Instruction/ maintenance manual of the product ES3500 Series ZyXEL Communications
Go to page of 360
Quick Start Guide www .zyxel.com ES3500 Series Intelligent L2 switch V e rsion 4.00 Edition 3, 06/2012 Copyright © 2012 Z yXEL Communications Corpor ation User’s Guide Default Login Details LAN IP Address http://192.
ES3500 Series User’s Gui de 2 IMPORT ANT! READ CAREFULL Y BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Gu ide for a series of products.
Contents Overview ES3500 Series User’s Guide 3 Contents Overview User ’ s Guide .................................................................... .......... ........... ......................... ......... 17 Getting to Know Y our Sw itch ......
Contents Overview ES3500 Series User’s Gui de 4 Differentiated Services ....... ... ................. ... ... ................ ... .... ................ ... ... ................ .... ... .. ...... 270 DHCP ........... ................ ..............
Table of Contents ES3500 Series User’s Guide 5 Table of Contents Contents Overview .............................................................................. ............................... ..... 3 Table of Contents .............................
Table of Contents ES3500 Series User’s Gui de 6 4.2 System Login ...... ................ ................ ................ ................ ................ ................. .... ......... 37 4.3 The Web Configurator Layout ..... .... ... ... ... .
Table of Contents ES3500 Series User’s Guide 7 7.1 Overview ......... ... ................. ... ................ ... ................ ................. ... ................ ... ........ ............ 79 7.2 Port S tatus Summary ........... ... ......
Table of Contents ES3500 Series User’s Gui de 8 10.2 Configuring S tatic MAC Forwarding ................ ................ ................ ................. ........... 1 16 Chapter 1 1 St atic Multicast Forward Setup ...............................
Table of Contents ES3500 Series User’s Guide 9 Chapter 17 Link Aggregation .................................................................................. ............................. ... 149 17.1 Link Aggregation Overview . ................ ...
Table of Contents ES3500 Series User’s Gui de 10 22.1 Queuing Method Overview .. ................ ................ ................ ................ ................. ........... 177 22.1.1 S trict ly Priority Queuing ........... ......... ....... .
Table of Contents ES3500 Series User’s Guide 11 25.2.2 T ACACS + Server Setup ... ................ ................ ................ ................ ................ .. 206 25.2.3 AAA Setup ..... ............. ... ................ ................ .
Table of Contents ES3500 Series User’s Gui de 12 Chapter 30 sFlow ................................................. ................................................................ .......... ........... 246 30.1 sFlow Overview ............. .......
Table of Contents ES3500 Series User’s Guide 13 Chapter 36 Differentiated Services ......................................................................... ............................... .2 7 0 36.1 DiffServ Overview ..... ................ .......
Table of Contents ES3500 Series User’s Gui de 14 Chapter 39 Access Control ................................................................ ................................................. .... 292 39.1 Access Control Overview ....... .............
Table of Contents ES3500 Series User’s Guide 15 43.1 MAC T able Overview ........... ... ... .... ... ... ................ ... .... ... ... ................ ... .... ... ... ................ . .3 2 7 43.2 Viewing the MAC T able .... ... ............
Table of Contents ES3500 Series User’s Gui de 16.
17 P ART I User ’ s Guide.
18.
ES3500 Series User’s Guide 19 C HAPTER 1 Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction The Switch is a lay er-2 standalone Ethernet switch. There are three models of the Switch.
Chapter 1 Getti ng to Know Your Switch ES3500 Series User’s Gui de 20 In this example, all computers can share high-spe ed applic ations on the server . T o expand the network, simply add more networking devices such as switches, routers, computers, print servers etc.
Chapter 1 Getting to Know Your Switch ES3500 Series User’s Guide 21 Switching to higher-speed LANs such as A TM (A sy nchronous T ransmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance.
Chapter 1 Getti ng to Know Your Switch ES3500 Series User’s Gui de 22 Shared resources such as a server can be used by all ports in the same VLAN as the server . In the following figure only ports that need access to th e server need to be part of VLAN 1.
Chapter 1 Getting to Know Your Switch ES3500 Series User’s Guide 23 • Cluster Management. Cluster Management allows you to manage multiple switches through one switch, called the cluster manager .
Chapter 1 Getti ng to Know Your Switch ES3500 Series User’s Gui de 24.
ES3500 Series User’s Guide 25 C HAPTER 2 Hardware Installation and Connection This chapter shows you how to install and connect the Sw itch. 2.1 Inst allation Scenarios The Switch can be placed on a desktop or r ack -mounted on a standard EIA rack. Use the rubber feet in a desktop installation and the br ackets in a r ack -mounted instal lation.
Chapter 2 Ha rdware Installation and Connectio n ES3500 Series User’s Gui de 26 2.3.1 Rack-mounted Installation Requirement s • T wo mounting brackets. • Eight M3 flat head screws and a #2 Philips screwdriver . • Four M5 flat head screws and a #2 Philips screwdriver .
Chapter 2 Hardware Installation and Conne ction ES3500 Series User’s Guide 27 2.3.3 Mounting the Switch on a Rack 1 Po sition a mounting bracket (that is already attach ed to the Switch) on one side of the r ack, lining up the two screw holes on the brack et with the screw holes on the side of the r ack.
ES3500 Series User’s Guide 28 C HAPTER 3 Hardware Overview This chapter describes the front panel and rear pa nel of the Switch and shows you how to make the hardware connections. 3.1 Front and Rear Panels The following figures show the front and rear panels of the Switch.
Chapter 3 Hardware Overview ES3500 Series User’s Guide 29 Figure 12 ES3500-24HP Rear Panel Figure 13 ES3500-8PD Front Panel Figure 14 ES3500-8PD Rear Panel The following table describes the connectors on the front and rear panels.
Chapter 3 Hardware Overview ES3500 Series User’s Gui de 30 3.1.1 Console Port For local management, y ou can use a computer with terminal emulation software configured to the following parameters: .
Chapter 3 Hardware Overview ES3500 Series User’s Guide 31 3.1.2.2 Auto-crossover All ports are auto-crossover , that is auto-MDIX ports (Media Dependent Interface Crossover), so you may use either a straight -through Ethernet cable or crossover Ethernet cable for all Gigabit port connections.
Chapter 3 Hardware Overview ES3500 Series User’s Gui de 32 5 Connect the fiber optic cables to the transceiv er . Figure 15 T ransceiver Installation E xample Figure 16 Connecting the Fiber Optic Cables 3.1.3.2 T r ansceiver Removal Use the following steps to remo ve a mini-GBIC tr ansceiver (SFP module).
Chapter 3 Hardware Overview ES3500 Series User’s Guide 33 3.1.4 Power Connector Make sure you are using the corr ect power source as shown on the panel and that no objects obstruct the airflow of the fans. Use the following procedures to connect the Switch to a power source after you ha ve installed it.
Chapter 3 Hardware Overview ES3500 Series User’s Gui de 34 LNK/ACT Green Blinking The syst em is tr ansmitting/rec eiving to/from a 100 0 Mbps Ethernet netw ork. On The link to a 1000 Mbps Ether net network is up. Amber Blinking The system is transmitti ng/receiving to/from a 10 Mbps or a 100 Mbps Ethernet network.
Chapter 3 Hardware Overview ES3500 Series User’s Guide 35 LNK/ACT Green Blinking The syst em is tran smitting/recei ving to/from a 10/100 0 Mbps Ethernet netw ork. On The link to a 10/1000 Mbps Ethernet network is up. Amber Blinking The s ystem is tr ansmit ting/receiving to/from a 100 Mbps Ethernet netw ork.
Chapter 3 Hardware Overview ES3500 Series User’s Gui de 36.
ES3500 Series User’s Guide 37 C HAPTER 4 The Web Configurator This section introduces the configur ation and functions of the web configur ator . 4.1 Introduction The web configurator is an HTML -based management interface that allows easy Switch setup and management via Internet browser .
Chapter 4 T he We b Configurator ES3500 Series User’s Gui de 38 3 The login screen appears. The default username is admin and associated default password is 1234 . The date and time display as shown if you have not conf igured a time server nor manually entered a time and date in the General Setup screen.
Chapter 4 The Web Configurator ES3500 Series User’s Guide 39 The following figure shows the navigating components of a web configurator screen. Figure 21 The W eb Configur ator Layout A - Click the menu items to open submenu links, an d then click on a submenu link to open the screen in the main window .
Chapter 4 T he We b Configurator ES3500 Series User’s Gui de 40 In the navigation panel, click a main link to reveal a list of submenu links. Note: Only the ES3500-24HP has a P oE menu. Note: Only the ES3500-8PD has a Green Ethernet menu. The following table describes the links in the navigation panel.
Chapter 4 The Web Configurator ES3500 Series User’s Guide 41 PoE This link takes you to a screen wher e you can configure the Switch to supply power over Ethernet. Advanced Application VLAN This link takes you to screens where you can confi gure port-base d or 802.
Chapter 4 T he We b Configurator ES3500 Series User’s Gui de 42 sFlow This link tak es you to screens where y ou can configure s Flow settings on t he Switch.
Chapter 4 The Web Configurator ES3500 Series User’s Guide 43 4.3.1 Change Y our Password After you log in for the first time, it is recommended y ou change the default adm inistrator password. Click Management > Access Control > Logins to display the next screen.
Chapter 4 T he We b Configurator ES3500 Series User’s Gui de 44 4 Disable all ports. 5 Misconfigure the text configuration file. 6 F orge t the passw ord and/o r IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it.
Chapter 4 The Web Configurator ES3500 Series User’s Guide 45 6 After a configuration file upload, type atgo to restart the Switch. Figure 23 Resetting the Sw itch: Via the Console Port The Switch is now reinitialized with a default configur ation file includin g the default password of “1234” .
Chapter 4 T he We b Configurator ES3500 Series User’s Gui de 46.
ES3500 Series User’s Guide 47 C HAPTER 5 Initial Setup Example This chapter shows how to set up th e Switch for an example network. 5.1 Overview The following lists the configuration steps fo r the initial setup: • Create a VLAN • Set port VLAN ID • Configure the Switch IP management address 5.
Chapter 5 Initial Set up E x am ple ES3500 Series User’s Gui de 48 1 Click Advanced Application > VL AN in the navigation panel and click the Static VLAN link. 2 In the Static VLAN screen, select AC TIVE , enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network.
Chapter 5 Initial Setup Example ES3500 Series User’s Guide 49 5 Click Add to save the settings to the run-time memory . Settings in the run-time memory are lost when the Switch’ s power is turned off .
Chapter 5 Initial Set up E x am ple ES3500 Series User’s Gui de 50 5.2 Configuring Switch Management IP Address The default management IP address of the Switch is 192.168.1.1. Y ou can configure another IP address in a different subnet for management pu rposes.
Chapter 5 Initial Setup Example ES3500 Series User’s Guide 51 5 For t h e VLAN2 network, enter 192.168.2 .1 as the IP add ress and 255.255.255.0 as the subnet mask. 6 In the VID field, enter the ID of the VLAN group to wh ich you want this management IP address to belong.
ES3500 Series User’s Guide 52 C HAPTER 6 Tutorials This chapter provides some examples of using th e web configur ator to set up and use the S witch.
Chapter 6 Tutorials ES3500 Series User’s Guide 53 2 Go to Advanced Application > VLAN > Static VLAN , and create a VL AN with ID of 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as show n . Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag.
Chapter 6 Tutorials ES3500 Series User’s Gui de 54 4 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure , activate and specify VLAN 100 as the DHCP VLAN as shown. C lick Apply . 5 Click the Port link at the top right corner .
Chapter 6 Tutorials ES3500 Series User’s Guide 55 7 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure > VLAN , show VLAN 100 by entering 100 in the St art VID and End VID fie lds an d click Apply . T hen select Yes in the Enabl ed field of the VLAN 100 entry shown at the bottom section of the screen.
Chapter 6 Tutorials ES3500 Series User’s Gui de 56 6.2.1 DHCP Relay T u torial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) an d gateway information to DHCP client A based on the system name, VLAN ID and port number in the DHCP request.
Chapter 6 Tutorials ES3500 Series User’s Guide 57 3 Click Advanced Application > VLAN > Static VLAN . 4 In the Static VLAN screen, select ACTIVE , enter a descriptive name (V ALN 102 for example) in the Name field and enter 1 02 in the VLAN Group ID field.
Chapter 6 Tutorials ES3500 Series User’s Gui de 58 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are fo rwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory .
Chapter 6 Tutorials ES3500 Series User’s Guide 59 5 Click Apply to save your changes back to the run-time memory . 6 Click the Save link in the upper right corner of the web configurator to save your conf iguration permanently . 7 The DHCP server can then assign a specif ic IP address based on the DHCP request.
Chapter 6 Tutorials ES3500 Series User’s Gui de 60 Switc h B is connected to switch A . In this way , PPPoE ser ver S can identify subscriber C and may apply different settings to it. Note: For related information about PPPoE IA, see Section 31.3 on pag e 252 .
Chapter 6 Tutorials ES3500 Series User’s Guide 61 2 Select Untrus ted for port 5 and enter userC as Circuit-id and 0 0134900000A as Remote-id . Select Trusted for port 12 and then leave the other fiel ds em pty . Click Apply . Then Click Interm e diate Agent on the top of the screen.
Chapter 6 Tutorials ES3500 Series User’s Gui de 62 4 Enter 1 for both Start VID an d End VID since both the Switch and PPP oE server are in VLAN 1 in this example.
Chapter 6 Tutorials ES3500 Series User’s Guide 63 1 Click Advanced Application > PPPoE > Intermediate Agent . Se lect Active then click Apply . Click Port on the top of the screen. 2 Select Trusted for ports 11 and 12 and then click Apply . Then Click Interm e diate Agent on the top of the screen.
Chapter 6 Tutorials ES3500 Series User’s Gui de 64 3 The Intermediate Agent screen appears. Click VLAN on the top of the screen. 4 Enter 1 for both Start VID an d End VID .
Chapter 6 Tutorials ES3500 Series User’s Guide 65 The settings are completed now. If you miss some settings above, subscriber C could not successfully receive an IP address assigned by th e PPP oE Serv er . If thi s happens, m ake su re you follow the steps exactly in this tutorial.
Chapter 6 Tutorials ES3500 Series User’s Gui de 66 2 Click Advanced Application > Errdisable > CPU Protecti on , select ARP as the reason, enter 100 as the rate limit (packets per second) for the first entry (port *) to apply the setting to all ports.
Chapter 6 Tutorials ES3500 Series User’s Guide 67 6.5 How to Set Up a Guest VLAN All ports on the Switch are in VLAN 1 by default. Say you enable IEEE 802.1x authentication on ports 1 to 8. Clients that connect to these ports should provide the correct user name and password in order to access the ports.
Chapter 6 Tutorials ES3500 Series User’s Gui de 68 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q . Click Apply to sa ve the settings to the run-time memory .
Chapter 6 Tutorials ES3500 Series User’s Guide 69 7 Click Add to save the settings to the run-time memory . Settings in the run-time memory are lost when the Switch’ s power is turned off . 8 Click the VLAN Status link in the Static V LAN screen and then the VLAN Port Setting link in the VLAN Status screen.
Chapter 6 Tutorials ES3500 Series User’s Gui de 70 10 Click Apply to save your changes back to the run-time memory . 11 Click the Save link in the upper right corner of the web configurator to save your conf iguration permanently . 6.5.2 Enabling IEEE 802.
Chapter 6 Tutorials ES3500 Series User’s Guide 71 2 Select the first Active checkbox to enable 802.1x au thentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply . 6.
Chapter 6 Tutorials ES3500 Series User’s Gui de 72 2 Select Active and enter the guest VLAN ID (200 in this example) on ports 1, 2 and 3. The Switch puts unauthenticated clients in the specified guest VLAN.
Chapter 6 Tutorials ES3500 Series User’s Guide 73 do port isolation in a VLAN instead of assigning each port to a separate VLAN and creating a different IP routing domain for each indiv idu al port. In this example, you put ports 2 to 4 and 25 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2, 3 and 4.
Chapter 6 Tutorials ES3500 Series User’s Gui de 74 5 Select Fixed to configure ports 2, 3, 4 and 25 to be permanent members of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remov e VLAN tags before sending frames out of these ports.
Chapter 6 Tutorials ES3500 Series User’s Guide 75 9 Enter 123 in the PVID field for ports 2, 3, 4 and 25 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory .
Chapter 6 Tutorials ES3500 Series User’s Gui de 76 2 In the Private VLAN screen, select Active . Enter a descriptive name (Priv ateVLAN123 for example) in the Name field and enter 123 in the VLAN ID field. Click Add . 3 Click the Save link in the upper right corner of the web configurator to save your conf iguration permanently .
77 P ART II T echnical Reference.
78.
ES3500 Series User’s Guide 79 C HAPTER 7 System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details.
Chapter 7 S ystem Status and Port Statistics ES3500 Series User’s Gui de 80 The following table describes the labels in this screen. Ta b l e 1 1 Status LABEL DESCRIPTION Port This identif ies the Et hernet port. Click a port number to display the Port Details screen (refe r to Figure 29 on page 81 ).
Chapter 7 System Status and Port Statistics ES3500 Series User’s Guide 81 7.2.1 St atus: Port Det ails Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch.
Chapter 7 S ystem Status and Port Statistics ES3500 Series User’s Gui de 82 Link For Ethernet po rts, this field displays the speed ( 10M for 10Mbps or 100M for 100Mbps) and duplex ( F for full duplex or H for half ) settings.
Chapter 7 System Status and Port Statistics ES3500 Series User’s Guide 83 RX CRC This field shows the number of packets rece iv ed with CRC (Cyclic R edundant Check) error(s). Length T his field shows the num b er of packet s re ceived wi th a length that w as out of rang e.
ES3500 Series User’s Guide 84 C HAPTER 8 Basic Setting This chapter describes how to configure the System Info, Ge neral Setup , Switch Setup , IP Setup and Port Setup screens. 8.1 Overview The System Info screen displays general S witch information (such as firmw are version number) and hardware polling information (such as temper atures).
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 85 The following table describes the labels in this screen. T a ble 13 Basic Setting > System Info LABEL DESCRIPTION System Name This field displa ys the descriptive name of the Swit ch for identification purposes.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 86 8.3 General Setup Use this screen to configure general settings such as the system name and time. Click Bas ic Setting > General Se tup in the navigation panel to display the screen as shown.
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 87 8.4 Introduction to VLANs A VLAN (Virtual Local Area Network) allows a ph ysic al network to be partitioned into multiple logical networks. Devices on a logical network belong to on e gr ou p. A d ev ic e c an be lo ng to mo re th an on e group.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 88 VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast pack ets go to each and every individual port.
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 89 Y ou should enable RSTP or MRSTP before y ou can use smart isolation on the S witch. If the network topology changes, the Switch automatically updates the isolated port list with the latest designated port information.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 90 Aging Time Enter a time from 10 to 3000 seconds. This is how long all dynamicall y learned MAC addresses remain in the MAC address table befo re they age out (and must be relearned). GARP Timer: Switche s join VLANs by making a declaration.
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 91 8.6 IP Setup Use the IP Setup screen to configure the Switch IP addres s, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 92 The following table describes the labels in this screen. T a ble 16 Basic Setting > IP Setup LABEL DESCRIPTION Domain Nam e Serve r DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 93 8.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to displa y the configuration screen. Figure 34 Basic Setting > Port Setup The following table describes the labels in this screen.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 94 8.8 PoE Note: The following screens are available for the ES3500-24HP model only . The ES3500-24HP supp orts the IEEE 802.
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 95 In the figure below, the IP camer a and IP phon e get their power directly from the Switch. Aside from minimizing the need for cables and wires, P oE removes the hassle of trying to find a nearby electric outlet to power up devices.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 96 8.8.1 PoE Setup Use this screen to set the priority levels for the Switch in distributing power to PDs. Consuming Power (W) This field displays the total amou nt of power the Switch is currently supplying to the connecte d PoE- enabled devices.
Chapter 8 Basic Setti ng ES3500 Series User’s Guide 97 Click the PoE Setup link in the Basic Setting > PoE Statu s screen. The following screen opens. Figure 37 Basic Setting > PoE Setup The following table describes the labels in this screen.
Chapter 8 Basic Setting ES3500 Series User’s Gui de 98 Note: If the priority s ettings for two or more P oE ports are the same, the ports will shut down randomly when the power budget is not enough. W e strongly reco mmend you set the priority for each Po E port to mak e sure the hi gh priority ports get power .
ES3500 Series User’s Guide 99 C HAPTER 9 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you h ow to conf igure 802.1Q tagged and port-based VLANs. 9.1 Introduction to IEEE 8 02.
Chapter 9 VLAN ES3500 Series User’s Gui de 100 9.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automati cally register VLAN membership across switches.
Chapter 9 VLAN ES3500 Series User’s Guide 101 9.3 Port VLAN T runking Enable VLAN Trunking on a port to allow fr ames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without ha ving to configure the same VLAN grou ps on intermediary devices.
Chapter 9 VLAN ES3500 Series User’s Gui de 102 9.5.1 VLAN S t atus See Section 9.1 on page 99 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next.
Chapter 9 VLAN ES3500 Series User’s Guide 103 9.5.2 VLAN Det ails Use this screen to view detailed port setti ngs and status of the VLAN group. See Section 9.1 on page 99 for more information on static VLAN. Click on an index number in the VL AN Status screen to display VLAN details.
Chapter 9 VLAN ES3500 Series User’s Gui de 104 9.5.3 Configure a St atic VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. See Section 9.1 on page 99 for more information on static VLAN. T o configure a static VLAN, click Static V LAN in the VLAN Status screen to display the screen as shown next.
Chapter 9 VLAN ES3500 Series User’s Guide 105 9.5.4 Configure VLAN Port Settings Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 9.1 on page 99 for more information on static VLAN. Click the VLAN Port Se tting link in the VLAN Status screen.
Chapter 9 VLAN ES3500 Series User’s Gui de 106 9.6 Subnet Based VLANs Subnet based VLANs allow you to group traffic into logical VLANs based on the source IP subnet you specify . When a frame is received on a port, the S w itch checks if a tag is added already and the IP subnet it c ame from.
Chapter 9 VLAN ES3500 Series User’s Guide 107 services). All untagged incoming fr ames will be classified based on their source IP subnet and prioritized accordingly . That is, video services receive the highest priori ty and data the lowest. Figure 44 Subnet Based VLAN Application Example 9.
Chapter 9 VLAN ES3500 Series User’s Gui de 108 Note: Subnet based VLAN applies to un-tagge d packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 45 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes the labels in this screen.
Chapter 9 VLAN ES3500 Series User’s Guide 109 9.8 Protocol Based VLANs Protocol based VLANs allow you to grou p traffic into logical VLANs based on the protocol y ou specify . When an upstream frame is received on a port (configured for a protocol based VLAN), the Switch checks if a tag is added already and its protocol.
Chapter 9 VLAN ES3500 Series User’s Gui de 11 0 9.9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Se tting screen to display the configu ration screen as shown. Figure 47 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN The following table describes the labels in this screen.
Chapter 9 VLAN ES3500 Series User’s Guide 111 9.10 Create an IP -based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. F ollow these steps using the screen below: 1 Activate this protocol based VLAN. 2 T y pe the port number you want to include in this protocol based VLAN.
Chapter 9 VLAN ES3500 Series User’s Gui de 11 2 1 Click the index number of the protocol based VLAN entry . Click 1 . 2 Change the value in the Port field to the next port you want to add.
Chapter 9 VLAN ES3500 Series User’s Guide 11 3 The following screen shows users on a port -based, all-connected VLAN configuration. Figure 49 Advanced Ap plication > VLAN > P ort Based VLAN Se.
Chapter 9 VLAN ES3500 Series User’s Gui de 11 4 The following screen shows users on a port -based, port-isolated VLAN configur ation. Figure 50 Advanced Ap plication > VLAN: P ort Based VLAN Setu.
Chapter 9 VLAN ES3500 Series User’s Guide 11 5 The following table describes the labels in this screen. T a ble 27 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation . All connected me ans all ports can communi cate with each ot her , that is, there a re no virtual LANs.
ES3500 Series User’s Guide 11 6 C HAPTER 10 Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 10.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your net wor k.
Chapter 10 Static MAC Forw ard Setup ES3500 Series User’s Guide 11 7 The following table describes the labels in this screen. T a ble 28 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this to activate your rule. Y ou may tempor arily deactiv ate a rule without deletin g it by clearing this.
ES3500 Series User’s Guide 11 8 C HAPTER 11 Static Multicast Forward Setup Use these screens to configure static multicast address forwarding. 1 1.1 St atic Multicast Forwarding Overview A multicast MAC address is the MAC address of a member of a multicast group.
Chapter 11 Static Multicast Forw ard Setup ES3500 Series User’s Guide 11 9 within a VLAN group. Figure 53 shows frames being fo rwarded to devices connected to port 3.
Chapter 11 Static Multicast Forward Setup ES3500 Series User’s Gui de 120 Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown. Figure 55 Advanced Application > Static Multicast Forw arding The following table describes the labels in this screen.
Chapter 11 Static Multicast Forw ard Setup ES3500 Series User’s Guide 121 Port This field displays the port(s) within a identi fied VLAN group to which frames contai ning the specified mult icast MAC a ddress will be forwarded. Delete Click Delete to remove the selected entry from the summary table.
ES3500 Series User’s Guide 122 C HAPTER 12 Filtering This chapter discusses MAC address port filtering. 12.1 Configure a Filtering Rule Configure the Switch to filter tr affic based on the tr affic’ s source, destination MAC addresses and/or VLAN group (ID).
Chapter 12 Filteri ng ES3500 Series User’s Guide 123 MAC T ype a MAC address in a valid MAC address fo rmat, that is, six hexa decimal character pairs. VID T ype the VLAN group ide ntification number . Add Click Ad d to save your changes to the Switch’ s run-ti me memory .
ES3500 Series User’s Guide 124 C HAPTER 13 Spanning Tree Protocol The Switch supports Spanning T ree Protocol (S TP), Rapid Spanning T ree Protocol (RSTP) and Multiple Spanning T re e Protocol (MSTP) as defined in the following standards. • IEEE 802.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 125 On each bridge, the bridge communicates with the r oot through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost).
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 126 13.1.4 Multiple RSTP MRSTP (Multiple RSTP) is Z yXEL ’ s proprietary featur e that is compatible with RSTP and STP . With MRSTP , you can hav e more than one spanning tree on y our S witch and assign port(s) to each tree.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 127 13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches.
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 128 Devices that belong to the same MST region are configu red to have the same MSTP configur ation identification settings.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 129 13.2 S p anning T ree Protocol St atus Screen The Spanning T ree Protocol status screen change s depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown.
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 130 13.4 Configure Rapid S p anning T ree Protocol Use this screen to configure RSTP settings, see Section 13.1 on page 124 for more information on RSTP . Click RSTP in the Advanced Application > Spanning Tree Protocol screen.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 131 Bridge Priority Bridge priori ty is used in determining the root swit ch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 132 13.5 Rapid S p anning T ree Protocol St atus Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 133 13.6 Configure Multiple Ra pid S p anning T ree Protocol T o configure MRSTP , click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1 on page 124 for more information on MRSTP .
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 134 13.7 Multiple Rapid S p anning T r ee Protocol St atus Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 135 Note: This screen is only av ailable after y ou activ ate MRSTP on the S witch. Figure 67 Advanced Application > Spanning T ree Protocol > Status: MRSTP The following table describes the labels in this screen.
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 136 13.8 Configure Multiple S p anning T ree Protocol T o configure MSTP , click MSTP in the Advanced Application > Spanning Tree P rotocol screen. See Section 13.1.5 on page 126 for more information on MSTP .
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 137 The following table describes the labels in this screen. T a ble 38 Advanced Application > Spanning T ree Protocol > MSTP LABEL DESCRIPTION Port Cl ic k Port to display the MSTP Port Configuration screen (see Figure 69 on page 139 ).
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 138 VLAN Range Enter the start of the VLAN ID range th at you want to add or remove from the VLAN r ange edit area i n the Start field. Enter the end of the VLAN ID r ange that y ou want to a dd or remove from the VLAN r ange edit area in the End field.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 139 13.8.1 Multiple S p anning T ree Protocol Port Configuration T o configure MSTP ports, click Port in the Advanced Application > Spanning Tree Protocol > MSTP screen.
Chapter 13 Spanning Tree Prot ocol ES3500 Series User’s Gui de 140 13.9 Multiple S p anning T ree Protocol St atus Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.
Chapter 13 Spanning Tree Protocol ES3500 Series User’s Guide 141 Port ID This is the priority and number o f the port on the S witch through whi ch t hi s S w it ch mu s t communicate with the root of the Span ning T ree . Configur ation Name This field displays the configuration name for this MST re gion.
ES3500 Series User’s Guide 142 C HAPTER 14 Bandwidth Control This chapter shows you how y ou can cap the maximum bandwidth using th e Ban dwidth Control screen. 14.1 Bandwid th Control Overview Bandwidth c o ntrol mean s defining a max imum allowable band width for inco ming and/or o ut-going traffic flows on a port.
Chapter 14 Bandwidth Control ES3500 Series User’s Guide 143 14.2 Bandwid th Control Setup Click Ad vanced Applic ation > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 71 Advanced Application > Bandwidth Control The following table describes the related labels in this screen.
Chapter 14 Ba ndwidth Control ES3500 Series User’s Gui de 144 Apply Click Apply to save your changes to the Switch’s run-time memory . The Switch lose s these changes if it is turned off or loses power , so use the Save link on the top navigation panel to save y our change s to the non- volat ile memory when y ou are done c onfiguring.
ES3500 Series User’s Guide 145 C HAPTER 15 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature.
Chapter 15 Broadcast Storm Control ES3500 Series User’s Gui de 146 * Settings in this row apply to all ports. Use this row only if you w ant to make some settings th e same for all ports. Use this row first to set the c ommon settings an d then ma ke adjustments on a port-b y-port basis.
ES3500 Series User’s Guide 147 C HAPTER 16 Mirroring This chapter discusses port mirroring setup screens. 16.1 Port Mirroring Setup Po rt mirroring allows you to copy a tr affic flow to a monitor port (the port y ou copy the tr affic to) in order that you can examine the tr affic from the monitor port without interference.
Chapter 16 Mirr or ing ES3500 Series User’s Gui de 148 * Settings in this row apply to all ports. Use this row only if you wa nt to make some sett ings th e same for all ports. Use this row first to set the common se ttings and then ma ke adjustments on a port-by-port basis.
ES3500 Series User’s Guide 149 C HAPTER 17 Link Aggregation This chapter shows you how to logically aggregate ph ysical links to form one logical, higher- bandwidth link. 17.1 Link Aggregation Overview Link aggregation (trunking) is the groupin g of ph ysical ports into one logical higher-capacit y link.
Chapter 17 L ink Aggregation ES3500 Series User’s Gui de 150 Configure trunk groups or LACP before y ou connect the Ethernet switch to av oid causing network topology loops. 17.2.1 Link Aggregation ID LACP aggregation ID consists of the following information 1 : 17.
Chapter 17 Link Aggregation ES3500 Series User’s Guide 151 Aggregator ID Link Aggregator ID cons ists o f the following: s ystem priori ty , MAC address, key , port priority and port number . Refer to Section 17.2.1 on page 150 for more information on this field.
Chapter 17 L ink Aggregation ES3500 Series User’s Gui de 152 17.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 17.1 on page 149 for more information on link aggregation.
Chapter 17 Link Aggregation ES3500 Series User’s Guide 153 Criteria Select the outgo ing traffic distribution ty pe. Packets from the s ame source and/or t o the same destination are sent over th e same link within th e trunk. By default, th e Switch uses t he src- dst-mac distribution type.
Chapter 17 L ink Aggregation ES3500 Series User’s Gui de 154 17.5 Link Aggregation Control Protocol Click in the Advanced Applic ation > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 17.2 on page 149 for more information on dynamic link aggregation.
Chapter 17 Link Aggregation ES3500 Series User’s Guide 155 17.6 S t atic T runking Example This example shows you how to create a static port trunk group for ports 2-5. 1 Make your physical connections - make sure that the ports that y ou want to belong to the trunk group are connected to the same destination.
Chapter 17 L ink Aggregation ES3500 Series User’s Gui de 156 2 Configure static trunking - Click Advanced Application > Link A ggregation > Link Aggregation Setting .
ES3500 Series User’s Guide 157 C HAPTER 18 Port Authentication This chapter describes the IEEE 802. 1x and MAC authentication methods. 18.1 Port Authentication Overview Port authentication is a way to v alidate access to po rts on the Switch to clients based on an external server (authentication server).
Chapter 18 Port Authentication ES3500 Series User’s Gui de 158 provides the login credentials, the Switch sends an authentication request to a RADIUS server . The RADIUS server v alidates whether this client is allowed access to the port. Figure 79 IEEE 802.
Chapter 18 Po rt Aut hentication ES3500 Series User’s Guide 159 on the source MAC address of the client connectin g to a po rt on the Switch along with a password configured specifically for MAC auth entication on the S witch. Figure 80 MAC Authentication Process 18.
Chapter 18 Port Authentication ES3500 Series User’s Gui de 160 18.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x securit y . In the Port Auth enticat ion screen click 802.1x to display the configur ation screen as shown. Figure 82 Advanced Application > P ort Authentication > 802.
Chapter 18 Po rt Aut hentication ES3500 Series User’s Guide 161 18.2.2 Guest VLAN When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the correct credentials are blocked from using the port(s). Y ou can configure your Switch to ha ve one VLAN that acts as a guest VLAN.
Chapter 18 Port Authentication ES3500 Series User’s Gui de 162 Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 84 Advanced Application > P ort Authentication > 802.
Chapter 18 Po rt Aut hentication ES3500 Series User’s Guide 163 18.2.3 Activate MAC Authentication Use this screen to activate MAC authentication. In th e Port Authentication screen click MAC Authentication to display the configur ation screen as shown.
Chapter 18 Port Authentication ES3500 Series User’s Gui de 164 The following table describes the labels in this screen. T a ble 51 Advanced Application > Port Auth entication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentic ation on the S witch.
ES3500 Series User’s Guide 165 C HAPTER 19 Port Security This chapter shows you how to set up port security . 19.1 About Port Security Po rt security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the S witch.
Chapter 19 Port Security ES3500 Series User’s Gui de 166 The following table describes the labels in this screen. T a ble 52 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which y ou want to enable port security and disable MAC addr ess learning.
ES3500 Series User’s Guide 167 C HAPTER 20 Classifier This chapter introduces and shows you how to co nfigure the packet classifier on the Sw itch. 20.
Chapter 20 Classifi e r ES3500 Series User’s Gui de 168 Click Advanced Application > Classifier in the navigation panel to display the configur ation screen as shown. Figure 87 Advanced Application > Classifier The following table describes the labels in this screen.
Chapter 20 Classifier ES3500 Series User’s Guide 169 20.3 V iewing and Editing Classifier Configuration T o view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen. T o change the settings of a rule, click a number in the Index field.
Chapter 20 Classifi e r ES3500 Series User’s Gui de 170 Note: When two rules conflict with each other , a higher lay er rule has pr iority over a lower layer rule. Figure 88 Advanced Application > Classifier: Summary T able The following table describes the labels in this screen.
Chapter 20 Classifier ES3500 Series User’s Guide 171 20.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2.
ES3500 Series User’s Guide 172 C HAPTER 21 Policy Rule This chapter shows you how to configure policy rules. 21.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the con figured criteria (refer to Chapter 20 on page 167 for more information).
Chapter 21 Policy Rule ES3500 Series User’s Guide 173 Click Advanced Applications > Policy Rule in the navigation panel to displa y the screen as shown. Figure 90 Advanced Application > P olicy Rule The following table describes the labels in this screen.
Chapter 21 Po licy Rule ES3500 Series User’s Gui de 174 Gener al Egress Port T ype the numbe r of an outgoing port. Priority Specify a priority lev el. DSCP Specify a DSCP (DiffServ Code Point) number between 0 and 63. TOS Specify the type of service (TOS) priority level.
Chapter 21 Policy Rule ES3500 Series User’s Guide 175 21.3 V iewing and Editing Policy Configuration T o view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Policy screen. T o change the settings of a rule, click a number in the Ind ex field.
Chapter 21 Po licy Rule ES3500 Series User’s Gui de 176 21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.
ES3500 Series User’s Guide 177 C HAPTER 22 Queuing Method This chapter introduces the queuing methods supported. 22.1 Queuing Method Overview Queuing is used to help solve performance degr ad ation when there is network conge stion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic.
Chapter 22 Queui n g Me th od ES3500 Series User’s Gui de 178 22.1.3 We ighted Round Robin Scheduling (WRR) Round R obin Scheduling services queues on a rotating basis and is activated only when a port has more traffi c than it can handle. A queue is a given an am ount of bandwidth irrespective of the incoming traffic on that port.
Chapter 22 Qu euing Method ES3500 Series User’s Guide 179 The following table describes the labels in this screen. T a ble 59 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. * Settings in this row apply to all ports.
ES3500 Series User’s Guide 180 C HAPTER 23 VLAN Stacking This chapter shows you how to con figu re VLAN stac king on your Switch. See the chapter on VLANs for more background information on Virtual LAN 23.
Chapter 23 VLAN Stacking ES3500 Series User’s Guide 181 adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data fr ames leave the network. Figure 94 VLAN Stacking Example 23.
Chapter 23 VLAN Stacking ES3500 Series User’s Gui de 182 23.3 VLAN T ag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Type is a standard Ethernet type code identifying the fr ame and indicates that whether the frame carries IEEE 802.
Chapter 23 VLAN Stacking ES3500 Series User’s Guide 183 23.4 Configuring VLAN S t acking Click Advanced Applications > VLAN Stacking to display the screen as shown. Figure 95 Advanced Application > VLAN Stack ing The following table describes the labels in this screen.
Chapter 23 VLAN Stacking ES3500 Series User’s Gui de 184 23.4.1 Port-based Q-in-Q Po rt-based Q-in-Q lets the Switch treat all fr ames received on the same port as the same VLAN flows and add the same outer VLAN tag to them, ev en they have different customer VLAN IDs.
Chapter 23 VLAN Stacking ES3500 Series User’s Guide 185 23.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Sw itch to add different outer VLAN tags to the incoming fr ames received on one port according to their inner VLAN tags.
Chapter 23 VLAN Stacking ES3500 Series User’s Gui de 186 Active This sh ows whether this rule is acti vated or not. Name This is the descript ive name fo r this rule. Port This is the port number to which this rule is applied. CVID This is the cust omer VLAN ID in the in co ming packets.
ES3500 Series User’s Guide 187 C HAPTER 24 Multicast This chapter shows you how to configure v arious multicast features. 24.1 Multicast Overview T raditionally , I P packets are transmitted in one of either two wa ys - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to ev erybody on the networ k).
Chapter 24 Multica st ES3500 Series User’s Gui de 188 24.1.4 IGMP Snooping and VLANs The Switch can perform IGMP snooping on up to 16 VLANs. Y ou can configure the Switch to automatically learn multicast group membership of any VLANs. The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets.
Chapter 24 Multicast ES3500 Series User’s Guide 189 24.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown.
Chapter 24 Multica st ES3500 Series User’s Gui de 190 Unknown Multicast Fr ame Specify the action to perform when the Swit ch receives an unknown multicast frame. Select Drop to discard the frame(s). Select Floo ding to send the frame(s) to all ports.
Chapter 24 Multicast ES3500 Series User’s Guide 191 Throttling IGMP throttling controls how the Swit ch deals with the IGMP reports wh en the maximum number of the IGMP gro ups a port can join is reached. Select Deny to drop any new IGMP join repor t rece ived on this port until an existing multicast forwarding table entry is aged out.
Chapter 24 Multica st ES3500 Series User’s Gui de 192 24.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.
Chapter 24 Multicast ES3500 Series User’s Guide 193 24.5 IGMP Filtering Profile An IGMP filtering profile specifie s a range of multicast groups that clients connected to the S witch are able to join. A profile contains a r ange of mu lticast IP addresses which you want clients to be able to join.
Chapter 24 Multica st ES3500 Series User’s Gui de 194 The following table describes the labels in this screen. 24.6 MVR Overview Multicast VLAN Registr ation (MVR) is designed for applications (such as Media-on-Demand (MoD)) that use multicast traffic across an Ethern et ring-based service prov ider network.
Chapter 24 Multicast ES3500 Series User’s Guide 195 The following figure shows a network example. The subscriber VLAN ( 1 , 2 and 3 ) information is hidden from the streaming media server , S . In addition, th e multicast VLAN information is only visible to the Switch and S .
Chapter 24 Multica st ES3500 Series User’s Gui de 196 port in the same subscriber VLAN , the receiving port will still be on the list of forwarding destination for the multicast tr affic. Otherwise, the Switch removes the receiver port from the forw arding table.
Chapter 24 Multicast ES3500 Series User’s Guide 197 Note: Y our Switch automatically creates a st atic VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 104 Advanced Application > Multic ast > Multicast Setting > MVR The following table describes the related labels in this screen.
Chapter 24 Multica st ES3500 Series User’s Gui de 198 24.8 MVR Group Configuration All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Configure MVR IP multicast group address(es) in the Group Configuration screen.
Chapter 24 Multicast ES3500 Series User’s Guide 199 Note: A port can belong to more than one multicast VLAN. However , IP multicast group addresses in different mult icas t VLANs cannot overlap .
Chapter 24 Multica st ES3500 Series User’s Gui de 200 News and Movie channels) from the remote streaming media server , S . Computers A, B and C in VLAN 1 are able to receive the traffic.
Chapter 24 Multicast ES3500 Series User’s Guide 201 T o set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an exam ple where two multicast groups ( News and Movie ) are configured for the multicast VLAN 200.
ES3500 Series User’s Guide 202 C HAPTER 25 AAA This chapter describes how to configure authenti cation, authorization and accounting settings on the Switch. 25.1 Authentication, Author ization and Accounting (AAA) Authentication is the process of determining who a user is and v alidating access to the Sw itch.
Chapter 25 AAA ES3500 Series User’s Guide 203 25.1.2 RADIUS and T ACACS+ RADIUS and T ACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal de vice user database th at is limited to the memory capacity of the device.
Chapter 25 AAA ES3500 Series User’s Gui de 204 authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 1 12 Ad vanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen.
Chapter 25 AAA ES3500 Series User’s Guide 205 Shared Secret Specify a password (up to 32 alphanumer ic characters) as the key to be shared between the e x t e r na l R AD IU S s er v e r an d th e Sw i t c h. T hi s k e y i s n ot s en t ov e r t h e n e tw o r k.
Chapter 25 AAA ES3500 Series User’s Gui de 206 25.2.2 T ACACS+ Server Setup Use this screen to configure your T ACACS+ server settings. See Section 25.1 .2 on page 20 3 for more information on T ACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounti ng screen to view the scre en as shown.
Chapter 25 AAA ES3500 Series User’s Guide 207 TCP P ort The default port of a T ACACS+ server for authentication is 49 . Y ou need not change this value unless your network administ rator instructs y ou to do so.
Chapter 25 AAA ES3500 Series User’s Gui de 208 25.2.3 AAA Setup Use this screen to configure authentication, authorization an d accounting settings on the Switch.
Chapter 25 AAA ES3500 Series User’s Guide 209 Login These fields specif y which database the S witch should use (fi rst, second and third) to authenticat e administrator accounts (users for Switch management). Configure t he local us er account s in the Access Control > Logins screen.
Chapter 25 AAA ES3500 Series User’s Gui de 210 25.2.4 V endor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device (for exampl e, th e Switch). A company can create V endor Specific Attributes (VSAs) to expand the functionality of a RADIUS server .
Chapter 25 AAA ES3500 Series User’s Guide 21 1 The following table describes the VS As supported on the Switch. Note that these attributes only work when you enable authorization (see Section 25.
Chapter 25 AAA ES3500 Series User’s Gui de 212 Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authenti cation and accounting functions on the Sw itch.
Chapter 25 AAA ES3500 Series User’s Guide 213 25.3.2.1 Attributes Used fo r Accounting System Event s NAS-IP- Address NAS-Identifier Acct-S tatus- T ype Acct-S ession-ID - The format of Acct- Session-Id is date+time+8-di git sequenti al number , for example, 200704191721030000 0001.
Chapter 25 AAA ES3500 Series User’s Gui de 214 25.3.2.3 Attributes Used for A ccounting IEEE 802.1x Events The attributes are listed in the following table al ong with the time of the session they a.
ES3500 Series User’s Guide 215 C HAPTER 26 IP Source Guard Use IP source guard to filter unauthoriz ed DHCP and ARP packets in y our network. 26.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in y our network.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 216 T rusted ports are connected to DHCP servers or other switches. The Switch discards DHCP pack ets from trusted ports only if the r ate at which DHCP packets arrive is too high. The S witch learns dynamic bindings from trusted ports.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 217 26.1.1.3 DHCP Rela y Option 82 Information The Switch can add information to DHCP requests th at it does not discard. This provides the DHCP server more information about the source of the requests.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 218 • It pretends to be computer A and responds to computer B . • It pretends to be computer B and sends a message to computer A . As a result, all the communication between computer A and com puter B passes through computer X .
Chapter 26 IP Source Guard ES3500 Series User’s Guide 219 26.2 IP Source Guard Us e t hi s s cr ee n t o lo ok at th e c ur re n t b in di ng s f or DH CP sn oo p in g a nd AR P i ns pe ct io n. Bi n di ng s a re used by DHCP snooping and ARP inspection to distinguish between authorized and unauthoriz ed packets in the network.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 220 ID as an existing static binding, the new static binding replaces the original one. T o open this screen, click Advanced Application > IP Source Guard > Static Bindi ng . Figure 1 18 IP Source Guard Static Binding The following table describes the labels in this screen.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 221 26.4 DHCP Snooping Use this screen to look at various statistics abou t the DHCP snooping database. T o open this screen, click Advanced Application > IP So urce Guard > DHCP Snooping .
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 222 Write delay timer This field displays h o w long (in seconds) the Swit ch tries to complete a s pecific update in the DHCP snooping da tabase before it gives up.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 223 26.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Sw itch (not on specific VLAN), specify the V LAN where the defau lt DH CP server is loca ted , and configure the DHCP snooping database.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 224 still av ailable after a restart. T o open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure . Figure 120 DHCP Snooping Configure The following table describes the labels in this screen.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 225 26.5.1 DHCP Snooping Port Configure Use this screen to specify whether ports are tr usted or untrusted ports for DHCP snooping. Note: The Swit ch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 226 The following table describes the labels in this screen. 26.5.2 DHCP Snooping VLAN Configure Use this screen to enable DHCP snooping on eac.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 227 26.6 ARP Inspection S t atus Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unautho rized ARP packet.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 228 26.6.1 ARP Inspection VLAN S t atus Use this screen to look at various statistics about ARP packets in each VLAN. T o open this screen, click Advanced Applicati on > IP Source Gu ard > ARP In sp ect ion > VLAN Status .
Chapter 26 IP Source Guard ES3500 Series User’s Guide 229 26.6.2 ARP Inspection Log St atus Use this screen to look at log messages that were gener ated by ARP packets and that ha ve not been sent to the syslog server yet. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status .
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 230 26.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Sw itch. Y ou can also configure the length of time the Switch stores records of discarded ARP pack ets and global settings for the ARP inspection log.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 231 The following table describes the labels in this screen. 26.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. Y ou can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port.
Chapter 26 IP Source Guard ES3500 Series User’s Gui de 232 open this screen, click Advanced Application > IP Sour ce Guard > ARP Inspection > Configure > Port . Figure 127 ARP Inspection Port Con figure The following table describes the labels in this screen.
Chapter 26 IP Source Guard ES3500 Series User’s Guide 233 26.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN.
ES3500 Series User’s Guide 234 C HAPTER 27 Loop Guard This chapter shows you how to configure the Switch to guard against loops on th e edge of your network. 27.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch.
Chapter 27 Loop Gu ard ES3500 Series User’s Guide 235 The following figure shows port N on switch A connected to switch B . Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B , they are sent back to port N on A as they are rebroadcast from B .
Chapter 27 Loop Guard ES3500 Series User’s Gui de 236 Note: After resolving the loop problem on yo ur network y ou can re-activ ate the disabled port via the web configur ator (see S ection 8.7 on page 93 ) or via commands (see the Ethernet Switch CLI R eference Guide).
Chapter 27 Loop Gu ard ES3500 Series User’s Guide 237 Apply Click Apply to sav e your change s to the Swit ch’ s run-time me mory . The Switch loses these changes if it is turned off or loses power , so use the Save link on the top navigation panel to save your changes to the non-v olatile memor y when you ar e done configur ing.
ES3500 Series User’s Guide 238 C HAPTER 28 VLAN Mapping This chapter shows you how to configure VLAN mapping on the S witch. 28.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network.
Chapter 28 VLAN Ma ppi ng ES3500 Series User’s Guide 239 28.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the na vigation panel to display the screen as shown. Figure 135 VLAN Mapping The following table describes the labels in this screen.
Chapter 28 VLAN Mapping ES3500 Series User’s Gui de 240 28.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to displa y the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). Figure 136 VLAN Mapping Configuration The following table describes the labels in this screen.
Chapter 28 VLAN Ma ppi ng ES3500 Series User’s Guide 241.
ES3500 Series User’s Guide 242 C HAPTER 29 Layer 2 Protocol Tunneling This chapter shows you how to configure la yer-2 protocol tunneling on the Switch. 29.1 Layer 2 Protocol T unneling Overview Layer-2 pr otocol tunneling (L2PT) is used on the se rvice prov ider's edge devices.
Chapter 29 Layer 2 Protocol Tunneling ES3500 Series User’s Guide 243 T o emulate a point-to-point topology between two customer switches at different sites, such as A and B , you can enable protocol tunneling on edge switches 1 and 2 for P AgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection).
Chapter 29 L ayer 2 Pro tocol Tunneling ES3500 Series User’s Gui de 244 29.2 Configuring Layer 2 Prot ocol T unneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown.
Chapter 29 Layer 2 Protocol Tunneling ES3500 Series User’s Guide 245 STP Select this o ption to have the Swit ch tunnel STP (Spann in g T ree Prot ocol) packets so that STP can run properly across the service provider ’s network and spanning trees can be set up based on bridge information from all (local and remote) networks.
ES3500 Series User’s Guide 246 C HAPTER 30 sFlow This chapter shows you how to configure sFlow to ha ve the Switch monitor tr a ffic in a network and send information to an sFlow collector for analysis. 30.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched n etworks.
Chapter 30 sFlow ES3500 Series User’s Guide 247 30.2 sFlow Port Configuration Click Advanced Application > sFlow in the navigation panel to display the screen as shown. Figure 141 Advanced Application > sFlow The following table describes the labels in this screen.
Chapter 30 sFlow ES3500 Series User’s Gui de 248 30.2.1 sFlow Collector Configuration Click the Collector link in the sFlow screen to display the screen as shown.
Chapter 30 sFlow ES3500 Series User’s Guide 249 Clear Clic k Clear to clear the fields to the factory defaults. Index This field displays the index number of this entry .
ES3500 Series User’s Guide 250 C HAPTER 31 PPPoE This chapter describes how the Switch give s a PPP oE termination server additional information that the server can use to identify and authenticate a PPP oE client.
Chapter 31 PPPoE ES3500 Series User’s Guide 251 The 1 in the first field identifies this as an Agent Circu it ID sub-option and 2 identifies this as an Agent Remote ID sub-option.
Chapter 31 PPPoE ES3500 Series User’s Gui de 252 T rusted ports are connected to PPPoE servers. • If a P ADO (PPP oE Active Discov ery Offer), P ADS (PPPoE Active Disco very Session-confirmation),.
Chapter 31 PPPoE ES3500 Series User’s Guide 253 Click Advanced Application > PPPoE > Intermediate Ag ent in the navigation panel to displa y the screen as shown. Figure 144 Advanced Application > PPP oE > Intermediate Agent The following table describes the labels in this screen.
Chapter 31 PPPoE ES3500 Series User’s Gui de 254 31.3.1 PPPoE IA Per-Port Use this screen to specify whether individual ports are trusted or untrusted ports and have the Switch add extr a information to PPP oE discovery pack ets from PPPoE clients on a per-port basis.
Chapter 31 PPPoE ES3500 Series User’s Guide 255 31.3.2 PPPoE IA Per-Port Per-VLAN Use this screen to configure PPP oE IA settings that apply to a specific VLAN on a port. Server T rusted State Select whether this port is a trusted port ( Trusted ) or an untrusted port ( Untrusted ).
Chapter 31 PPPoE ES3500 Series User’s Gui de 256 Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. Figure 146 Advanced Application > PPPoE > Intermediate Agent > P ort > VLAN The following table describes the labels in this screen.
Chapter 31 PPPoE ES3500 Series User’s Guide 257 31.3.3 PPPoE IA for VLAN Use this screen to set whether the PPPoE Intermedia te Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or R emote ID to PPP oE discovery packets from a specific VLAN.
ES3500 Series User’s Guide 258 C HAPTER 32 Error Disable This chapter shows you how to configure the r ate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error .
Chapter 32 Error Disable ES3500 Series User’s Guide 259 32.3 The Error Disable Screen Use this screen to configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Figure 148 Advanced Application > Errdisable 32.
Chapter 32 Error Disable ES3500 Series User’s Gui de 260 The following table describes the labels in this screen. 32.5 Error-Disable Detect Configuration Use screen to have the Switch detect whether the control packets exceed the rate limit configured for a port and configure the action to ta ke once the limit is exceeded.
Chapter 32 Error Disable ES3500 Series User’s Guide 261 32.6 Error-Disable R ecovery Configuration Use this screen to configure the Switch to automati cally undo an action after the error is gone. Click the Click Here link next to Errdisable Recovery in the Advanced Application > Errdisable screen to display the screen as shown.
Chapter 32 Error Disable ES3500 Series User’s Gui de 262 Interval Enter the number of seconds (fro m 30 to 2592000) for the time interv al. Apply Click Apply to save your changes to the Swi tch’s run-time memory .
ES3500 Series User’s Guide 263 C HAPTER 33 Private VLAN This chapter shows you how to configure the Swit ch to prevent communications between ports in a VLAN. 33.1 Private VLAN Overview Private VLAN allows you to do port isolation within a VLAN in a simple wa y .
Chapter 33 Private VL AN ES3500 Series User’s Gui de 264 33.2 Configuring Private VLAN Click Advanced Application > Private VLAN in the navigation panel to display the screen as shown. Figure 153 Advanced Application > Private VLAN The following table describes the labels in this screen.
ES3500 Series User’s Guide 265 C HAPTER 34 Green Ethernet This chapter shows you how to configure the Switch to reduce the power consumed by switch ports. 34.1 Green Ethernet Overview Green Ethernet reduces switch port power consumption in the following w ays.
Chapter 34 Green Ethernet ES3500 Series User’s Gui de 266 34.2 Configuring Green Ethernet Click Advanced Application > Gr ee n Ethernet in the navigation panel to display the screen as shown. Figure 154 Advanced Application > Green Ethernet The following table describes the labels in this screen.
ES3500 Series User’s Guide 267 C HAPTER 35 Static Route This chapter shows you how to configure static routes. 35.1 S t atic Routing Overview The Switch uses IP for communication with management computers, for example using HT TP , T elnet, SSH, or SNMP .
Chapter 35 Static Route ES3500 Series User’s Gui de 268 35.2 Configuring S t atic Routing Click IP Applicati on > Static Routing in the navigation panel to display the screen as shown. Figure 156 IP Application > Static R outing The following table describes the related labels you use to create a static route.
Chapter 35 Static Route ES3500 Series User’s Guide 269 Subnet Mask Th is field displays the subnet mask for this destinat ion . Gatew ay Address This field displays the IP address of the gate way . The gateway is an immediate neighbor of your Switch that will forw ard the packet to the dest in ation.
ES3500 Series User’s Guide 270 C HAPTER 36 Differentiated Services This chapter shows you how to configure Differ entiated Services (DiffS erv) on the Switch. 36.1 DiffServ Overview Quality of Service (QoS) is used to prioritize sour ce-to-destination traffic flows.
Chapter 36 Differentiated Services ES3500 Series User’s Guide 271 various tr affic policies to the traffic flows. An example tr affic policy , is to give higher drop precedence to one traffic flow over others.
Chapter 36 D ifferentiated Services ES3500 Series User’s Gui de 272 36.2.1 TRTCM-Color-blind Mode All packets are evaluated against the PIR. If a packet ex ceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow .
Chapter 36 Differentiated Services ES3500 Series User’s Guide 273 Click IP Applicati on > DiffServ in the navigation panel to display the screen as shown. Figure 161 IP Application > DiffServ The following table describes the labels in this screen.
Chapter 36 D ifferentiated Services ES3500 Series User’s Gui de 274 Note: Y ou cannot enable both TRT CM and Bandwidth Cont rol at the same time. Figure 162 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen.
Chapter 36 Differentiated Services ES3500 Series User’s Guide 275 36.3.2 Configuring DSCP Profiles Use this screen to configur e DSCP profiles. Click the DS CP Profile link in the 2-Rate 3 Color Marker screen to display the screen as shown next.
Chapter 36 D ifferentiated Services ES3500 Series User’s Gui de 276 36.4 DSCP-to-IEEE 802.1p Priority Settings Y ou can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all tr affic based on the incoming DSCP value according to the DiffServ to IEEE 802.
Chapter 36 Differentiated Services ES3500 Series User’s Guide 277 The following table describes the labels in this screen. T a ble 118 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP clas sification identif ication number .
ES3500 Series User’s Guide 278 C HAPTER 37 DHCP This chapter shows you how to configure the DHCP feature. 37.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain T CP/IP configuration at start -up from a server .
Chapter 37 DHCP ES3500 Series User’s Guide 279 The following table describes the labels in this screen. 37.3 DHCP Relay Configure DHCP relay on th e Switch if the DHCP clients and the DHCP server are not in the same broadcast domain.
Chapter 37 DHCP ES3500 Series User’s Gui de 280 37.3.2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to displa y the screen as shown.
Chapter 37 DHCP ES3500 Series User’s Guide 281 37.3.3 Global DHCP Re lay Configuration Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that service s the DHCP clients in both domains.
Chapter 37 DHCP ES3500 Series User’s Gui de 282 37.4 Configuring DH CP VLAN Settings Use this screen to configure your DHCP settings ba sed on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.
Chapter 37 DHCP ES3500 Series User’s Guide 283 37.4.1 Example: DHCP Relay for T wo VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network. T wo DHCP servers are installed to serve each VLAN. The system is set up to forw ard DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.
Chapter 37 DHCP ES3500 Series User’s Gui de 284.
ES3500 Series User’s Guide 285 C HAPTER 38 Maintenance This chapter explains how to configure the screens that let y ou maintain the firmware and configuration files. 38.1 The Maintenance Screen Use this screen to manage firmw are and your configur ation files.
Chapter 38 Ma intenance ES3500 Series User’s Gui de 286 38.2 Load Factory Default Follow th e steps below to reset the Switch back to the factory defaults. 1 In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch configur ation information you configured and return to the factory defaults.
Chapter 38 Maintena nce ES3500 Series User’s Guide 287 1 In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one. The following screen displa ys. Figure 174 Reboot S ystem: Confirmation 2 Click OK again and then wait for the Switch to restart.
Chapter 38 Ma intenance ES3500 Series User’s Gui de 288 38.6 Restore a Configuration File R estore a previously saved configur ation from your computer to the Switch using the Restore Configuration screen.
Chapter 38 Maintena nce ES3500 Series User’s Guide 289 38.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands.
Chapter 38 Ma intenance ES3500 Series User’s Gui de 290 Be sure to upload the correct mode l firmware as uploading the wrong model firmware may damage your device. 38.8.2 FTP Command Line Procedure 1 Launch the FTP client on your computer . 2 Enter open , followed by a space and the IP address of your Switch.
Chapter 38 Maintena nce ES3500 Series User’s Guide 291 • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately .
ES3500 Series User’s Guide 292 C HAPTER 39 Access Control This chapter describes how to control access to the Switch. 39.1 Access Control Overview A console port and FTP are allowed one session each.
Chapter 39 Access Control ES3500 Series User’s Guide 293 SNMP version 3. The next figure illustr ates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 179 SNMP Management Model An SNMP managed network consists of two main components: agents an d a manager .
Chapter 39 Access Control ES3500 Series User’s Gui de 294 39.3.2 Supported MIBs MIBs let administrators collect statistics and monitor status and performance.
Chapter 39 Access Control ES3500 Series User’s Guide 295 poe P wrP ortF ailedEventOn ES3500 -24HP: 1.3.6.1.4.1.8 90.1.5.8.73.27.2.1 This tr ap is sent when the port is turned off to supply power due to overloading ov er system budget, or short circuit.
Chapter 39 Access Control ES3500 Series User’s Gui de 296 reset UncontrolledResetEve ntOn ES3500-24: 1.3.6.1.4.1.8 90.1.5.8.61.27.2.1 ES3500-8PD: 1.3.6.1.4.1.8 90.1.5.8.72.27.2.1 ES3500-24HP: 1.3.6.1.4.1.8 90.1.5.8.73.27.2.1 This trap is s ent when the Switch automatically rese ts.
Chapter 39 Access Control ES3500 Series User’s Guide 297 errdisable errdisabl eDetectT rap ES3500-24: 1.3.6.1.4.1.8 90.1.5.8.61.130.4. 1 ES3500-8PD: 1.
Chapter 39 Access Control ES3500 Series User’s Gui de 298 tran sceiv er- ddmi transceiv erddmiEventOn ES3500- 24: 1.3.6.1.4.1.890 .1.5.8.61.27.2 .1 ES3500-8PD: 1.
Chapter 39 Access Control ES3500 Series User’s Guide 299 accounting RADIUSNotR eachableEventO n ES3500-24: 1.3.6.1.4.1.8 90.1.5.8.61.27.2. 1 ES3500-8PD: 1.3.6.1.4.1.8 90.1.5.8.72.27.2. 1 ES3500-24HP: 1.3.6.1.4.1.8 90.1.5.8.73.27.2. 1 This trap is sent when there is no response message from the R A D IUS accounti ng se rv er .
Chapter 39 Access Control ES3500 Series User’s Gui de 300 T a ble 131 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION stp STPNewRo ot 1.3.6.1.2.1.17. 0.1 This tr ap is sent when th e STP root switch changes. MRSTPNewR oot ES3500-24: 1.3.
Chapter 39 Access Control ES3500 Series User’s Guide 301 39.3.4 Configuring SNMP Click Management > Access Control > SNMP to view the screen as shown. Use this screen to configure your SNMP settings. Figure 180 Management > Access Control > SNMP The following table describes the labels in this screen.
Chapter 39 Access Control ES3500 Series User’s Gui de 302 39.3.5 Configuring SNMP T rap Group Click Management > Access Control > SNMP > Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP trap s that should be sent to each SNMP manager .
Chapter 39 Access Control ES3500 Series User’s Guide 303 The following table describes the labels in this screen. 39.3.6 Configuring SNMP User From the SNMP screen, click User to view the screen as shown. Use the User screen to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups.
Chapter 39 Access Control ES3500 Series User’s Gui de 304 The following table describes the labels in this screen. T a ble 134 Management > Access Control > SNMP > User LABEL DESCRIPTION User Information Note: Use the username and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager .
Chapter 39 Access Control ES3500 Series User’s Guide 305 39.4 Setting Up Login Account s Up to five people (one administr ator and four non-administr ators) may access the Switch via web configurator at any one time. • An administrator is someone who can both view and configure Switch changes.
Chapter 39 Access Control ES3500 Series User’s Gui de 306 The following table describes the labels in this screen. 39.5 SSH Overview Unlike T elnet or F TP , which tr ansmit data in clear text, SSH .
Chapter 39 Access Control ES3500 Series User’s Guide 307 39.6 How SSH works The following table summarizes how a secure connection is established betwe en two remote hosts. Figure 185 How SSH W orks 1 Host Identification The SSH client sends a connection request to the SSH server .
Chapter 39 Access Control ES3500 Series User’s Gui de 308 39.7 SSH Implement ation on the Switch Y our Switch supports SSH v ersion 2 using RSA au thentication and three encryption methods (DES , 3DES and Blowfish). The SSH server is implemente d on the Switch for remote management and file transfer on port 22.
Chapter 39 Access Control ES3500 Series User’s Guide 309 Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all HT TP connection attempts.
Chapter 39 Access Control ES3500 Series User’s Gui de 310 39.9.1.2 Internet Explorer 7 or 8 When you attempt to access the Switch HT TPS server , a screen with the message "There is a problem with this websi te's security certificate." may display .
Chapter 39 Access Control ES3500 Series User’s Guide 31 1 Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser .
Chapter 39 Access Control ES3500 Series User’s Gui de 312 39.9.2 Mozilla Firefox W arning Messages When you attempt to access the Switch HTTPS server , a This Connection is Untrusted screen may display . If that is the case, click I Understand the Risks and then the Add Exception.
Chapter 39 Access Control ES3500 Series User’s Guide 313 Confirm the HT TPS serv er URL matches. Click Confirm Security Exception to proceed to the web configurator login screen.
Chapter 39 Access Control ES3500 Series User’s Gui de 314 Mozilla Firefox) or next to the address bar (in Internet Explorer 7 or 8) denotes a secure connection. Figure 193 Example: Lock Denoting a Secure Con nection 39.10 Service Port Access Control Service Access Control allows you to decide what services you ma y use to access the Switch.
Chapter 39 Access Control ES3500 Series User’s Guide 315 the Remote Management screen (discussed later). Click Management > Access Control > Service Access Co ntrol to view the screen as shown. Figure 194 Management > Access Control > Service Access Control The following table describes the fields in this screen.
Chapter 39 Access Control ES3500 Series User’s Gui de 316 Y o u can specify a group of one or m ore “trusted computers” from which an administrator ma y use a service to manage the Switch. Click Access Control to return to the Access Control screen.
ES3500 Series User’s Guide 317 C HAPTER 40 Diagnostic This chapter explains the Diagnostic screen. 40.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests.
ES3500 Series User’s Guide 318 C HAPTER 41 Syslog This chapter explains the syslog screens. 41.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages.
Chapter 41 Syslog ES3500 Series User’s Guide 319 41.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server . Use this screen to configure the device’ s system logging settings.
Chapter 41 Syslog ES3500 Series User’s Gui de 320 41.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to view the screen as shown next. Use this screen to configure a list of external syslog servers. Figure 198 Management > Syslog > S y slog Server Setup The following table describes the labels in this screen.
ES3500 Series User’s Guide 321 C HAPTER 42 Cluster Management This chapter introduces cluster management. 42.1 Cluster Management S t atus Overview Cluster Management allows y ou to manage switches through one S witch, called the cluster manager .
Chapter 42 Cluster Management ES3500 Series User’s Gui de 322 42.2 Cluster Management S t atus Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager . Figure 200 Management > Cluster Management: Status The following table describes the labels in this screen.
Chapter 42 Cluster Mana gement ES3500 Series User’s Guide 323 42.2.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink fro m the list of members to go to that cluster member switch's web configurator home page.
Chapter 42 Cluster Management ES3500 Series User’s Gui de 324 The following table explains so me of the FTP par ameters. T a ble 144 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter “admin” . Password The web configur ator password default is 1234.
Chapter 42 Cluster Mana gement ES3500 Series User’s Guide 325 42.3 Clustering Management Configuration Use this screen to configure clustering management.
Chapter 42 Cluster Management ES3500 Series User’s Gui de 326 VID This is the VLAN ID and is only applic able if the Switch is se t to 802.1Q VLAN. All switches must be directly connect ed and in the same VLAN group to belong to the same cluster . Switches that are not in the same VLAN grou p are not visible in the Clustering Candidates list.
ES3500 Series User’s Guide 327 C HAPTER 43 MAC Table This chapter introduces the MAC Table screen. 43.1 MAC T a ble Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’ s ports.
Chapter 43 MAC Table ES3500 Series User’s Gui de 328 43.2 V iewing the MAC T able Click Management > MAC Table in the navigation panel to display the following screen. Figure 205 Management > MAC T able The following table describes the labels in this screen.
Chapter 43 MAC Table ES3500 Series User’s Guide 329 Tr a n s f e r Ty p e S e l e c t Dynamic to MAC forwardi ng and cli ck the Transfer butt on to change all dynamically learned MAC address entries in th e summary table be low i nto static entries.
ES3500 Series User’s Guide 330 C HAPTER 44 ARP Table This chapter introduces ARP T able. 44.1 ARP T a ble Overview Address Resolution Protocol (ARP) is a protocol for mapping an Intern et Protocol address (IP address) to a physical machine address, also kn own as a Media Access Control or MAC address, on the local area network.
Chapter 44 ARP Table ES3500 Series User’s Guide 331 44.2 The ARP T a ble Screen Click Management > ARP Table in the navigation pan el to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries.
ES3500 Series User’s Guide 332 C HAPTER 45 Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 45.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports.
Chapter 45 Configure Clo ne ES3500 Series User’s Guide 333 Figure 207 Management > Configure Clone.
Chapter 45 Configure Clone ES3500 Series User’s Gui de 334 The following table describes the labels in this screen. T a ble 148 Management > Configure Clone LABEL DESCRIPTION Sourc e/ Destinat ion Port Enter the source port under the Source label .
ES3500 Series User’s Guide 335 C HAPTER 46 Troubleshooting This chapter offers some suggestions to solve problems you might encounter . The potential problems are divided into the following categories. • Po wer , Hardware Connections, and LEDs • Switch Access and Login • Switch Configur ation 46.
Chapter 46 Trouble sh oo ti n g ES3500 Series User’s Gui de 336 One of the L EDs does not behave as expected. 1 Make sure you understand the norm al behavior of the LED . See Sec tion 3.2 on pa ge 33 . 2 Check the hardware connections. See Section 3.
Chapter 46 Troubleshooting ES3500 Series User’s Guide 337 46.2 Switch Access and Login I forgot the IP address for the Switch. 1 The default management IP address is 192.168.1.1 . 2 Use the console port to log in to the S witch. 3 If this does not work, you ha ve to reset the device to its factory defaults.
Chapter 46 Trouble sh oo ti n g ES3500 Series User’s Gui de 338 • T ry to access the Switch using another service, such as T elnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HT TP .
Chapter 46 Troubleshooting ES3500 Series User’s Guide 339 46.3 Switch Configuration I lost my config uration settings after I restart the Switc h. Make sure you sa ve your configur ation into the Switch’ s nonvolatile memory each time you mak e changes.
Chapter 46 Trouble sh oo ti n g ES3500 Series User’s Gui de 340.
ES3500 Series User’s Guide 341 A PPENDIX A Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port number s, ICMP t ype/code numbers and services, visit the IANA (I nternet Assigned Number Authority) web site.
Appendix A Commo n Services ES3500 Series User’s Gui de 342 H.323 TCP 1720 NetMeeting uses this protocol. HT TP TC P 80 Hyper T ext T ransfer Protocol - a cl ient/ server protocol for the world wi de web. HT TPS TC P 443 HT TPS is a secured http se ssion often used in e-commerce.
Appendix A Common Services ES3500 Series User’s Guide 343 SMTP TCP 25 Simple Mail T ransfer Protocol is the message-exchange standard for the Internet. SMTP en ables you to move messages from one e-mail server to another . SNMP TCP / UD P 161 Simple Network Managem ent Program.
Appendix A Commo n Services ES3500 Series User’s Gui de 344.
ES3500 Series User’s Guide 345 A PPENDIX B Legal Information Copyright Copyright © 2012 by Z yXEL Communications Corporation. The contents of this publication may not be repr oduced in any part or .
Appendix B Lega l Information ES3500 Series User’s Gui de 346 CE Mark W arning: This is a class A product. In a domestic en vironm ent this product ma y cause radio interference in which case the user may be required to take adequ ate measures.
Appendix B Legal Information ES3500 Series User’s Guide 347 Note R epair or replacement, as provided under this wa rr anty , is the exclusiv e remedy of the purchaser . This warr anty is in lieu of all other warranties, ex press or implied, including any implied w arranty of merchantability or fitness for a particular use or pu rpose.
Appendix B Lega l InformationSafety Warnings ES3500 Series User’s Gui de 348 Safety Warnings • Do NOT use this product near w ater , for example, in a wet basement or near a swimming pool. • Do NOT expose y our device to da mpness, dust or corrosive liquids.
Appendix B Legal InformationSafety Warnings ES3500 Series User’s Guide 349 ENGLISH DEUTSCH ESP AÑOL Green Product Declaration RoHS Directive 2002/95/EC Green Product Declaration RoHS Directive 2002.
Appendix B Lega l InformationSafety Warnings ES3500 Series User’s Gui de 350.
Index ES3500 Series User’s Guide 351 Index Numbers 802.1P priority 94 802.3az 265 A access control limitations 292 login account 305 remote management 315 service port 31 4 SNMP 292 accounting setup.
Index ES3500 Series User’s Gui de 352 and switch passwords 32 6 cluster manager 321 , 325 cluster member 32 1 , 326 cluster member firmware upgr ade 323 network example 321 setup 325 specification 3.
Index ES3500 Series User’s Guide 353 external authentication server 203 F FCC interference statement 345 file transfer using FTP command example 289 filename convention, configur ation 28 9 filtering 122 rules 122 filtering database, MAC table 327 firmware 85 upgrade 287 , 323 flow control 94 back pressure 94 IEEE802.
Index ES3500 Series User’s Gui de 354 IP source guard 215 ARP inspection 215 , 217 DHCP snooping 215 static bindings 215 IP subnet mask 92 IPv6 22 Neighbor Discovery Protocol 22 ping 22 L L2PT 242 a.
Index ES3500 Series User’s Guide 355 age 137 hops 137 MDIX (Media Dependent Interface Crossover) 31 MIB and SNMP 293 supported MIBs 294 MIB (Management Information Base) 293 mirroring ports 147 moni.
Index ES3500 Series User’s Gui de 356 port details 81 port isolation 11 5 port mirroring 147 direction 148 egress 148 ingress 148 port redundancy 149 port security 165 address learning 166 limit MAC.
Index ES3500 Series User’s Guide 357 S safety warnings 348 save configur ation 43 , 286 service access control 314 service port 31 5 sFlow 246 collector 248 configuration 247 datagram 246 overview 2.
Index ES3500 Series User’s Gui de 358 setup 319 seve rity leve ls 318 system information 84 system log 317 system reboot 286 T T ACA CS+ 203 setup 206 T ACACS+ (T erminal Access Controller Access- C.
Index ES3500 Series User’s Guide 359 activating 239 configuration 240 example 238 priority level 238 tagged 238 traffic flow 238 untagged 238 VLAN ID 238 VLAN stacking 180 , 182 configuration 183 ex.
Index ES3500 Series User’s Gui de 360.
An important point after buying a device ZyXEL Communications ES3500 Series (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought ZyXEL Communications ES3500 Series yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data ZyXEL Communications ES3500 Series - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, ZyXEL Communications ES3500 Series you will learn all the available features of the product, as well as information on its operation. The information that you get ZyXEL Communications ES3500 Series will certainly help you make a decision on the purchase.
If you already are a holder of ZyXEL Communications ES3500 Series, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime ZyXEL Communications ES3500 Series.
However, one of the most important roles played by the user manual is to help in solving problems with ZyXEL Communications ES3500 Series. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device ZyXEL Communications ES3500 Series along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
