ZyXEL MES3500-24F User Guide
ZyXEL MES3500-24F Manual
 |
View all ZyXEL MES3500-24F manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL MES3500-24F manual content summary:
- ZyXEL MES3500-24F | User Guide - Page 1
MES3500-24/24F Layer 2 Management Switch Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 4.00 Edition 1, 12/2011 www.zyxel.com www.zyxel.com Copyright © 2011 ZyXEL Communications Corporation - ZyXEL MES3500-24F | User Guide - Page 2
- ZyXEL MES3500-24F | User Guide - Page 3
Guide The Command Reference Guide explains how to use the Command-Line Interface (CLI) and CLI commands to configure the Switch. Note: It is recommended you use the web configurator to configure the Switch. • Support Disc Refer to the included CD for support documents. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 4
things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The MES3500-24/24F may be referred to as the "Switch", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are all in bold font - ZyXEL MES3500-24F | User Guide - Page 5
cables to the correct ports. • Place connecting cables carefully so that no one will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • and electronic equipment should be treated separately. MES3500-24/24F User's Guide 5 - ZyXEL MES3500-24F | User Guide - Page 6
Safety Warnings 6 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 7
Guide ...21 Getting to Know Your Switch ...23 Hardware Installation and Connection 27 Hardware Overview ...30 The Web Configurator ...39 Initial Setup Example ...49 Tutorials ...53 Technical Reference ...79 System Status and Port ...265 Differentiated Services ...268 MES3500-24/24F User's Guide 7 - ZyXEL MES3500-24F | User Guide - Page 8
Contents Overview DHCP ...276 Maintenance ...283 Access Control ...290 Diagnostic ...312 Syslog ...313 Cluster Management ...316 MAC Table ...322 ARP Table ...325 Configure Clone ...327 Troubleshooting ...329 8 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 9
27 2.3.2 Attaching the Mounting Brackets to the Switch 28 2.3.3 Mounting the Switch on a Rack 29 Chapter 3 Hardware Overview ...30 3.1 Front Panel ...30 3.1.1 Console Port ...31 3.1.2 Ethernet Ports ...32 3.1.3 Transceiver Slots ...32 3.1.4 Power Connector ...34 MES3500-24/24F User's Guide 9 - ZyXEL MES3500-24F | User Guide - Page 10
on the Switch 66 6.5 How to Set Up a Guest VLAN 68 6.5.1 Creating a Guest VLAN 68 6.5.2 Enabling IEEE 802.1x Port Authentication 71 6.5.3 Enabling Guest VLAN 72 6.6 How to Do Port Isolation in a VLAN 73 6.6.1 Creating a VLAN ...74 6.6.2 Creating a Private VLAN Rule 76 10 MES3500-24/24F User - ZyXEL MES3500-24F | User Guide - Page 11
...89 8.4.1 Smart Isolation ...90 8.5 Switch Setup ...91 8.6 IP Setup ...93 8.6.1 Management IP Addresses 93 8.7 Port Setup ...95 Chapter 9 VLAN ...97 9.10 Create an IP-based VLAN Example 109 9.11 Port-based VLAN Setup 110 9.11.1 Configure a Port-based VLAN 111 MES3500-24/24F User's Guide 11 - ZyXEL MES3500-24F | User Guide - Page 12
of Contents Chapter 10 Static MAC Forward Setup 114 10.1 Overview ...114 10.2 Configuring Static MAC 122 13.1.1 STP Terminology 122 13.1.2 How STP Works ...123 13.1.3 STP Port States ...123 13.1.4 Multiple RSTP ...124 13.1.5 Multiple STP ...124 13 Control Setup 144 12 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 13
VLAN ...160 18.2.3 Activate MAC Authentication 162 Chapter 19 Port Security ...164 19.1 About Port Security ...164 19.2 Port Security Setup ...164 Chapter 20 Classifier...166 20.1 About the Policy Rules 171 21.3 Viewing and Editing Policy Configuration 174 MES3500-24/24F User's Guide 13 - ZyXEL MES3500-24F | User Guide - Page 14
Types of MVR Ports 194 24.6.2 MVR Modes ...194 24.6.3 How MVR Works ...194 24.7 General MVR Configuration 195 24.8 MVR Group Configuration 197 24.8.1 MVR Configuration Example 198 Chapter 25 AAA ...201 25.1 Authentication, Authorization and Accounting (AAA 201 14 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 15
Attribute 209 25.2.5 Tunnel Protocol Attribute 210 25.3 Supported RADIUS Attributes 210 25.3.1 Attributes Used for Authentication 211 ...220 26.5 DHCP Snooping Configure 222 26.5.1 DHCP Snooping Port Configure 224 26.5.2 DHCP Snooping VLAN Configure 225 26.6 ARP MES3500-24/24F User's Guide 15 - ZyXEL MES3500-24F | User Guide - Page 16
30 sFlow...245 30.1 sFlow Overview ...245 30.2 sFlow Port Configuration 246 30.2.1 sFlow Collector Configuration 247 Chapter 31 PPPoE ...249 31.1 PPPoE Intermediate Agent Overview 249 265 34.2 Configuring Static Routing 266 Chapter 35 Differentiated Services...268 16 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 17
Load Factory Default ...284 37.3 Save Configuration ...284 37.4 Reboot System ...284 37.5 Firmware Upgrade ...285 37.6 Restore a Configuration File 286 37.7 Backup a Configuration File 286 37.8 288 Chapter 38 Access Control ...290 38.1 Access Control Overview 290 MES3500-24/24F User's Guide 17 - ZyXEL MES3500-24F | User Guide - Page 18
316 41.1 Cluster Management Status Overview 316 41.2 Cluster Management Status 317 41.2.1 Cluster Member Switch Management 318 41.3 Clustering Management Configuration 320 Chapter 42 MAC Table ...322 42.1 MAC Table Overview ...322 42.2 Viewing the MAC Table 323 18 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 19
Clone...327 44.1 Configure Clone ...327 Chapter 45 Troubleshooting...329 45.1 Power, Hardware Connections, and LEDs 329 45.2 Switch Access and Login 330 45.3 Switch Configuration ...332 Appendix A Common Services 333 Appendix B Legal Information 337 Index ...341 MES3500-24/24F User's Guide 19 - ZyXEL MES3500-24F | User Guide - Page 20
Table of Contents 20 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 21
PART I User's Guide 21 - ZyXEL MES3500-24F | User Guide - Page 22
22 - ZyXEL MES3500-24F | User Guide - Page 23
This chapter introduces the main features and applications of the Switch. 1.1 Introduction The Switch is a layer-2 standalone Ethernet switch. The MES3500-24 has 24 10/100 Mbps fast Ethernet ports. The MES3500-24F has 24 100 Mbps fast Ethernet SFP slots. Both also have four GbE dual personality - ZyXEL MES3500-24F | User Guide - Page 24
same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches. Moreover, the current LAN structure can be retained as all ports can freely communicate with each other. Figure 3 High Performance Switched Workgroup Application 24 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 25
perform diagnostic functions, such as "ping" • IPv4/IPv6 dual stack; the Switch can run IPv4 and IPv6 at the same time • DHCPv6 client and relay • Multicast Listener Discovery (MLD) snooping and proxy For more information on IPv6, refer to the CLI Reference Guide. MES3500-24/24F User's Guide 25 - ZyXEL MES3500-24F | User Guide - Page 26
or even crashes. If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. 26 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 27
M3 flat head screws and a #2 Philips screwdriver. • Four M5 flat head screws and a #2 Philips screwdriver. Failure to use the proper screws may damage the unit. MES3500-24/24F User's Guide 27 - ZyXEL MES3500-24F | User Guide - Page 28
screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch. 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch. 4 You may now mount the Switch on a rack. Proceed to the next section. 28 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 29
side of the rack. Figure 6 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack. MES3500-24/24F User's Guide 29 - ZyXEL MES3500-24F | User Guide - Page 30
MES3500-24 Front Panel: DC Model Power Switch LEDs Signal slot Dual Personality Interfaces Console Port Power Connection Fast Ethernet Ports Figure 9 MES3500-24F Front Panel: AC Model LEDs Signal slot Dual Personality Interfaces Console Port Power Connection MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 31
Panel Connections LABEL Power Switch Power Connection 24 10/100 Mbps RJ-45 Fast Ethernet Ports (MES3500-24) 24 100 Mbps Fast SFP Slots (MES3500-24F) Four Dual Personality Interfaces Console Port Signal slot DESCRIPTION This is for DC model only. After you connect the DC power properly (see Section - ZyXEL MES3500-24F | User Guide - Page 32
is a single unit that houses a transmitter and a receiver. The Switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA). See the SFF committee's INF-8074i specification Rev 1.0 for details. 32 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 33
board facing down. 2 Press the transceiver firmly until it clicks into place. 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly the transceiver. 2 Open the transceiver's latch (latch styles vary). MES3500-24/24F User's Guide 33 - ZyXEL MES3500-24F | User Guide - Page 34
on the power. Use only power wires of the required diameter for connecting the Switch to a power supply. 3.1.4.1 AC Power Connection Connect the female end of the power cord to the power socket of your Switch. Connect the other end of the cord to a power outlet. 34 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 35
. • The Switch can be configured to create an error log of the alarm. See Section 40.1 on page 313 for more information on using the system log. 3.1.5.1 Connect a Sensor to the Signal Slot This section shows you how to connect an external sensor device to the Switch. MES3500-24/24F User's Guide 35 - ZyXEL MES3500-24F | User Guide - Page 36
pairs of signal input pins on the Switch's Signal connector--(4,5) (6,7) (8,9) (10,11). The pin numbers run from the ZyXEL Switch which supports the external alarm feature. If daisy-chaining to a ZyXEL switch that is a different model, check your switch ZyXEL Switch. 36 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 37
Off The link to an Ethernet network is down. 100 Mbps Fast SFP Ports (MES3500-24F) 1 ~ 24 Amber On The port has a successfule connection. Off No Ethernet device is connected to this port. Blinking This port is receiving or transmitting data. Mini-GBIC Slots MES3500-24/24F User's Guide 37 - ZyXEL MES3500-24F | User Guide - Page 38
100 Mbps Ethernet network. On The link to a 10 Mbps or a 100 Mbps Ethernet network is up. Off The link to an Ethernet network is down. FDX Amber On The Gigabit port is negotiating in full-duplex mode. Off The Gigabit port is negotiating in half-duplex mode. 38 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 39
enabled by default). • Java permissions (enabled by default). 4.2 System Login 1 Start your web browser. 2 Type "http://" and the IP address of the Switch (for example, the default management IP address is 192.168.1.1) in the Location or Address field. Press [ENTER]. MES3500-24/24F User's Guide 39 - ZyXEL MES3500-24F | User Guide - Page 40
is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. Figure 18 Web Configurator: Login 4 Click OK configurator screen. Figure 19 The Web Configurator Layout B C DE A 40 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 41
settings to a specific configuration file. C - Click this link to go to the status page of the Switch. D - Click this link to log out of the web configurator. E - Click this link to Sub-links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT MES3500-24/24F User's Guide 41 - ZyXEL MES3500-24F | User Guide - Page 42
queue weights for each port. VLAN Stacking This link takes you to screens where you can activate and configure VLAN stacking. Multicast This link takes you to screen where you can configure various multicast features, IGMP snooping and create multicast VLANs. 42 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 43
authorization and accounting services via external servers. how the Switch should forward traffic by configuring the TCP/IP parameters manually. DiffServ Management Maintenance This link takes you to screens where you can perform firmware port to (an)other port(s). MES3500-24/24F User's Guide 43 - ZyXEL MES3500-24F | User Guide - Page 44
(managing through the data ports) if you do one of the following: 1 Delete the management VLAN (default is VLAN 1). 2 Delete all port-based VLANs with the CPU port as a member. The "CPU port" is the management port of the Switch. 3 Filter all traffic to the CPU port. 44 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 45
all services from accessing the Switch. 8 Change a service port number but forget it. Note: Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch. 4.6 Resetting the Switch If - ZyXEL MES3500-24F | User Guide - Page 46
configuration file upload, type atgo to restart the Switch. Figure 21 Resetting the Switch: Via the Console Port Bootbase Version: V1.00 | 11/02/2011 log out. This is recommended after you finish a management session for security reasons. Figure 22 Web Configurator: Logout MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 47
Chapter 4 The Web Configurator MES3500-24/24F User's Guide 47 - ZyXEL MES3500-24F | User Guide - Page 48
Chapter 4 The Web Configurator 48 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 49
broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 23 Initial Setup Network Example: VLAN MES3500-24/24F User's Guide 49 - ZyXEL MES3500-24F | User Guide - Page 50
run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 5.1.2 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 50 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 51
Switch Management IP Address The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. Figure 25 Initial Setup Example: Management IP Address MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 52
you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen. 7 Click Add to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 52 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 53
Client (B) 6 DHCP Client (C) 7 VLAN 1 and 100 1 and 100 1 and 100 PVID 100 100 100 DHCP SNOOPING PORT TRUSTED Yes No No 1 Access the Switch through http://192.168.1.1. Log into the Switch by entering the username (default: admin) and password (default: 1234). MES3500-24/24F User's Guide 53 - ZyXEL MES3500-24F | User Guide - Page 54
Tx Tagging because you don't want outgoing traffic to contain this VLAN tag. Click Add. 3 Go to Advanced Application > VLAN > VLAN Port Setting, and set the PVID of the ports 5, 6 and 7 to 100. This tags untagged incoming frames on ports 5, 6 and 7 with the tag 100. 54 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 55
the top right corner. 6 The DHCP Snooping Port Configure screen appears. Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5. Keep ports 6 and 7 Untrusted because they are connected to DHCP clients. Click Apply. MES3500-24/24F User's Guide 55 - ZyXEL MES3500-24F | User Guide - Page 56
Port ----- 7 6.2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server. The DHCP server can then assign a specific IP address based on the information in the DHCP requests. 56 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 57
steps below to configure port 2 as a member of VLAN 102. 1 Access the web configurator through the Switch's port which is not in VLAN 102. 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. MES3500-24/24F User's Guide 57 - ZyXEL MES3500-24F | User Guide - Page 58
sending. 7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen. 58 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 59
port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 10 the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information (such as the VLAN MES3500-24/24F User's Guide 59 - ZyXEL MES3500-24F | User Guide - Page 60
the Switch to have your settings take effect. 6.3 How to Use PPPoE IA on the Switch You want to configure PPPoE Intermediate Agent on the Switch (A) to pass a subscriber's information to a PPPoE server (S). There is another switch (B) between switch A and server S. 60 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 61
userC N/A N/A N/A REMOTE-ID 00134900000A N/A N/A N/A PPPOE IA PORT TRUSTED Untrusted Trusted Trusted Trusted 6.3.1 Configuring Switch A 1 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. MES3500-24/24F User's Guide 61 - ZyXEL MES3500-24F | User Guide - Page 62
userC as Circuit-id and 00134900000A as Remote-id. Select Trusted for port 12 and then leave the other fields empty. Click Apply. Then Click Intermediate Agent on the top of the screen. 3 The Intermediate Agent screen appears. Click VLAN on the top of the screen. 62 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 63
to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server. Click Apply. 6.3.2 Configuring Switch B The example uses another MES3500-24/24F as switch B. MES3500-24/24F User's Guide 63 - ZyXEL MES3500-24F | User Guide - Page 64
Chapter 6 Tutorials 1 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. 2 Select Trusted for ports 11 and 12 and then click Apply. Then Click Intermediate Agent on the top of the screen. 64 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 65
and End VID. Click Apply. 5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server. Click Apply. MES3500-24/24F User's Guide 65 - ZyXEL MES3500-24F | User Guide - Page 66
on a port You also want the Switch to wait for a period of time (10 minutes) before resuming the port automatically, after the problem(s) are gone the Switch. Then select the Active option of the first entry (port *) to enable loop guard for all ports. Click Apply. 66 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 67
inactive-port as the mode. Then click Apply. 4 Click Advanced Application > Errdisable > Errdisable Recovery, select Active and Timer Status for loopguard and ARP entries. Also enter 180 (180 seconds = 3 minutes) in the Interval field for both entries. Then click Apply. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 68
or local data base. VLAN 1 Guest VLAN 200 Ports 1, 2, 3 and 10 Internet 6.5.1 Creating a Guest VLAN Follow the steps below to configure port 1, 2, 3 and 10 as a member of VLAN 200. 1 Access the web configurator through the Switch's port which is not in VLAN 200. 68 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 69
Chapter 6 Tutorials 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. ports 1, 2, 3 and 10 to be permanent members of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 70
screen and then the VLAN Port Setting link in the VLAN Status screen. 9 Enter 200 in the PVID field for ports 1, 2, 3 and 10 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. 70 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 71
. 6.5.2 Enabling IEEE 802.1x Port Authentication Follow the steps below to enable port authentication to validate access to ports 1~8 to clients based on a RADIUS server. 1 Click Advanced Application > Port Authentication and then the Click Here link for 802.1x. MES3500-24/24F User's Guide 71 - ZyXEL MES3500-24F | User Guide - Page 72
the first Active checkbox to enable 802.1x authentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply. 6.5.3 Enabling Guest VLAN 1 Click the Guest Vlan link in the 802.1x screen. 72 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 73
communicate with devices in VLAN 1. 6.6 How to Do Port Isolation in a VLAN You want to prevent communications between ports in a VLAN but still allow them to access the Internet or network resources through the uplink port in the same VLAN. You use private VLAN to MES3500-24/24F User's Guide 73 - ZyXEL MES3500-24F | User Guide - Page 74
and 25 as a member of VLAN 123. 1 Access the web configurator through the Switch's port which is not in VLAN 123. 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings field and enter 123 in the VLAN Group ID field. 74 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 75
ports. 7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen. MES3500-24/24F User's Guide 75 - ZyXEL MES3500-24F | User Guide - Page 76
in the PVID field for ports 2, 3, 4 and 25 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save VLAN for VLAN 123. 1 Click Advanced Application > Private VLAN. 76 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 77
permanently. Ports 2, 3 and 4 in this VLAN will be added to the isolated port list automatically and cannot send traffic to each other. From port 2, 3, or 4, you should be able to access the device that attachs to port 25, such as a server or default gateway. MES3500-24/24F User's Guide 77 - ZyXEL MES3500-24F | User Guide - Page 78
Chapter 6 Tutorials 78 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 79
PART II Technical Reference 79 - ZyXEL MES3500-24F | User Guide - Page 80
80 - ZyXEL MES3500-24F | User Guide - Page 81
web configurator displays a port statistical summary with links to each port showing statistical details. 7.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 26 Status MES3500-24/24F User's Guide 81 - ZyXEL MES3500-24F | User Guide - Page 82
on this port. This field shows the total amount of time in hours, minutes and seconds the port has been up. Enter a port number and then click Clear Counter to erase the recorded statistical information for that port, or select Any to clear statistics for all ports. 82 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 83
port on the Switch. Figure 27 Status > Port Details The following table describes the labels in this screen. Table 8 Status: Port Details LABEL Port Info Port NO. Name Link DESCRIPTION This field displays the port Down if the port is not connected to any device. MES3500-24/24F User's Guide 83 - ZyXEL MES3500-24F | User Guide - Page 84
Protocol) is enabled, this field displays the STP state of the port (see Section 13.1 on page 122 for more information). LACP defined as the number of maximum collisions before the retransmission count is reset. Late This is the number of times a late collision is 84 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 85
Chapter 7 System Status and Port Statistics Table 8 Status: Port Details (continued) LABEL 128-255 256-511 512-1023 1024-1518 Giant DESCRIPTION and the maximum frame size. The maximum frame size varies depending on your switch model. See Chapter 46 on page 333. MES3500-24/24F User's Guide 85 - ZyXEL MES3500-24F | User Guide - Page 86
server) for management purposes. The Port Setup screen allows you to enable or disable a port on the Switch and configure the port settings, such firmware version number and monitor the Switch temperature and voltage in this screen. Figure 28 Basic Setting > System Info MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 87
of the Switch. ZyNOS F/W Version This field displays the version number of the Switch 's current firmware including the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 88
of your timeserver. The Switch searches for the timeserver for up to 60 seconds. If you select a timeserver that is unreachable, then this screen will appear locked for 60 seconds. Please wait. This field displays the time you open this menu (or refresh the menu). 88 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 89
select 2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or printers and hard disks of another user in the same building. MES3500-24/24F User's Guide 89 - ZyXEL MES3500-24F | User Guide - Page 90
received on designated port 8 from switch C will not be forwarded to any other isolated ports on switch B. A B Before Smart Isolation: Isolated ports: 2~6 Root port: 7 Designated port: 8 After Smart Isolation: Isolated ports: 2~6, 8 Root port: 7 Designated port: 8 90 C MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 91
802.1Q VLAN port isolation or private VLAN and (M)RSTP on the Switch. Smart isolation does not work with MSTP and/or port-based VLAN. MAC address learning reduces outgoing traffic broadcasts. For MAC address learning to occur on a port, the port must be active. MES3500-24/24F User's Guide 91 - ZyXEL MES3500-24F | User Guide - Page 92
the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. 92 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 93
. The factory default subnet mask is 255.255.255.0. You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 31 Basic Setting > IP Setup MES3500-24/24F User's Guide 93 - ZyXEL MES3500-24F | User Guide - Page 94
which are used to access and manage the Switch from the ports belonging to the pre-defined VLAN(s). You must configure a VLAN first. IP Address Enter the IP address for managing the Switch by the members of the VLAN displays the IP address of the default gateway. 94 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 95
this port. You can enter up to 64 alpha-numerical characters. Type Note: Due to space limitation, the port name may be truncated in some web configurator screens. This field displays 10/100M for Fast Ethernet connections and 10/100/1000M for Gigabit connections. MES3500-24/24F User's Guide 95 - ZyXEL MES3500-24F | User Guide - Page 96
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 96 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 97
switches ports, but this can be changed. A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 98
frames that this port received. You may choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port. If set, the Switch discards incoming frames for VLANs that do not have this port as a member. 98 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 99
drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, frames (that were previously untagged) from a port with the specified VID. MES3500-24/24F User's Guide 99 - ZyXEL MES3500-24F | User Guide - Page 100
to the Switch; dynamic - using GVRP, static added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR). Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. 100 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 101
it has been since a normal VLAN was registered or a static VLAN was set up. This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR). MES3500-24/24F User's Guide 101 - ZyXEL MES3500-24F | User Guide - Page 102
for the Switch. See Section port to dynamically join this VLAN group using GVRP. This is the default selection. Select Fixed for the port to be a permanent member of this VLAN group. Select Forbidden if you want to prohibit the port from joining this VLAN group. 102 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 103
VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Port Select this check box to permit VLAN groups beyond the local Switch. This field displays the port number. MES3500-24/24F User's Guide 103 - ZyXEL MES3500-24F | User Guide - Page 104
services). You can also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192.168.1.0/24 (video services). Lastly, you can configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10.1.1.0/24 (data 104 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 105
Example Tagged Frames Internet Untagged Frames 172.16.1.0/24 VID = 100 192.168.1.0/24 VID = 200 10.1.1.0/24 VID = 300 9.7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. MES3500-24/24F User's Guide 105 - ZyXEL MES3500-24F | User Guide - Page 106
IEEE 802.1Q tagged VLAN. Figure 40 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes the labels in this screen. Table 19 Advanced screens. Select the priority level that the Switch assigns to frames belonging to this VLAN. 106 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 107
2 and 3 will be grouped together, and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C. Figure 41 Protocol Based VLAN Application Example MES3500-24/24F User's Guide 107 - ZyXEL MES3500-24F | User Guide - Page 108
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 108 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 109
Click Cancel to begin configuring this screen afresh. 9.10 Create an IP-based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. Follow these steps using the we already created a static VLAN with an ID of 5. Type 5. MES3500-24/24F User's Guide 109 - ZyXEL MES3500-24F | User Guide - Page 110
Switch uses a default VLAN ID of 1. You cannot change it. Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 110 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 111
Port Isolated if you want to restrict users from communicating directly. Click Apply to save your settings. The following screen shows users on a port-based, all-connected VLAN configuration. Figure 44 Advanced Application > VLAN > Port Based VLAN Setup (All Connected) MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 112
Chapter 9 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration. Figure 45 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) 112 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 113
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 113 - ZyXEL MES3500-24F | User Guide - Page 114
a port to access the Switch. See Chapter 19 on page 164 for more information on port security. Click Advanced Applications > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. Figure 46 Advanced Application > Static MAC Forwarding MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 115
. This field displays the ID number of the VLAN group. This field displays the port where the MAC address shown in the next field will be forwarded. Click Delete to remove the selected entry from the summary table. Click Cancel to clear the Delete check boxes. MES3500-24/24F User's Guide 115 - ZyXEL MES3500-24F | User Guide - Page 116
that has been manually entered in the multicast switch will either flood the multicast frames to all ports 24.3 on page 188). Figure 47 shows such unknown multicast frames flooded to all ports. With static multicast forwarding, you can forward these multicasts to port(s) MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 117
Forwarding to A Single Port Figure 49 Static Multicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). MES3500-24/24F User's Guide 117 - ZyXEL MES3500-24F | User Guide - Page 118
hyphen (). For example, enter "3-5" for ports 3, 4, and 5. Enter "3,5,7" for ports 3, 5, and 7. Add Click Add to save your rule to the Switch's run-time memory. The Switch loses this rule if it is turned off the specified multicast MAC address will be forwarded. 118 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 119
displays the port(s) within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. MES3500-24/24F User's Guide 119 - ZyXEL MES3500-24F | User Guide - Page 120
MAC address port filtering. 12.1 Configure a Filtering Rule Configure the Switch to filter Switch can still receive frames originating from the MAC address. Select Discard source and Discard destination to block traffic to/from the MAC address specified in the MAC field. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 121
to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es) in the Delete column. MES3500-24/24F User's Guide 121 - ZyXEL MES3500-24F | User Guide - Page 122
Tree Protocol The Switch supports Spanning Tree Protocol Multiple Spanning Tree Protocol The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to 10 to 60 ALLOWED RANGE 1 to 65535 1 to 65535 1 to 65535 1 to 65535 MES3500-24/24F User's Guide 122 - ZyXEL MES3500-24F | User Guide - Page 123
RANGE 3 to 10 1 to 5 ALLOWED RANGE 1 to 65535 1 to 65535 On each bridge, the bridge communicates with the root through the root port. The root port is the port on this Switch with the lowest processed. All information frames are received and forwarded. MES3500-24/24F User's Guide 123 - ZyXEL MES3500-24F | User Guide - Page 124
MRSTP (Multiple RSTP) is ZyXEL's proprietary feature that is compatible with RSTP and STP. With MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree. Each as traffic from different VLANs can use distinct paths in a region. 124 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 125
Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP region) is increased by one when BPDUs traverse the region. MES3500-24/24F User's Guide 125 - ZyXEL MES3500-24F | User Guide - Page 126
single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP. Figure 56 MSTP and Legacy RSTP Network Example 126 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 127
Spanning Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch. Click Configuration in the Advanced Application > Spanning Tree Protocol. Figure 58 Advanced Application > Spanning Tree Protocol > Configuration MES3500-24/24F User's Guide 127 - ZyXEL MES3500-24F | User Guide - Page 128
122 for background information on STP. Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save screen. Figure 59 Advanced Application > Spanning Tree Protocol > RSTP 128 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 129
the priority for each port here. Priority decides which port should be disabled when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. MES3500-24/24F User's Guide 129 - ZyXEL MES3500-24F | User Guide - Page 130
port. switch transmits a configuration message. The root bridge determines Hello Time, Max Age and Forwarding Delay. Max Age (second) This is the maximum time (in seconds) a switch can wait without receiving a configuration message before attempting to reconfigure. 130 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 131
. This is the path cost from the root port on this Switch to the root switch. This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree This is a read-only index number of the STP trees. MES3500-24/24F User's Guide 131 - ZyXEL MES3500-24F | User Guide - Page 132
LAN through that port. It is recommended that you assign this value according to the speed of the bridge. The slower the media, the higher the cost - see Table 25 on page 122 for more information. Select which STP tree configuration this port should participate in. 132 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 133
a switch can wait without receiving a configuration message before attempting to reconfigure. This is the time (in seconds) the root switch will wait before changing states (that is, listening to learning to forwarding). Note: The listening state does not exist in RSTP. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 134
port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Topology Changed This is the number of times the spanning tree has been reconfigured. Times Time Since Last Change This is the time since the spanning tree was last reconfigured. 134 MES3500-24/24F - ZyXEL MES3500-24F | User Guide - Page 135
Advanced Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 124 for more information on MSTP. Figure 63 Advanced Application > Spanning Tree Protocol > MSTP MES3500-24/24F User's Guide 135 - ZyXEL MES3500-24F | User Guide - Page 136
the Switch will be chosen as the root bridge within the spanning tree instance. Enter priority values between 0 and 61440 in increments of 4096 (thus valid values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 and 61440). 136 MES3500-24/24F User - ZyXEL MES3500-24F | User Guide - Page 137
) to which the MST instance is mapped. This field display the ports configured to participate in the MST instance. Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 137 - ZyXEL MES3500-24F | User Guide - Page 138
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 138 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 139
a configuration message before attempting to reconfigure. This is the time (in seconds) the root switch will wait before changing states (that is, listening to learning to forwarding). This is the path cost from the root port on this Switch to the root switch. MES3500-24/24F User's Guide 139 - ZyXEL MES3500-24F | User Guide - Page 140
root switch. Internal Cost Port ID This is the path cost from the root port in this MST instance to the regional root switch. This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. 140 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 141
incoming and/or out-going traffic flows on a port. 14.1.1 CIR and PIR The Committed Information Rate port exceeding the CIR will be marked for drop. Note: The CIR should be less than the PIR. Note: The sum of CIRs cannot be greater than or equal to the uplink bandwidth. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 142
bandwidth allowed in kilobits per second (Kbps) for the incoming traffic flow on a port. Select this check box to activate egress rate limits on this port. Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic flow on a port. 142 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 143
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 143 - ZyXEL MES3500-24F | User Guide - Page 144
labels in this screen. Table 36 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. Port This field displays a port number. MES3500-24/24F User's Guide 144 - ZyXEL MES3500-24F | User Guide - Page 145
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 145 - ZyXEL MES3500-24F | User Guide - Page 146
. Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port(s). Type the port number of the monitor port. Port This field displays the port number. MES3500-24/24F User's Guide 146 - ZyXEL MES3500-24F | User Guide - Page 147
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 147 - ZyXEL MES3500-24F | User Guide - Page 148
You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. MES3500-24/24F User's Guide 148 - ZyXEL MES3500-24F | User Guide - Page 149
activated and there is a port belonging to this group. These are the ports that are currently transmitting data as one logical link in this trunk group. 1. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. MES3500-24/24F User's Guide 149 - ZyXEL MES3500-24F | User Guide - Page 150
's source and destination IP addresses. This field displays how these ports were added to the trunk group. It displays: • Static - if the ports are configured as static members of a trunk group. • LACP - if the ports are configured to join a trunk group via LACP. 150 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 151
you need to configure to enable static link aggregation. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. MES3500-24/24F User's Guide 151 - ZyXEL MES3500-24F | User Guide - Page 152
address. Port Group Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 152 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 153
a number to set the priority of an active port using Link Aggregation Control Protocol (LACP). The smaller the number, the higher the priority level. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. MES3500-24/24F User's Guide 153 - ZyXEL MES3500-24F | User Guide - Page 154
Make your physical connections - make sure that the ports that you want to belong to the trunk group are connected to the same destination. The following figure shows ports 2-5 on switch A connected to switch B. Figure 72 Trunking Example - Physical Connections B A 154 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 155
algorithm used by this group and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. Figure 73 Trunking Example - Configuration Screen EXAMPLE Your trunk group 1 (T1) configuration is now complete. MES3500-24/24F User's Guide 155 - ZyXEL MES3500-24F | User Guide - Page 156
its identity request. When the client 2. At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. MES3500-24/24F User's Guide 156 - ZyXEL MES3500-24F | User Guide - Page 157
the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. Figure main difference is that the Switch does not prompt the client for login credentials. The login credentials are based MES3500-24/24F User's Guide 157 - ZyXEL MES3500-24F | User Guide - Page 158
AAA > Radius Server Setup screen. To activate a port authentication method, click Advanced Application > Port Authentication in the navigation panel. Select a port authentication method in the screen that appears. Figure 76 Advanced Application > Port Authentication 158 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 159
does not respond to the first authentication request, the Switch tries again. If the client still does not respond to the second request, the Switch sends the client to the Guest VLAN. The client needs to send a new request to be authenticated by the Switch again. MES3500-24/24F User's Guide 159 - ZyXEL MES3500-24F | User Guide - Page 160
re-enter his or her username and password to stay connected to the port. Reauth-period Specify the length of time required to pass before a client switches or routers with the guest network feature. Figure 78 Guest VLAN Example VLAN 100 2 A VLAN 102 Internet 160 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 161
-authenticated users to access limited network resources through the Switch. You must also enable IEEE 802.1x authentication on the Switch and the associated ports. Enter the number that identifies the guest VLAN. Make sure this is a VLAN recognized in your network. MES3500-24/24F User's Guide 161 - ZyXEL MES3500-24F | User Guide - Page 162
. 18.2.3 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. Figure 80 Advanced Application > Port Authentication > MAC Authentication 162 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 163
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 163 - ZyXEL MES3500-24F | User Guide - Page 164
default, MAC address learning is still enabled even though the port security is not activated. 19.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. Figure 81 Advanced Application > Port Security MES3500-24/24F User's Guide 164 - ZyXEL MES3500-24F | User Guide - Page 165
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 165 - ZyXEL MES3500-24F | User Guide - Page 166
to configure the packet classifier on the Switch. 20.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's traffic from the same protocol port (such as Telnet) to form a flow. Configure QoS on the Switch to group and prioritize MES3500-24/24F User's Guide 166 - ZyXEL MES3500-24F | User Guide - Page 167
rule to all MAC addresses. To specify a source, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs). MES3500-24/24F User's Guide 167 - ZyXEL MES3500-24F | User Guide - Page 168
enter a TCP/UDP protocol port number. Add Cancel Clear Click Add to insert the entry in the summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is settings of a rule, click a number in the Index field. 168 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 169
X.25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Some of the most common IP ports are: Table 50 Common IP Ports PORT NUMBER PORT NAME 21 FTP 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 MES3500-24/24F User's Guide 169 - ZyXEL MES3500-24F | User Guide - Page 170
00:50:ba:ad:4f:81 on port 2. Figure 84 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 21 on page 171 for information on configuring a policy rule. 170 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 171
is going. 21.1.2 DSCP and Per-Hop Behavior DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field . Refer to Section 20.2 on page 166 for more information. MES3500-24/24F User's Guide 171 - ZyXEL MES3500-24F | User Guide - Page 172
fields below for this policy. You only have to set the field(s) that is related to the action(s) you configure in the Action field. 172 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 173
DESCRIPTION Type the number of an outgoing port. Specify a priority level. Specify a DSCP (DiffServ Code Point) number between 0 and 63. Specify the type of service (TOS) priority level. You can Click Clear to set the above fields back to the factory defaults. MES3500-24/24F User's Guide 173 - ZyXEL MES3500-24F | User Guide - Page 174
this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 174 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 175
Chapter 21 Policy Rule 21.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 170). Figure 87 Policy Example MES3500-24/24F User's Guide EXAMPLE 175 - ZyXEL MES3500-24F | User Guide - Page 176
is 2, for Q2 is 3, and so on. The weights range from 1 to 15 and the actual guaranteed bandwidth is calculated as follows: 2(Weight -1) x 10 KB If the weight setting is 5, the actual quantum guaranteed to the associated queue would be as follows: 24 x 10KB = 160 KB MES3500-24/24F User's Guide 176 - ZyXEL MES3500-24F | User Guide - Page 177
amount of bandwidth. WRR is activated only when a port has more traffic than it can handle. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is the navigation panel. Figure 88 Advanced Application > Queuing Method MES3500-24/24F User's Guide 177 - ZyXEL MES3500-24F | User Guide - Page 178
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 178 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 179
, both A and B are Service Provider's Network (SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by MES3500-24/24F User's Guide 179 - ZyXEL MES3500-24F | User Guide - Page 180
network. All VLANs belonging to a customer can be aggregated into a single service provider's VLAN (using the outer VLAN tag defined by the Service Provider's (SP) VLAN ID (VID)). Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. 180 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 181
stacking port role is Access Port, then the Switch adds the SP TPID tag to all incoming frames on the service provider's Service Provider) Tag Protocol IDentifier Data VID VLAN ID FCS 802.1p Priority Length and type of Ethernet frame Frame data Frame Check Sequence MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 182
-tagged. The value of this field is 0x8100 as defined in IEEE 802.1Q. If the Switch needs to communicate with other vendors' devices, they should use the same TPID. Note: You can define up to four different tunnel TPIDs (including 8100) in this screen at a time. 182 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 183
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 183 - ZyXEL MES3500-24F | User Guide - Page 184
based. It allows the Switch to add different outer VLAN tags to the incoming frames received on one port according to their inner from 0 to 7). This is the service provider's priority level that adds to the frames received on this port. Add Cancel Index "0" is the lowest MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 185
for this rule. Port This is the port number to which this service provider's priority level in the packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 186
network. IGMP (Internet Group Management Protocol) is a network-layer manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your Switch. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 187
as fixed mode. In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 188
only to ports that are members of that group. Querier Select this option to allow the Switch to port can join. Note: If you enable IGMP filtering, you must create and assign IGMP filtering profiles for the ports that you want to allow to join multicast groups. 188 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 189
to limit the number of multicast groups this port is allowed to join. Enter the number of multicast groups this port is allowed to join. Once a port is registered in the specified number of multicast groups, any new IGMP join report frame(s) is dropped on this port. MES3500-24/24F User's Guide 189 - ZyXEL MES3500-24F | User Guide - Page 190
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 190 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 191
add VLANs upon which the Switch is to perform IGMP snooping. Enter the descriptive name of the VLAN for identification purposes. Enter the ID of a static VLAN; the valid range is between 1 and 4094. Note: You cannot configure the same VLAN ID as in the MVR screen. MES3500-24/24F User's Guide 191 - ZyXEL MES3500-24F | User Guide - Page 192
profile. A profile can be assigned to multiple ports. Click Advanced Applications > Multicast > Multicast Setting > IGMP Filtering Profile link to display the screen as shown. Figure 96 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile 192 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 193
the Switch's run-time memory. The Switch loses service provider management. MVR only responds to IGMP join and leave control messages from multicast groups that are configured under MVR. Join and leave reports from other multicast groups are managed by IGMP snooping. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 194
channel or turns off the computer, an IGMP leave message is sent to the Switch to leave the multicast group. The Switch sends a query to VLAN 1 on the receiver port (in this case, an uplink port on the Switch). If there is another subscriber device connected to this 194 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 195
the receiver port(s) and a source port for each multicast VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to display the screen as shown next. Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. MES3500-24/24F User's Guide 195 - ZyXEL MES3500-24F | User Guide - Page 196
all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. 196 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 197
Configuration All source ports and receiver ports belonging to a multicast group can receive multicast data sent to this multicast group. Configure MVR IP multicast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. MES3500-24/24F User's Guide 197 - ZyXEL MES3500-24F | User Guide - Page 198
the checkbox(es) in the table. 24.8.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the Switch belong to VLAN 1. In addition, port 7 belongs to the multicast group with VID 200 to receive multicast traffic (the 198 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 199
A B 3 News: 224.1.4.10 ~ 224.1.4.50 Multicast VID 200 Movie: 230.1.2.50 ~230.1.2.60 7 S C To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 102 MVR Configuration Example EXAMPLE MES3500-24/24F User's Guide 199 - ZyXEL MES3500-24F | User Guide - Page 200
Chapter 24 Multicast To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group VLAN 200. Figure 103 MVR Group Configuration Example Figure 104 MVR Group Configuration Example EXAMPLE 200 EXAMPLE MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 201
By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server. However, there is a limit on the number of users you may authenticate in this way (See Chapter 38 on page 290). MES3500-24/24F User's Guide 201 - ZyXEL MES3500-24F | User Guide - Page 202
AAA screens allow you to enable authentication, authorization, accounting or all of them on the Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or both) and Section 25.3 on page 210 for RADIUS attributes utilized by the 202 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 203
multiple RADIUS servers. Select index-priority and the Switch tries to authenticate with the first configured RADIUS server, port of a RADIUS server for authentication is 1812. You need not change this value unless your network administrator instructs you to do so. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 204
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 204 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 205
then the Switch waits for a response from the first TACACS+ server for 15 seconds and then tries the second TACACS+ server. This is a read-only number representing a TACACS+ server entry. Enter the IP address of an external TACACS+ server in dotted decimal notation. MES3500-24/24F User's Guide 205 - ZyXEL MES3500-24F | User Guide - Page 206
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 206 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 207
access privilege level specify them in Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. MES3500-24/24F User's Guide 207 - ZyXEL MES3500-24F | User Guide - Page 208
servers at the same time. If you don't select this and you have two accounting servers set up, then the Switch sends information to the first accounting server and if it doesn't get a response from the accounting server then it tries the second accounting server. 208 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 209
Switch supports VSAs that allow you to perform the following actions based on user authentication: • Limit bandwidth on incoming or outgoing traffic for the port the user connects to. • Assign account privilege levels (see the CLI Reference Guide the RADIUS server. MES3500-24/24F User's Guide 209 - ZyXEL MES3500-24F | User Guide - Page 210
Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific authentication, and accounting elements in a user profile, which is stored on the RADIUS server. This section lists the RADIUS attributes supported by the Switch. 210 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 211
is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 25.3.2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. MES3500-24/24F User's Guide 211 - ZyXEL MES3500-24F | User Guide - Page 212
INTERIM-UPDATE User-Name NAS-Identifier NAS-IP-Address Service-Type Calling-Station-Id Acct-Status-Type Acct-Delay-Time Acct-Session-Id Acct-Authentic Acct-Session-Time Acct-Terminate-Cause STOP 212 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 213
-UPDATE NAS-IP-Address NAS-Port Class Called-Station-Id Calling-Station-Id NAS-Identifier NAS-Port-Type Acct-Status-Type Acct-Terminate-Cause Acct-Input-Gigawords Acct-Output-Gigawords STOP MES3500-24/24F User's Guide 213 - ZyXEL MES3500-24F | User Guide - Page 214
port is either a trusted port or an untrusted port for DHCP snooping. This setting is independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 215
if you enable DHCP snooping and there are no trusted ports. Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted ports in the following situations: • The packet is a DHCP that binding and all others after it are ignored. MES3500-24/24F User's Guide 215 - ZyXEL MES3500-24F | User Guide - Page 216
provides the DHCP server more information about the source of the requests. The Switch can add the following information: • Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes) • System name for computer A. Then, computer X does the following things: 216 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 217
day before you enable ARP inspection so that the Switch has enough time to build the binding table. 2 Enable ARP inspection on each VLAN. 3 Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. MES3500-24/24F User's Guide 217 - ZyXEL MES3500-24F | User Guide - Page 218
to manage static bindings for DHCP snooping and ARP inspection. Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC address and VLAN ID can only be in one static binding. If you try to create a static binding with the same MAC address and VLAN 218 MES3500-24/24F User - ZyXEL MES3500-24F | User Guide - Page 219
displays the source VLAN ID in the binding. This field displays the port number in the binding. If this field is blank, the binding applies to all ports. Select this, and click Delete to remove the specified entry. Click this to clear the Delete check boxes above. MES3500-24/24F User's Guide 219 - ZyXEL MES3500-24F | User Guide - Page 220
in the DHCP Snooping Configure screen. See Section 26.5 on page 222. Agent URL This field displays the location of the DHCP snooping database. 220 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 221
writes This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database. Database detail First successful access This field displays the first time the Switch accessed the DHCP snooping database for any reason. MES3500-24/24F User's Guide 221 - ZyXEL MES3500-24F | User Guide - Page 222
enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database. The DHCP snooping database stores the current bindings on a secure, external TFTP server so that they are 222 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 223
how long (10-65535 seconds) the Switch waits to update the DHCP snooping database the first time the current bindings change after an update. Once the next update is scheduled, additional changes in current bindings are automatically included in the next update. MES3500-24/24F User's Guide 223 - ZyXEL MES3500-24F | User Guide - Page 224
. You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port. Figure 116 DHCP Snooping Port Configure 224 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 225
the labels in this screen. Table 80 DHCP Snooping VLAN Configure LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. MES3500-24/24F User's Guide 225 - ZyXEL MES3500-24F | User Guide - Page 226
reset the values in this screen to their last-saved values. 26.6 ARP Inspection Status Use this screen to look at the current list of MAC address filters that were created because the Switch . Port This field displays the source port of the discarded ARP packet. 226 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 227
specified above. Received This field displays the total number of ARP packets received from the VLAN since the Switch last restarted. Request This field displays the total number of ARP Request packets received from the VLAN since the Switch last restarted. MES3500-24/24F User's Guide 227 - ZyXEL MES3500-24F | User Guide - Page 228
Port This field displays the source port Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message. You can configure this interval in the ARP Inspection Configure screen. See Section 26.7 on page 229. 228 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 229
also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure. Figure 121 ARP Inspection Configure MES3500-24/24F User's Guide 229 - ZyXEL MES3500-24F | User Guide - Page 230
to their last-saved values. 26.7.1 ARP Inspection Port Configure Use this screen to specify whether ports are trusted or untrusted ports for ARP inspection. You can also specify the maximum rate at which the Switch receives ARP packets on each untrusted port. To 230 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 231
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. MES3500-24/24F User's Guide 231 - ZyXEL MES3500-24F | User Guide - Page 232
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. 232 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 233
affected by the switch in loop state in the following way: • It will receive broadcast messages sent out from the switch in loop state. • It will receive its own broadcast messages that it sends out as they loop back. It will then rebroadcast those messages again. MES3500-24/24F User's Guide 233 - ZyXEL MES3500-24F | User Guide - Page 234
example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 127 Loop Guard - Network Loop A P P N P 234 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 235
port. The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state. If the Switch that this port is connected is in loop state the Switch will shut down this port. Clear this check box to disable the loop guard feature. MES3500-24/24F User's Guide 235 - ZyXEL MES3500-24F | User Guide - Page 236
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 236 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 237
forwarding the packets. Any packets carrying a VLAN tag other than 12 (such as 10) and received on port 3 will be forwarded in the individual VLAN network respectively (such as VLAN 10). Figure 129 VLAN mapping example 12 10 Port 3 123 Service Provider Network 10 MES3500-24/24F User's Guide 237 - ZyXEL MES3500-24F | User Guide - Page 238
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 238 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 239
reset the fields to your previous configuration. Index This is the number of the VLAN mapping entry in the table. Active This shows whether this entry is activated or not. Name This is the descriptive name for this rule. Port This is the port check boxes. MES3500-24/24F User's Guide 239 - ZyXEL MES3500-24F | User Guide - Page 240
Chapter 28 VLAN Mapping 240 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 241
example, if you enable L2PT for STP, you can have switches A, B, C and D in the same spanning tree, even though switch A is not directly connected to switches B, C and D. Topology change information can be propagated throughout the service provider's network. MES3500-24/24F User's Guide 241 - ZyXEL MES3500-24F | User Guide - Page 242
tunnel ports. • The Tunnel port is an egress port at the edge of the service provider's network and connected to another service provider's switch. Incoming encapsulated layer-2 protocol packets received on a tunnel port are decapsulated and sent to an access port. 242 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 243
-by-port basis. CDP Note: Changes in this row are copied to all the ports as soon as you make them. Select this option to have the Switch tunnel CDP (Cisco Discovery Protocol) packets so that other Cisco devices can be discovered through the service provider's network. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 244
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 244 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 245
monitor network traffic and create reports for network performance analysis and troubleshooting. For example, you can use it to know which IP address or which type of traffic caused network congestion. Figure 135 sFlow Application sFlow Agent sFlow Collector MES3500-24/24F User's Guide 245 - ZyXEL MES3500-24F | User Guide - Page 246
(N) from 256 to 65535. The Switch captures every one out of N packets for this port and creates sFlow datagram. Specify a time interval (from 20 to 120 in seconds) the Switch waits before sending the sFlow datagram and packet counters for this port to the collector. 246 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 247
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. MES3500-24/24F User's Guide 247 - ZyXEL MES3500-24F | User Guide - Page 248
UDP Port This field displays port number the Switch uses to send sFlow datagram to the collector. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. 248 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 249
port-per-VLAN basis before forwarding them to the PPPoE server. PPPoE Client PPPoE IA PPPoE Server 31.1.1 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled, the Switch SubOpt 0x01 (1 byte) Length N (1 byte) String (63 bytes) Value MES3500-24/24F User's Guide 249 - ZyXEL MES3500-24F | User Guide - Page 250
Switch takes the Circuit ID string you manually configure for a VLAN on a port as the highest priority and the Circuit ID string for a port as the second priority. In addition, the Switch remote ID) that the Switch adds to PADI and PADR packets from PPPoE clients. 250 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 251
untrusted port, the Switch adds a vendor-specific tag to the packet and then forwards it to the trusted port(s). • The Switch Switch to give a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 252
The Switch enters a zero into the PADI and PADR packets for the slot value. Select a delimiter to separate the identifier-string, slot ID, port number and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. 252 MES3500-24/24F - ZyXEL MES3500-24F | User Guide - Page 253
DESCRIPTION Port This field displays the port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 254
client but received on a trusted port, the Switch forwards it to other trusted port(s). Untrusted ports are downlink ports connected to subscribers. Circuit-id • Port Per-VLAN Use this screen to configure PPPoE IA settings that apply to a specific VLAN on a port. 254 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 255
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 255 - ZyXEL MES3500-24F | User Guide - Page 256
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 256 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 257
you need to enable the port(s) or allow the packets on a port manually via the web configurator or the commands. With error-disable recovery, you can set the disabled port(s) to become active or start receiving the packets again after the time interval you specify. MES3500-24/24F User's Guide 257 - ZyXEL MES3500-24F | User Guide - Page 258
the maximum number of control packets (ARP, BPDU and/or IGMP) that the Switch can receive or transmit on a port. Click the Click Here link next to CPU protection in the Advanced Application > screen. Figure 144 Advanced Application > Errdisable > CPU protection 258 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 259
Use screen to have the Switch detect whether the control packets exceed the rate limit configured for a port and configure the action to Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below. MES3500-24/24F User's Guide 259 - ZyXEL MES3500-24F | User Guide - Page 260
the error-disable recovery function on the Switch. Reason This field displays the supported features that allow the Switch to shut down a port or discard packets on a port according to the feature requirements and what to all the entries as soon as you make them. 260 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 261
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 261 - ZyXEL MES3500-24F | User Guide - Page 262
port 25. Figure 147 Private VLAN Example 2 3 25 VLAN 123 Isolated ports: 1 ~ 3 Promiscuous port: 25 Note: Make sure you keep at least one port in the promiscuous port list for a VLAN with private VLAN enabled. Otherwise, this VLAN is blocked from the whole network. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 263
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset Cancel to clear the Delete check boxes. MES3500-24/24F User's Guide 263 - ZyXEL MES3500-24F | User Guide - Page 264
Chapter 33 Private VLAN 264 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 265
reply traffic to default gateway R1 which routes it back to the manager's computer. The Switch needs a static route to tell it to use router R2 to send traffic to an SNMP trap server on network N2. Figure 149 Static Routing Overview N1 N2 Telnet SNMP R1 R2 MES3500-24/24F User's Guide 265 - ZyXEL MES3500-24F | User Guide - Page 266
name (up to 10 printable ASCII characters) for Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 267
an immediate neighbor of your Switch that will forward the packet to the destination. This field displays the cost of transmission for routing purposes. Click Delete to remove the selected entry from the summary table. Click Cancel to clear the Delete check boxes. MES3500-24/24F User's Guide 267 - ZyXEL MES3500-24F | User Guide - Page 268
Services (DiffServ) on the Switch. 35.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service network administrator can then apply MES3500-24/24F User's Guide 268 - ZyXEL MES3500-24F | User Guide - Page 269
CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client. Two Rate Three Color Marker evaluates incoming packets and marks them with one any of colors, then the packets proceed unchanged. MES3500-24/24F User's Guide 269 - ZyXEL MES3500-24F | User Guide - Page 270
Chapter 35 Differentiated Services 35.2.1 TRTCM-Color-blind Mode All packets are evaluated against the PIR. If a packet exceeds the PIR it is 35.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). 270 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 271
DiffServ LABEL Active Port * DESCRIPTION Select this option to enable DiffServ on the Switch. This field displays the index number of a port on the Switch. Settings in this row apply to all ports. Use this the DiffServ screen to display the screen as shown next. MES3500-24/24F User's Guide 271 - ZyXEL MES3500-24F | User Guide - Page 272
some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Active Note: Changes in this row are copied to all the ports as soon as you make them. Select this to activate TRTCM on the port. 272 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 273
your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the above fields to your previous configuration. Profile Name This field displays the name of the DSCP priofile. Click the name to edit the profile settings. MES3500-24/24F User's Guide 273 - ZyXEL MES3500-24F | User Guide - Page 274
Chapter 35 Differentiated Services Table 109 IP Application > DiffServ > 2- Settings You can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ DiffServ > DSCP Setting 274 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 275
Services The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 276
by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. 36.2 DHCP Status Click IP Application > DHCP in the navigation panel. The DHCP Status screen displays. Figure 159 IP Application > DHCP Status MES3500-24/24F User's Guide 276 - ZyXEL MES3500-24F | User Guide - Page 277
switches. Port ID (1 byte) This is the port that the DHCP client is connected to. VLAN ID (2 bytes) This is the VLAN that the port belongs to. Information (up to 64 bytes) This optional, read-only field is set according to system name set in Basic Settings > General Setup. MES3500-24/24F - ZyXEL MES3500-24F | User Guide - Page 278
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 278 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 279
box to set the Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. Figure 162 DHCP Relay Configuration Example MES3500-24/24F User's Guide 279 - ZyXEL MES3500-24F | User Guide - Page 280
DHCP settings for on the Switch. See Section 8.6 on page 93 for information on how to set up management IP addresses for VLANs. notation. Select the Option 82 check box to have the Switch add information (slot number, port number and VLAN ID) to client DHCP requests that MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 281
server with an IP address of 172.16.10.100. Figure 164 DHCP Relay for Two VLANs DHCP: 192.168.1.100 VLAN 1 VLAN 2 DHCP: 172.16.10.100 For the example network, configure the VLAN Setting screen as shown. Figure 165 DHCP Relay for Two VLANs Configuration Example MES3500-24/24F User's Guide 281 - ZyXEL MES3500-24F | User Guide - Page 282
Chapter 36 DHCP 282 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 283
1 to reboot the system and load Configuration 1 on the Switch. Click Config 2 to reboot the system and load Configuration 2 on the Switch. Note: Make sure to click the Save button in any screen to save your settings to the current configuration on the Switch. MES3500-24/24F User's Guide 283 - ZyXEL MES3500-24F | User Guide - Page 284
Switch. 37.4 Reboot System Reboot System allows you to restart the Switch without physically turning the power off. It also allows you to load configuration one (Config 1) or configuration two (Config 2) when you reboot. Follow the steps below to reboot the Switch. 284 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 285
the Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. After the firmware upgrade process is complete, see the System Info screen to verify your current firmware version number. MES3500-24/24F User's Guide 285 - ZyXEL MES3500-24F | User Guide - Page 286
Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 170 Management > Maintenance > Restore Configuration Type the path and file name . Click Save to save the configuration file to your computer. 286 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 287
computer. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the Switch only recognizes "config", "ras-0", and "ras-1". Be sure you keep unaltered copies of all files for later use. MES3500-24/24F User's Guide 287 - ZyXEL MES3500-24F | User Guide - Page 288
and firmware files should be transferred in binary mode. Specify the default remote directory (path). Specify the default local directory (path). 37.8.4 FTP Restrictions FTP will not work when: • FTP service is disabled in the Service Access Control screen. 288 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 289
Chapter 37 Maintenance • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. MES3500-24/24F User's Guide 289 - ZyXEL MES3500-24F | User Guide - Page 290
Control Overview Console Port SSH Telnet One session management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the Switch through the network via SNMP version one (SNMPv1), SNMP version 2c or MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 291
SNMP management sessions. Security can be further enhanced by encrypting the SNMP messages sent from the managers. Encryption protects the contents of the SNMP messages. When the contents of the SNMP messages are encrypted, only the intended recipients can read them. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 292
and performance. The Switch supports the following MIBs: UDP 38.3.3 SNMP Traps The Switch sends traps to an SNMP manager when an event occurs. The following MES3500-24 switch. The OIDs beginning with "1.3.6.1.4.1.890.1.5.8.57" are specific to the MES3500-24F switch MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 293
Switch automatically resets. ControlledResetEventOn 1.3.6.1.4.1.890.1.5.8.68.27.2.1 1.3.6.1.4.1.890.1.5.8.57.27.2.1 This trap is sent when the Switch resets by an administrator through a management when an error is detected on a port, such as a loop occurs or the MES3500-24/24F User's Guide 293 - ZyXEL MES3500-24F | User Guide - Page 294
is sent when a path to a target changes. This trap is sent when a traceroute test fails. This trap is sent when a traceroute test is completed. 294 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 295
. 1.3.6.1.4.1.890.1.5.8.68.107.70.2 This trap is sent when the MSTP root switch changes. 1.3.6.1.4.1.890.1.5.8.57.107.70.2 1.3.6.1.4.1.890.1.5.8.68.27.2.1 1.3.6.1.4.1.890.1.5.8.57.27 .2.802.1.1.8.0.1 The trap is sent when the Switch detects a connectivity fault. MES3500-24/24F User's Guide 295 - ZyXEL MES3500-24F | User Guide - Page 296
is the password sent with each trap to the SNMP manager. The Trap Community string is only used by SNMP managers using SNMP version 2c or lower. Use this section to configure where to send SNMP traps from the Switch. Specify the version of the SNMP trap messages. 296 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 297
's traps. Clear the check boxes for individual traps that you do not want the Switch to send to the SNMP station. Clearing a category's check box automatically clears all of the category's trap check boxes (the Switch only sends traps from selected categories). MES3500-24/24F User's Guide 297 - ZyXEL MES3500-24F | User Guide - Page 298
. • priv - to implement authentication and encryption for SNMP messages sent by this user. This is the highest security level. Note: The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch. 298 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 299
(VACM) group. SNMP managers in one group are assigned Switch via web configurator at any one time. • An administrator is someone who can both view and configure Switch changes. The username for the Administrator is always admin. The default administrator password is 1234. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 300
. For more information on assigning privileges see the Ethernet Switch CLI Reference Guide. User Name Set a user name (up to 32 ASCII characters long). Password Enter your new system password. Retype to confirm Retype your new system password for confirmation 300 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 301
38 Access Control Table 128 Management > Access Control > Logins (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it unsecured network. Figure 178 SSH Communication Example MES3500-24/24F User's Guide 301 - ZyXEL MES3500-24F | User Guide - Page 302
client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. 302 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 303
figure. 1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch's WS (web server). 2 HTTP connection requests from a web browser go to port 80 (by default) on the Switch's WS (web server). Figure 180 HTTPS Implementation MES3500-24/24F User's Guide 303 - ZyXEL MES3500-24F | User Guide - Page 304
Service Access Control screen, then the Switch blocks all HTTP connection attempts. 38.9 HTTPS Example If you haven't changed the default HTTPS port on the Switch, then in your browser enter "https:// Switch 181 Security Alert Dialog Box (Internet Explorer 6) example 304 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 305
.9.1.2 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server, a screen with the message "There is a problem with this website's security certificate." may display. If that is the . Figure 183 Certificate Error (Internet Explorer 7 or 8) EXAMPLE MES3500-24/24F User's Guide 305 - ZyXEL MES3500-24F | User Guide - Page 306
Chapter 38 Access Control Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser. Figure 184 Certificate (Internet Explorer 7 or 8) 306 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 307
Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Unstructed screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button. Figure 185 Security Alert (Mozilla Firefox) MES3500-24/24F User's Guide 307 - ZyXEL MES3500-24F | User Guide - Page 308
Security Alert (Mozilla Firefox) EXAMPLE 38.9.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar (in Internet Explorer 6 or 308 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 309
Denoting a Secure Connection EXAMPLE 38.10 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure "trusted computer(s)" for each service in MES3500-24/24F User's Guide 309 - ZyXEL MES3500-24F | User Guide - Page 310
save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 38.11 Remote Management Click Management > Access Control > Remote Management to view the screen as shown next. 310 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 311
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 311 - ZyXEL MES3500-24F | User Guide - Page 312
. Type the IP address of a device that you want to ping in order to test a connection. Ethernet Port Test Click Ping to have the Switch ping the IP address (in the field to the left). Enter a port number and click Port Test to perform an internal loopback test. MES3500-24/24F User's Guide 312 - ZyXEL MES3500-24F | User Guide - Page 313
: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. MES3500-24/24F User's Guide 313 - ZyXEL MES3500-24F | User Guide - Page 314
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 314 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 315
192 Management > Syslog > Syslog Server Setup The following table describes the labels in this screen. Table 134 Management > are. Add Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses MES3500-24/24F User's Guide 315 - ZyXEL MES3500-24F | User Guide - Page 316
Members The switches being managed by the cluster manager switch. In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 193 Clustering Application Example MES3500-24/24F User's Guide 316 - ZyXEL MES3500-24F | User Guide - Page 317
example the cluster member switch password was changed or the switch was set as the manager and so left the member list, etc.) Offline (the switch is disconnected - Offline shows approximately 1.5 minutes after the link between cluster member and manager goes down) MES3500-24/24F User's Guide 317 - ZyXEL MES3500-24F | User Guide - Page 318
: 297 bytes received in 0.00Seconds 297000.00Kbytes/sec. ftp> bin 200 Type I OK ftp> put 400AABB0B1.bin ras-0 200 Port command okay 150 Opening data connection for STOR ras-0 226 File received OK ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec. ftp> 318 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 319
the firmware file you want to upload to the cluster member switch. ras-0 This is the cluster member switch's firmware name as seen in the cluster manager switch. config This is the cluster member switch's configuration file name as seen in the cluster manager switch. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 320
, then its Status is displayed as Error in the Cluster Management Status screen and a warning icon ( ) appears in the member summary list below. Name Type a name to identify the Clustering Manager. You may use up to 32 printable characters (spaces are allowed). 320 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 321
member switch's System Name. Model This is the cluster member switch's model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. MES3500-24/24F User's Guide 321 - ZyXEL MES3500-24F | User Guide - Page 322
is flooded to all ports. Too much port flooding leads to network congestion. • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. Figure 198 MAC Table Flowchart MES3500-24/24F User's Guide 322 - ZyXEL MES3500-24F | User Guide - Page 323
the Switch displays and arranges the data in the summary table below. Select MAC to display and arrange the data according to MAC address. Select VID to display and arrange the data according to VLAN group. Select PORT to display and arrange the data according to port number. MES3500-24/24F User - ZyXEL MES3500-24F | User Guide - Page 324
Chapter 42 MAC Table Table 139 Management > MAC Table (continued) LABEL Transfer port where the above MAC address is forwarded. This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). 324 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 325
ARP Works When an incoming packet destined for a host device on a local area network arrives at the Switch, the Switch's ARP program looks in the ARP Table and, if it finds the address, sends it to the device then sends the packet to the MAC address that replied. MES3500-24/24F User's Guide 325 - ZyXEL MES3500-24F | User Guide - Page 326
field displays the port to which the device connects. CPU means this learned IP address is the Switch's management IP address. This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). 326 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 327
of one port onto other ports. 44.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 201 Management > Configure Clone MES3500-24/24F User's Guide 327 - ZyXEL MES3500-24F | User Guide - Page 328
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 328 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 329
and on (in DC models or if the DC power supply is connected in AC/DC models). 2 Disconnect and re-connect the power adaptor or cord to the Switch (in AC models or if the AC power supply is connected in AC/DC models). 3 If the problem continues, contact the vendor. MES3500-24/24F User's Guide 329 - ZyXEL MES3500-24F | User Guide - Page 330
connected in AC/DC models). 6 If the problem continues, contact the vendor. 45.2 Switch Access and Login I forgot the IP address for the Switch. 1 The default management IP address is 192.168.1.1. 2 Use the console port to log in to the Switch. 3 If this does not work, you have to reset the device - ZyXEL MES3500-24F | User Guide - Page 331
problem continues, contact the vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch ). MES3500-24/24F User's Guide 331 - ZyXEL MES3500-24F | User Guide - Page 332
into the Switch's nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 37.3 on page 284 for more information about how to save your configuration. 332 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 333
this service. Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. NetMeeting uses this protocol. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 334
. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. Simple File Transfer Protocol. 334 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 335
Common Services Table 142 Commonly Used Services (continued) NAME SMTP PROTOCOL TCP PORT(S) 25 to move messages from one email server to another. Simple Network Management Program. Traps for use with the SNMP (RFC:1215). Structured videoconferencing solution. MES3500-24/24F User's Guide 335 - ZyXEL MES3500-24F | User Guide - Page 336
Appendix A Common Services 336 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 337
ZyXEL digital switch, instruction manual, may cause harmful interference to radio communications. Operation of this device in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 338
functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. 338 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 339
merchantability or fitness for a particular use or purpose. ZyXEL shall in obtain the services of this warranty, contact ZyXEL's Service Center for firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 340
VP Datum(jjjj/mm/dd): 2011/1/24 WEEE Direktiv 2002/96/EC (WEEE: hantering av elektriskt och elektroniskt avfall) 2008/34/EC Deklaration undertecknad av: Namn/Titel: Raymond Huang / Quality & Customer Service Division Assistant VP Datum (åååå/mm/dd): 2011/1/24 340 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 341
switched workgroup 24 ARP how it works 325 table 326 ARP (Address Resolution Protocol) 325 ARP inspection 214, 216 and MAC filter 217 configuring 217 syslog messages 217 trusted ports 217 authentication and RADIUS 202 setup 207 authorization privilege levels 209 setup 207 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 342
259 error disable recovery configuration 260 overview 257 Ethernet broadcast address 325 Ethernet port test 312 external authentication server 202 F FCC interference statement 337 file transfer using FTP command example 287 filename convention, configuration 287 342 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 343
120 filtering database, MAC table 322 firmware 87 upgrade 285, 318 flow control 159, 162, 205 reauthentication 160 IEEE 802.1x, port authentication 156 IGMP version 186 IGMP (Internet Group Management Protocol) 186 IGMP filtering 186 profile 192 profiles 188 ping 25 MES3500-24/24F User's Guide 343 - ZyXEL MES3500-24F | User Guide - Page 344
current configuration 283 firmware 285 main screen 283 restoring configuration 286 Management Information Base (MIB) 291 management port 113 managing the device good and SNMP 291 supported MIBs 292 MIB (Management Information Base) 291 mirroring ports 146 monitor port 146 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 345
136 max hops 136 MST region 125 network example 125 path cost 137 port priority 137 revision level 136 MSTP (Multiple Spanning Tree Protocol) 122 MTU 193 MVR (Multicast VLAN Registration) 193 MES3500-24/24F User's Guide Index N network applications 23 network management system (NMS) 290 NTP (RFC- - ZyXEL MES3500-24F | User Guide - Page 346
339 related documentation 3 remote management 310 service 311 trusted computers 311 resetting 45, 284 to factory service access control 309 service port 310 sFlow 245 collector 247 configuration 246 datagram 245 overview 245 poll interval 246 sample rate 246 UDP port 247 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 347
aggregation 149 MES3500-24/24F User's Guide port 81 port details 83 power port priority 129, 132 port state 123 root port 123 status 130, 133, 139 terminology 122 vs loop guard 233 subnet based VLANs 104 and DHCP VLAN 106 and priority 104 configuration 105 switch lockout 44 switch reset 45 switch - ZyXEL MES3500-24F | User Guide - Page 348
time current 88 time zone 89 Time (RFC-868) 88 time server 88 time service protocol 88 format 88 trademarks 337 transceiver MultiSource Agreement (MSA) 32 transceivers 32 installation configuration 182 example 179 frame format 181 port roles 180, 182 port-based Q-in-Q 183 MES3500-24/24F User's Guide - ZyXEL MES3500-24F | User Guide - Page 349
layout 40 login 39 logout 46 navigation panel 41 weight, queuing 177 Weighted Round Robin Scheduling (WRR) 177 WRR (Weighted Round Robin Scheduling) 177 Z ZyNOS (ZyXEL Network Operating System) 287 Index MES3500-24/24F User's Guide 349
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
 |
 |
www.zyxel.com
www.zyxel.com
MES3500-24/24F
Layer 2 Management Switch
Copyright © 2011
ZyXEL Communications Corporation
Firmware Version 4.00
Edition 1, 12/2011
Default Login Details
IP Address
User Name
admin
Password
1234