ZyXEL ES-2024A User Guide
ZyXEL ES-2024A Manual
 |
View all ZyXEL ES-2024A manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL ES-2024A manual content summary:
- ZyXEL ES-2024A | User Guide - Page 1
ES-2024 Series Ethernet Switch Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmwawrwew.Vzyexresl.icoonm 3.90 Edition 1, 12/2008 www.zyxel.com Copyright © 2008 ZyXEL Communications Corporation - ZyXEL ES-2024A | User Guide - Page 2
- ZyXEL ES-2024A | User Guide - Page 3
• CLI Reference Guide The CLI Reference Guide is intended for people who want to configure the ES2024 via commands. Note: It is recommended you use the web configurator to configure the Switch. • Support Disc Refer to the included CD for support documents. • ZyXEL Web Site Please refer to www.zyxel - ZyXEL ES-2024A | User Guide - Page 4
- ZyXEL Communications (Shanghai) Corp. • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +86-021-61199055 • Fax: +86-021-52069033 • Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai • Web: http://www.zyxel.cn 4 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 5
ES-2024A and ES-2024PWR may be referred to as the "ES-2024", "Switch", the "device", the "system" or the "product" in this User's Guide. screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and - ZyXEL ES-2024A | User Guide - Page 6
SupportDocument Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The Switch icon is not an exact representation of your device. Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router 6 ES-2024 Series User - ZyXEL ES-2024A | User Guide - Page 7
USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the service or the store where you purchased the product. • Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. • This product is recyclable. Dispose of it properly. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 8
Customer SupportSafety Warnings 8 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 9
...137 Port Authentication ...145 Port Security ...149 Queuing Method ...153 Multicast ...157 AAA ...173 IP Source Guard ...187 Loop Guard ...201 IP Application ...205 Static Route ...207 Differentiated Services ...211 DHCP ...215 Management ...223 Maintenance ...225 ES-2024 Series User's Guide 9 - ZyXEL ES-2024A | User Guide - Page 10
Contents Overview Access Control ...233 Diagnostic ...255 Syslog ...257 Cluster Management ...261 MAC Table ...269 ARP Table ...273 Configure Clone ...275 Appendices and Index ...277 10 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 11
30 2.2.2 Attaching the Mounting Brackets to the Switch 30 2.2.3 Mounting the Switch on a Rack 31 Chapter 3 Hardware Overview...33 3.1 Front Panel Connection ...33 3.1.1 Console Port ...34 3.1.2 Ethernet Ports ...34 3.1.3 Mini-GBIC Slots ...35 3.2 Rear Panel ...37 ES-2024 Series User's Guide 11 - ZyXEL ES-2024A | User Guide - Page 12
a VLAN ...53 5.1.2 Setting Port VID ...55 5.1.3 Configuring Switch Management IP Address 56 Chapter 6 Tutorials ...59 6.1 How to Use DHCP Relay on the Switch 59 6.1.1 DHCP Relay Tutorial Introduction 59 6.1.2 Creating a VLAN ...60 6.1.3 Configuring DHCP Relay 62 6.1.4 Troubleshooting ...63 - ZyXEL ES-2024A | User Guide - Page 13
Information ...72 8.3 General Setup ...74 8.4 Introduction to VLANs ...76 8.5 Switch Setup Screen ...77 8.6 IP Setup ...78 8.6.1 IP Interfaces ...79 8.7 Port Setup ...81 8.8 PoE Status ...83 8.8.1 PoE Setup Static Multicast Forwarding 110 Chapter 12 Filtering...113 ES-2024 Series User's Guide 13 - ZyXEL ES-2024A | User Guide - Page 14
Control Protocol 141 17.6 Static Trunking Example 142 Chapter 18 Port Authentication...145 18.1 Port Authentication Overview 145 18.1.1 IEEE 802.1x Authentication 145 18.2 Port Authentication Configuration 146 18.2.1 Activate IEEE 802.1x Security 147 14 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 15
22.1.2 RADIUS and TACACS 174 22.2 AAA Screens ...174 22.2.1 RADIUS Server Setup 175 22.2.2 TACACS+ Server Setup 177 22.2.3 AAA Setup ...179 22.2.4 Vendor Specific Attribute 182 22.3 Supported RADIUS Attributes 183 ES-2024 Series User's Guide 15 - ZyXEL ES-2024A | User Guide - Page 16
26.1.2 DiffServ Network Example 212 26.2 Activating DiffServ ...212 26.3 DSCP-to-IEEE 802.1p Priority Settings 214 26.3.1 Configuring DSCP Settings 214 Chapter 27 DHCP...215 27.1 DHCP Overview ...215 27.1.1 DHCP Modes ...215 27.1.2 DHCP Configuration Options 215 16 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 17
Configuring SNMP 240 29.3.5 Configuring SNMP Trap Group 243 29.3.6 Setting Up Login Accounts 244 29.4 SSH Overview ...245 29.5 How SSH works ...246 29.6 SSH Implementation on the Switch 247 29.6.1 Requirements for Using SSH 247 29.7 Introduction to HTTPS ...247 ES-2024 Series User's Guide 17 - ZyXEL ES-2024A | User Guide - Page 18
29.9 Service Port Access Control 251 29.10 Remote Management 252 Chapter Management...261 32.1 Clustering Management Status Overview 261 32.2 Cluster Management Status 262 32.2.1 Cluster Member Switch Management 263 32.3 Clustering Management Specifications 279 18 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 19
Table of Contents Appendix B IP Addresses and Subnetting 289 Appendix C Legal Information 299 Index...303 ES-2024 Series User's Guide 19 - ZyXEL ES-2024A | User Guide - Page 20
Table of Contents 20 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 21
PART I Introduction Getting to Know Your Switch (23) Hardware Installation and Connection (29) Hardware Overview (33) 21 - ZyXEL ES-2024A | User Guide - Page 22
22 - ZyXEL ES-2024A | User Guide - Page 23
ports. The ES-2024PWR comes with the Powerover-Ethernet (PoE) feature. With its built-in web configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed via Telnet, SSH (Secure SHell), any terminal emulator program on the console port, or third-party SNMP - ZyXEL ES-2024A | User Guide - Page 24
can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 2 Bridging Application 24 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 25
, refer to Chapter 9 on page 91. Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any recabling. ES-2024 Series User's Guide 25 - ZyXEL ES-2024A | User Guide - Page 26
. See the CLI Reference Guide. • FTP. Use File Transfer Protocol for firmware upgrades and configuration backup/ restore. See Section 28.8 on page 229. • SNMP. The device can be monitored and/or managed by an SNMP manager. See Section 29.3 on page 234. 1.3 Good Habits for Managing the Switch Do the - ZyXEL ES-2024A | User Guide - Page 27
or even crashes. If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. ES-2024 Series User's Guide 27 - ZyXEL ES-2024A | User Guide - Page 28
Chapter 1 Getting to Know Your Switch 28 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 29
. 4 Remove the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. Figure 5 Attaching Rubber Feet ES-2024 Series User's Guide 29 - ZyXEL ES-2024A | User Guide - Page 30
installing the unit. 2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch. Figure 6 Attaching the Mounting Brackets 30 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 31
side of the rack. Figure 7 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack. ES-2024 Series User's Guide 31 - ZyXEL ES-2024A | User Guide - Page 32
Chapter 2 Hardware Installation and Connection 32 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 33
3.1 Front Panel Connection The figure below shows the front panel of the Switch. Figure 8 Front Panel: ES-2024A Console Port 10/100 Mbps Ethernet Figure 9 Front Panel: ES-2024PWR Gigabit Ethernet/ Mini- Console Port 10/100 Mbps Ethernet Gigabit Ethernet/ Mini- ES-2024 Series User's Guide 33 - ZyXEL ES-2024A | User Guide - Page 34
want to configure the Switch using the command line interface (CLI) via the console port. 24 10/100 Mbps RJ-45 Ethernet Ports Connect these ports to a computer, a hub, an Ethernet switch or router. Gigabit Ethernet/ mini GBIC ports Connect these Gigabit Ethernet ports to high-bandwidth backbone - ZyXEL ES-2024A | User Guide - Page 35
MDI/MDI-X) port automatically works with a straightthrough or crossover Ethernet cable. 3.1.2.1 Default Ethernet Settings The factory default negotiation settings for the Ethernet ports on the Switch are: steps to install a mini GBIC transceiver (SFP module). ES-2024 Series User's Guide 35 - ZyXEL ES-2024A | User Guide - Page 36
Installation Example 2 Press the transceiver firmly until it clicks into place. 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning Pull the transceiver out of the slot. Figure 13 Transceiver Removal Example 36 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 37
as shown on the panel. To connect the power to the Switch, insert the female end of power cord to the power receptacle on Table 2 LEDs LED COLO R PWR Green SYS Green ALM Red Ethernet Ports STATUS DESCRIPTION On Off Blinking On Off On Off The system is ES-2024 Series User's Guide 37 - ZyXEL ES-2024A | User Guide - Page 38
to an Ethernet network is down. Mini-GBIC Ports LNK Green On The port has a successful connection. Off No Ethernet device is connected to this port. ACT Green Blinking The port is sending or receiving data. Off The port is not sending or receiving data. 38 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 39
PART II Basic Configuration The Web Configurator (41) Initial Setup Example (53) Tutorials (59) System Status and Port Statistics (65) Basic Setting (71) 39 - ZyXEL ES-2024A | User Guide - Page 40
40 - ZyXEL ES-2024A | User Guide - Page 41
. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2. • JavaScript (enabled by default). • Java permissions (enabled by default). 4.2 System Login 1 Start your web browser. 2 Type 192.168.1.1 in the Location or Address field. Press [ENTER]. ES-2024 Series User's Guide 41 - ZyXEL ES-2024A | User Guide - Page 42
nor manually entered a time and date in the General Setup screen. Figure 16 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. 42 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 43
your settings to a specific configuration file. C - Click this link to go to the status page of the Switch. D - Click this link to logout of the web configurator. E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. ES-2024 Series - ZyXEL ES-2024A | User Guide - Page 44
Chapter 4 The Web Configurator In the navigation panel, click a main link to reveal a list of submenu links. Table 3 Navigation Panel Sub-links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT 44 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 45
Aggregation Setting Link Aggregation Control Protocol Port Authentication DiffServ DSCP Setting DHCP Global Relay VLAN Setting Firmware Upgrade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System Access Control SNMP Trap Group Logins Service Access - ZyXEL ES-2024A | User Guide - Page 46
can set up global Switch parameters such as VLAN type, MAC address learning, GARP and priority queues. IP Setup This link takes you to a screen where you can configure the IP address, subnet mask (necessary for Switch management) and DNS (domain name server) and set up IP routing domains. Port - ZyXEL ES-2024A | User Guide - Page 47
of devices attached to what ports and VLAN IDs. ARP Table This link takes you to a screen where you can view the MAC addresses - IP address resolution table. Configure Clone This link takes you to a screen where you can copy attributes of one port to other ports. ES-2024 Series User's Guide 47 - ZyXEL ES-2024A | User Guide - Page 48
Save link when you are done with a configuration session. 4.5 Switch Lockout You could block yourself (and all others) from using in-band-management (managing through the data ports) if you do one of the following: 1 Delete the management VLAN (default is VLAN 1). 48 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 49
the factory-default configuration file. This means that you will lose all previous configurations and the speed of the console port will be reset to the default of 9600 bps with 8 data bits, no parity, one stop bit and flow control set to none. The password will also be reset to "1234" and the IP - ZyXEL ES-2024A | User Guide - Page 50
restart the Switch. An example is shown below. Figure 19 Resetting the Switch: Via the Console Port Bootbase password again after you log out. This is recommended after you finish a management session for security reasons. Figure 20 Web Configurator: Logout Screen 50 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 51
Chapter 4 The Web Configurator 4.8 Help The web configurator's online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. ES-2024 Series User's Guide 51 - ZyXEL ES-2024A | User Guide - Page 52
Chapter 4 The Web Configurator 52 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 53
VLAN ID • Configure the Switch IP management address Before you begin, you should log in to the web configurator. 1 Connect your computer to any Ethernet port on the Switch. Make sure your computer is in the same subnet as the Switch. 2 Open your web browser and enter 192.168.1.1 (the default IP - ZyXEL ES-2024A | User Guide - Page 54
Switch, select Fixed to configure port 10 to be a permanent member of the VLAN only. 4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. 54 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 55
Setup Network Example: Port VID 1 Click Advanced Applications and VLAN in the navigation panel. Then click the VLAN Port Setting link. 2 Enter 2 in the PVID field for port 10 and click Apply to set the VLAN port setting and click the Save button to save the settings. ES-2024 Series User's Guide 55 - ZyXEL ES-2024A | User Guide - Page 56
enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask. 3 In the VID field, enter the ID of the VLAN group to which you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen. 4 Click Add. 56 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 57
Chapter 5 Initial Setup Example ES-2024 Series User's Guide 57 - ZyXEL ES-2024A | User Guide - Page 58
Chapter 5 Initial Setup Example 58 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 59
(192.168.2.3) and want to have it assign a specific IP address (say 172.16.1.18) to DHCP client A based on the system name, VLAN ID and port number in the DHCP request. Client A connects to the Switch's port 2 in VLAN 102. Figure 24 Tutorial: DHCP Relay Scenario ES-2024 Series User's Guide 59 - ZyXEL ES-2024A | User Guide - Page 60
a descriptive name (VALN 102 for example) in the Name field and enter 102 in the VLAN Group ID field. 5 Select Fixed to configure port 2 to be a permanent member of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. 60 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 61
Setting link in the VLAN Status screen. Figure 27 Tutorial: Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 62
IP Application > DHCP and then the Global link to open the DHCP Relay screen. 2 Select the Active check box. 3 Enter the DHCP server's IP address (192.168.2.3 in this example) in the Remote DHCP Server 1 field. 4 Select the Option 82 and the Information check boxes. 62 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 63
address 172.16.1.18, make sure: 1 Client A is connected to the Switch's port 2 in VLAN 102. 2 You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. 3 You clicked the Save link on the Switch to have your settings take effect. ES-2024 - ZyXEL ES-2024A | User Guide - Page 64
Chapter 6 Tutorials 64 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 65
the web configurator displays a port statistical summary with links to each port showing statistical details. 7.2 Port Status Summary To view the port statistics, click Status in any web configurator screen to display the Status screen as shown next. Figure 30 Status ES-2024 Series User's Guide 65 - ZyXEL ES-2024A | User Guide - Page 66
This field shows the total amount of time in hours, minutes and seconds the port has been up. Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical information for that port, or select Any to clear statistics for all ports. 66 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 67
port number you are viewing. This field displays the name of the port. This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber). ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 68
) is enabled, this field displays the STP state of the port (see Section 13.1.3 on page 117 for more information). LACP defined as the number of maximum collisions before the retransmission count is reset. Late This is the number of times a late collision is 68 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 69
Chapter 7 System Status and Port Statistics LABEL Runt Distribution 64 65-127 128-255 256-511 5121023 10241518 Giant DESCRIPTION This field shows the in length. This field shows the number of packets dropped because they were bigger than the maximum frame size. ES-2024 Series User's Guide 69 - ZyXEL ES-2024A | User Guide - Page 70
Chapter 7 System Status and Port Statistics 70 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 71
in the Switch logs. The Switch Setup screen allows you to set up and configure global Switch features. The IP Setup screen allows you to configure a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes. ES-2024 Series User's Guide 71 - ZyXEL ES-2024A | User Guide - Page 72
number of the Switch's current firmware Version including the date created. Ethernet Address This field refers to the Ethernet MAC (Media Access Control) address of the Switch. Hardware Monitor (This section is available for the ES-2024 PWR model only) Temperature The Switch has temperature - ZyXEL ES-2024A | User Guide - Page 73
Chapter 8 Basic Setting Table 7 Basic Setting > System Info (continued) LABEL DESCRIPTION Status This field displays Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 74
Enter the geographic location of your Switch. You can use up to 32 English keyboard characters; spaces are allowed. Contact Enter the name of the person in charge of this Switch. You can use up to Person's Name 32 English keyboard characters; spaces are allowed. 74 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 75
) is similar to Time (RFC-868). None is the default value. Enter the time manually. Each time you turn on the Switch, the time and date will be reset to 1970-1-1 0:0:0. Time Server IP Address Enter the IP address of your timeserver. The Switch searches for the timeserver for up to 60 seconds. If - ZyXEL ES-2024A | User Guide - Page 76
packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. See Chapter 9 on page 91 for information on port-based and 802.1Q tagged VLANs. 76 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 77
sets the duration of the Join Period timer for GVRP in milliseconds. Each port has a Join Period timer. The allowed Join Time range is between 100 and 65535 milliseconds; the default is 200 milliseconds. See the chapter on VLAN setup for more background information. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 78
save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 8.6 IP Setup Use the IP Setup screen to configure the default gateway device, the default domain name server and add IP domains. 78 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 79
portion of an IP address. The factory default subnet mask is 255.255.255.0. Configure IP addresses for accessing and managing the Switch from the ports belonging to the pre-defined VLAN(s). See Table 102 on page 283 for how many IP addresses you can configure. Figure 35 Basic Setting > IP Setup The - ZyXEL ES-2024A | User Guide - Page 80
configuration. This field displays the index number of an entry. This field displays the management IP address of the Switch. This field displays the subnet mask for the corresponding IP address. This field displays the VLAN identification number of the network. 80 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 81
field displays the IP address of default gateway. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 8.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation - ZyXEL ES-2024A | User Guide - Page 82
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 82 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 83
Setting 8.8 PoE Status Note: The following screens are available for the ES-2024 PWR model only. Some features are only available for the Fast Ethernet ports (1 to 24). Your Switch supports IEEE 802.3af Power over Ethernet (PoE). A powered device (PD) is a device such as an access point or a switch - ZyXEL ES-2024A | User Guide - Page 84
is the port index number. This field shows which ports can receive power from the Switch. You can set this in Section 8.8.1 on page 85. • Disable - The PD connected to this port cannot get power supply. • Enable - The PD connected to this port can receive power. 84 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 85
PD Priority • Class 0 - Default, 0.44 to 12.94 • Switch on this port. This field displays the maximum amount of current drawn by the PD from the Switch on this port. 8.8.1 PoE Setup Use this screen to set the priority levels for the Switch in distributing power to PDs. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 86
PD. PDs with higher priority also get more power than those with lower priority levels. This is the port index number. Select this to provide power to a PD connected to the port. If left unchecked, the PD connected to the port cannot receive power from the Switch. 86 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 87
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. ES-2024 Series User's Guide 87 - ZyXEL ES-2024A | User Guide - Page 88
Chapter 8 Basic Setting 88 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 89
Multicast Forwarding (109) Filtering (113) Spanning Tree Protocol (115) Bandwidth Control (131) Broadcast Storm Control (133) Mirroring (135) Link Aggregation (137) Port Authentication (145) Port Security (149) Queuing Method (153) Multicast (157) AAA (173) IP Source Guard (187) Loop Guard (201) 89 - ZyXEL ES-2024A | User Guide - Page 90
90 - ZyXEL ES-2024A | User Guide - Page 91
4,094. TPID User Priority 2 Bytes 3 Bits CFI VLAN ID 1 Bit 12 bits 9.1.1 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware ES-2024 Series User's Guide 91 - ZyXEL ES-2024A | User Guide - Page 92
common IEEE 802.1Q VLAN terminology. Table 14 IEEE 802.1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually. Dynamic VLAN This is a VLAN configured by a GVRP registration/ deregistration process. 92 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 93
switches C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 94
to a VLAN group as normal depending on its VLAN tag. • sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. 94 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 95
Switch; Dynamic using GVRP, Static - added as a permanent entry or Other - added in another way such as via Multicast VLAN Registration (MVR). Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 96
or other - added in another way such as via Multicast VLAN Registration (MVR). 9.5.3 Configure a Static VLAN Use this screen to configure and view 802.1Q VLAN parameters for the Switch. See Section 9.1 on page 91 for more information on static VLAN. To configure a 96 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 97
all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. ES-2024 Series User's Guide 97 - ZyXEL ES-2024A | User Guide - Page 98
Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 9.1 on page 91 for more information on static VLAN. Click the VLAN Port Setting link in the VLAN Status screen. Figure 45 Advanced Application > VLAN > VLAN Port Settings 98 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 99
to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 9.6 Port-based VLAN Setup Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. ES-2024 Series User's Guide 99 - ZyXEL ES-2024A | User Guide - Page 100
Switch uses a default VLAN ID of 1. You cannot change it. Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 100 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 101
Chapter 9 VLAN 9.6.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the next screen. Figure 46 Advanced Application > VLAN: Port Based VLAN Setup (All Connected) ES-2024 Series User's Guide 101 - ZyXEL ES-2024A | User Guide - Page 102
Chapter 9 VLAN Figure 47 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) 102 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 103
to each other, you must define the egress port for both ports. CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port. Click Apply to save your changes to the - ZyXEL ES-2024A | User Guide - Page 104
Chapter 9 VLAN 104 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 105
are setting static MAC addresses for a port. This may reduce the need for broadcasting. Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch. See Chapter 19 on page 149 for more information on port security. ES-2024 - ZyXEL ES-2024A | User Guide - Page 106
purposes for this static MAC address-forwarding rule. MAC Address This field displays the MAC address that will be forwarded and the VLAN identification number to which the MAC address belongs. VID This field displays the ID number of the VLAN group. 106 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 107
(continued) LABEL DESCRIPTION Port This field displays the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. ES-2024 Series User's Guide 107 - ZyXEL ES-2024A | User Guide - Page 108
Chapter 10 Static MAC Forwarding 108 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 109
the switch will either flood the multicast frames to all ports or drop them. Figure 49 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to port(s) within a VLAN group. Figure 50 shows frames ES-2024 Series User's Guide 109 - ZyXEL ES-2024A | User Guide - Page 110
Forwarding to A Single Port Figure 51 Static Mutlicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). 110 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 111
memory when you are done configuring. Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to begin configuring this screen afresh. Index Click an index number to modify a static multicast MAC address rule for port(s). ES-2024 Series User's Guide 111 - ZyXEL ES-2024A | User Guide - Page 112
displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 112 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 113
address port filtering. 12.1 Configure a Filtering Rule Filtering means sifting traffic going through the Switch based on the MAC addresses and VLAN identification only. MAC Type a MAC address in valid MAC address format, that is, six hexadecimal character pairs. ES-2024 Series User's Guide 113 - ZyXEL ES-2024A | User Guide - Page 114
address belongs. VID This field displays the VLAN group identification number. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. 114 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 115
flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. Note: In this user's guide, "STP" refers to both STP and RSTP. 13.1.1 STP Terminology The root bridge is the base of the spanning tree. ES-2024 Series User's Guide 115 - ZyXEL ES-2024A | User Guide - Page 116
65535 1 to 65535 1 to 65535 On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this Switch with the lowest path cost to the root (the root path cost). network to re-establish a valid network topology. 116 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 117
as traffic from different VLANs can use distinct paths in a region. 13.1.4.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be ES-2024 Series User's Guide 117 - ZyXEL ES-2024A | User Guide - Page 118
. Figure 54 STP/RSTP Network Example With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from the two VLANs travel on different paths. The following figure shows the region) is increased by one when BPDUs traverse the region. 118 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 119
and it is equivalent to a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions ES-2024 Series User's Guide 119 - ZyXEL ES-2024A | User Guide - Page 120
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 120 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 121
13 Spanning Tree Protocol 13.3 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see Section 13.1 on page 115 for more information on RSTP. Click RSTP in the this check box to activate RSTP. Clear this check box to disable RSTP. ES-2024 Series User's Guide 121 - ZyXEL ES-2024A | User Guide - Page 122
default value is 128. Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost. See Table 23 on page 116 for more information. 122 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 123
root switch transmits a configuration message. The root bridge determines Hello Time, Max Age and Forwarding Delay. Max Age (second) This is the maximum time (in seconds) a switch can wait without receiving a configuration message before attempting to reconfigure. ES-2024 Series User's Guide 123 - ZyXEL ES-2024A | User Guide - Page 124
the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change 124 ES-2024 - ZyXEL ES-2024A | User Guide - Page 125
Advanced Application > Spanning Tree Protocol screen. See Section 13.1.4 on page 117 for more information on MSTP. Figure 61 Advanced Application > Spanning Tree Protocol > MSTP ES-2024 Series User's Guide 125 - ZyXEL ES-2024A | User Guide - Page 126
MSTP region before the BPDU is discarded and the port information is aged. Enter a descriptive name ( Switch. The Switch supports instance numbers 0-16. Set the priority of the Switch for the specific spanning tree instance. The lower the number, the more likely the Switch ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 127
) to which the MST instance is mapped. This field display the ports configured to participate in the MST instance. Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Click Cancel to begin configuring this screen afresh. ES-2024 Series User's Guide 127 - ZyXEL ES-2024A | User Guide - Page 128
to activate. Click MSTP to edit MSTP settings on the Switch. CST This section describes the Common Spanning Tree settings. Bridge Root refers to the base of the spanning tree (the root bridge). Our Bridge is this Switch. This Switch may also be the root bridge. 128 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 129
if the Switch is the root switch. This is the path cost from the root port in this MST instance to the regional root switch. This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. ES-2024 Series User's Guide 129 - ZyXEL ES-2024A | User Guide - Page 130
Chapter 13 Spanning Tree Protocol 130 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 131
means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 63 Advanced Application > Bandwidth Control ES-2024 Series User's Guide 131 - ZyXEL ES-2024A | User Guide - Page 132
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 132 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 133
failure (DLF) packets the Switch receives per second on the ports. When the maximum number of port. Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. Figure 64 Advanced Application > Broadcast Storm Control ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 134
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 134 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 135
port without interference. Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 65 Advanced Application > Mirroring ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 136
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 136 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 137
802.3ad standard for static and dynamic (LACP) port trunking. The Switch supports the link aggregation IEEE802.3ad standard. This standard describes the Link Aggregate Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. ES-2024 Series User's Guide 137 - ZyXEL ES-2024A | User Guide - Page 138
34 Link Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY 0000 00-00-00-0000 0000 PORT PRIORITY 00 PORT NUMBER 0000 PORT NUMBER 0000 138 1. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 139
more information on this field. Status This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. ES-2024 Series User's Guide 139 - ZyXEL ES-2024A | User Guide - Page 140
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 140 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 141
Link Aggregation Setting > LACP Setting > LACP LABEL DESCRIPTION Link Aggregation Control Protocol Note: Do not configure this screen unless you want to enable dynamic link aggregation. Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 142
Setting > LACP (continued) LABEL DESCRIPTION System Priority LACP system priority is a number between 1 and 65,535. The switch with the lowest system priority (and lowest port number This example shows you how to create a static port trunk group for ports 2-5. 142 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 143
select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. Figure 70 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens. ES-2024 Series User's Guide 143 - ZyXEL ES-2024A | User Guide - Page 144
Chapter 17 Link Aggregation 144 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 145
, the Switch sends an authentication 2. At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. ES-2024 Series User's Guide 145 - ZyXEL ES-2024A | User Guide - Page 146
Switch and the port(s)) then configure the RADIUS server settings in the AAA > Radius Server Setup screen. Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Figure 72 Advanced Application > Port Authentication 146 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 147
the Switch before configuring it on each port. Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port. Specify how often a client has to re-enter his or her username and password to stay connected to the port. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 148
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 148 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 149
do not learn MAC addresses. • Drop all packets from unknown MAC addresses and learn a limited number of MAC addresses. Note: The Switch supports five possible configurations for port security. See Section 19.3 on page 151 for supported configurations and an example. ES-2024 Series User's Guide 149 - ZyXEL ES-2024A | User Guide - Page 150
to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 151
and learn all MAC addresses. • Port 2 - Forward all packets and learn all MAC addresses. • Port 3 - Drop all packets from unknown MAC addresses and do not learn MAC addresses. • Port 4 - Drop all packets from unknown MAC addresses and do not learn MAC addresses. ES-2024 Series User's Guide 151 - ZyXEL ES-2024A | User Guide - Page 152
. Forward all packets, learn all MAC addresses. Drop all packets from unknown MAC addresses, do not learn MAC addresses. Drop all packets from unknown MAC addresses, do not learn MAC addresses. Drop packets from unknown MAC addresses, learn up to 100 MAC addresses. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 153
not automatically adapt to changing network requirements. 20.1.2 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of ES-2024 Series User's Guide 153 - ZyXEL ES-2024A | User Guide - Page 154
amount of bandwidth. WRR is activated only when a port has more traffic than it can handle. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is the navigation panel. Figure 76 Advanced Application > Queuing Method 154 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 155
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. ES-2024 Series User's Guide 155 - ZyXEL ES-2024A | User Guide - Page 156
Chapter 20 Queuing Method 156 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 157
services (such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 158
to manually configure them. The Switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are number of the entry. VID This field displays the multicast VLAN ID. 158 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 159
44 Advanced Application > Multicast > Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping. Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group. ES-2024 Series User's Guide 159 - ZyXEL ES-2024A | User Guide - Page 160
port. Select the name of the IGMP filtering profile to use for this port. Otherwise, select Default to prohibit the port from joining any multicast group. You can create IGMP filtering profiles in the Multicast > Multicast Setting > IGMP Filtering Profile screen. 160 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 161
. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 21.1.4 on page 158 for more information on IGMP Snooping VLAN. Figure 79 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN ES-2024 Series User's Guide 161 - ZyXEL ES-2024A | User Guide - Page 162
the table. This field displays the descriptive name for this VLAN group. This field displays the ID number of the VLAN group. Check the rule(s) that you want to remove in the Delete column, then click the Delete button. Click Cancel to clear the Delete check boxes. 162 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 163
groups that clients connected to the Switch are able to join. A profile contains a range of multicast IP addresses which you want clients to be able to join. Profiles are assigned to ports (in the Multicast Setting screen). Clients connected to those ports are then able to join the multicast - ZyXEL ES-2024A | User Guide - Page 164
are managed by IGMP snooping. The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. Figure 81 MVR Network Example 164 ES-2024 Series - ZyXEL ES-2024A | User Guide - Page 165
. The Switch sends a query to VLAN 1 on the receiver port (in this case, an uplink port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination ES-2024 Series User's Guide 165 - ZyXEL ES-2024A | User Guide - Page 166
the receiver port(s) and a source port for each multicast VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to display the screen as shown next. Note: You can create up to three multicast VLANs and up to 256 multicast rules on the Switch. 166 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 167
MVR mode on the Switch. Choices are Dynamic and Compatible. Select Dynamic to send IGMP reports to all MVR source ports in the multicast VLAN. Port Select Compatible to set the Switch not to send IGMP reports. This field displays the port number on the Switch. ES-2024 Series User's Guide 167 - ZyXEL ES-2024A | User Guide - Page 168
Configuration All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. 168 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 169
field displays the multicast VLAN ID. Name This field displays the descriptive name for this setting. Start Address This field displays the starting IP address of the multicast group. End Address This field displays the ending IP address of the multicast group. ES-2024 Series User's Guide 169 - ZyXEL ES-2024A | User Guide - Page 170
In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN 1 are able to receive the traffic. Figure 85 MVR Configuration Example 170 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 171
a multicast group in the MVR screen and set the receiver and source ports. Figure 86 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The ES-2024 Series User's Guide 171 - ZyXEL ES-2024A | User Guide - Page 172
Chapter 21 Multicast following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 87 MVR Group Configuration Example Figure 88 MVR Group Configuration Example 172 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 173
authentication, authorization and accounting functions are known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see Section 22.1.2 on page 174) and TACACS+ (Terminal Access Controller Access-Control System Plus, see Section ES-2024 Series User's Guide 173 - ZyXEL ES-2024A | User Guide - Page 174
) and the TACACS server is encrypted. 22.2 AAA Screens To enable authentication, accounting or both on the Switch. First, configure your authentication server settings (RADIUS, TACACS+ or both) and then set up the authentication priority and accounting settings. 174 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 175
screen to configure your RADIUS server settings. See Section 22.1.2 on page 174 for more information on RADIUS servers. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 91 Advanced Application > AAA > RADIUS Server Setup ES-2024 Series User's Guide 175 - ZyXEL ES-2024A | User Guide - Page 176
in seconds that the Switch waits for an accounting request response from the RADIUS accounting server. This is a read-only number representing a RADIUS accounting server entry. Enter the IP address of an external RADIUS accounting server in dotted decimal notation. 176 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 177
RADIUS Server Setup (continued) LABEL DESCRIPTION UDP Port The default port of a RADIUS accounting server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so. Shared Secret Specify a password (up to 32 alphanumeric characters) as the - ZyXEL ES-2024A | User Guide - Page 178
of time in seconds that the Switch waits for an accounting request response from the TACACS+ server. This is a read-only number representing a TACACS+ accounting server entry. Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. 178 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 179
to begin configuring this screen afresh. 22.2.3 AAA Setup Use this screen to configure authentication and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 93 Advanced Application > AAA > AAA Setup ES-2024 Series User's Guide 179 - ZyXEL ES-2024A | User Guide - Page 180
administrator accounts (users for Switch management). Configure the access privilege of accounts via commands (see the CLI Reference Guide) for local authentication. The TACACS+ and RADIUS are external servers. Before you specify the priority, make sure you have set up the corresponding database - ZyXEL ES-2024A | User Guide - Page 181
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. ES-2024 Series User's Guide 181 - ZyXEL ES-2024A | User Guide - Page 182
of a RADIUS server. The Switch supports VSAs that allow you to perform the following actions based on user authentication: • Limit bandwidth on incoming or outgoing traffic for the port the user connects to. • Assign account privilege levels (See the CLI Reference Guide for more information on - ZyXEL ES-2024A | User Guide - Page 183
Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This appendix lists the RADIUS attributes supported by the Switch. ES-2024 Series User's Guide 183 - ZyXEL ES-2024A | User Guide - Page 184
User-Password NAS-Identifier NAS-IP-Address 22.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 184 ES-2024 - ZyXEL ES-2024A | User Guide - Page 185
the Switch to the RADIUS server when performing authentication. 22.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS- IP-Address Y Y Service-Type Y Y Calling-Station-Id Y Y Acct-Status-Type Y Y Acct-Delay-Time Y Y STOP Y Y Y Y Y Y Y ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 186
Table 57 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE User-Name Y Y NAS-IP-Address Y Y NAS-Port Y Y Class Y Y Called-Station-Id Y -Gigawords Y Acct-Output- Y Gigawords STOP Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 186 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 187
looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If there is not a binding, the Switch discards the packet. The Switch builds from information provided manually by administrators (static bindings - ZyXEL ES-2024A | User Guide - Page 188
(Chapter 12 on page 113). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. • They appear only in the ARP Inspection screens and commands, not in the MAC Address Filter screens and commands. 188 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 189
between authorized and unauthorized packets in the network. The Switch learns the bindings from information provided manually by administrators (static bindings). To open this screen, click Advanced Application > IP Source Guard. Figure 95 IP Source Guard ES-2024 Series User's Guide 189 - ZyXEL ES-2024A | User Guide - Page 190
. Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the new static 190 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 191
This field displays how long the binding is valid. Type This field displays how the Switch learned the binding. VLAN static: This binding was learned from information provided manually by an administrator. This field displays the source VLAN ID in the binding. ES-2024 Series User's Guide 191 - ZyXEL ES-2024A | User Guide - Page 192
source VLAN ID in the MAC address filter. Port This field displays the source port of the discarded ARP packet. Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). 192 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 193
ARP packet was discarded. MAC+VLAN: The MAC address and VLAN ID were not in the binding table. IP: The MAC address and VLAN ID were in the binding table, but the IP address was not valid. Delete Delete Cancel Change Pages Port: The MAC address, VLAN ID, and IP address were in the binding table - ZyXEL ES-2024A | User Guide - Page 194
VLAN ID of the ARP packet. Sender MAC This field displays the source MAC address of the ARP packet. Sender IP This field displays the source IP address Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global 194 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 195
Active Select this to enable ARP inspection on the Switch. You still have to enable ARP inspection on specific VLAN and specify trusted ports. Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters. Log Profile Enter how long (1-2147483647 seconds) the - ZyXEL ES-2024A | User Guide - Page 196
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. 196 ES-2024 Series - ZyXEL ES-2024A | User Guide - Page 197
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 198
below. VID This field displays the VLAN ID of each VLAN in the range specified above. If you configure the * VLAN, the settings are applied to all VLANs. Enabled Select Yes to enable ARP inspection on the VLAN. Select No to disable ARP inspection on the VLAN. 198 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 199
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 200
Chapter 23 IP Source Guard 200 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 201
out broadcast messages the messages loop back to the switch and are re-broadcast again and again causing a broadcast storm. If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: ES-2024 Series User's Guide 201 - ZyXEL ES-2024A | User Guide - Page 202
standard network loops. The following figure illustrates three switches forming a loop. A sample path of the loop guard probe packet is also shown. In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on 202 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 203
it detects that the probe packet has returned to the Switch. Figure 105 Loop Guard - Network Loop Note: After resolving the loop problem on your network you can re-activate the disabled port (see Section 8.7 on page 81). 24.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation - ZyXEL ES-2024A | User Guide - Page 204
option to enable loop guard on the Switch. Port * The Switch generates syslog, internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature. This field displays a port number. Use this row to make the setting the same for all ports. Use this row first and then - ZyXEL ES-2024A | User Guide - Page 205
PART IV IP Application Static Route (207) Differentiated Services (211) DHCP (215) 205 - ZyXEL ES-2024A | User Guide - Page 206
206 - ZyXEL ES-2024A | User Guide - Page 207
from network N1. The Switch sends reply traffic to default gateway R1 which routes it back to the manager's computer. The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2. Figure 107 Static Routing Overview ES-2024 Series User's Guide 207 - ZyXEL ES-2024A | User Guide - Page 208
ID. IP Subnet Mask Enter the subnet mask for this destination. Gateway IP Address Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch that will afresh. Clear Click Clear to set the above fields back to the factory defaults. 208 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 209
an immediate neighbor of your Switch that will forward the packet to the destination. This field displays the cost of transmission for routing purposes. Click Delete to remove the selected entry from the summary table. Click Cancel to clear the Delete check boxes. ES-2024 Series User's Guide 209 - ZyXEL ES-2024A | User Guide - Page 210
Chapter 25 Static Route 210 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 211
use CoS (class of service) to give different priorities to different packet types. DiffServ is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ the DiffServ network. Based on the marking rule different ES-2024 Series User's Guide 211 - ZyXEL ES-2024A | User Guide - Page 212
Chapter 26 Differentiated Services kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). 212 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 213
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. ES-2024 Series User's Guide 213 - ZyXEL ES-2024A | User Guide - Page 214
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 214 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 215
the following criteria: • Global - The Switch forwards all DHCP requests to the same DHCP server. • VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. ES-2024 Series User's Guide 215 - ZyXEL ES-2024A | User Guide - Page 216
to a DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information. Please refer to RFC 3046 for more details. 216 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 217
Settings > General Setup. 27.3.2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 114 IP Application > DHCP > Global ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 218
Example The follow figure shows a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains. Figure 115 Global DHCP Relay Network Example VLAN1 218 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 219
In the DHCP Status screen that displays. Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See Section 8.6 on page 78 for information on how to do this. Figure 117 IP Application > DHCP > VLAN ES-2024 Series User's Guide 219 - ZyXEL ES-2024A | User Guide - Page 220
ID number of the VLAN to which these DHCP settings apply. Remote Enter the IP address of a DHCP server in dotted decimal notation. DHCP Server 1 .. 3 Relay Agent Information Select the Option 82 check box to have the Switch add information (slot number, port number and VLAN ID) to client DHCP - ZyXEL ES-2024A | User Guide - Page 221
the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 118 DHCP Relay for Two VLANs For the example network, configure the VLAN Setting screen as shown. Figure 119 DHCP Relay for Two VLANs Configuration Example ES-2024 Series User's Guide 221 - ZyXEL ES-2024A | User Guide - Page 222
Chapter 27 DHCP 222 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 223
PART V Management Maintenance (225) Access Control (233) Diagnostic (255) Syslog (257) Cluster Management (261) MAC Table (269) ARP Table (273) Configure Clone (275) 223 - ZyXEL ES-2024A | User Guide - Page 224
224 - ZyXEL ES-2024A | User Guide - Page 225
operating on the Switch. Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen. Restore Configurati on Click Click Here to go to the Restore Configuration screen. Backup Configurati on Click Click Here to go to the Backup Configuration screen. ES-2024 Series User's Guide 225 - ZyXEL ES-2024A | User Guide - Page 226
Management > Maintenance (continued) LABEL DESCRIPTION Load Factory Default Click Click Here to reset the configuration to the factory default settings. Save Configurati on Click Config 1 to save the current configuration settings to Configuration 1 on the Switch. Reboot System Click Config - ZyXEL ES-2024A | User Guide - Page 227
uploading to the device. Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. From the Maintenance screen, display the Firmware Upgrade screen as shown next. Figure 123 Management > Maintenance > Firmware Upgrade ES-2024 Series User's Guide 227 - ZyXEL ES-2024A | User Guide - Page 228
so your backup configuration file is automatically renamed when you restore using this screen. 28.7 Backup a Configuration File Backing up your Switch configurations allows you to create various "snap shots" of your device from which you may restore at a later date. 228 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 229
(also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch's settings, they can be saved back to your computer under a filename of your choosing. ES-2024 Series User's Guide 229 - ZyXEL ES-2024A | User Guide - Page 230
1 Launch the FTP client on your computer. 2 Enter open, followed by a space and the IP address of your Switch. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is "1234"). 5 Enter bin to set transfer mode to binary. 230 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 231
FTP will not work when: • FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the Telnet session immediately. ES-2024 Series User's Guide 231 - ZyXEL ES-2024A | User Guide - Page 232
Chapter 28 Maintenance 232 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 233
to five accounts SNMP No limit A console port access control session and Telnet access control session cannot coexist when multi-login is disabled. See the CLI Reference Guide for more information on disabling multi-login. 29.2 The Access Control Main Screen Click Management > Access Control in - ZyXEL ES-2024A | User Guide - Page 234
about a Switch. Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. 234 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 235
1213) • RFC 1157 SNMP v1 • RFC 1493 Bridge MIBs • RFC 1643 Ethernet MIBs • RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c • RFC 1757 RMON • SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP ES-2024 Series User's Guide 235 - ZyXEL ES-2024A | User Guide - Page 236
29.3.3 SNMP Traps The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the SNMP traps by category. An OID (Object ID) that begins with "1.3.6.1.4.1.890.1.5.8.16" (ES-2024A) or "1.3.6.1.4.1.890.1.5.8.27" (ES-2024PWR) is defined in private MIBs. Otherwise - ZyXEL ES-2024A | User Guide - Page 237
1.3.6.1.4.1.890.1.5.8.27.2 7.2.2 This trap is sent when the Switch gets the time and date from a time server. intrusionlo loopguard shuts down a port. 1.3.6.1.4.1.890.1.5.8.27.2 7.2.1 Table 80 SNMP Interface Traps OPTION OBJECT the peer Ethernet interface. ES-2024 Series User's Guide 237 - ZyXEL ES-2024A | User Guide - Page 238
Table 80 SNMP Interface Traps voltage) is above or below a factory set normal range. transceiverddmiEventClea r 1.3.6.1.4.1.890.1.5.8.45 fails due to incorrect user name and/or password. RADIUSNotReachableEv entOn 1.3.6.1.4.1.890.1.5.8.16.27 .2.1 1.3.6.1.4.1.890 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 239
82 SNMP IP Traps switch changes. 1.3.6.1.4.1.890.1.5.8.27.1 07.70.1 1.3.6.1.2.1.17.0.2 This trap is sent when the STP topology changes. 1.3.6.1.4.1.890.1.5.8.16.1 This trap is sent when the MSTP 07.70.2 root switch changes. 1.3.6.1.4.1.890.1.5.8.27.1 07.70.2 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 240
Chapter 29 Access Control Table 83 SNMP Switch Traps (continued) OPTION OBJECT LABEL SNMP From the Access Control screen, display the SNMP screen. You can click Access Control to go back to the Access Control screen. Figure 128 Management > Access Control > SNMP 240 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 241
Note: Use the username and password of the login accounts you specify in this section to create accounts on the SNMP v3 manager. This is a read-only number identifying a login account on the Switch. This field displays the username of a login account on the Switch. ES-2024 Series User's Guide 241 - ZyXEL ES-2024A | User Guide - Page 242
this user. This is the highest security level. Authenticati on Privacy Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch. Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm - ZyXEL ES-2024A | User Guide - Page 243
IP addresses. These are Destination IP the IP addresses of the SNMP managers. You must first configure a trap destination IP address in the SNMP Setting screen. Type Options Use the rest of the screen to select which traps the Switch sends to that SNMP manager. Select the categories of SNMP - ZyXEL ES-2024A | User Guide - Page 244
1234. Note: It is highly recommended that you change the default administrator password (1234). • A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. Click Management > Access Control > Logins to view the screen as shown. Figure 130 - ZyXEL ES-2024A | User Guide - Page 245
Logins You may configure passwords for up to four users. These users have privilege level 0 (basic read-only access). You can give users higher privileges via the CLI. For more information on assigning privileges see the CLI Reference Guide. User Name Set Example ES-2024 Series User's Guide 245 - ZyXEL ES-2024A | User Guide - Page 246
client computer. 2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. 246 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 247
. If the user decides to trust the certificate, the certificate is used in building the HTTPS connection. Please refer to the following figure. 1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch's WS (web server). ES-2024 Series User's Guide 247 - ZyXEL ES-2024A | User Guide - Page 248
in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 29.8 HTTPS Example If you haven't changed the default HTTPS port on the Switch, then in your browser enter "https://Switch IP Address/" as the web site address where "Switch IP Address" is the IP address or - ZyXEL ES-2024A | User Guide - Page 249
in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. ES-2024 Series User's Guide 249 - ZyXEL ES-2024A | User Guide - Page 250
Chapter 29 Access Control Select Accept this certificate permanently to import the Switch's certificate into the SSL client. Figure 135 Security Certificate 1 (Netscape) Figure 136 Security Certificate 2 (Netscape) 250 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 251
secure connection. Figure 137 Example: Lock Denoting a Secure Connection 29.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure "trusted ES-2024 Series User's Guide 251 - ZyXEL ES-2024A | User Guide - Page 252
that you want to allow to access the Switch. Service Port For Telnet, SSH, FTP, HTTP or HTTPS services, you may change the default service port by typing the new port number in the Server Port field. If you change the default port number then you will have to let people (who wish to use the - ZyXEL ES-2024A | User Guide - Page 253
disable the set without deleting it. Start Address Configure the IP address range of trusted computers from which you can manage this Switch. End Address Telnet/FTP/ HTTP/ICMP/ SNMP/SSH/ HTTPS Apply Cancel The Switch checks if the client IP address of a computer requesting a service or protocol - ZyXEL ES-2024A | User Guide - Page 254
Chapter 29 Access Control 254 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 255
30 Diagnostic This chapter explains the Diagnostic screen. 30.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 140 Management > Diagnostic ES-2024 Series User's Guide 255 - ZyXEL ES-2024A | User Guide - Page 256
reset the syslog entry. Type the IP address of a device that you want to ping in order to test a connection. Ethernet Port Test Click Ping to have the Switch ping the IP address (in the field to the left). Enter a port number and click Port Test to perform an internal loopback test. 256 ES-2024 - ZyXEL ES-2024A | User Guide - Page 257
protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. syslog facility identifies a file in the syslog server. Refer to the documentation of your syslog program for details. -level purposes. ES-2024 Series User's Guide 257 - ZyXEL ES-2024A | User Guide - Page 258
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 258 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 259
IP address of the syslog server. Log Level This field displays the severity level of the logs that the device is to send to this syslog server. Delete Select an entry's Delete check box and click Delete to remove the entry. Cancel Click Cancel to begin configuring this screen afresh. ES-2024 - ZyXEL ES-2024A | User Guide - Page 260
Chapter 31 Syslog 260 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 261
24 members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches. Cluster Members The switches being managed by the cluster manager switch. ES-2024 Series User's Guide 261 - ZyXEL ES-2024A | User Guide - Page 262
members. Figure 143 Clustering Application Example 32.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 144 Management > Cluster Management 262 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 263
's hardware MAC address. This is the cluster member switch's System Name. This field displays the model name. This field displays: Online (the cluster member switch is accessible) Error (for example the cluster member switch password was changed or the switch was set as the manager and so left - ZyXEL ES-2024A | User Guide - Page 264
cluster manager switch as shown in the following example. Figure 146 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 Switch FTP version 1.0 ready at Thu Jan 1 00:58:46 1970 User (192.168.1.1:(none)): admin 331 Enter PASS command Password - ZyXEL ES-2024A | User Guide - Page 265
the cluster manager switch. 32.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen to display the next screen. Figure 147 Management > Clustering Management > Configuration ES-2024 Series User's Guide 265 - ZyXEL ES-2024A | User Guide - Page 266
switches that are set to be cluster managers will not be visible in the Clustering Candidate list. Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list. Password Each cluster member's password members. 266 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 267
member switch's System Name. Model This is the cluster member switch's model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. ES-2024 Series User's Guide 267 - ZyXEL ES-2024A | User Guide - Page 268
Chapter 32 Cluster Management 268 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 269
the Switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion. ES-2024 Series User's Guide 269 - ZyXEL ES-2024A | User Guide - Page 270
address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 148 MAC Table Flowchart 33.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 149 Management > MAC Table 270 ES-2024 Series - ZyXEL ES-2024A | User Guide - Page 271
This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). ES-2024 Series User's Guide 271 - ZyXEL ES-2024A | User Guide - Page 272
Chapter 33 MAC Table 272 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 273
the broadcast address with the target's MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. ES-2024 Series User's Guide 273 - ZyXEL ES-2024A | User Guide - Page 274
to a Switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). 274 ES-2024 - ZyXEL ES-2024A | User Guide - Page 275
of one port onto other ports. 35.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 151 Management > Configure Clone ES-2024 Series User's Guide 275 - ZyXEL ES-2024A | User Guide - Page 276
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 276 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 277
PART VI Appendices and Index Product Specifications (279) IP Addresses and Subnetting (289) Legal Information (299) Index (303) 277 - ZyXEL ES-2024A | User Guide - Page 278
278 - ZyXEL ES-2024A | User Guide - Page 279
ES-2024PWR: 438 mm (W) x 270 mm (D) x 44.5 mm (H) ES-2024A: 2.2 kg AC Model Power Consumption AC Model Power Supply ES-2024PWR: 4.0 kg ES-2024A: 24 W ES-2024PWR: 200 W 100-240 VAC, 50/60 Hz ES-2024A: 0.4 A DC Model Power Consumption ES-2024PWR: 2 A ES-2024A: 16.8 W ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 280
A Product Specifications Table 100 Hardware Specifications (continued) SPECIFICATION DESCRIPTION DC Model Power Specification Overload protection ES-2024PWR only) Power over Ethernet to 24 PoE ports (max. 15.4 Watt/port, 185Watt/system) Power budget management 280 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 281
. Three scheduling services are supported: Strict Priority Queuing (SPQ) and Weighted Round Robin (WRR). This allows the Switch to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth. ES-2024 Series User's Guide 281 - ZyXEL ES-2024A | User Guide - Page 282
The Switch can generate syslog messages and send it to a syslog server. Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the Switch. Note: Only upload firmware for your specific model! 282 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 283
or troubleshoot network connection problems. Table 102 Firmware Specifications FEATURE SPECIFICATION Default IP Address 192.168.1.1 Number of IP Addresses 64 Configurable Default Subnet Mask 255.255.255.0 (24 bits) Administrator User Name admin Default Password 1234 Number of Login - ZyXEL ES-2024A | User Guide - Page 284
statistics DHCP relay 802.1w rapid spanning tree protocol VLAN 802.1s MSTP Port based VLAN 802.1Q VLAN Maximum number of VLAN: 4K, 256 static VLAN GVRP for dynamic group registration VLAN ingress filtering Acceptable frame type for tagged only and all frames 284 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 285
Table 102 Firmware Specifications (continued) FEATURE SPECIFICATION Security Static MAC address forward Static MAC address filtering Block unresolved address forwarding/Port security Limiting number of dynamic address per port. 802.1x port authentication by RADIUS Management login by RADIUS - ZyXEL ES-2024A | User Guide - Page 286
v1 RFC 1155 SMI RFC 1157 SNMPv1: Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II RFC 1305 Network Time Protocol (NTP version 3) RFC 1441 SNMPv2 Simple Network Management Protocol version 2 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs 286 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 287
MIB, Q-BRIDGE-MIB RADIUS - Vendor Specific Attribute DHCP Relay Syslog Internet Group Management Protocol, Version 3 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMP v3) RADIUS - Tunnel Protocol Attribute Port (Class A) ES-2024 Series User's Guide 287 - ZyXEL ES-2024A | User Guide - Page 288
Appendix A Product Specifications 288 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 289
You can also use subnet masks to divide one network into multiple sub-networks. Introduction to IP Addresses One part of the IP address is the network number, and the other part is the host ID. In the same way 00000000 to 11111111 in binary, or 0 to 255 in decimal. ES-2024 Series User's Guide 289 - ZyXEL ES-2024A | User Guide - Page 290
Host ID Example 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET IP Address (Binary) Subnet Mask (Binary) Network Number Host ID (192) (168) (1) (2) 11000000 10101000 00000001 00000010 11111111 11111111 11111111 00000000 11000000 10101000 00000001 00000010 290 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 291
as follows: Table 106 Maximum Host Numbers SUBNET MASK HOST ID SIZE 8 bits 255.0.0.0 24 bits 16 bits 255.255.0.0 16 bits 24 bits 255.255.255.0 8 bits 29 bits 255.255.255.2 3 bits 48 224 - 2 216 - 2 28 - 2 23 - 2 MAXIMUM NUMBER OF HOSTS 16777214 65534 254 6 ES-2024 Series User's Guide 291 - ZyXEL ES-2024A | User Guide - Page 292
IP Addresses NOTATION (BINARY) 255.255.255.0 /24 0000 0000 255.255.255.12 address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 - 2 or 254 possible hosts. 292 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 293
Appendix B IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 154 Subnetting Example: Before Subnetting You host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. ES-2024 Series User's Guide 293 - ZyXEL ES-2024A | User Guide - Page 294
-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to "borrow" two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. 294 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 295
11000000 Highest Host ID: 192.168.1.190 Table 111 Subnet 4 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) NETWORK NUMBER LAST OCTET BIT VALUE 192.168.1. 192 11000000.10101000.00000001 11000000 . 11111111.11111111.11111111 11000000 . ES-2024 Series User's Guide 295 - ZyXEL ES-2024A | User Guide - Page 296
following table shows IP address last octet values for each subnet. Table 112 Eight Subnets SUBNET SUBNET ADDRESS 1 0 2 32 3 64 4 96 5 128 6 160 7 192 8 224 FIRST ADDRESS LAST ADDRESS 1 30 33 .252 (/30) 64 2 7 255.255.255.254 (/31) 128 1 296 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 297
(for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your Switch will compute the subnet mask automatically based on the IP address that ES-2024 Series User's Guide 297 - ZyXEL ES-2024A | User Guide - Page 298
situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 298 ES-2024 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 299
, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume and if not installed and used in accordance ZyWALL USG 100/200 Series User's Guide 299 - ZyXEL ES-2024A | User Guide - Page 300
Appendix C Legal Information with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 300 ZyWALL USG 100/200 Series User - ZyXEL ES-2024A | User Guide - Page 301
obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/ web/support_warranty_info.php. Customer Support In the event of problems that cannot be solved by using this manual, you should - ZyXEL ES-2024A | User Guide - Page 302
Appendix C Legal Information 302 ZyWALL USG 100/200 Series User's Guide - ZyXEL ES-2024A | User Guide - Page 303
and Internal Spanning Tree) 117 Class of Service (CoS) 211 cloning a port See also port cloning 276 cluster management 261 and switch passwords 266 cluster manager 261, 266 cluster member 261, 266 cluster member firmware upgrade 264 network example 262 setup 265 ES-2024 Series User's Guide 303 - ZyXEL ES-2024A | User Guide - Page 304
209 change running config 227 file names 229 configuration file 49 backup 228 restore 49, 228 saving 226 configuration, saving 48 connect power 37 console port connector 34 default setting 34 copying port settings, See also port cloning 276 copyright 299 CPU management port 100 current date - ZyXEL ES-2024A | User Guide - Page 305
163 profiles 159 IGMP snooping 158 MVR 164 ingress check 99 ingress port 103 Internet Assigned Numbers Authority See IANA 298 introduction 23 IP interface 79 setup 78 IP source guard 187 ARP inspection 187, 188 static bindings 187 L LACP 137 system priority 142 ES-2024 Series User's Guide 305 - ZyXEL ES-2024A | User Guide - Page 306
228 current configuration 225 firmware 227 main screen 225 306 restoring configuration 228 Management Information Base (MIB) 234 management IP address DHCP setup 80 management port 103 management VID 80 managing the device good habits 26 using FTP. See FTP. using SNMP. See SNMP. using Telnet. See - ZyXEL ES-2024A | User Guide - Page 307
address learning 149 overview 149 setup 150, 203 port setup 81 port status 65 port VLAN trunking 93 port-based VLAN 99 all connected 103 port isolation 103 settings wizard 103 ports "standby" 138 diagnostics 256 mirroring 135 speed/duplex 82 power voltage 73 power connector 37 power specification - ZyXEL ES-2024A | User Guide - Page 308
253 resetting 49, 226 to factory default settings 226 restoring configuration 49, 228 RFC 3164 257 RSTP 115 S safety warnings 7 save configuration 48, 226 screen summary 45 Secure Shell See SSH service access control 251 service port 252 Simple Network Management Protocol, see SNMP 234 SNMP 26 - ZyXEL ES-2024A | User Guide - Page 309
filtering 99 introduction 76 management VID 80 number of VLANs 95 port number 96 port settings 98 port-based VLAN 99 port-based, all connected 103 port-based, isolation 103 port-based, wizard 103 static VLAN 96 status 95, 96 tagged 91 trunking 93, 99 type 77, 94 ES-2024 Series User's Guide 309 - ZyXEL ES-2024A | User Guide - Page 310
VSA 182 W warranty 301 note 301 web configurator 26, 41 getting help 51 home 42 login 41 logout 50 navigation panel 44 screen summary 45 Weighted Round Robin Scheduling (WRR) 153 WRR (Weighted Round Robin Scheduling) 153 Z ZyNOS (ZyXEL Network Operating System) 230 310 ES-2024 Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
 |
 |
www.zyxel.com
www.zyxel.com
ES-2024 Series
Ethernet Switch
Copyright © 2008
ZyXEL Communications Corporation
Firmware Version 3.90
Edition 1, 12/2008
Default Login Details
IP Address
User Name
admin
Password
1234