screen to specify whether individual ports are trusted or untrusted ports and have the Switch add extr a information to PPP oE discovery pack ets from PPPoE clients on a per-port basis.
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 254 31.3.2 PPPoE IA Per-Port Per-VLAN Use this screen to configure PPP oE IA settings that apply to a specific VLAN on a port. Server T rusted State Select whether this port is a trusted port ( Trusted ) or an untrusted port ( Untrusted ).
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 255 Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. Figure 141 Advanced Application > PPPoE > Intermediate Agent > P ort > VLAN The following table describes the labels in this screen.
Chapter 31 PPPoE MES3500-24/24F U ser’s Guide 256 31.3.3 PPPoE IA for VLAN Use this screen to set whether the PPPoE Intermedia te Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or R emote ID to PPP oE discovery packets from a specific VLAN.
MES3500-24/24F U ser’s Guide 257 C HAPTER 32 Error Disable This chapter shows you how to configure the r ate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error .
Chapter 32 Error Disable MES3500-24/24F U ser’s Guide 258 32.3 The Error Disable Screen Use this screen to configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Figure 143 Advanced Application > Errdisable 32.
Chapter 32 Error Disable MES3500-24/24F U ser’s Guide 259 The following table describes the labels in this screen. 32.5 Error-Disable Detect Configuration Use screen to have the Switch detect whether the control packets exceed the rate limit configured for a port and configure the action to ta ke once the limit is exceeded.
Chapter 32 Error Disable MES3500-24/24F U ser’s Guide 260 32.6 Error-Disable R ecovery Configuration Use this screen to to configure the S witch to automatically undo an action after the error is gone. Click the Click Here link next to Errdisable Recovery in the Advanced Application > Errdisable screen to display the screen as shown.
Chapter 32 Error Disable MES3500-24/24F U ser’s Guide 261 Timer Status Select thi s option to allow t he Switch to wait for th e specified ti me interv al to act ivate a port or allow specific packets on a port , after the error was gone. Deselect this option to turn off this rule.
MES3500-24/24F U ser’s Guide 262 C HAPTER 33 Private VLAN This chapter shows you how to configure the Swit ch to prevent communications between ports in a VLAN. 33.1 Private VLAN Overview Private VLAN allows you to do port isolation within a VLAN in a simple wa y .
Chapter 33 Private VLAN MES3500-24/24F U ser’s Guide 263 33.2 Configuring Private VLAN Click Advanced Application > Private VLAN in the navigation panel to display the screen as shown. Figure 148 Advanced Application > Private VLAN The following table describes the labels in this screen.
Chapter 33 Private VLAN MES3500-24/24F U ser’s Guide 264.
MES3500-24/24F U ser’s Guide 265 C HAPTER 34 Static Route This chapter shows you how to configure static routes. 34.1 S t atic Routing Overview The Switch uses IP for communication with management computers, for example using HT TP , T elnet, SSH, or SNMP .
Chapter 34 Static Route MES3500-24/24F U ser’s Guide 266 34.2 Configuring S t atic Routing Click IP Applicati on > Static Routing in the navigation panel to display the screen as shown. Figure 150 IP Application > Static Routing The following table describes the related labels you use to create a static route.
Chapter 34 Static Route MES3500-24/24F U ser’s Guide 267 Name This field displays the de scriptive name for this route. This is for i dentification purposes only . Destinat ion Address This field displays the IP network address of the final destination.
MES3500-24/24F U ser’s Guide 268 C HAPTER 35 Differentiated Services This chapter shows you how to configure Differ entiated Services (DiffS erv) on the Switch. 35.1 DiffServ Overview Quality of Service (QoS) is used to prioritize sour ce-to-destination traffic flows.
Chapter 35 Differenti ated Services MES3500-24/24F U ser’s Guide 269 various tr affic policies to the tr affic flows. An example tr affic policy , is to give higher drop precedence to one traffic flow over others.
Chapter 35 Differentiated Services MES3500-24/24F U ser’s Guide 270 35.2.1 TRTCM-Color-blind Mode All packets are evaluated against the PIR. If a packet ex ceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow .
Chapter 35 Differenti ated Services MES3500-24/24F U ser’s Guide 271 Click IP Applicati on > DiffServ in the navigation panel to display the screen as shown. Figure 155 IP Application > DiffServ The following table describes the labels in this screen.
Chapter 35 Differentiated Services MES3500-24/24F U ser’s Guide 272 Note: Y ou cannot en able both TR TCM and Bandwidth Control at the same time. Figure 156 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen.
Chapter 35 Differenti ated Services MES3500-24/24F U ser’s Guide 273 35.3.2 Configuring DSCP Profiles Use this screen to configur e DSCP profiles. Click the DS CP Profile link in the 2-Rate 3 Color Marker screen to display the screen as shown next.
Chapter 35 Differentiated Services MES3500-24/24F U ser’s Guide 274 35.4 DSCP-to-IEEE 802.1p Priority Settings Y ou can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE 802.
Chapter 35 Differenti ated Services MES3500-24/24F U ser’s Guide 275 The following table describes the labels in this screen. Ta b l e 111 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP clas sification identif ication number .
MES3500-24/24F U ser’s Guide 276 C HAPTER 36 DHCP This chapter shows you how to configure the DHCP feature. 36.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain T CP/IP configuration at start -up from a server .
Chapter 36 DHCP MES3500-24/24F U ser’s Guide 277 The following table describes the labels in this screen. 36.3 DHCP Relay Configure DHCP relay on th e Switch if the DHCP clients and the DHCP server are not in the same broadcast domain.
Chapter 36 DHCP MES3500-24/24F U ser’s Guide 278 36.3.2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to displa y the screen as shown.
Chapter 36 DHCP MES3500-24/24F U ser’s Guide 279 36.3.3 Global DHCP Re lay Configuration Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that service s the DHCP clients in both domains.
Chapter 36 DHCP MES3500-24/24F U ser’s Guide 280 36.4 Configuring DH CP VLAN Settings Use this screen to configure your DHCP settings ba sed on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.
Chapter 36 DHCP MES3500-24/24F U ser’s Guide 281 36.4.1 Example: DHCP Relay for T wo VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network. T wo DHCP servers are installed to serve each VLAN. The system is set up to forw ard DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.
Chapter 36 DHCP MES3500-24/24F U ser’s Guide 282.
MES3500-24/24F U ser’s Guide 283 C HAPTER 37 Maintenance This chapter explains how to configure the screens that let y ou maintain the firmware and configuration files. 37.1 The Maintenance Screen Use this screen to manage firmw are and your configur ation files.
Chapter 37 Maintenance MES3500-24/24F U ser’s Guide 284 37.2 Load Factory Default Follow th e steps below to reset the Switch back to the factory defaults. 1 In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch configur ation information you configured and return to the factory defaults.
Chapter 37 Maintenance MES3500-24/24F U ser’s Guide 285 1 In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one. The following screen displa ys. Figure 168 Reboot S ystem: Confirmation 2 Click OK again and then wait for the Switch to restart.
Chapter 37 Maintenance MES3500-24/24F U ser’s Guide 286 37.6 Restore a Configuration File R estore a previously saved configur ation from your computer to the Switch using the Restore Configuration screen.
Chapter 37 Maintenance MES3500-24/24F U ser’s Guide 287 37.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands.
Chapter 37 Maintenance MES3500-24/24F U ser’s Guide 288 Be sure to upload the correct mode l firmware as uploading the wrong model firmware may damage your device. 37.8.2 FTP Command Line Procedure 1 Launch the FTP client on your computer . 2 Enter open , followed by a space and the IP address of your Switch.
Chapter 37 Maintenance MES3500-24/24F U ser’s Guide 289 • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately .
MES3500-24/24F U ser’s Guide 290 C HAPTER 38 Access Control This chapter describes how to control access to the Switch. 38.1 Access Control Overview A console port and FTP are allowed one session ea.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 291 SNMP version 3. The next figure illustr ates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 173 SNMP Management Model An SNMP managed network consists of two main components: agents an d a manager .
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 292 38.3.2 Supported MIBs MIBs let administrators collect statistics and monitor status and performance.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 293 reset Uncon trolledResetEventO n 1.3.6.1.4.1. 890.1.5.8.68.27.2. 1 1.3.6.1.4.1. 890.1.5.8.57.27.2. 1 This trap is sent when the S witch automatica lly resets. ControlledR esetEventOn 1.3.6. 1.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 294 lldp LLDPRemote T opologyChange 1.0.88 02.1.1.2.0.0.1 T his tr ap is sent when the LLDP (Link La yer Discovery Prot ocol) remote topology changes. tran sceiv er -ddmi transce iverddmiEventOn 1.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 295 T able 124 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION stp STPN ewRoot 1.3.6.1.2.1 .1 7.0.1 This trap is sent when the STP root s witch changes. MRSTPNewR oot 1.3.6.1.4.1. 890.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 296 38.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. Figure 174 Management > Access Control > SNMP The following table describes the labels in this screen.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 297 38.3.5 Configuring SNMP T rap Group Click Management > Access Control > SNMP > Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP trap s that should be sent to each SNMP manager .
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 298 38.3.6 Configuring SNMP User From the SNMP screen, click User to view the screen as shown. Use the User screen to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 299 38.4 Setting Up Login Account s Up to five people (one administr ator and four non-administr ators) may access the Switch via web configurator at any one time. • An administrator is someone who can both view and configure Switch changes.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 300 Note: It is hi ghly recommended that y ou change the defaul t admini strator password ( 1234 ). • A non-administr ator (username is something other than admin ) is someone who can view but not configure Switch settings.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 301 38.5 SSH Overview Unlike T elnet or FTP , which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts ov er an unsecured network.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 302 38.6 How SSH works The following table summarizes how a secure connection is established betwe en two remote hosts. Figure 179 How SSH W orks 1 Host Identification The SSH client sends a connection request to the SSH server .
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 303 38.7 SSH Implement ation on the Switch Y our Switch supports SSH version 2 using RS A au thentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemente d on the Switch for remote management and file transfer on port 22.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 304 Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all HT TP connection attempts.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 305 38.9.1.2 Internet Explorer 7 or 8 When you attempt to access the Switch HT TPS server , a screen with the me ssage "There is a problem with this websi te's security certificate." may display .
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 306 Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser .
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 307 38.9.2 Mozilla Firefox W arning Messages When you attempt to access the Switch HTTPS server , a This Connect ion is Unstr ucted screen may display . If that is the case, click I Understand the Risks and then the Add Exception .
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 308 Confirm the HT TPS serv er URL matches. Click Confirm Security Exception to proceed to the web configurator login screen.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 309 Mozilla Firefox) or next to the address bar (in Internet Explorer 7 or 8) denotes a secure connection. Figure 187 Example: Lock Denoting a Secure Connection 38.10 Service Port Access Control Service Access Control allows you to decide what services you ma y use to access the Switch.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 310 the Remote Management screen (discussed later). Click Management > Access Control > Service Access Co ntrol to view the screen as shown. Figure 188 Management > Access Control > Service Access Control The following table describes the fields in this screen.
Chapter 38 Access Control MES3500-24/24F U ser’s Guide 31 1 Y o u can specify a group of one or m ore “trusted computers” from which an administrator ma y use a service to manage the Switch. Click Access Control to return to the Access Control screen.
MES3500-24/24F U ser’s Guide 312 C HAPTER 39 Diagnostic This chapter explains the Diagnostic screen. 39.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests.
MES3500-24/24F U ser’s Guide 313 C HAPTER 40 Syslog This chapter explains the syslog screens. 40.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages.
Chapter 40 Syslog MES3500-24/24F U ser’s Guide 314 40.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server . Use this screen to configure the device’ s system logging settings.
Chapter 40 Syslog MES3500-24/24F U ser’s Guide 315 40.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to view the screen as shown next. Use this screen to configure a list of external syslog servers. Figure 192 Management > Syslog > S yslog Server Setup The following table describes the labels in this screen.
MES3500-24/24F U ser’s Guide 316 C HAPTER 41 Cluster Management This chapter introduces cluster management. 41.1 Cluster Management S t atus Overview Cluster Management allows y ou to manage switches through one S witch, called the cluster manager .
Chapter 41 Cluster Management MES3500-24/24F U ser’s Guide 317 41.2 Cluster Management S t atus Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager . Figure 194 Management > Cluster Management: Status The following table describes the labels in this screen.
Chapter 41 Cluster Ma nagement MES3500-24/24F U ser’s Guide 318 41.2.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink fro m the list of members to go to that cluster member switch's web configurator home page.
Chapter 41 Cluster Management MES3500-24/24F U ser’s Guide 319 The following table explains so me of the FTP par ameters. T able 137 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter “admin” . Password The web configur ator password default is 1234.
Chapter 41 Cluster Ma nagement MES3500-24/24F U ser’s Guide 320 41.3 Clustering Management Configuration Use this screen to configure clustering management.
Chapter 41 Cluster Management MES3500-24/24F U ser’s Guide 321 VID Thi s is the VLAN ID an d is only applic able if the Switch is set to 802.1Q VLAN. All switches must be directly connected an d in the same VLAN group to belong to the same cluster .
MES3500-24/24F U ser’s Guide 322 C HAPTER 42 MAC Table This chapter introduces the MAC Table screen. 42.1 MAC T able Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’ s ports.
Chapter 42 MAC Table MES3500-24/24F U ser’s Guide 323 42.2 V iewing the MAC T able Click Management > MAC Table in the navigation panel to display the following screen. Figure 199 Management > MAC T able The following table describes the labels in this screen.
Chapter 42 MAC Table MES3500-24/24F U ser’s Guide 324 Tr a n s f e r Ty p e S e l e c t Dynamic to MAC fo rwarding and click t he Transfer button to change all dynamically learned MAC address entries in th e summary table be low i nto static entries.
MES3500-24/24F U ser’s Guide 325 C HAPTER 43 ARP Table This chapter introduces ARP T able. 43.1 ARP T able Overview Address Resolution Protocol (ARP) is a protocol for mapping an Intern et Protocol address (IP address) to a physical machine address, also kn own as a Media Access Control or MAC address, on the local area network.
Chapter 43 ARP Table MES3500-24/24F U ser’s Guide 326 43.2 The ARP T able Screen Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries.
MES3500-24/24F U ser’s Guide 327 C HAPTER 44 Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 44.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
Chapter 44 Configure C lone MES3500-24/24F U ser’s Guide 328 The following table describes the labels in this screen. T able 141 Management > Configure Clone LABEL DESCRIPTION Sourc e/ Destinat ion Port Enter the source port under the Source label .
MES3500-24/24F U ser’s Guide 329 C HAPTER 45 Troubleshooting This chapter offers some suggestions to solve problems you might encounter . The potential problems are divided into the following categories. • Po wer , Hardware Connections, and LEDs • Switch Access and Login • Switch Configur ation 45.
Chapter 45 Troubleshooting MES3500-24/24F U ser’s Guide 330 One of the L EDs does not behave as expected. 1 Make sure you understand the norm al behavior of the LED . See Sec tion 3.2 on pa ge 37 . 2 Check the hardware connections. See Section 3.1 on page 30 .
Chapter 45 Troubleshoo ting MES3500-24/24F U ser’s Guide 331 • If you changed the IP address and hav e forgotten it, see the troubleshooting su ggestions for I forgot the IP address for the Switch. 2 Check the hardware connections, and make sure the LEDs are behaving as expected.
Chapter 45 Troubleshooting MES3500-24/24F U ser’s Guide 332 I cannot see some of Advanced Application submenus at the bottom of the navigation panel. The recommended screen resolution is 1024 by 768 pixels. Adjust the value in y our computer and then you should see the rest of Advanced Application submenus at the bottom of the navigation panel.
MES3500-24/24F U ser’s Guide 333 A PPENDIX A Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port number s, ICMP t ype/code numbers and services, visit the IANA (I nterne t Assigned Number Authority) web site.
Appendix A Common Services MES3500-24/24F U ser’s Guide 334 HT TP TCP 80 Hyper T ext T ransfer Protocol - a client/serve r protocol for the world wide web. HT TPS TCP 443 HTTPS is a sec ured http session ofte n used in e-commerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes.
Appendix A Common Services MES3500-24/24F U ser’s Guide 335 SMTP TCP 25 Simp le M ail T ransfer Proto co l is the mess age- exchange standard fo r the Internet. SMTP enables you to move messages from one e- mail server to another . SNMP TCP/ UD P 161 Simple Network Management Program.
Appendix A Common Services MES3500-24/24F U ser’s Guide 336.
MES3500-24/24F U ser’s Guide 337 A PPENDIX B Legal Information Copyright Copyright © 2011 by Z yXEL Communications Corporation. The contents of this publication may not be repr oduced in any part o.
Appendix B Legal Information MES3500-24/24F U ser’s Guide 338 CE Mark W arning: This is a class A product. In a domestic en vironm ent this product ma y cause radio interference in which case the user may be required to take adequ ate measures.
Appendix B Legal Informa tion MES3500-24/24F U ser’s Guide 339 Note R epair or replacement, as provided under this wa rr anty , is the exclusive remedy of the purchaser . This warr anty is in lieu of all other warranties, ex press or implied, including any implied w arranty of merchantability or fitness for a particular use or pu rpose.
Appendix B Legal Information MES3500-24/24F U ser’s Guide 340 ENGLISH DEUTSCH ESP AÑOL Green Product Declaration RoHS Directive 2002/95/EC Green Product Declaration RoHS Directive 2002/95/EC Declar.
Index MES3500-24/24F U ser’s Guide 341 Index Numbers 802.1P priority 96 A access control limitations 290 login account 299 remote management 310 service port 30 9 SNMP 290 accounting setup 207 addre.
Index MES3500-24/24F U ser’s Guide 342 cluster member firmware upgr ade 318 network example 316 setup 320 specification 316 status 317 switch models 316 VID 321 web config urator 318 cluster manager.
Index MES3500-24/24F U ser’s Guide 343 filtering 120 rules 120 filtering database, MAC table 322 firmware 87 upgrade 285 , 318 flow control 96 back pressure 96 IEEE802.
Index MES3500-24/24F U ser’s Guide 344 L L2PT 241 access port 242 CDP 241 configuration 243 encapsulation 241 LACP 242 MAC address 241 mode 242 overview 241 PAg P 242 point to point 242 STP 241 tunn.
Index MES3500-24/24F U ser’s Guide 345 mounting brackets 28 MST Instance, See MSTI 126 MST region 125 MSTI 126 MST ID 12 6 MSTI (Multiple Spanning T ree Instance) 124 MSTP 122 , 124 bridge ID 139 , .
Index MES3500-24/24F U ser’s Guide 346 port status 81 port VLAN trunking 99 port-based VLAN 11 0 all connected 11 3 port isolation 11 3 settings wizard 11 3 ports “standby” 148 diagnostics 312 m.
Index MES3500-24/24F U ser’s Guide 347 sFlow agent 245 sFlow collector 245 Simple Network Management Protocol, see SNMP 290 Small Form-factor Pluggable (SFP) 32 SNMP 290 agent 291 and MIB 291 and se.
Index MES3500-24/24F U ser’s Guide 348 tagged VLAN 97 temperature indicator 87 terminal emulation 31 time current 88 time zone 89 Time (RFC-868) 88 time server 88 time service protocol 88 format 88 .
Index MES3500-24/24F U ser’s Guide 349 priority 181 selective Q-in-Q 184 VLAN T runking Protocol, see VTP VLAN, protocol based, See protocol based VLAN VLAN, subn et base d , See subnet based VL ANs.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il ZyXEL Communications MES3500-24 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del ZyXEL Communications MES3500-24 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso ZyXEL Communications MES3500-24 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul ZyXEL Communications MES3500-24 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il ZyXEL Communications MES3500-24, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del ZyXEL Communications MES3500-24.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il ZyXEL Communications MES3500-24. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo ZyXEL Communications MES3500-24 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.