ZyXEL MES-3528 User Guide
ZyXEL MES-3528 Manual
 |
View all ZyXEL MES-3528 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL MES-3528 manual content summary:
- ZyXEL MES-3528 | User Guide - Page 1
MES-3528 Layer 2+ Metro Ethernet Switch Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 3.90 Edition 2, 8/2011 www.zyxel.com Copyright © 2011 ZyXEL Communications Corporation - ZyXEL MES-3528 | User Guide - Page 2
- ZyXEL MES-3528 | User Guide - Page 3
READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Intended Audience This manual is intended for people who want to configure the Switch using the web configurator. Related Documentation • Command Line Interface (CLI) Reference Guide The Command Reference Guide explains how to use the - ZyXEL MES-3528 | User Guide - Page 4
things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The MES-3528 may be referred to as the "Switch", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are all in bold font. • A key - ZyXEL MES-3528 | User Guide - Page 5
Document Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router MES-3528 User's Guide 5 - ZyXEL MES-3528 | User Guide - Page 6
one will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device. Connect it to electrical and electronic equipment should be treated separately. 6 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 7
Queuing Method ...177 Multicast ...181 AAA ...197 IP Source Guard ...211 Loop Guard ...237 Layer 2 Protocol Tunneling ...241 PPPoE ...245 Static Route ...255 Differentiated Services ...259 DHCP ...263 Maintenance ...271 Access Control ...279 Diagnostic ...301 Syslog ...303 MES-3528 User's Guide 7 - ZyXEL MES-3528 | User Guide - Page 8
Contents Overview Cluster Management ...307 MAC Table ...315 ARP Table ...319 Configure Clone ...321 Troubleshooting ...323 Product Specifications ...327 8 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 9
28 2.3.2 Attaching the Mounting Brackets to the Switch 28 2.3.3 Mounting the Switch on a Rack 29 Chapter 3 Hardware Overview ...31 3.1 Front Panel ...31 3.1.1 Console Port ...32 3.1.2 Gigabit Ethernet Ports 33 3.1.3 Mini-GBIC Slots ...34 3.1.4 Power Connector (DC 36 MES-3528 User's Guide 9 - ZyXEL MES-3528 | User Guide - Page 10
Switch 64 6.2.1 DHCP Relay Tutorial Introduction 64 6.2.2 Creating a VLAN ...64 6.2.3 Configuring DHCP Relay 67 6.2.4 Troubleshooting ...68 Chapter 7 System Status and Port Statistics 69 7.1 Overview ...69 7.2 Port Status Summary ...70 7.2.1 Status: Port Details 71 10 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 11
Information ...75 8.3 General Setup ...76 8.4 Introduction to VLANs ...78 8.5 Switch Setup Screen ...79 8.6 IP Setup ...80 8.6.1 Management IP Addresses 81 8.7 Port Setup ...83 Chapter 9 VLAN ...87 9.1 Introduction to IEEE 802.1Q Tagged VLANs 87 9.1.1 Forwarding Tagged and Untagged Frames 88 - ZyXEL MES-3528 | User Guide - Page 12
ID 148 17.3 Link Aggregation Status 149 17.4 Link Aggregation Setting 151 17.5 Link Aggregation Control Protocol 153 17.6 Static Trunking Example 155 12 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 13
178 22.2 Configuring Queuing ...179 Chapter 23 Multicast ...181 23.1 Overview ...181 23.1.1 IP Multicast Addresses 181 23.1.2 IGMP Filtering ...181 23.1.3 IGMP Snooping ...182 23.1.4 IGMP Snooping and VLANs 182 23.2 Multicast Status ...182 23.3 Multicast Setting ...183 MES-3528 User's Guide 13 - ZyXEL MES-3528 | User Guide - Page 14
Specific Attribute 206 24.3 Supported RADIUS Attributes 207 24.3.1 VLAN Status 228 25.6.2 ARP Inspection Log Status 229 25.7 ARP Inspection Configure 230 25.7.1 ARP Inspection Port Configure 233 25.7.2 ARP Inspection VLAN Configure 234 Chapter 26 Loop Guard ...237 14 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 15
2 Protocol Tunneling Mode 242 27.2 Configuring VLAN 252 28.3.3 PPPoE IA for VLAN 253 Chapter 29 Static Route ...255 29.1 Static Routing Overview 255 29.2 Configuring Static Routing 256 Chapter 30 Differentiated Services Overview ...263 31.1.1 DHCP Modes ...263 31.1.2 DHCP Configuration Options - ZyXEL MES-3528 | User Guide - Page 16
33.3.2 Supported MIBs ...281 33.3.3 SNMP Traps ...282 33.3.4 Configuring SNMP 286 33.3.5 Configuring SNMP Trap Group 287 33.3.6 Configuring SNMP User Information 289 33.3.7 Setting Up Login Accounts 290 33.4 SSH Overview ...292 33.5 How SSH works ...293 33.6 SSH Implementation on the Switch 294 - ZyXEL MES-3528 | User Guide - Page 17
Cluster Member Switch Management Troubleshooting...323 40.1 Power, Hardware Connections, and LEDs 323 40.2 Switch Access and Login 324 40.3 Switch Configuration ...326 Chapter 41 Product Specifications ...327 Appendix A Changing a Fuse 335 Appendix B Common Services 337 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 18
Table of Contents Appendix C Legal Information 341 Index ...345 18 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 19
PART I User's Guide 19 - ZyXEL MES-3528 | User Guide - Page 20
20 - ZyXEL MES-3528 | User Guide - Page 21
at a time. With its built-in web configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed via Telnet, any terminal emulator program on the console port, or third-party SNMP management. See Chapter 41 on page 327 for a full list of software features - ZyXEL MES-3528 | User Guide - Page 22
. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch. Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location. Figure 2 Bridging Application 22 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 23
87. 1.1.4.1 Tag-based VLAN Example Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any recabling. MES-3528 User's Guide 23 - ZyXEL MES-3528 | User Guide - Page 24
spans a metropolitan area. In the following example, the Switch is one of many switches that connect users in the metropolitan area to the Internet. The metro ethernet is based on a star (or hub-and-spoke) topology, though other topologies, such as ring or mesh, are also 24 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 25
and in some cases are necessary to configure advanced features. See the CLI Reference Guide. • FTP. Use FTP for firmware upgrades and configuration backup/restore. See Section 32.8 on page 275. • SNMP. The Switch can be monitored by an SNMP manager. See Section 33.3 on page 280. • Cluster Management - ZyXEL MES-3528 | User Guide - Page 26
Switch 1.3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. • Change the password. Use a password If you forget your password, you will have to reset the Switch to its factory default settings. If you - ZyXEL MES-3528 | User Guide - Page 27
of cables and the power cord. 2.3 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size, 19-inch rack or in a wiring closet with other equipment. Follow the steps below to mount your Switch on a standard EIA rack using a rack-mounting kit. MES-3528 User's Guide 27 - ZyXEL MES-3528 | User Guide - Page 28
support the combined weight of all the equipment it contains. • Make sure the position of the Switch Switch. 2 Repeat steps 1 and 7 to install the second mounting bracket on the other side of the Switch. 3 You may now mount the Switch on a rack. Proceed to the next section. 28 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 29
of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack. Figure 8 Mounting the Switch on a Rack Figure 9 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps 1 and 2 to - ZyXEL MES-3528 | User Guide - Page 30
Chapter 2 Hardware Installation and Connection 30 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 31
DC) LEDs Console Port Power Connection Ethernet Ports Signal slot Dual Personality Interfaces The following figure shows the front panel of the Switch. Figure 11 Front Panel (AC) LEDs Console Port Power Connection Ethernet Ports Signal slot Dual Personality Interfaces MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 32
Console Port SIGNAL DESCRIPTION Connect an appropriate power supply to this port. For DC, Turn the device on or off using the switch. Connect these ports to a computer, a hub, an Ethernet switch Ethernet switches using 1000BASE switches. The console port is for local configuration of the Switch - ZyXEL MES-3528 | User Guide - Page 33
to determine the connection speed and duplex mode. If the peer Ethernet port does not support auto-negotiation or turns off this feature, the Switch determines the connection speed by detecting the ports, so crossover cables can connect both computers and switches/hubs. MES-3528 User's Guide 33 - ZyXEL MES-3528 | User Guide - Page 34
a transmitter and a receiver. The Switch does not come with transceivers. You must the Switch is operating. You can use different transceivers to connect to Ethernet switches with different into place. 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is - ZyXEL MES-3528 | User Guide - Page 35
transceiver out of the slot. Figure 14 Removing the Fiber Optic Cables Figure 15 Opening the Transceiver's Latch Example Figure 16 Transceiver Removal Example MES-3528 User's Guide 35 - ZyXEL MES-3528 | User Guide - Page 36
Switch can be configured to send an SNMP trap to the SNMP server. See Section 33.3 on page 280 for more information on using SNMP. • The Switch can be configured to create an error log of the alarm. See Section 35.1 on page 303 for more information on using the system log. 36 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 37
(2,3) on the Signal connector. You can also daisy-chain the external alarm to another ZyXEL Switch which supports the external alarm feature. If daisy-chaining to a ZyXEL switch that is a different model, check your switch's documentation for the correct pin assignments. MES-3528 User's Guide 37 - ZyXEL MES-3528 | User Guide - Page 38
on another ZyXEL Switch. 2 When daisy-chaining further Switches ensure that Switches of the Same Model 3.2 LEDs After you connect the power to the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting. Table 2 LED Descriptions LED 3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 39
Chapter 3 Hardware Overview Table 2 LED Descriptions (continued) LED COLOR STATU S DESCRIPTION 1 ~ 24 Green Blinking The system is transmitting/ On The Gigabit port is negotiating in full-duplex mode. Off The Gigabit port is negotiating in half-duplex mode. MES-3528 User's Guide 39 - ZyXEL MES-3528 | User Guide - Page 40
Chapter 3 Hardware Overview 40 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 41
PART II Technical Reference 41 - ZyXEL MES-3528 | User Guide - Page 42
42 - ZyXEL MES-3528 | User Guide - Page 43
(enabled by default). • Java permissions (enabled by default). 4.2 System Login 1 Start your web browser. 2 Type "http://" and the IP address of the Switch (for example, the default management IP address is 192.168.1.1) in the Location or Address field. Press [ENTER]. MES-3528 User's Guide 43 - ZyXEL MES-3528 | User Guide - Page 44
Chapter 4 The Web Configurator 3 The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. Figure 19 Web Configurator: - ZyXEL MES-3528 | User Guide - Page 45
if the Switch's power is turned off. C - Click this link to go to the status page of the Switch. D - Click this link to logout of the web configurator. E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. MES-3528 User's Guide 45 - ZyXEL MES-3528 | User Guide - Page 46
IP Switch Setup menu). You can also configure a protocol based VLAN or a subnet based VLAN in these screens. Static MAC Forwarding This link takes you to a screen where you can configure static MAC addresses for a port. These static MAC addresses do not age out. 46 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 47
(Layer 2 Protocol Tunneling) settings on the Switch. PPPoE IP Application Static Routing This link takes you to a screen where you can configure static routes. A static route defines how the Switch should forward traffic by configuring the TCP/IP parameters manually. MES-3528 User's Guide 47 - ZyXEL MES-3528 | User Guide - Page 48
firmware and configuration file maintenance as well as reboot the system. Access Control This link takes you to screens where you can change the system login password and configure SNMP ports and VLAN IDs. ARP Table This link takes you to a screen where you can view the MAC addresses - IP address - ZyXEL MES-3528 | User Guide - Page 49
default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 21 Change Administrator Login Password to nonvolatile memory. Nonvolatile memory refers to the Switch's storage that remains even if the Switch's power is turned off. Note: Use the - ZyXEL MES-3528 | User Guide - Page 50
default is VLAN 1). 2 Delete all port-based VLANs with the CPU port as a member. The "CPU port" is the management port of the Switch. 3 Filter all traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services - ZyXEL MES-3528 | User Guide - Page 51
56:57 Press any key to enter debug mode within 3 seconds. ras> atlc Starting XMODEM upload (CRC mode).... CCCCCCCCCCCCCCCC Total 573440 bytes received. Erasing OK ras> atgo The Switch is now reinitialized with a default configuration file including the default password of "1234". 4.7 Logging Out of - ZyXEL MES-3528 | User Guide - Page 52
Chapter 4 The Web Configurator 4.8 Help The web configurator's online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. 52 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 53
. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID • Configure the Switch IP management address 5.1.1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based - ZyXEL MES-3528 | User Guide - Page 54
as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. 5 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 54 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 55
Applications > VLAN in the navigation panel. Then click the VLAN Port Setting link. 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. MES-3528 User's Guide 55 - ZyXEL MES-3528 | User Guide - Page 56
is in the same subnet as the Switch. 2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator. See Section 4.2 on page 43 for more information. 3 Click Basic Setting > IP Setup in the navigation panel. 56 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 57
to which you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen. 7 Click Add to save your changes back to the run-time memory. Settings in the runtime memory are lost when the Switch's power is turned off. MES-3528 User's Guide 57 - ZyXEL MES-3528 | User Guide - Page 58
Chapter 5 Initial Setup Example 58 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 59
• How to Use DHCP Snooping on the Switch • How to Use DHCP Relay on the Switch 6.1 How to Use DHCP Snooping on the Switch You only want DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN network (V). Create a VLAN containing ports 5, 6 and 7. Connect a computer M to the - ZyXEL MES-3528 | User Guide - Page 60
Tutorials 1 Access the Switch through http://192.168.1.1 by default. Log into the Switch by entering the username (default: admin) and password (default: 1234). 2 Go to Advanced Application > VLAN > Static VLAN, and create a VLAN with ID of 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in - ZyXEL MES-3528 | User Guide - Page 61
frames on ports 5, 6 and 7 with the tag 100. Figure 29 Tutorial: Tag Untagged Frames 4 Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 30 Tutorial: Specify DHCP VLAN MES-3528 User's Guide 61 - ZyXEL MES-3528 | User Guide - Page 62
5. Keep ports 6 and 7 Untrusted because they are connected to DHCP clients. Click Apply. Figure 31 Tutorial: Set the DHCP Server Port to Trusted 62 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 63
IP Source Guard, you should see an IP assignment with the type dhcp-snooping as shown. Figure 33 Tutorial: Check the Binding If DHCP Snooping Works You can also telnet or log into the Switch's console 1 Lease 6d23h59m20s Type dhcp-snooping VLAN ---- 100 Port ----- 7 MES-3528 User's Guide 63 - ZyXEL MES-3528 | User Guide - Page 64
102. Figure 34 Tutorial: DHCP Relay Scenario DHCP Server 192.168.2.3 Port 2 PVID=102 A VLAN 102 172.16.1.18 6.2.2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102. 1 Access the web configurator through the Switch's management port. 64 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 65
, enter a descriptive name (VALN 102 for example) in the Name field and enter 102 in the VLAN Group ID field. 5 Select Fixed to configure port 2 to be a permanent member of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. MES-3528 User's Guide 65 - ZyXEL MES-3528 | User Guide - Page 66
Setting link in the VLAN Status screen. Figure 37 Tutorial: Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 66 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 67
configuration permanently. 6.2.3 Configuring DHCP Relay Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information (such as the VLAN ID) to DHCP requests. 1 Click IP Application > DHCP and then the Global link to open the DHCP Relay screen. 2 Select - ZyXEL MES-3528 | User Guide - Page 68
can then assign a specific IP address based on the DHCP request. 6.2.4 Troubleshooting Check the client A's IP address. If it did not receive the IP address 172.16.1.18, make sure: 1 Client A is connected to the Switch's port 2 in VLAN 102. 2 You configured the correct VLAN ID, port number and - ZyXEL MES-3528 | User Guide - Page 69
) and port details screens. 7.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. MES-3528 User's Guide 69 - ZyXEL MES-3528 | User Guide - Page 70
field shows the number of received errors on this port. This field shows the number of kilobytes per second transmitted on this port. 70 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 71
in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 41 Status > Port Details MES-3528 User's Guide 71 - ZyXEL MES-3528 | User Guide - Page 72
inhibited by exactly one collision. Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision. 72 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 73
Excessive collision is defined as the number of maximum collisions before the retransmission count is reset. This is the number of times a late collision is detected, that is, after The maximum frame size varies depending on your switch model. See Chapter 41 on page 327. MES-3528 User's Guide 73 - ZyXEL MES-3528 | User Guide - Page 74
Chapter 7 System Status and Port Statistics 74 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 75
General Setup, Switch Setup, IP Setup and Port Setup screens. 8.1 Overview The System Info screen displays general Switch information (such as firmware version number). the screen as shown. You can check the firmware version number. Figure 42 Basic Setting > System Info MES-3528 User's Guide 75 - ZyXEL MES-3528 | User Guide - Page 76
name of the Switch for identification purposes. ZyNOS F/W Version This field displays the version number of the Switch 's current firmware including the date are allowed. Location Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. - ZyXEL MES-3528 | User Guide - Page 77
(yyyy-mm-dd) Time Zone Daylight Saving Time None is the default value. Enter the time manually. Each time you turn on the Switch, the time and date will be reset to 1970-1-1 0:0:0. Enter the IP address of your timeserver. The Switch searches for the timeserver for up to 60 seconds. If you select - ZyXEL MES-3528 | User Guide - Page 78
to the Switch's run-time memory. The Switch loses these changes VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. See Chapter 9 on page 87 for information on port-based and 802.1Q tagged VLANs. 78 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 79
on VLAN setup for more background information. Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds. Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 milliseconds. MES-3528 User's Guide 79 - ZyXEL MES-3528 | User Guide - Page 80
to reset the fields. 8.6 IP Setup Use the IP Setup screen to configure the Switch IP address, default gateway device, the default domain name server and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic. 80 MES-3528 User - ZyXEL MES-3528 | User Guide - Page 81
IP address. The factory default subnet mask is 255.255.255.0. You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 45 Basic Setting > IP Setup MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 82
decimal notation for example 255.255.255.0. Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254. VID Enter the VLAN identification number associated with the Switch IP address. This is the VLAN ID of the CPU and is used for - ZyXEL MES-3528 | User Guide - Page 83
the IP address of the default gateway. Delete Check the management IP addresses that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the selected check boxes in the Delete column. 8.7 Port Setup Use this screen to configure Switch port - ZyXEL MES-3528 | User Guide - Page 84
. The factory default for all ports duplex mode of mode that both ends support. When auto-negotiation is turned on, a port on the Switch Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE802.3x flow control is used in full duplex mode mode - ZyXEL MES-3528 | User Guide - Page 85
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES-3528 User's Guide 85 - ZyXEL MES-3528 | User Guide - Page 86
Chapter 8 Basic Setting 86 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 87
default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094. TPID User Priority 2 Bytes 3 Bits CFI VLAN ID 1 Bit 12 bits MES-3528 - ZyXEL MES-3528 | User Guide - Page 88
set declaration timeout values. 9.2.2 GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch. 88 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 89
switches C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically allow frames with MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 90
• sent to a VLAN group as normal depending on its VLAN tag. • sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. 90 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 91
VLANs. This is the VLAN index number. Click on an index number to view more VLAN details. This is the VLAN identification number that was configured in the Static VLAN screen. This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 92
how long it has been since a normal VLAN was registered or a static VLAN was set up. This field shows how this VLAN was added to the Switch. dynamic: using GVRP static: added as a permanent entry other: added in another way such as via Multicast VLAN Registration (MVR) 92 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 93
name for the VLAN group for identification purposes. This name consists of up to 64 printable characters. VLAN Group ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Port The port number identifies the port you are configuring. MES-3528 User's Guide 93 - ZyXEL MES-3528 | User Guide - Page 94
VLAN settings. This field indicates whether the VLAN settings are enabled (Yes) or disabled (No). This field displays the descriptive name for this VLAN group. Click Delete to remove the selected entry from the summary table. Click Cancel to clear the Delete check boxes. 94 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 95
information on static VLAN. Click the VLAN Port Setting link in the VLAN Status screen. Figure 52 Advanced Application > VLAN > VLAN Port Setting The box to permit VLAN groups beyond the local Switch. If this check box is selected, the Switch discards incoming frames on a port for VLANs that do - ZyXEL MES-3528 | User Guide - Page 96
, the Switch checks if a tag is added already and the IP subnet it came from. The untagged packets from the same IP subnet are then placed in the same subnet based VLAN. One advantage of using subnet based VLANs is that priority can be assigned to traffic from the same IP subnet. 96 MES-3528 User - ZyXEL MES-3528 | User Guide - Page 97
IP subnet and prioritized accordingly. That is video services receive the highest priority and data the lowest. Figure 53 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 172.16.1.0/24 VID = 100 192.168.1.0/24 VID = 200 10.1.1.0/24 VID = 300 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 98
link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Check this box to activate the IP subnet VLAN you are creating or editing. Enter up to 32 alpha numeric characters to identify this subnet based VLAN. 98 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 99
the untagged frames from the IP subnet specified in this subnet based VLAN are tagged. This must be an existing VLAN which you defined in the Advanced Applications > VLAN screens. Priority Select the priority level that the Switch assigns to frames belonging to this VLAN. Add Click Add to save - ZyXEL MES-3528 | User Guide - Page 100
3 for ARP traffic received on port 1, 2 and 3. You also have a protocol based VLAN B with priority 2 for Apple Talk traffic received on port 6 and 7. All upstream ARP they go through the uplink port to a backbone switch C. Figure 55 Protocol Based VLAN Application Example 100 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 101
and type the protocol number in hexadecimal notation. For example the IP protocol in hexadecimal notation is 0800, and Novell IPX protocol is 8137. Note: Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based VLANs. MES-3528 User's Guide 101 - ZyXEL MES-3528 | User Guide - Page 102
in this protocol based VLAN. Type 1. 3 Give this protocol-based VLAN a descriptive name. Type IP-VLAN. 4 Select the protocol. Leave the default value IP. 5 Type the VLAN ID of an existing VLAN. In our example we already created a static VLAN with an ID of 5. Type 5. 102 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 103
-based VLANs are specific only to the Switch on which they were created. Note: When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it. Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 104
ports. 9.11.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. Figure 58 Port Based VLAN Setup (All Connected) 104 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 105
Figure 59 Port Based VLAN Setup (Port Isolation) Chapter 9 VLAN MES-3528 User's Guide 105 - ZyXEL MES-3528 | User Guide - Page 106
the corresponding port listed on the left (its outgoing port). CPU refers to the Switch management port. By default it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch cannot be managed from that port. These are the egress ports; an egress port - ZyXEL MES-3528 | User Guide - Page 107
10.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When you a port to access the Switch. See Chapter 19 on page 161 for more information on port security. MES-3528 User's Guide 107 - ZyXEL MES-3528 | User Guide - Page 108
the VLAN identification Switch's run-time memory. The Switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset VLAN identification number to which - ZyXEL MES-3528 | User Guide - Page 109
will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES-3528 User's Guide 109 - ZyXEL MES-3528 | User Guide - Page 110
Chapter 10 Static MAC Forward Setup 110 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 111
is a multicast MAC address that has been manually entered in the multicast table. Static multicast If a multicast group has no members, then the switch will either flood the multicast frames to all ports or VLAN group. Figure 62 shows frames being forwarded to devices MES-3528 User's Guide 111 - ZyXEL MES-3528 | User Guide - Page 112
Chapter 11 Static Multicast Forward Setup connected to port 3. Figure 63 shows frames being forwarded to ports 2 and 3 within VLAN group 4. Figure 61 No Static Multicast Forwarding Figure 62 Static Multicast Forwarding to A Single Port Figure 63 Static Multicast Forwarding to Multiple Ports 112 - ZyXEL MES-3528 | User Guide - Page 113
. The Switch loses this rule if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to their last saved values. MES-3528 User's Guide 113 - ZyXEL MES-3528 | User Guide - Page 114
a multicast group. VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address will be forwarded. Port This field displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will - ZyXEL MES-3528 | User Guide - Page 115
a Filtering Rule Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application > Filtering in the printable ASCII characters) for this rule. This is for identification only. MES-3528 User's Guide 115 - ZyXEL MES-3528 | User Guide - Page 116
number to which the MAC address belongs. This field displays the VLAN group identification number. Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Click Cancel to clear the selected checkbox(es) in the Delete column. 116 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 117
CHAPTER 13 Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree the port states are Discarding, Learning, and Forwarding. Note: In this user's guide, "STP" refers to both STP and RSTP. MES-3528 User's Guide 117 - ZyXEL MES-3528 | User Guide - Page 118
are therefore only forwarded between enabled ports, eliminating any possible network loops. STP-aware switches exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, link to the root bridge is down. This bridge then initiates 118 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 119
STP is disabled (default). Blocking Only configuration and Multiple RSTP MRSTP (Multiple RSTP) is ZyXEL's proprietary feature that is compatible with RSTP switch A. To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 120
possible as traffic from different VLANs can use distinct paths in a region. 13.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be 120 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 121
paths. The following figure shows the network example using MSTP. Figure 68 MSTP Network Example A VLAN 1 VLAN 2 B 13.1.5.2 MST Region An MST region is a logical grouping of multiple network devices that region) is increased by one when BPDUs traverse the region. MES-3528 User's Guide 121 - ZyXEL MES-3528 | User Guide - Page 122
for the MST region • VLAN-to-MST Instance mapping 13.1.5.3 MST Instance An MST Instance (MSTI) is a spanning tree instance. VLANs can be configured to run a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of - ZyXEL MES-3528 | User Guide - Page 123
differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch. MES-3528 User's Guide 123 - ZyXEL MES-3528 | User Guide - Page 124
STP modes on the Switch. Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 124 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 125
to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch. MES-3528 User's Guide 125 - ZyXEL MES-3528 | User Guide - Page 126
to 40 seconds. This is the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames /unplug port if the ring ports enable edge port. 126 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 127
port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. Path cost activate RSTP on the Switch. Figure 74 Advanced Application > Spanning Tree Protocol > Status: RSTP MES-3528 User's Guide 127 - ZyXEL MES-3528 | User Guide - Page 128
. This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. This is the number of times the spanning tree has been reconfigured. This is the time since the spanning tree was last reconfigured. 128 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 129
will then become the root switch. Select a value from the drop-down list box. The lower the numeric value you assign, the higher the priority for this bridge. Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age and Forwarding Delay. MES-3528 User's Guide 129 - ZyXEL MES-3528 | User Guide - Page 130
when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. Path cost is the cost of STP tree configuration this port should participate in. 130 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 131
changes to the Switch's run-time memory. The Switch loses these changes if you activate MRSTP on the Switch. Figure 76 Advanced Application > mode you want to activate. Click MRSTP to edit MRSTP settings on the Switch root bridge). Our Bridge is this switch. This Switch may also be the root bridge. - ZyXEL MES-3528 | User Guide - Page 132
. This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. This is the number of times the spanning tree has been reconfigured. This is the time since the spanning tree was last reconfigured. 132 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 133
Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 120 for more information on MSTP. Figure 77 Advanced Application > Spanning Tree Protocol > MSTP MES-3528 User's Guide 133 - ZyXEL MES-3528 | User Guide - Page 134
to belong to the same region. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the use to identify this MST instance on the Switch. The Switch supports instance numbers 0-15. 134 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 135
port-by-port basis. Active Priority Path Cost Add Cancel Instance VLAN Active Port Note: Changes in this row are copied to all loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. 3528 User's Guide 135 - ZyXEL MES-3528 | User Guide - Page 136
shown next. See Section 13.1.5 on page 120 for more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 78 Advanced Application > Spanning Tree Protocol > Status: MSTP 136 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 137
the base of the MST instance. Our Bridge is this switch. This Switch may also be the root bridge. This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. MES-3528 User's Guide 137 - ZyXEL MES-3528 | User Guide - Page 138
LABEL DESCRIPTION Internal Cost This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. 138 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 139
Bandwidth Control screen. 14.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. MES-3528 User's Guide 139 - ZyXEL MES-3528 | User Guide - Page 140
Application > Bandwidth Control LABEL Active Port * DESCRIPTION Select this check box to enable bandwidth control on the Switch. This field displays the port number. Settings in this row apply to all ports. Use this row second (Kbps) for the out-going traffic flow on a port. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 141
14 Bandwidth Control Table 33 Advanced Application > Bandwidth Control (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to - ZyXEL MES-3528 | User Guide - Page 142
Chapter 14 Bandwidth Control 142 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 143
control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and as shown next. Figure 80 Advanced Application > Broadcast Storm Control MES-3528 User's Guide 143 - ZyXEL MES-3528 | User Guide - Page 144
DESCRIPTION Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. This field displays receives per second. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power - ZyXEL MES-3528 | User Guide - Page 145
. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 81 Advanced Application > Mirroring MES-3528 User's Guide 145 - ZyXEL MES-3528 | User Guide - Page 146
Port * DESCRIPTION Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. The monitor port is ) and Both. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, - ZyXEL MES-3528 | User Guide - Page 147
The beginning port of each trunk group must be physically connected to form a trunk group. The Switch supports both static and dynamic link aggregation. Note: In a properly planned network, it is recommended the ports at the remote end of a link to establish trunk groups. MES-3528 User's Guide 147 - ZyXEL MES-3528 | User Guide - Page 148
switch and mode and flow control settings. Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. 17.2.1 Link Aggregation ID LACP aggregation ID consists of the following information1: Table 36 Link Aggregation ID: Local Switch Switch - ZyXEL MES-3528 | User Guide - Page 149
Application > Link Aggregation in the navigation panel. The Link Aggregation Status screen displays by default. See Section 17.1 on page 147 for more information. Figure 82 Advanced Application > Link belonging to this trunk group and LACP is also enabled for this group. MES-3528 User's Guide 149 - ZyXEL MES-3528 | User Guide - Page 150
packet's source and destination IP addresses. This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. 150 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 151
ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. MES-3528 User's Guide 151 - ZyXEL MES-3528 | User Guide - Page 152
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 152 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 153
: Do not configure this screen unless you want to enable dynamic link aggregation. Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). MES-3528 User's Guide 153 - ZyXEL MES-3528 | User Guide - Page 154
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 154 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 155
group are connected to the same destination. The following figure shows ports 2-5 on switch A connected to switch B. Figure 85 Trunking Example - Physical Connections B A 2 Configure static trunking Screen Your trunk group 1 (T1) configuration is now complete. MES-3528 User's Guide 155 - ZyXEL MES-3528 | User Guide - Page 156
Chapter 17 Link Aggregation 156 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 157
server). The Switch supports the following method for port authentication: • IEEE 802.1x2 - An authentication server validates access to a port based on a username and password provided by the user. IEEE 802.1x authentication uses the RADIUS (Remote Authentication Dial In User Service, RFC 2138 - ZyXEL MES-3528 | User Guide - Page 158
Configuration To enable port authentication, first activate the port authentication method (both on the Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > the screen as shown. Figure 88 Advanced Application > Port Authentication 158 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 159
Active Select this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch before configuring it on each port. Port This field displays the port are copied to all the ports as soon as you make them. MES-3528 User's Guide 159 - ZyXEL MES-3528 | User Guide - Page 160
-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 160 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 161
addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual this will result in many broadcasts. By default, MAC address learning is still enabled even though the port security is not activated. - ZyXEL MES-3528 | User Guide - Page 162
specified port(s) will become static MAC addresses and display in the Static MAC Forwarding screen. MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list. Active Select - ZyXEL MES-3528 | User Guide - Page 163
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES-3528 User's Guide 163 - ZyXEL MES-3528 | User Guide - Page 164
Chapter 19 Port Security 164 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 165
This chapter introduces and shows you how to configure the packet classifier on the Switch. 20.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum configure policy rules, refer to Chapter 21 on page 171. MES-3528 User's Guide 165 - ZyXEL MES-3528 | User Guide - Page 166
to all MAC addresses. To specify a source, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs). MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 167
. This means that the Switch will pick out the packets that are sent to establish TCP connections. Enter a source IP address in dotted decimal notation reset the fields back to your previous configuration. Click Clear to set the above fields back to the factory defaults. MES-3528 User's Guide 167 - ZyXEL MES-3528 | User Guide - Page 168
other common Ethernet types and the corresponding protocol number. Table 45 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.25 Level 3 0805 XNS Compat 0807 Banyan Systems - ZyXEL MES-3528 | User Guide - Page 169
number. Refer to http://www.iana.org/assignments/ protocol-numbers for a complete list. Table 46 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ICMP 1 TCP 6 UDP 17 EGP 8 L2TP traffic from MAC address 00:50:ba:ad:4f:81 on port 2. MES-3528 User's Guide 169 - ZyXEL MES-3528 | User Guide - Page 170
Chapter 20 Classifier After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. Figure 93 Classifier: Example 170 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 171
network. 21.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 20.2 on page 165 for more information. MES-3528 User's Guide 171 - ZyXEL MES-3528 | User Guide - Page 172
fields below for this policy. You only have to set the field(s) that is related to the action(s) you configure in the Action field. General VLAN ID Specify a VLAN ID number. Egress Port Type the number of an outgoing port. Priority Specify a priority level. MES - ZyXEL MES-3528 | User Guide - Page 173
table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. MES-3528 User's Guide 173 - ZyXEL MES-3528 | User Guide - Page 174
LABEL DESCRIPTION Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. 21.3 Viewing and Editing Policy table. Cancel Click Cancel to clear the Delete check boxes. 174 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 175
Chapter 21 Policy Rule 21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 169). Figure 96 Policy Example MES-3528 User's Guide 175 - ZyXEL MES-3528 | User Guide - Page 176
Chapter 21 Policy Rule 176 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 177
Queuing Strictly Priority Queuing (SPQ) services queues based on priority only. As traffic comes into the Switch, traffic on the highest priority efficient in that it divides any available bandwidth across the different traffic queues. By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, - ZyXEL MES-3528 | User Guide - Page 178
(WRR) Round Robin Scheduling services queues on a rotating basis uses the same algorithm as round robin scheduling, but services queues based on their priority and queue weight (the can handle. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism - ZyXEL MES-3528 | User Guide - Page 179
make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MES-3528 User's Guide 179 - ZyXEL MES-3528 | User Guide - Page 180
get more service than queues Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 180 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 181
delivers IP packets . 23.1.1 IP Multicast Addresses In IP address represents a traffic receiving group, not individual receiving devices. IP IP multicasting. Certain IP services (such as content information distribution) based on service plans and types of subscription. You can set the Switch - ZyXEL MES-3528 | User Guide - Page 182
IGMP snooping should be performed on. This is referred to as fixed mode. In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN. 23.2 Multicast Status Click Advanced Applications > Multicast to display the screen as - ZyXEL MES-3528 | User Guide - Page 183
port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. 23.3 Multicast Setting Click Advanced Applications > Multicast > Multicast on multicasting. Figure 99 Advanced Application > Multicast > Multicast Setting MES-3528 User's Guide 183 - ZyXEL MES-3528 | User Guide - Page 184
Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached. Host Timeout Specify the time (from 1 to 16,711,450) in seconds that elapses before the Switch Switch Switch receives an unknown IP destination IP address perform when the Switch receives a the Switch to - ZyXEL MES-3528 | User Guide - Page 185
profile to use for this port. Otherwise, select Default to prohibit the port from joining any multicast group. IGMP Querier Mode You can create IGMP filtering profiles in the Multicast > Multicast Setting > IGMP Filtering Profile screen. The Switch treats an IGMP query port as being connected to - ZyXEL MES-3528 | User Guide - Page 186
group membership information of any VLANs automatically. Select fixed to have the Switch only learn multicast group membership information of the VLAN(s) that you specify below. In either auto or fixed mode, the Switch can learn up to 16 VLANs (including up to five VLANs you configured in the MVR - ZyXEL MES-3528 | User Guide - Page 187
to reset the fields to your previous configuration. Click this to clear the fields. This is the number of the IGMP snooping VLAN entry groups that clients connected to the Switch are able to join. A profile contains a range of multicast IP addresses which you want clients -3528 User's Guide 187 - ZyXEL MES-3528 | User Guide - Page 188
when you are done configuring. Click Clear to clear the fields to the factory defaults. This field displays the descriptive name of the profile. This field displays the start of the multicast address range. This field displays the end of the multicast address range. 188 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 189
is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group. MES-3528 User's Guide 189 - ZyXEL MES-3528 | User Guide - Page 190
mode, the Switch does not send any IGMP reports. In this case, you must manually configure the forwarding settings on the multicast devices in the multicast VLAN group addresses on the Switch, an entry is created in the forwarding table on the Switch. This maps the subscriber VLAN to the list of - ZyXEL MES-3528 | User Guide - Page 191
create up to five multicast VLANs and up to 256 multicast rules on the Switch. Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 104 Advanced Application > Multicast > Multicast Setting > MVR MES-3528 User's Guide 191 - ZyXEL MES-3528 | User Guide - Page 192
) for identification purposes. Enter the VLAN ID (1 to 4094) of the multicast VLAN. Select a priority level (0-7) with which the Switch replaces the priority in outgoing IGMP control packets (belonging to this multicast VLAN). Specify the MVR mode on the Switch. Choices are Dynamic and Compatible - ZyXEL MES-3528 | User Guide - Page 193
Group Configuration LABEL Multicast VLAN ID Name Start Address DESCRIPTION Select a multicast VLAN ID (that you IP multicast address of the multicast group in dotted decimal notation. Refer to Section 23.1.1 on page 181 for more information on IP multicast addresses. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 194
VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic. Figure 106 MVR Configuration Example 194 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 195
Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 107 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 196
Chapter 23 Multicast following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 108 MVR Group Configuration Example Figure 109 MVR Group Configuration Example 196 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 197
the Switch but user B cannot. The Switch can authorize users based on user accounts configured on the Switch itself process of recording what a user is doing. The Switch can use an external server to track when users log The Switch supports RADIUS (Remote Authentication Dial-In User Service, see - ZyXEL MES-3528 | User Guide - Page 198
storing user profiles locally on the Switch, your Switch is able to authenticate and authorize password sent for authentication. TACACS+ TCP (Transmission Control Protocol) All communication between the client (the Switch or all of them on the Switch. First, configure your authentication and - ZyXEL MES-3528 | User Guide - Page 199
for more information on RADIUS servers and Section 24.3 on page 207 for RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 112 Advanced Application > AAA > RADIUS Server - ZyXEL MES-3528 | User Guide - Page 200
a RADIUS accounting server entry. Enter the IP address of an external RADIUS accounting server in dotted decimal notation. The default port of a RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so. 200 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 201
) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS accounting server and the Switch. This key is not sent over Figure 113 Advanced Application > AAA > TACACS+ Server Setup MES-3528 User's Guide 201 - ZyXEL MES-3528 | User Guide - Page 202
a TACACS+ accounting server entry. Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. The default port of a TACACS+ server for accounting is 49. You need not change this value unless your network administrator instructs you to do so. 202 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 203
password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ accounting server and the Switch Switch. Delete Check this box if you want to remove an existing TACACS+ accounting server entry from the Switch and accounting settings on the Switch. Click on the AAA - ZyXEL MES-3528 | User Guide - Page 204
. • Exec: Allow an administrator which logs in the Switch through Telnet or SSH to have different access privilege level assigned via the external server. • Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via the external server. 204 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 205
if it doesn't get a response from the accounting server then it tries the second accounting server. The Switch supports two modes of recording login events. Select: start-stop: to have the Switch send information to the accounting server when a user begins a session, during a user's session (if it - ZyXEL MES-3528 | User Guide - Page 206
of a RADIUS server. The Switch supports VSAs that allow you to perform the following actions based on user authentication: • Limit bandwidth on incoming or outgoing traffic for the port the user connects to. • Assign account privilege levels (See the CLI Reference Guide for more information on - ZyXEL MES-3528 | User Guide - Page 207
Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This appendix lists the RADIUS attributes supported by the Switch. MES-3528 User's Guide 207 - ZyXEL MES-3528 | User Guide - Page 208
NAS-Identifier NAS-IP-Address 24.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 208 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 209
Switch to the RADIUS server when performing authentication. 24.3.2.1 Attributes Used for Accounting System Events NAS-IP between Console and IP-Address Y Y Service-Type Y Y Calling-Station-Id Y Y Acct-Status-Type Y Y Acct-Delay-Time Y Y STOP Y Y Y Y Y Y Y MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 210
65 RADIUS Attributes-Exec Events via 802.1x ATTRIBUTE START INTERIM-UPDATE User-Name Y Y NAS-IP-Address Y Y NAS-Port Y Y Class Y Y Called-Station-Id Y Y Calling-Station Y Acct-Output- Y Gigawords STOP Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 210 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 211
these key attributes: • MAC address • VLAN ID • IP address • Port number When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding enable DHCP snooping before you enable ARP inspection. MES-3528 User's Guide 211 - ZyXEL MES-3528 | User Guide - Page 212
packet (for example, OFFER, ACK, or NACK). • The source MAC address and source IP address in the packet do not match any of the current bindings. • The packet is database, the Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts. 212 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 213
Chapter 25 IP Source Guard You can configure the name and location of the file DHCP Snooping Follow these steps to configure DHCP snooping on the Switch. 1 Enable DHCP snooping on the Switch. 2 Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. MES-3528 User's Guide 213 - ZyXEL MES-3528 | User Guide - Page 214
the MAC address filter remains in the Switch. These MAC address filters are different than regular MAC address filters (Chapter 12 on page 115). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. 214 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 215
per second. 25.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns MES-3528 User's Guide 215 - ZyXEL MES-3528 | User Guide - Page 216
and ARP inspection. Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the 216 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 217
to update an existing one. Click this to reset the values above based on the last selected static Switch learned the binding. VLAN static: This binding was learned from information provided manually by an administrator. This field displays the source VLAN ID in the binding. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 218
Chapter 25 IP Source Guard Table 67 IP Source Guard Static Binding (continued) LABEL DESCRIPTION Port This field displays the port various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. 218 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 219
Figure 119 DHCP Snooping Chapter 25 IP Source Guard MES-3528 User's Guide 219 - ZyXEL MES-3528 | User Guide - Page 220
25 IP Source Switch has tried to access the DHCP snooping database for any reason. This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database. 220 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 221
can clear these counters by restarting the Switch or using CLI commands. See the CLI Reference Guide. Binding collisions This field displays the number of bindings the Switch has ignored because the Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field - ZyXEL MES-3528 | User Guide - Page 222
this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 120 DHCP Snooping Configure 222 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 223
from a DHCP snooping database, it does not discard the current dynamic bindings first. If there is a conflict, the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping screen (Section 25.4 on page 218). MES-3528 User's Guide 223 - ZyXEL MES-3528 | User Guide - Page 224
Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset IP Source Guard > DHCP Snooping > Configure - ZyXEL MES-3528 | User Guide - Page 225
and source IP address in VLAN Configure Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 31 on page 263) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 226
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. 226 MES-3528 - ZyXEL MES-3528 | User Guide - Page 227
seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). This field displays the reason the ARP packet was discarded. MAC+VLAN: The MAC address and VLAN ID were not in the binding table. IP: The MAC address and VLAN ID were in the binding table, but - ZyXEL MES-3528 | User Guide - Page 228
Switch last restarted. Request This field displays the total number of ARP Request packets received from the VLAN since the Switch last restarted. Reply This field displays the total number of ARP Reply packets received from the VLAN since the Switch last restarted. 228 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 229
IP Source Guard Table 73 ARP Inspection VLAN Status LABEL DESCRIPTION Forwarded This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted. Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN - ZyXEL MES-3528 | User Guide - Page 230
.7.2 on page 234. This field displays when the log message was generated. 25.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global 230 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 231
Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer. Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 25.6.2 on page 229. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 232
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. 232 MES-3528 - ZyXEL MES-3528 | User Guide - Page 233
You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > Port. maximum rate at which ARP packets can arrive on untrusted ports. MES-3528 User's Guide 233 - ZyXEL MES-3528 | User Guide - Page 234
ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN. Figure 128 ARP Inspection VLAN Configure 234 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 235
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. MES-3528 User's Guide 235 - ZyXEL MES-3528 | User Guide - Page 236
Chapter 25 IP Source Guard 236 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 237
broadcast again and again causing a broadcast storm. If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: • It will receive broadcast messages sent out from the switch in loop state. MES-3528 User's Guide 237 - ZyXEL MES-3528 | User Guide - Page 238
port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are also protects against standard network loops. The following figure illustrates three switches forming a loop. A sample path of the loop guard probe - ZyXEL MES-3528 | User Guide - Page 239
Switch. Figure 132 Loop Guard - Network Loop A P P N P Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 8.7 on page 83) or via commands (See the CLI Reference Guide > Loop Guard MES-3528 User's Guide 239 - ZyXEL MES-3528 | User Guide - Page 240
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 240 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 241
to switches B, C and D. Topology change information can be propagated throughout the service provider's network. To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 242
C 27.1.1 Layer 2 Protocol Tunneling Mode Each port can have two layer 2 protocol tunneling modes, Access and Tunnel. • The Access port is an ingress port on the service provider's edge device (1 or 2 in Figure 135 on page 242) and connected to a customer switch (A or B). Incoming layer 2 protocol - ZyXEL MES-3528 | User Guide - Page 243
2 protocol tunneling on the Switch. Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer not exist in the address table of a switch on the service provider's network. Note: All the edge switches in the service provider's network should be set to use - ZyXEL MES-3528 | User Guide - Page 244
customer switches can use consistent VLAN configuration through the service provider's network. The Switch supports PAgP (Port Aggregation Protocol), LACP (Link Aggregation Control Protocol) and UDLD (UniDirectional Link Detection) tunneling for a point-to-point topology. PAGP LACP UDLD Mode Both - ZyXEL MES-3528 | User Guide - Page 245
packets from clients on a per-port or per-port-per-VLAN basis before forwarding them to the PPPoE server. PPPoE Client PPPoE Agent Tag Format If the PPPoE Intermediate Agent is enabled, the Switch adds a vendor-specific tag to PADI (PPPoE Active Discovery PPPoE client. MES-3528 User's Guide 245 - ZyXEL MES-3528 | User Guide - Page 246
The next field specifies the length of the field. The Switch takes the Circuit ID string you manually configure for a VLAN on a port as the highest priority and the Circuit ID ID delimiter Port No delimiter VLAN ID (1 byte) (1 byte) (1 byte) (2 byte) (1 byte) (4 bytes) 246 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 247
VLAN on a port or for a specific port, and disable the flexible Circuit ID syntax in the PPPoE > Intermediate Agent screen, the Switch automatically generates a Circuit ID string according to the default (1 byte) VLAN ID (4 Switch Switch Switch forwards it to other trusted port(s). Note: The Switch - ZyXEL MES-3528 | User Guide - Page 248
> PPPoE Intermediate Agent 28.3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional information that the server can use to identify the screen as shown. Figure 138 Advanced Application > PPPoE Intermediate Agent 248 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 249
the PPPoE intermediate agent. The default is the Switch's host name. Spaces are allowed. Use this section to configure the Circuit ID field according to the flexible Circuit ID syntax. Active The Circuit ID you configure for a specific port or for a specific VLAN on a port has priority over - ZyXEL MES-3528 | User Guide - Page 250
packets from PPPoE clients on a per-port basis. Note: The Switch will drop all PPPoE packets if you enable the PPPoE Intermediate Agent on the Switch and there are no trusted ports. Click the Port link in the row are copied to all the ports as soon as you make them. 250 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 251
the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 252
the * VLAN, the settings are applied to all VLANs. * Use this row to make the setting the same for all VLANs. Use this row first and then make adjustments on a VLAN-by-VLAN basis. Note: Changes in this row are copied to all the VLANs as soon as you make them. 252 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 253
on a VLAN and whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown. Figure 141 Advanced Application > PPPoE Intermediate Agent > VLAN MES-3528 User's Guide 253 - ZyXEL MES-3528 | User Guide - Page 254
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 254 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 255
Switch sends reply traffic to default gateway R1 which routes it back to the manager's computer. The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2. Figure 142 Static Routing Overview N1 N2 Telnet SNMP R1 R2 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 256
Table 89 IP Application > IP Address This parameter specifies the IP network address of the final destination. IP IP Address Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch new static route to the Switch's run-time memory. The Switch loses these changes if - ZyXEL MES-3528 | User Guide - Page 257
Chapter 29 Static Route Table 89 IP Application > Static Routing (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the above fields to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. Index This field displays the index number of - ZyXEL MES-3528 | User Guide - Page 258
Chapter 29 Static Route 258 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 259
defines a new DS (Differentiated Services) field to replace the Type of Service (ToS) field in the IP header. The DS field contains a 6-bit DSCP field which can define up to 64 service levels and the remaining 2 the DiffServ network. Based on the marking rule different MES-3528 User's Guide 259 - ZyXEL MES-3528 | User Guide - Page 260
Chapter 30 Differentiated Services kinds of traffic can be marked for different priorities of forwarding. Resources can Silver B - Bronze SGP P S B B S GP P 30.2 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the Switch. 260 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 261
IP Application > DiffServ LABEL Active Apply DESCRIPTION Select this option to enable DiffServ on the Switch. Click Apply to save your changes to the Switch's run-time memory. The Switch The following table shows the default DSCP-to-IEEE802.1p mapping. Table 91 Default DSCP-IEEE 802.1p Mapping - ZyXEL MES-3528 | User Guide - Page 262
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 262 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 263
based on the following criteria: • Global: The Switch forwards all DHCP requests to the same DHCP server. • VLAN: The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. MES-3528 User's Guide 263 - ZyXEL MES-3528 | User Guide - Page 264
labels in this screen. Table 93 IP Application > DHCP LABEL Relay Mode DESCRIPTION This field displays: • None: if the Switch is not configured as a DHCP relay agent. • Global: if the Switch is configured as a DHCP relay agent only. • VLAN: followed by a VLAN ID if it is configured as a relay - ZyXEL MES-3528 | User Guide - Page 265
alone switches. Port ID (1 byte) This is the port that the DHCP client is connected to. VLAN ID (2 bytes) This is the VLAN that IP Application > DHCP in the navigation panel and click the Global link to display the screen as shown. Figure 149 IP Application > DHCP > Global MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 266
a network example where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains the Option 82 check box to set the Switch to send additional information (such as the VLAN ID) 266 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 267
the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 268
to save your changes to the Switch's run-time memory. The Switch loses these changes if it is VLAN group to which this DHCP settings apply. This field displays the DHCP mode (Relay). For DHCP relay configuration, this field displays the first remote DHCP server IP address. 268 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 269
DHCP server with an IP address of 172.23.10.100. Figure 153 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 154 DHCP Relay for Two VLANs Configuration Example MES-3528 User's Guide 269 - ZyXEL MES-3528 | User Guide - Page 270
Chapter 31 DHCP 270 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 271
that let you maintain the firmware and configuration files. 32.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click 2) is currently operating on the Switch. Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen. Restore Click Click Here - ZyXEL MES-3528 | User Guide - Page 272
Switch. 32.2 Load Factory Default Follow the steps below to reset the Switch back to the factory defaults Switch web configurator again, you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1). 272 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 273
the Switch's configuration. Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch. 32.5 Firmware Upgrade Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 274
Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. After the firmware upgrade process is complete, see the System Info screen to verify your current firmware version number. - ZyXEL MES-3528 | User Guide - Page 275
a later date. Back up your current Switch configuration to a computer using the Backup the steps below to back up the current Switch configuration to your computer in this screen. default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch - ZyXEL MES-3528 | User Guide - Page 276
Procedure 1 Launch the FTP client on your computer. 2 Enter open, followed by a space and the IP address of your Switch. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is "1234"). 5 Enter bin to set transfer mode to binary. 276 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 277
. Configuration and firmware files should be transferred in binary mode. Specify the default remote directory (path). Specify the default local directory (path). 32.8.4 FTP Restrictions FTP will not work when: • FTP service is disabled in the Service Access Control screen. • The IP address(es) in - ZyXEL MES-3528 | User Guide - Page 278
Chapter 32 Maintenance 278 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 279
describes how to control access to the Switch. 33.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different user names and passwords) and/ or limitless SNMP access control sessions are allowed. Table - ZyXEL MES-3528 | User Guide - Page 280
about a switch. Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. 280 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 281
. The Switch supports the following MIBs: • SNMP MIB II (RFC 1213) • RFC 1157 SNMP v1 • RFC 1493 Bridge MIBs • RFC 1643 Ethernet MIBs • RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c • RFC 1757 RMON • SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP - ZyXEL MES-3528 | User Guide - Page 282
MIB OID. Table 101 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent when the Switch is turned on. warmstart warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent when the Switch restarts. reset r 7.2.2 Switch gets the SNMP - ZyXEL MES-3528 | User Guide - Page 283
Chapter 33 Access Control Table 102 SNMP Interface Traps (continued) OPTION OBJECT when authentication fails due to incorrect user name and/or password. RADIUSNotReachableEve ntOn 1.3.6.1.4.1.890.1.5.8.51.2 7.2.1 This trap is 7.2.2 TACACS+ server can be reached. MES-3528 User's Guide 283 - ZyXEL MES-3528 | User Guide - Page 284
7.2.2 TACACS+ accounting server can be reached. Table 104 SNMP IP Traps OPTION OBJECT LABEL ping pingProbeFailed pingTestFailed pingTestCompleted traceroute traceRoutePathChange when a traceroute test fails. This trap is sent when a traceroute test is completed. 284 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 285
Chapter 33 Access Control Table 105 SNMP Switch Traps OPTION OBJECT LABEL stp STPNewRoot MRSTPNewRoot MSTPNewRoot STPTopologyChange is sent when the variable falls below the RMON "falling" threshold. The trap is sent when the Switch detects a connectivity fault. MES-3528 User's Guide 285 - ZyXEL MES-3528 | User Guide - Page 286
Get Community string is only used by SNMP managers using SNMP version 2c or lower. Enter the Set Community, which is the password for incoming Setrequests from the management station. The Set Community string is only used by SNMP managers using SNMP version 2c or lower. 286 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 287
string, which is the password sent with each trap to the SNMP manager. Trap Destination Version IP Port Username The Trap Community string is only used by SNMP managers using SNMP version 2c or lower. Use this section to configure where to send SNMP traps from the Switch. Specify the version of - ZyXEL MES-3528 | User Guide - Page 288
IP address in the SNMP Setting screen. Type Options Use the rest of the screen to select which traps the Switch sends to that SNMP manager. Select the categories of SNMP traps that the Switch is to send to the SNMP manager. Select the individual SNMP traps that the Switch is to send to the SNMP - ZyXEL MES-3528 | User Guide - Page 289
this user. • priv - to implement authentication and encryption for SNMP messages sent by this user. This is the highest security level. Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the switch. MES-3528 User's Guide 289 - ZyXEL MES-3528 | User Guide - Page 290
Cancel to reset the fields back to your previous configuration. Click Clear to set the above fields back to the factory defaults. This field displays the policy index number. Click an index number to edit the SNMP user. This field displays the username of an SNMP account on the switch. This field - ZyXEL MES-3528 | User Guide - Page 291
user name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped). New Password Enter your new system password. Retype to confirm Retype your new system password for confirmation MES-3528 User's Guide 291 - ZyXEL MES-3528 | User Guide - Page 292
CLI Reference Guide. User Name Set a user name (up to 32 ASCII characters long). Password Enter your new system password. Retype to confirm Retype your new system password for confirmation Apply Click Apply to save your changes to the Switch's run-time memory. The Switch MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 293
client computer. 2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. MES-3528 User's Guide 293 - ZyXEL MES-3528 | User Guide - Page 294
password) to the server to log in to the server. 33.6 SSH Implementation on the Switch Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch to the Switch over SSH Switch - ZyXEL MES-3528 | User Guide - Page 295
in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 33.8 HTTPS Example If you haven't changed the default HTTPS port on the Switch, then in your browser enter "https://Switch IP Address/" as the web site address where "Switch IP Address" is the IP address or - ZyXEL MES-3528 | User Guide - Page 296
170 Security Alert Dialog Box (Internet Explorer) 33.8.2 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection. Figure 171 Example: Lock - ZyXEL MES-3528 | User Guide - Page 297
are listed here. Active Select this option for the corresponding services that you want to allow to access the Switch. Service Port For Telnet, SSH, FTP, HTTP or HTTPS services, you may change the default service port by typing the new port number in the Server Port field. If you change the - ZyXEL MES-3528 | User Guide - Page 298
range of trusted computers from which you can manage this Switch. End Address The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match. 298 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 299
Chapter 33 Access Control Table 111 Management > Access Control > Remote Management (continued) LABEL DESCRIPTION Telnet/FTP/ HTTP/ICMP/ SNMP/SSH/ HTTPS Select services that may be used for managing the Switch from the specified trusted computers. Apply Click Apply to save your changes to the - ZyXEL MES-3528 | User Guide - Page 300
Chapter 33 Access Control 300 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 301
CHAPTER 34 Diagnostic This chapter explains the Diagnostic screen. 34.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 174 Management > Diagnostic MES-3528 User's Guide 301 - ZyXEL MES-3528 | User Guide - Page 302
entry. Type the IP address of a device that you want to ping in order to test a connection. Ethernet Port Test Click Ping to have the Switch ping the IP address (in the field to the left). Enter a port number and click Port Test to perform an internal loopback test. 302 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 303
syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. MES-3528 User's Guide 303 - ZyXEL MES-3528 | User Guide - Page 304
-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 304 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 305
edit the entry later). Server Address Enter the IP address of the syslog server. Log Level to save your changes to the Switch's run-time memory. The Switch loses these changes if it is Clear to return the fields to the factory defaults. Index This is the index number of 3528 User's Guide 305 - ZyXEL MES-3528 | User Guide - Page 306
Chapter 35 Syslog 306 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 307
of cluster 24 members Cluster Member Models Must be compatible with ZyXEL cluster management implementation. Cluster Manager The switch through which you manage the cluster member switches. Cluster Members The switches being managed by the cluster manager switch. MES-3528 User's Guide 307 - ZyXEL MES-3528 | User Guide - Page 308
A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 177 Clustering Application Example 36.2 screen. Note: A cluster can only have one manager. Figure 178 Management > Cluster Management: Status 308 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 309
's hardware MAC address. This is the cluster member switch's System Name. This field displays the model name. This field displays: Online (the cluster member switch is accessible) Error (for example the cluster member switch password was changed or the switch was set as the manager and so left the - ZyXEL MES-3528 | User Guide - Page 310
Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 Switch FTP version 1.0 ready at Thu Jan 1 00:58:46 1970 User (192.168.0.1:(none)): admin 331 Enter PASS command Password: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> 310 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 311
. Table 118 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Password ls Enter "admin". The web configurator password default is 1234. Enter this command to list the name of cluster member switch's firmware and configuration file. 390BHR0.bin This is the name of the - ZyXEL MES-3528 | User Guide - Page 312
Active to have this Switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to managers will not be visible in the Clustering Candidates list. If a switch that was previously a cluster member is later set to become a cluster - ZyXEL MES-3528 | User Guide - Page 313
managers will not be visible in the Clustering Candidate list. Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list. Each cluster member's password is its web configurator password. Select a member in the Clustering Candidate list and then - ZyXEL MES-3528 | User Guide - Page 314
Chapter 36 Cluster Management 314 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 315
. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). The Switch uses the MAC table to determine how to forward frames - ZyXEL MES-3528 | User Guide - Page 316
Chapter 37 MAC Table • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 183 Management > MAC Table 316 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 317
screen and the default filtering action is VLAN group to which this frame belongs. This is the port where the above MAC address is forwarded. This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 318
Chapter 37 MAC Table 318 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 319
on the LAN. The Switch fills in its own MAC and IP address in the sender address fields, and puts the known IP address of the target in the target IP address field. In addition, the Switch puts all ones in the and then sends the packet to the MAC address that replied. MES-3528 User's Guide 319 - ZyXEL MES-3528 | User Guide - Page 320
learned IP address of a device connected to a Switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above. Type This shows whether the MAC address is dynamic (learned by the Switch) or static. 320 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 321
advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 185 Management > Configure Clone MES-3528 User's Guide 321 - ZyXEL MES-3528 | User Guide - Page 322
's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 322 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 323
the power adaptor or cord to the Switch. 4 If the problem continues, contact the vendor. The ALM LED is on. 1 Disconnect and re-connect the power adaptor or cord to the Switch. 2 If the problem continues, contact the vendor. One of the LEDs does not behave as expected. MES-3528 User's Guide 323 - ZyXEL MES-3528 | User Guide - Page 324
I forgot the IP address for the Switch. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the Switch. 3 If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page 50. I forgot the username and/or password. 1 The default username is - ZyXEL MES-3528 | User Guide - Page 325
step.) 5 Reset the device to its factory defaults, and try to access the Switch with the default IP address. See Section 4.6 on page 50. 6 If the problem continues, contact the vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the Switch using another service, such - ZyXEL MES-3528 | User Guide - Page 326
configuration into the Switch's nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 32.3 on page 273 for more information about how to save your configuration. 326 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 327
, with one port active at a time.) Auto-negotiation Auto-MDIX One console port Compliant with IEEE 802.3ad/u/x Back pressure flow control for half duplex Flow control for full duplex (IEEE 802.3x) LEDs External signal jack Per switch: PWR, SYS, ALM Per Fast Ethernet RJ-45 10/100 port: LNK - ZyXEL MES-3528 | User Guide - Page 328
length: 6 ~7 mm Table 124 Firmware Specifications FEATURE DESCRIPTION Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Administrator User Name admin Default Password 1234 Number of Login Accounts Configurable on the Switch 4 management accounts configured on - ZyXEL MES-3528 | User Guide - Page 329
you copy the traffic to) without interference. Static Route Static routes allow the Switch to communicate with management stations not reachable via the default gateway. Multicast VLAN Registration (MVR) Multicast VLAN Registration (MVR) is designed for applications (such as Media-on-Demand (MoD - ZyXEL MES-3528 | User Guide - Page 330
the settings you configure on one port to another port or ports. Syslog The Switch can generate syslog messages and send it to a syslog server. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the - ZyXEL MES-3528 | User Guide - Page 331
per IP/TCP/UDP Supports rate limiting at 64 Kb increments Layer2 protocol tunneling IPV4 support 64 Management IPs Static Routing DHCP client DHCP relay VLAN-based DHCP relay Filtering DHCP snooping Support L2 MAC filtering, L3 IP filtering, Layer 4 TCP/UDP socket MES-3528 User's Guide 331 - ZyXEL MES-3528 | User Guide - Page 332
TACACS+ servers 802.1X VLAN and bandwidth assignment. IP source guard Static IP/MAC binding DHCP snooping ARP Inspection The following list, which is not exhaustive, illustrates the standards supported in the Switch. Table 126 Standards Supported STANDARD DESCRIPTION RFC 826 Address - ZyXEL MES-3528 | User Guide - Page 333
Management Protocol version 1 SNMP MIB II Network Time Protocol (NTP version 3) SNMPv2 Simple Network Management Protocol version 2 Bridge MIBs Ethernet MIBs RMON SNMPv2c Simple Network Management Protocol version 2c RADIUS (Remote Authentication Dial In User Service) RADIUS Accounting Internet - ZyXEL MES-3528 | User Guide - Page 334
Chapter 41 Product Specifications 334 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 335
the fuse housing. Dispose of the burnt-out fuse properly. Installing a Fuse 1 The Switch is shipped from the factory with one spare fuse included in a box-like section of fuse housing back into the Switch until you hear a click. 4 Plug the power cord back into the unit. MES-3528 User's Guide 335 - ZyXEL MES-3528 | User Guide - Page 336
Appendix A Changing a Fuse 336 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 337
by ICQ. Authentication protocol used by some servers. Border Gateway Protocol. DHCP Client. DHCP Server. A popular videoconferencing solution from White Pines Software. Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. MES-3528 User's Guide 337 - ZyXEL MES-3528 | User Guide - Page 338
transparent file sharing for network environments. Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. 338 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 339
Services (continued) NAME POP3 PROTOCOL TCP PPTP TCP PPTP_TUNNEL (GRE) User-Defined RCMD REAL_AUDIO REXEC RLOGIN RTELNET RTSP TCP TCP TCP TCP TCP TCP/UDP SFTP TCP SMTP TCP SNMP SNMP server through a temporary connection (TCP/IP or other). Point-to-Point Tunneling 3528 User's Guide 339 - ZyXEL MES-3528 | User Guide - Page 340
Services Table 127 Commonly Used Services (continued) NAME TELNET TFTP VDOLIVE PROTOCOL TCP UDP TCP PORT(S) 23 69 7000 DESCRIPTION Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP solution. 340 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 341
photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not two conditions: • This device may not cause harmful interference. MES-3528 User's Guide 341 - ZyXEL MES-3528 | User Guide - Page 342
and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this .11. 342 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 343
. You may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. MES-3528 User's Guide 343 - ZyXEL MES-3528 | User Guide - Page 344
/1/24 WEEE Direktiv 2002/96/EC (WEEE: hantering av elektriskt och elektroniskt avfall) 2008/34/EC Deklaration undertecknad av: Namn/Titel: Raymond Huang / Quality & Customer Service Division Assistant VP Datum (åååå/mm/dd): 2011/1/24 344 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 345
remote management 298 service port 297 SNMP 280 accounting 197 setup 203 address learning, MAC 98, 101 Address Resolution Protocol (ARP) 319, 321, 322 administrator password 291 age 134 aggregator ID 151, 153 airflow 36 applications backbone 21 bridging 22 IEEE 802.1Q VLAN 23 switched workgroup 23 - ZyXEL MES-3528 | User Guide - Page 346
168 cloning a port See port cloning 322 cluster management 307 and switch passwords 313 cluster manager 307, 312 cluster member 307, 313 cluster member firmware upgrade 310 network example 308 setup 312 specification 307 status 308 switch models 307 VID 313 web configurator 309 cluster manager 307 - ZyXEL MES-3528 | User Guide - Page 347
rules 115 filtering database, MAC table 315 firmware 76 upgrade 273, 310 flow control 84 95, 96 and port assignment 96 GVRP (GARP VLAN Registration Protocol) 88 H hardware installation 27 hardware overview fast 185 mormal 185 IGMP snooping 182 and VLANs 182 MVR 189 setup 186 IGMP throttling 185 - ZyXEL MES-3528 | User Guide - Page 348
Index IP address 82 IP capability 331 IP interface 81 IP services 331 IP setup 80 IP source guard 211 ARP inspection 211, 214 DHCP snooping 211, 212 static bindings 211 IP subnet mask 82 L L2PT 241 access port 242 CDP 241 configuration 243 encapsulation 241 LACP 241 MAC address 241 mode 242 overview - ZyXEL MES-3528 | User Guide - Page 349
33 MIB and SNMP 280 supported MIBs 281 MIB (Management IP addresses 181 overview 181 setup 183, 184 multicast group 187 multicast VLAN VLAN Registration) 189 N network applications 21 network management system (NMS) 280 NTP (RFC-1305) 77 P PAGP 244 password 159, 201 port based VLAN type 79 port cloning - ZyXEL MES-3528 | User Guide - Page 350
335 resetting 50, 272 to factory default settings 272 restoring configuration 50, 274 RFC 3164 303 Round Robin Scheduling 178 routing protocols 331 RSTP 117 S safety certifications 333 safety warnings 6 save configuration 49, 273 security 331 service access control 297 service port 297 MES-3528 User - ZyXEL MES-3528 | User Guide - Page 351
MIB 281 network components 280 object variables 280 protocol operations 281 setup 286, 287 version 3 281 versions supported 280 SNMP traps 282 setup 287 supported based VLAN 98 and DHCP VLAN 98 priority 98 setup 98 subnet based VLANs 96 switch lockout 50 switch reset 50 switch setup 79 switching 330 - ZyXEL MES-3528 | User Guide - Page 352
59 Type of Service (ToS) 259 VLAN 99 VSA 206 VT100 32 VTP 244 W warranty 343 note 343 web configurator 43 getting help 52 home 44 login 43 logout 51 navigation panel 46 weight, queuing 178 Weighted Round Robin Scheduling (WRR) 178 WRR (Weighted Round Robin Scheduling) 178 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 353
Z ZyNOS (ZyXEL Network Operating System) 276 Index MES-3528 User's Guide 353 - ZyXEL MES-3528 | User Guide - Page 354
Index 354 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 355
Index MES-3528 User's Guide 355 - ZyXEL MES-3528 | User Guide - Page 356
Index 356 MES-3528 User's Guide - ZyXEL MES-3528 | User Guide - Page 357
Index MES-3528 User's Guide 357 - ZyXEL MES-3528 | User Guide - Page 358
Index 358 MES-3528 User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
 |
 |
www.zyxel.com
MES-3528
Layer 2+ Metro Ethernet Switch
Copyright © 2011
ZyXEL Communications Corporation
Firmware Version 3.90
Edition 2, 8/2011
Default Login Details
IP Address
User Name
admin
Password
1234