ZyXEL XGS-4528F User Guide
ZyXEL XGS-4528F Manual
 |
View all ZyXEL XGS-4528F manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL XGS-4528F manual content summary:
- ZyXEL XGS-4528F | User Guide - Page 1
XGS-4526/4528F/4728F Intelligent Layer 3+ Switch Default Login Details IP Address http://192.168.0.1 (Out-of-band MGMT port) http://192.168.1.1 (In-band ports) User Name admin Password 1234 Firmwawrwew.Vzyexresl.icoonm 4.00 Edition 1, 03/2011 www.zyxel.com Copyright © 2011 ZyXEL - ZyXEL XGS-4528F | User Guide - Page 2
- ZyXEL XGS-4528F | User Guide - Page 3
, questions or suggestions to: [email protected] Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com. XGS-4526/4528F/4728F User's Guide 3 - ZyXEL XGS-4528F | User Guide - Page 4
ZyXEL products. • Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well. Customer Support Should problems your device. • Brief description of the problem and the steps you took to solve it. 4 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 5
things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The XGS-4526/4528F/4728F may be referred to as the "Switch", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field choices are all in bold - ZyXEL XGS-4528F | User Guide - Page 6
Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The Switch icon is not an exact representation of your device. The Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router 6 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 7
will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device. Connect it and electronic equipment should be treated separately. XGS-4526/4528F/4728F User's Guide 7 - ZyXEL XGS-4528F | User Guide - Page 8
Safety Warnings 8 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 9
Contents Overview Contents Overview User's Guide ...25 Getting to Know Your Switch ...27 Hardware Installation and Connection 33 Hardware Overview ...37 The Web ...299 Error Disable ...309 Private VLAN ...315 Static Route ...319 Policy Routing ...323 XGS-4526/4528F/4728F User's Guide 9 - ZyXEL XGS-4528F | User Guide - Page 10
Access Control ...397 Diagnostic ...423 Syslog ...425 Cluster Management ...435 MAC Table ...443 IP Table ...447 ARP Table ...451 Routing Table ...453 Configure Clone ...455 Troubleshooting ...457 Product Specifications ...463 10 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 11
Mounting Brackets to the Switch 34 2.2.3 Mounting the Switch on a Rack 35 Chapter 3 Hardware Overview...37 3.1 Front Panel Connections ...37 3.1.1 Dual Personality Interfaces 38 3.1.2 1000Base-T Ports ...38 3.1.3 Mini-GBIC Slots ...39 3.2 Rear Panel ...41 XGS-4526/4528F/4728F User's Guide 11 - ZyXEL XGS-4528F | User Guide - Page 12
67 6.2.2 Creating a VLAN ...68 6.2.3 Configuring DHCP Relay 71 6.2.4 Troubleshooting ...71 6.3 How to Use PPPoE IA on the Switch 72 6.3.1 Configuring Switch A 73 6.3.2 Configuring Switch B 75 6.4 How to Use Error Disable and Recovery on the Switch 77 12 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 13
102 8.3 General Setup ...104 8.4 Introduction to VLANs ...106 8.4.1 Smart Isolation ...107 8.5 Switch Setup Screen ...108 8.6 IP Setup ...110 8.6.1 IP Interfaces ...110 8.7 Port Setup VLAN Trunking ...119 9.4 Select the VLAN Type ...120 9.5 Static VLAN ...120 XGS-4526/4528F/4728F User's Guide 13 - ZyXEL XGS-4528F | User Guide - Page 14
Status 160 13.8 Configure Multiple Spanning Tree Protocol 162 13.8.1 Multiple Spanning Tree Protocol Port Configuration 165 13.9 Multiple Spanning Tree Protocol Status 166 14 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 15
Port Security ...197 19.2 Port Security Setup ...198 19.3 VLAN MAC Address Limit 199 Chapter 20 Classifier...201 20.1 About the Classifier and QoS 201 XGS-4526/4528F/4728F User's Guide 15 - ZyXEL XGS-4528F | User Guide - Page 16
24.1.4 IGMP Snooping and VLANs 228 24.2 Multicast Status ...228 24.3 Multicast Setting ...229 24.4 IGMP Snooping VLAN ...232 24.5 IGMP Filtering Profile ...233 16 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 17
Setup ...249 25.2.4 Vendor Specific Attribute 252 25.2.5 Tunnel Protocol Attribute 253 25.3 Supported RADIUS Attributes 254 25.3.1 Attributes Used for Authentication 254 25.3.2 Attributes Used for Inspection VLAN Configure 280 Chapter 27 Loop Guard...283 XGS-4526/4528F/4728F User's Guide 17 - ZyXEL XGS-4528F | User Guide - Page 18
309 32.3 The Error Disable Screen 310 32.4 CPU Protection Configuration 310 32.5 Error-Disable Detect Configuration 311 32.6 Error-Disable Recovery Configuration 313 18 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 19
Redistribution 339 37.6 Configuring OSPF Interfaces 341 37.7 OSPF Virtual-Links ...343 Chapter 38 IGMP...345 38.1 IGMP Overview ...345 38.1.1 How IGMP Works 346 XGS-4526/4528F/4728F User's Guide 19 - ZyXEL XGS-4528F | User Guide - Page 20
Configuring DVMRP ...350 39.3.1 DVMRP Configuration Error Messages 351 39.4 Default DVMRP Timer Values 352 Chapter 40 Differentiated Services ...353 40.1 DiffServ Overview ...353 40.1.1 DSCP and Per- ...371 42.1 VRRP Overview ...371 42.2 VRRP Status ...372 20 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 21
45.1 The Maintenance Screen 389 45.2 Load Factory Default ...390 45.3 Save Configuration ...390 45.4 Reboot System ...391 45.5 Firmware Upgrade ...391 45.6 Restore a Configuration File 392 SNMP ...398 46.3.1 SNMP v3 and Security 399 46.3.2 Supported MIBs 399 XGS-4526/4528F/4728F User's Guide 21 - ZyXEL XGS-4528F | User Guide - Page 22
Status 436 49.2.1 Cluster Member Switch Management 437 49.3 Clustering Management Configuration 440 Chapter 50 MAC Table...443 50.1 MAC Table Overview ...443 50.2 Viewing the MAC Table ...444 Chapter 51 IP Table ...447 51.1 IP Table Overview ...447 22 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 23
55 Troubleshooting...457 55.1 Power, Hardware Connections, and LEDs 457 55.2 Switch Access and Login 458 55.3 Switch Configuration ...461 Chapter 56 Product Specifications ...463 Appendix A Common Services 473 Appendix B Legal Information 477 Index...481 XGS-4526/4528F/4728F User's Guide 23 - ZyXEL XGS-4528F | User Guide - Page 24
Table of Contents 24 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 25
PART I User's Guide 25 - ZyXEL XGS-4528F | User Guide - Page 26
26 - ZyXEL XGS-4528F | User Guide - Page 27
company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a XGS-4526/4528F/4728F User's Guide 27 - ZyXEL XGS-4528F | User Guide - Page 28
example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link. Figure 2 High Performance Switching 10 Gbps Branch Trunk HQ 28 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 29
the Switch's port or connect other switches to the Switch. Use the optional 10 Gigabit uplink module to provide high speed access to a data server and the Internet. The uplink module supports a any time by adding, moving or changing ports without any recabling. XGS-4526/4528F/4728F User's Guide 29 - ZyXEL XGS-4528F | User Guide - Page 30
IPv4 and IPv6 at the same time • DHCPv6 client and relay • Multicast Listener Discovery (MLD) snooping and proxy For more information on IPv6, refer to the CLI Reference Guide. 1.2 Ways to Manage the Switch Use any of the following methods to manage the Switch. 30 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 31
crashes. If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. XGS-4526/4528F/4728F User's Guide 31 - ZyXEL XGS-4528F | User Guide - Page 32
Chapter 1 Getting to Know Your Switch 32 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 33
the adhesive backing from the rubber feet. 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shock or vibration and ensure space between devices when stacking. Figure 5 Attaching Rubber Feet XGS-4526/4528F/4728F User's Guide 33 - ZyXEL XGS-4528F | User Guide - Page 34
the unit. 2.2.2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch. Figure 6 Attaching the Mounting Brackets 34 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 35
of the rack. Figure 7 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack. XGS-4526/4528F/4728F User's Guide 35 - ZyXEL XGS-4528F | User Guide - Page 36
Chapter 2 Hardware Installation and Connection 36 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 37
. 3.1 Front Panel Connections The figure below shows the front panel of the Switch. Figure 8 Front Panel: XGS-4526 100/1000 Mbps RJ-45 Ethernet Ports Figure 9 Front Panel: XGS-4528F Figure 10 Front Panel: XGS-4728F RJ-45 Gigabit / MiniGBIC Dual Personality XGS-4526/4528F/4728F User's Guide 37 - ZyXEL XGS-4528F | User Guide - Page 38
also depends on what the Ethernet device at the other end can support. • 4 or 24 Mini-GBIC Ports: Use Small Form- , the 1000Base-T port will be disabled. 3.1.2 1000Base-T Ports The Switch has 24 1000Base-T auto-negotiating, auto-crossover Ethernet ports. In 100 38 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 39
Chapter 3 Hardware Overview 3.1.2.1 Default Ethernet Settings The factory default negotiation settings for the Ethernet ports on the Switch are: • Speed: Auto • Duplex: Auto • Flow control: Off 3.1.3 Mini Press the transceiver firmly until it clicks into place. XGS-4526/4528F/4728F User's Guide 39 - ZyXEL XGS-4528F | User Guide - Page 40
Chapter 3 Hardware Overview 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly. Figure Transceiver's Latch Example 2 Pull the transceiver out of the slot. Figure 14 Transceiver Removal Example 40 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 41
module • Two stacking ports (C) • An RJ-45 out-of-band management port (D) • An RS-232 management console port (E) • A connector for the power receptacle (F) • A power switch (G) (DC power input model only). Figure 16 Rear Panel - AC Model A B C DE F XGS-4526/4528F/4728F User's Guide 41 - ZyXEL XGS-4528F | User Guide - Page 42
Port Connect to a computer using an RJ-45 Ethernet cable for local configuration of the Switch. Only connect this port to your computer (using an RS-232 cable) if you want to configure the Switch using the command line interface (CLI) via the console port. 42 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 43
463, and make sure you are using an appropriate power source. Keep the power supply switch and the Switch's power switch in the OFF position until you come to the procedure for turning on the power. Use a DC power source to the device. To connect a power supply: XGS-4526/4528F/4728F User's Guide 43 - ZyXEL XGS-4528F | User Guide - Page 44
Switch's terminal block header. 3.2.6 External Backup Power Supply Connector The Switch supports external backup power supply (BPS). The Switch console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. 44 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 45
Ethernet network. On The link to a 100 Mbps Ethernet network is up. Off The link to an Ethernet network is down. 1000Base-X Mini-GBIC Slots ( ) XGS-4526/4528F/4728F User's Guide 45 - ZyXEL XGS-4528F | User Guide - Page 46
Chapter 3 Hardware Overview Table 3 LEDs (continued) LED COLO R STATUS 1-24 or 21-24 Green On Blinking Off DESCRIPTION The port has a successful connection. The port is receiving or transmitting data. This link is disconnected. 46 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 47
1 Start your web browser. 2 Type "http://" and the IP address of the Switch (for example, the default management IP address is 192.168.1.1 through an in-band (non-MGMT) port and 192.168.0.1 through the MGMT port) in the Location or Address field. Press [ENTER]. XGS-4526/4528F/4728F User's Guide 47 - ZyXEL XGS-4528F | User Guide - Page 48
default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually This guide uses the XGS-4728F screens as an example. The screens may vary slightly for different models. 48 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 49
configuration file. C - Click this link to go to the status page of the Switch. D - Click this link to log out of the web configurator. E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. XGS-4526/4528F/4728F User's Guide 49 - ZyXEL XGS-4528F | User Guide - Page 50
(necessary for Switch management) and DNS (domain name server) and set up to 64 IP routing domains. Port Setup This link takes you to screens where you can configure speed, flow control and priority settings for individual Switch ports. Advanced Application 50 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 51
based or 802.1Q VLAN (depending on what you configured in the Switch Setup menu). You can also configure a protocol based VLAN or a accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) XGS-4526/4528F/4728F User's Guide 51 - ZyXEL XGS-4528F | User Guide - Page 52
defines how the Switch should forward traffic by configuring the TCP/IP parameters manually. Policy Routing This password and configure SNMP and remote management. Diagnostic This link takes you to screens where you can view system logs and can test port(s). 52 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 53
other port(s). 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 21 Change Administrator Login Password XGS-4526/4528F/4728F User's Guide 53 - ZyXEL XGS-4528F | User Guide - Page 54
port) to configure the Switch. 4.6 Resetting the Switch If you lock yourself (and others) from the Switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the Switch back to the factory defaults. 54 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 55
to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will also a configuration file upload, type atgo to restart the Switch. Figure 22 Resetting the Switch: Via the Console Port Bootbase Version: V1.00 | XGS-4526/4528F/4728F User's Guide 55 - ZyXEL XGS-4528F | User Guide - Page 56
Switch is now reinitialized with a default configuration file including the default password of "1234". 4.7 Logging Out of the Web Configurator Click Logout in a screen to exit the web configurator. You have to log in with your password of that screen. 56 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 57
of 255.255.255.0. In the example network, since the RD network is already in the same IP interface as the Switch, you don't need to create an IP interface for it. However, if you want to have the Sales network on a different routing domain, you need to create a XGS-4526/4528F/4728F User's Guide 57 - ZyXEL XGS-4528F | User Guide - Page 58
new IP interface. This allows the Switch to route traffic between the RD and subnet as the MGMT port. 2 Open your web browser and enter 192.168.0.1 (the default MGMT port IP address) in the address bar to access the web configurator. See Section subnet mask. 58 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 59
pool, subnet mask, default gateway address and the Switch's power is turned off. 5.1.3 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 60
Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 60 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 61
as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. 5 Click Add to save the settings to the run-time the run-time memory are lost when the Switch's power is turned off. XGS-4526/4528F/4728F User's Guide EXAMPLE 61 - ZyXEL XGS-4528F | User Guide - Page 62
information. 3 In the Version field, select RIP-1 for the RIP packet format that is universally supported. EXAMPLE 4 Click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 62 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 63
devices in VLAN network (V). Create a VLAN containing ports 5, 6 and 7. Connect a computer M to the Switch's MGMT port. Figure 27 Tutorial: DHCP Snooping Tutorial Overview M V CB A Note: For related information about DHCP snooping, see Section 26.1 on page 259. XGS-4526/4528F/4728F User's Guide 63 - ZyXEL XGS-4528F | User Guide - Page 64
TRUSTED Yes No No 1 Access the Switch from the MGMT port through http://192.168.0.1 by default. Log into the Switch by entering the username (default: admin) and password (default: 1234). 2 Go to Advanced Application traffic to contain this VLAN tag. Click Add. 64 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 65
> DHCP snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. 5 Click the Port link at the top right corner. XGS-4526/4528F/4728F User's Guide 65 - ZyXEL XGS-4528F | User Guide - Page 66
the entry. See Section 26.1.1.3 on page 261. 8 Click Save at the top right corner of the web configurator to save the configuration permanently. 66 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 67
an IP assignment with the type dhcp-snooping as shown. You can also telnet or log into the Switch's console. Use the command "show dhcp snooping binding" to see the DHCP snooping binding table as specific IP address (say 172.16.1.18) and gateway information to XGS-4526/4528F/4728F User's Guide 67 - ZyXEL XGS-4528F | User Guide - Page 68
of VLAN 102. 1 Access the web configurator through the Switch's management port. 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. 3 Click Advanced Application > VLAN > Static VLAN. 68 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 69
be a permanent member of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. 7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. XGS-4526/4528F/4728F User's Guide 69 - ZyXEL XGS-4528F | User Guide - Page 70
to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently. 70 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 71
specific IP address based on the DHCP request. 6.2.4 Troubleshooting Check the client A's IP address. If it did not Switch's port 2 in VLAN 102. 2 You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 72
in this Tutorial SWITCH PORT CONNECTED VLAN CIRCUIT-ID REMOTE-ID A Port 5 (to C) 1 userC 00134900000A PPPOE IA PORT TRUSTED Untrusted Port 12 (to B) 1 N/A N/A B Port 11 (to A) 1 N/A N/A Trusted Trusted Port 12 (to S) 1 N/A N/A Trusted 72 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 73
Chapter 6 Tutorials 6.3.1 Configuring Switch A 1 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the the other fields empty. Click Apply. Then Click Intermediate Agent on the top of the screen. XGS-4526/4528F/4728F User's Guide 73 - ZyXEL XGS-4528F | User Guide - Page 74
Chapter 6 Tutorials 3 The Intermediate Agent screen appears. Click VLAN on the top of the screen. 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in this example. Click Apply. 74 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 75
with VLAN 1 and pass to the PPPoE server. Click Apply. 6.3.2 Configuring Switch B The example uses another XGS-4728F as switch B. 1 Click Advanced Application > PPPoE > Intermediate Agent. Select Active then click Apply. Click Port on the top of the screen. XGS-4526/4528F/4728F User's Guide 75 - ZyXEL XGS-4528F | User Guide - Page 76
Chapter 6 Tutorials 2 Select Trusted for ports 11 and 12 and then click Apply. Then Click Intermediate Agent on the top of the screen. 3 The Intermediate Agent screen appears. Click VLAN on the top of the screen. 76 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 77
you follow the steps exactly in this tutorial. 6.4 How to Use Error Disable and Recovery on the Switch This tutorial shows you how to shut down a port when: • there is a loop occurred or • too many ARP requests (over 100 packets per second) received on a port XGS-4526/4528F/4728F User's Guide 77 - ZyXEL XGS-4528F | User Guide - Page 78
You also want the Switch to wait for a period of time (10 minutes) before resuming the port automatically, after the problem(s) are gone. Loop Switch. Then select the Active option of the first entry (port *) to enable loop guard for all ports. Click Apply. 78 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 79
all ports. Then click Apply. 3 Click Advanced Application > Errdisable > Errdisable Detect, select Active for cause ARP and inactive-port as the mode. Then click Apply. XGS-4526/4528F/4728F User's Guide 79 - ZyXEL XGS-4528F | User Guide - Page 80
server. In this guest VLAN, clients can surf the Internet through the default gateway attached to port 10, but are not allowed to access other network resources, such as the mail server or local data base. VLAN 1 Guest VLAN 200 Ports 1, 2, 3 and 10 Internet 80 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 81
ID field. 5 Select Fixed to configure ports 1, 2, 3 and 10 to be permanent members of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. XGS-4526/4528F/4728F User's Guide 81 - ZyXEL XGS-4528F | User Guide - Page 82
to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. 8 Click the VLAN Status link in the Static VLAN screen and then the the frames are forwarded to the VLAN group that the tag defines. 82 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 83
to validate access to ports 1~8 to clients based on a RADIUS server. 1 Click Advanced Application > Port Authentication and then the Click Here link for 802.1x. XGS-4526/4528F/4728F User's Guide 83 - ZyXEL XGS-4528F | User Guide - Page 84
first Active checkbox to enable 802.1x authentication on the Switch. Select the Active checkboxes for ports 1 to 8 to turn on 802.1x authentication on the selected ports. Click Apply. 6.5.3 Enabling Guest VLAN 1 Click the Guest Vlan link in the 802.1x screen. 84 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 85
this example) on ports 1, 2 and 3. The Switch puts unauthenticated clients in the specified guest VLAN. Set Host-mode to Multi-Secure to have the Switch authenticate each client that connects to one of these ports or network resources in the same VLAN. You use XGS-4526/4528F/4728F User's Guide 85 - ZyXEL XGS-4528F | User Guide - Page 86
of VLAN 123. 1 Access the web configurator through the Switch's management port. 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. 3 Click Advanced Application > VLAN > Static VLAN. 86 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 87
this VLAN. 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports. 7 Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch's power is turned off. XGS-4526/4528F/4728F User's Guide 87 - ZyXEL XGS-4528F | User Guide - Page 88
to the run-time memory. 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently. 88 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 89
configurator to save your configuration permanently. From port 2, 3, or 4, you should be able to access the device that attachs to port 5, such as a server or default gateway. XGS-4526/4528F/4728F User's Guide 89 - ZyXEL XGS-4528F | User Guide - Page 90
to the default gateway. The Switch applies policy- Switch's management port. 2 Go to Advanced Application > Classifier and select Active. Enter a descriptive name ("DSCP58" in this example). Select the second option of DSCP and enter 58 in the field provided. 90 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 91
> Policy Routing. 2 Select Active and enter a descriptive name for this profile ("To_R2" for example). Click Add to save the settings to the run-time memory. XGS-4526/4528F/4728F User's Guide 91 - ZyXEL XGS-4528F | User Guide - Page 92
. Set the rule's index number to 1 in the Sequence field. Select Permit to have the Switch send matched traffic to the specified gateway. Select the name of the layer-3 classifier to which the the web configurator to save your configuration permanently. 92 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 93
PART II Technical Reference 93 - ZyXEL XGS-4528F | User Guide - Page 94
94 - ZyXEL XGS-4528F | User Guide - Page 95
Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 30 Status XGS-4526/4528F/4728F User's Guide 95 - ZyXEL XGS-4528F | User Guide - Page 96
Port and then click Clear Counter to erase the recorded statistical information for that port, or select Any to clear statistics for all ports. 96 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 97
Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 31 Status: Port Details The following table describes the labels in this screen. for half duplex). It also shows the cable type (Copper or Fiber). XGS-4526/4528F/4728F User's Guide 97 - ZyXEL XGS-4528F | User Guide - Page 98
512 bits of the packets have already been transmitted. Error Packet The following fields display detailed information about packets received that were in error. 98 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 99
number of packets (including bad packets) received that were between 1519 octets and the maximum frame size. The maximum frame size varies depending on your switch model. See Chapter 56 on page 463. XGS-4526/4528F/4728F User's Guide 99 - ZyXEL XGS-4528F | User Guide - Page 100
Chapter 7 System Status and Port Statistics 100 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 101
a Switch IP address in each routing domain, subnet mask(s) and DNS (domain name server) for management purposes. The Port Setup screen allows you to enable or disable a port on the Switch and configure the port settings, such as the speed and duplex mode. XGS-4526/4528F/4728F User's Guide 101 - ZyXEL XGS-4528F | User Guide - Page 102
sensors on the Switch printed circuit board. Current This shows the current temperature at this sensor. MAX This field displays the maximum temperature measured at this sensor. MIN This field displays the minimum temperature measured at this sensor. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 103
measured at this point. Threshold This field displays the percentage tolerance of the voltage with which the Switch still works. Status Normal indicates that the voltage is within an acceptable operating range at this point; otherwise Error is displayed. XGS-4526/4528F/4728F User's Guide 103 - ZyXEL XGS-4528F | User Guide - Page 104
the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. Contact Type the name of the person in charge of this Switch. You can use up to Person's Name 32 printable ASCII characters; spaces are allowed. 104 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 105
when Bootup Type the time service protocol that your timeserver uses. Not all time servers support all protocols, so you may Time (RFC-868). None is the default value. Enter the time manually. Each time you turn on the Switch, the time and date will be reset XGS-4526/4528F/4728F User's Guide 105 - ZyXEL XGS-4528F | User Guide - Page 106
one hour ahead of GMT or UTC (GMT+1). Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on on page 117 for information on port-based and 802.1Q tagged VLANs. 106 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 107
2~6, 8 C Root port: 7 Designated port: 8 You should enable RSTP or MRSTP before you can use smart isolation on the Switch. If the network topology changes, the Switch automatically updates the isolated port list with the latest designated port information. XGS-4526/4528F/4728F User's Guide 107 - ZyXEL XGS-4528F | User Guide - Page 108
screen. See Chapter 9 on page 117 for more information. Bridge Control Select Active to allow the Switch to handle bridging control protocols Protocol (STP, for example). You also need to define how to treat a BPDU in the Transparency Port Setup screen. 108 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 109
1Q VLAN port isolation or private VLAN and (M)RSTP on the Switch. Smart isolation does not work with MSTP and/or portbased contains bits to define class of service. Frames without an explicit priority tag are given the default priority of the ingress port. Use XGS-4526/4528F/4728F User's Guide 109 - ZyXEL XGS-4528F | User Guide - Page 110
8.6 IP Setup Use the IP Setup screen to configure the default gateway device, the default domain name server and add IP domains. 8.6.1 IP Interfaces The Switch needs an IP address for it to be managed over the do not overlap. To change the IP address of the 110 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 111
In-Band to have the Switch send the packets to all ports except the management port (labelled MGMT) to which connected device(s) do not receive these packets. Management IP Address Use these fields to set the settings for the out-of-band management port. XGS-4526/4528F/4728F User's Guide 111 - ZyXEL XGS-4528F | User Guide - Page 112
the VLAN identification number of the IP domain on the Switch. Delete Click Delete to remove the selected entry from the summary table. Cancel Note: Deleting all IP subnets locks you out of the Switch. Click Cancel to clear the Delete check boxes. 112 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 113
Setup Use this screen to configure Switch port settings. Click Basic Setting you make them. Select this check box to enable a port. The factory default for all ports is enabled. A port must be enabled for data transmission to in the XGS-4528F or XGS-4728F. XGS-4526/4528F/4728F User's Guide 113 - ZyXEL XGS-4528F | User Guide - Page 114
is available when you install an EM-412 module in the Switch's optional uplink module slot (see Section 3.2 on page 41). Select the number of meters for the length of the 10GBASE-CX4 cable you use to connect between the Switch and another switch for stacking. 114 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 115
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 115 - ZyXEL XGS-4528F | User Guide - Page 116
Chapter 8 Basic Setting 116 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 117
the default User Priority 2 Bytes 3 Bits CFI VLAN ID 1 Bit 12 bits 9.1.1 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 118
IEEE 802.1Q VLAN terminology. Table 15 IEEE 802.1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually. Dynamic VLAN This is a VLAN configured by a GVRP registration/ deregistration process. 118 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 119
intermediary switches C, D and E; otherwise they will drop frames with unknown VLAN group tags. However, with VLAN Trunking enabled on a port(s) in each intermediary switch you only need to create VLAN groups in the end devices (A and B). C, D and E automatically XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 120
VLAN Trunking 9.4 Select the VLAN Type Select a VLAN type in the Basic Setting > Switch Setup screen. Figure 38 Switch Setup: Select VLAN Type 9.5 Static VLAN Use a static VLAN to decide whether an incoming untagged) from a port with the specified VID. 120 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 121
Switch; dynamic - using GVRP, static - added as a permanent entry or other - added in another way such as via Multicast VLAN Registration (MVR). Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen. XGS-4526/4528F/4728F User - ZyXEL XGS-4528F | User Guide - Page 122
a static VLAN was set up. This field shows how this VLAN was added to the Switch; dynamic - using GVRP, static - added as a permanent entry or other - added for the Switch. See Section 9.1 on page 117 for more information on static VLAN. To configure a 122 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 123
then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. XGS-4526/4528F/4728F User's Guide 123 - ZyXEL XGS-4528F | User Guide - Page 124
to dynamically join this VLAN group using GVRP. This is the default selection. Select Fixed for the port to be a permanent member of ID. Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses 124 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 125
the default setting. Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 126
on a port, the Switch checks if a tag services receive the highest priority and data the lowest. Figure 43 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 172.16.1.0/24 VID = 100 192.168.1.0/24 VID = 200 10.1.1.0/24 VID = 300 126 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 127
their IP addresses through the DHCP VLAN. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save up to 32 alphanumeric characters to identify this subnet based VLAN. XGS-4526/4528F/4728F User's Guide 127 - ZyXEL XGS-4528F | User Guide - Page 128
you specify. When an upstream frame is received on a port (configured for a protocol based VLAN), the Switch checks if a tag is added already and its protocol. The untagged packets of the same protocol are applicable only when you use IEEE 802.1Q tagged VLAN. 128 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 129
and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C. Figure 45 Protocol Based VLAN Application Example 9.9 Configuring Protocol Based VLAN Click Protocol Based > VLAN > VLAN Port Setting > Protocol Based VLAN XGS-4526/4528F/4728F User's Guide 129 - ZyXEL XGS-4528F | User Guide - Page 130
screens. Select the priority level that the Switch will assign to frames belonging to this VLAN. Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned Click Cancel to begin configuring this screen afresh. 130 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 131
Type 1. 3 Give this protocol-based VLAN a descriptive name. Type IP-VLAN. 4 Select the protocol. Leave the default value IP. 5 Type the VLAN ID of an existing VLAN. In our example we already created a static VLAN with the next port you want to add. 3 Click Add. XGS-4526/4528F/4728F User's Guide 131 - ZyXEL XGS-4528F | User Guide - Page 132
Port-based VLANs are specific only to the Switch on which they were created. Note: When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it. to restrict users from communicating directly. Click Apply to save your settings. 132 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 133
Chapter 9 VLAN The following screen shows users on a port-based, all-connected VLAN configuration. Figure 48 Advanced Application > VLAN > Port Based VLAN Setup (All Connected) XGS-4526/4528F/4728F User's Guide 133 - ZyXEL XGS-4528F | User Guide - Page 134
Chapter 9 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration. Figure 49 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) 134 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 135
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 135 - ZyXEL XGS-4528F | User Guide - Page 136
Chapter 9 VLAN 136 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 137
.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When to access the Switch. See Chapter 19 on page 197 for more information on port security. XGS-4526/4528F/4728F User's Guide 137 - ZyXEL XGS-4528F | User Guide - Page 138
forwarded. Add Click Add to save your rule to the Switch's run-time memory. The Switch loses this rule if it is turned off or loses afresh. Clear Click Clear to reset the fields to the factory defaults. Index Click an index number to modify a static MAC address XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 139
field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. XGS-4526/4528F/4728F User's Guide 139 - ZyXEL XGS-4528F | User Guide - Page 140
Chapter 10 Static MAC Forward Setup 140 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 141
multicast address is a multicast MAC address that has been manually entered in the multicast table. Static multicast addresses do not first. If a multicast group has no members, then the switch will either flood the multicast frames to all ports or drop them XGS-4526/4528F/4728F User's Guide 141 - ZyXEL XGS-4528F | User Guide - Page 142
.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). 142 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 143
and 5. Enter "3,5,7" for ports 3, 5, and 7. Add Click Add to save your rule to the Switch's run-time memory. The Switch loses this rule if it is turned off or loses power, so use the Save link on the modify a static multicast MAC address rule for port(s). XGS-4526/4528F/4728F User's Guide 143 - ZyXEL XGS-4528F | User Guide - Page 144
will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 144 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 145
This chapter discusses MAC address port filtering. 12.1 Configure a Filtering Rule Configure the Switch to filter traffic based on the traffic's source, destination MAC addresses and/or ASCII characters) for this rule. This is for identification only. XGS-4526/4528F/4728F User's Guide 145 - ZyXEL XGS-4528F | User Guide - Page 146
number. Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses this screen afresh. Click Clear to clear the fields to the factory defaults. This field displays the index number of the rule. Click an XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 147
CHAPTER 13 Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) . Note: In this user's guide, "STP" refers to both STP and RSTP. 13.1.1 STP Terminology The root bridge is the base of the spanning tree. XGS-4526/4528F/4728F User's Guide 147 - ZyXEL XGS-4528F | User Guide - Page 148
are therefore only forwarded between enabled ports, eliminating any possible network loops. STP-aware switches exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes the network to re-establish a valid network topology. 148 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 149
is disabled (default). Blocking Only RSTP MRSTP (Multiple RSTP) is ZyXEL's proprietary feature that is compatible with switch A. Figure 56 MRSTP Network Example To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 150
two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link. Figure 57 STP/RSTP Network Example A VLAN 1 VLAN 2 B 150 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 151
created MSTI is identified by a unique number (known as an MST ID) known internally to a region. Thus an MSTI does not span across MST regions. XGS-4526/4528F/4728F User's Guide 151 - ZyXEL XGS-4528F | User Guide - Page 152
of the entire network and it is equivalent to a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. running RSTP. Figure 60 MSTP and Legacy RSTP Network Example 152 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 153
Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch. Click Configuration in the Advanced Application > Spanning Tree Protocol. Figure 62 Advanced Application > Spanning Tree Protocol > Configuration XGS-4526/4528F/4728F User's Guide 153 - ZyXEL XGS-4528F | User Guide - Page 154
147 for background information on STP. Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save . Figure 63 Advanced Application > Spanning Tree Protocol > RSTP 154 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 155
40 seconds. This is the maximum time (in seconds) a switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames all the ports as soon as you make them. XGS-4526/4528F/4728F User's Guide 155 - ZyXEL XGS-4528F | User Guide - Page 156
when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. Path cost is the cost of 13.1 on page 147 for more information on RSTP. 156 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 157
which this Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change XGS-4526/4528F/4728F User's Guide 157 - ZyXEL XGS-4528F | User Guide - Page 158
STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. 158 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 159
seconds. This is the maximum time (in seconds) a switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward as it receives a Bridge Protocol Data Unit (BPDU). XGS-4526/4528F/4728F User's Guide 159 - ZyXEL XGS-4528F | User Guide - Page 160
forms a loop in the Switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. Path MRSTP on the Switch. Figure 66 Advanced Application > Spanning Tree Protocol > Status: MRSTP 160 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 161
which this Switch must communicate with the root of the Spanning Tree. Topology This is the number of times the spanning tree has been reconfigured. Changed Times Time Since Last This is the time since the spanning tree was last reconfigured. Change XGS-4526/4528F/4728F User's Guide 161 - ZyXEL XGS-4528F | User Guide - Page 162
Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 150 for more information on MSTP. Figure 67 Advanced Application > Spanning Tree Protocol > MSTP 162 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 163
to belong to the same region. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the to identify this MST instance on the Switch. The Switch supports instance numbers 0-16. XGS-4526/4528F/4728F User's Guide 163 - ZyXEL XGS-4528F | User Guide - Page 164
more than one port forms a loop in the Switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. Path cost is the cost of the ports configured to participate in the MST instance. 164 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 165
then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. XGS-4526/4528F/4728F User's Guide 165 - ZyXEL XGS-4528F | User Guide - Page 166
Protocol Data Unit (BPDU). Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so MSTP on the Switch. Figure 69 Advanced Application > Spanning Tree Protocol > Status: MSTP 166 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 167
the MST instance. Our Bridge is this Switch. This Switch may also be the root bridge. This is the unique identifier for this bridge, consisting of bridge priority plus MAC address. This ID is the same for Root and Our Bridge if the Switch is the root switch. XGS-4526/4528F/4728F User's Guide 167 - ZyXEL XGS-4528F | User Guide - Page 168
Internal Cost This is the path cost from the root port in this MST instance to the regional root switch. Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance. 168 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 169
drop. Note: The CIR should be less than the PIR. Note: The sum of CIRs cannot be greater than or equal to the uplink bandwidth. XGS-4526/4528F/4728F User's Guide 169 - ZyXEL XGS-4528F | User Guide - Page 170
Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number. * Settings in this row apply to all ports (Kbps) for the incoming traffic flow on a port. 170 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 171
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 171 - ZyXEL XGS-4528F | User Guide - Page 172
Chapter 14 Bandwidth Control 172 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 173
limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast shown next. Figure 71 Advanced Application > Broadcast Storm Control XGS-4526/4528F/4728F User's Guide 173 - ZyXEL XGS-4528F | User Guide - Page 174
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 174 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 175
screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 72 Advanced Application > Mirroring XGS-4526/4528F/4728F User's Guide 175 - ZyXEL XGS-4528F | User Guide - Page 176
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 176 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 177
standard for static and dynamic (LACP) port trunking. The Switch supports the link aggregation IEEE802.3ad standard. This standard describes the Link Aggregation Control Protocol (LACP), which is a protocol that dynamically creates and manages trunk groups. XGS-4526/4528F/4728F User's Guide 177 - ZyXEL XGS-4528F | User Guide - Page 178
Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY 0000 00-00-00-00-00-00 0000 PORT PRIORITY 00 PORT NUMBER 0000 PORT NUMBER 0000 178 1. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 179
Application > Link Aggregation in the navigation panel. The Link Aggregation Status screen displays by default. See Section 17.1 on page 177 for more information. Figure 73 Advanced Application to this trunk group and LACP is also enabled for this group. XGS-4526/4528F/4728F User's Guide 179 - ZyXEL XGS-4528F | User Guide - Page 180
and destination MAC addresses. src-ip means the Switch distributes traffic based on the packet's source IP address. dst-ip means the Switch distributes traffic based on the packet's destination - if the ports are configured to join a trunk group via LACP. 180 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 181
Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. XGS-4526/4528F/4728F User's Guide 181 - ZyXEL XGS-4528F | User Guide - Page 182
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 182 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 183
shown next. See Section 17.2 on page 177 for more information on dynamic link aggregation. Figure 75 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP XGS-4526/4528F/4728F User's Guide 183 - ZyXEL XGS-4528F | User Guide - Page 184
possible. Select either 1 second or 30 seconds. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link you how to create a static port trunk group for ports 2-5. 184 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 185
are connected to the same destination. The following figure shows ports 2-5 on switch A connected to switch B. Figure 76 Trunking Example - Physical Connections B A 2 Configure static trunking EXAMPLE Your trunk group 1 (T1) configuration is now complete. XGS-4526/4528F/4728F User's Guide 185 - ZyXEL XGS-4528F | User Guide - Page 186
Chapter 17 Link Aggregation 186 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 187
the client provides the login 2. At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. XGS-4526/4528F/4728F User's Guide 187 - ZyXEL XGS-4528F | User Guide - Page 188
18.1.2 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the 188 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 189
client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 79 MAC Authentication Process 1 New method in the screen that appears. Figure 80 Advanced Application > Port Authentication XGS-4526/4528F/4728F User's Guide 189 - ZyXEL XGS-4528F | User Guide - Page 190
this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch before configuring it on each port. Port This field first allow 802.1x authentication on the Switch before configuring it on each port. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 191
2 by default. That is, the Switch attempts to password can still access the port, but traffic from the user is forwarded to the guest VLAN. That is, unauthenticated users can have access to limited network resources in the same guest VLAN, such as the Internet. The XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 192
Authentication rights granted to the Guest VLAN depends on how the network administrator configures switches or routers with the guest network feature. Figure 82 Guest VLAN Example VLAN 100 83 Advanced Application > Port Authentication > 802.1x > Guest VLAN 192 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 193
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 193 - ZyXEL XGS-4528F | User Guide - Page 194
this field blank, then only the MAC address of the client is forwarded to the RADIUS server. Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters. 194 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 195
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 195 - ZyXEL XGS-4528F | User Guide - Page 196
Chapter 18 Port Authentication 196 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 197
Switch. The XGS4728F can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K. The XGS-4526 or XGS-4528F . By default, MAC address learning is still enabled even though the port security is not activated. XGS-4526/4528F/4728F User's Guide 197 - ZyXEL XGS-4528F | User Guide - Page 198
only for the ports specified in the Port list. Active Select this option to enable port security on the Switch. Port This field displays a port number. * Settings in this row apply to all ports. Use this copied to all the ports as soon as you make them. 198 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 199
16384" in the XGS-4728F and from "0" to "8192" in the XGS-4526 or XGS-4528F. "0" means this feature is disabled. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes > Port Security > VLAN MAC Address Limit XGS-4526/4528F/4728F User's Guide 199 - ZyXEL XGS-4528F | User Guide - Page 200
in the Switch Setup screen. The valid range is from "0" to "16384" in the XGS-4728F and from "0" to "8192" in the XGS-4526 or XGS-4528F. "0" means Clear Click Clear to clear the fields to the factory defaults. Index This field displays the index number of the rule XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 201
chapter introduces and shows you how to configure the packet classifier on the Switch. 20.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with configure policy rules, refer to Chapter 21 on page 207. XGS-4526/4528F/4728F User's Guide 201 - ZyXEL XGS-4528F | User Guide - Page 202
formatted according to the IEEE 802.3 standards. A value of Ethernet II indicates that the packets are formatted according to RFC 894, Ethernet II encapsulation. 202 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 203
for more information. You may select Establish Only for TCP protocol type. This means that the Switch will pick out the packets that are sent to establish TCP connections. Source IP Address/ Address Prefix by entering the number of ones in the subnet mask. XGS-4526/4528F/4728F User's Guide 203 - ZyXEL XGS-4528F | User Guide - Page 204
the summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses Clear to set the above fields back to the factory defaults. 20.3 Viewing and Editing Classifier Configuration To view a summary XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 205
common IP ports are: Table 52 Common IP Ports PORT NUMBER PORT NAME 21 FTP 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 XGS-4526/4528F/4728F User's Guide 205 - ZyXEL XGS-4528F | User Guide - Page 206
, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 21 on page 207 for information on configuring a policy rule. 206 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 207
service levels. The following figure illustrates the DS field. DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. DSCP (6 bits) Unused (2 bits) XGS-4526/4528F/4728F User - ZyXEL XGS-4528F | User Guide - Page 208
policies. 21.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 20.2 on page 201 for more information. 208 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 209
this screen. Table 53 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. XGS-4526/4528F/4728F User's Guide 209 - ZyXEL XGS-4528F | User Guide - Page 210
number between 0 and 63. TOS Specify the type of service (TOS) priority level. Metering You can configure the number for out-of-profile traffic. Action Specify the action(s) the Switch takes on the associated classified traffic flow. Forwarding Select No change XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 211
summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or Clear to set the above fields back to the factory defaults. 21.3 Viewing and Editing Policy Configuration To view a summary Table XGS-4526/4528F/4728F User's Guide 211 - ZyXEL XGS-4528F | User Guide - Page 212
this policy applies. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes. 212 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 213
and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 20.4 on page 206). Figure 92 Policy Example XGS-4526/4528F/4728F User's Guide EXAMPLE 213 - ZyXEL XGS-4528F | User Guide - Page 214
Chapter 21 Policy Rule 214 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 215
Priority (SP) services queues based on priority only. As traffic comes into the Switch, traffic on the default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. The weights range from 1 to 15 and the actual guaranteed bandwidth is calculated as follows: XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 216
can handle. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied. 216 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 217
then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. XGS-4526/4528F/4728F User's Guide 217 - ZyXEL XGS-4528F | User Guide - Page 218
Switch services Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 218 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 219
Service Provider's Network (SPN) customers with VPN tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for their VLAN group. The service provider can separate these two VLANs within its network by adding tag 37 to XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 220
frame switching. • Select Access Port for ingress ports on the service service provider's VLAN (using the outer VLAN tag defined by the Service Provider's (SP) VLAN ID (VID)). Note: Static VLAN Tx Tagging MUST be enabled on a port where you choose Tunnel Port. 220 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 221
is the VLAN ID. SP VID is the VID for the second (service provider's) VLAN tag. 23.3.1 Frame Format The frame format for an untagged Ethernet frame, a single-tagged 802.1Q frame (customer) and a "double-tagged" 802.1Q frame (service provider) is shown next. XGS-4526/4528F/4728F User's Guide 221 - ZyXEL XGS-4528F | User Guide - Page 222
Configure the fields as highlighted in the Switch VLAN Stacking screen. Table 57 Single 1Q Frame DA Destination Address SA Source Address (SP)TPI D VID (Service Provider) Tag Protocol IDentifier VLAN ID Priority Len/ Etype Data 802.1p > VLAN Stacking 222 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 223
Cancel to begin configuring this screen afresh. 23.4.1 Port-based Q-in-Q Port-based Q-in-Q lets the Switch treat all frames received on the same port as the same VLAN flows and add the same outer VLAN tag to them, even they have different customer VLAN IDs. XGS-4526/4528F/4728F User's Guide 223 - ZyXEL XGS-4528F | User Guide - Page 224
Priority Select a priority level (from 0 to 7). This is the service provider's priority level that adds to the frames received on this port. Switch to add different outer VLAN tags to the incoming frames received on one port according to their inner VLAN tags. 224 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 225
Priority Select a priority level (from 0 to 7). This is the service provider's priority level that adds to the frames received on this port . Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or XGS-4526/4528F/4728F User's Guide 225 - ZyXEL XGS-4528F | User Guide - Page 226
packets from the subscribers. Priority This is the service provider's priority level in the packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. 226 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 227
(such as content information distribution) based on service plans and types of subscription. You can set the Switch to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating the profile to a port. XGS-4526/4528F/4728F User's Guide 227 - ZyXEL XGS-4528F | User Guide - Page 228
multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them. The Switch forwards multicast traffic destined for multicast . Multicast Group This field displays IP multicast group addresses. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 229
group membership entry if it does not receive report messages from the port. 802.1p Priority Select a priority level (0-7) to which the Switch changes the priority in outgoing IGMP control packets. Otherwise, select No-Change to not replace the priority. XGS-4526/4528F/4728F User's Guide 229 - ZyXEL XGS-4528F | User Guide - Page 230
hosts connected to the port should remain in the specific multicast group. This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host. 230 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 231
select Default to Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 232
Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. 232 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 233
Add to insert the entry in the summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save assigned a single profile. A profile can be assigned to multiple ports. XGS-4526/4528F/4728F User's Guide 233 - ZyXEL XGS-4528F | User Guide - Page 234
profile to the Switch's run-time memory. The Switch loses these changes defaults. This field displays the descriptive name of the profile. This field displays the start of the multicast address range. This field displays the end of the multicast address range. 234 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 235
that use multicast traffic across an Ethernet ring-based service provider network. MVR allows one single multicast VLAN to on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. XGS-4526/4528F/4728F User's Guide 235 - ZyXEL XGS-4528F | User Guide - Page 236
compatible mode, the Switch does not send any IGMP reports. In this case, you must manually configure the forwarding settings Switch removes the receiver port from the forwarding table. Figure 103 MVR Multicast Television Example VLAN 1 Multicast VLAN S A 236 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 237
Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in Enter the VLAN ID (1 to 4094) of the multicast VLAN. ID XGS-4526/4528F/4728F User's Guide 237 - ZyXEL XGS-4528F | User Guide - Page 238
the VLAN ID in all outgoing frames transmitted. Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save the Delete button. Click Cancel to clear the Delete check boxes. 238 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 239
you want to configure only one IP address for a multicast group. Refer to Section 24.1.1 on page 227 for more information on IP multicast addresses. XGS-4526/4528F/4728F User's Guide 239 - ZyXEL XGS-4528F | User Guide - Page 240
Group Configuration LABEL DESCRIPTION Add Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use .1.4.10 ~ 224.1.4.50 Multicast VID 200 Movie: 230.1.2.50 ~230.1.2.60 7 S C 240 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 241
group in the MVR screen and set the receiver and source ports. Figure 107 MVR Configuration Example EXAMPLE To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The XGS-4526/4528F/4728F User's Guide 241 - ZyXEL XGS-4528F | User Guide - Page 242
Chapter 24 Multicast following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200. Figure 108 MVR Group Configuration Example EXAMPLE Figure 109 MVR Group Configuration Example 242 EXAMPLE XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 243
, authorization and accounting functions are known as AAA servers. The Switch supports RADIUS (Remote Authentication Dial-In User Service, see Section 25.1.2 on page 244) and TACACS+ (Terminal Access Controller Access-Control System Plus, see Section XGS-4526/4528F/4728F User's Guide 243 - ZyXEL XGS-4528F | User Guide - Page 244
, authorization, accounting or all of them on the Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or both) and then set up the authentication priority, activate authorization and configure accounting settings. 244 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 245
25.3 on page 254 for RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 112 Advanced Application > AAA > RADIUS Server Setup XGS-4526/4528F/4728F User's Guide 245 - ZyXEL XGS-4528F | User Guide - Page 246
entry. Enter the IP address of an external RADIUS accounting server in dotted decimal notation. The default port of a RADIUS accounting server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so. 246 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 247
LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS accounting server and the Switch. This key is not sent over Figure 113 Advanced Application > AAA > TACACS+ Server Setup XGS-4526/4528F/4728F User's Guide 247 - ZyXEL XGS-4528F | User Guide - Page 248
+ accounting server entry. Enter the IP address of an external TACACS+ accounting server in dotted decimal notation. The default port of a TACACS+ accounting server is 49. You need not change this value unless your network administrator instructs you to do so. 248 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 249
a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ accounting server and the Switch. Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 114 Advanced Application > AAA > AAA Setup XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 250
Switch check the administrator accounts configured via the RADIUS Server. Authorization Select tacacs+ to have the Switch check the administrator accounts configured via the TACACS+ Server. Use this section to configure authorization settings on the Switch. 250 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 251
for Commands type of event. Select the threshold command privilege level for which the Switch should send accounting information. The Switch will send accounting information when commands at the level you specify and higher are executed on the Switch. XGS-4526/4528F/4728F User's Guide 251 - ZyXEL XGS-4528F | User Guide - Page 252
Switch. Note that these attributes only work when you enable authorization (see Section 25.2.3 on page 249). Table 72 Supported VSAs FUNCTION Ingress Bandwidth Assignment ATTRIBUTE Vendor-Id = 890 Vendor-Type = 1 Vendor-data = ingress rate (Kbps in decimal format) 252 XGS-4526/4528F/4728F User - ZyXEL XGS-4528F | User Guide - Page 253
enable authorization (see Section 25.2.3 on page 249). Table 73 Supported Tunnel Protocol Attribute FUNCTION VLAN Assignment ATTRIBUTE Tunnel-Type = VLAN( VID on the Switch. Note: The bolded values in this table are fixed values as defined in RFC 3580. XGS-4526/4528F/4728F User's Guide 253 - ZyXEL XGS-4528F | User Guide - Page 254
User-Password NAS-Identifier NAS-IP-Address 25.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type 254 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 255
from the Switch to the User-Name D D NAS-Identifier D D NAS-IP-Address D D Service-Type D D Acct-Status-Type D D Acct-Delay-Time D D Acct-Session-Id D D Acct-Authentic D D Acct-Session-Time D Acct-Terminate-Cause STOP D D D D D D D D D D XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 256
Events via Telnet/SSH ATTRIBUTE START INTERIM-UPDATE User-Name D D NAS-Identifier D D NAS-IP-Address D D Service-Type D D Calling-Station-Id D D D Acct-Output-Packets D Acct-Terminate-Cause STOP D D D D D D D D D D D D D D D D D D 256 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 257
Table 76 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE Acct-Input-Gigawords D Acct-Output- D Gigawords Chapter 25 AAA STOP D D XGS-4526/4528F/4728F User's Guide 257 - ZyXEL XGS-4528F | User Guide - Page 258
Chapter 25 AAA 258 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 259
Switch forwards the packet. If there is not a binding, the Switch discards the packet. The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from information provided manually enable DHCP snooping before you enable ARP inspection. XGS-4526/4528F/4728F User's Guide 259 - ZyXEL XGS-4528F | User Guide - Page 260
there are no trusted ports. Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted ports in the following situations: • The Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts. 260 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 261
of the DHCP relay settings (Chapter 41 on page 361). 26.1.1.4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch. 1 Enable DHCP snooping on the Switch. 2 Enable DHCP snooping on each VLAN, and configure DHCP relay option 82. XGS-4526/4528F/4728F User's Guide 261 - ZyXEL XGS-4528F | User Guide - Page 262
address filter remains in the Switch. These MAC address filters are different than regular MAC address filters (Chapter 12 on page 145). • They are stored only in volatile memory. • They do not use the same space in memory that regular MAC address filters use. 262 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 263
recommended you enable DHCP snooping at least one day before you enable ARP inspection so that the Switch has enough time to build the binding table. 2 Enable ARP inspection on each VLAN. 3 authorized and unauthorized packets in the network. The Switch learns XGS-4526/4528F/4728F User's Guide 263 - ZyXEL XGS-4528F | User Guide - Page 264
a static binding). Type This field displays how the Switch learned the binding. static: This binding was learned from information provided manually by an administrator. VID Port dhcp-snooping: This binding and VLAN ID as an existing static binding, the 264 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 265
Port static: This binding was learned from information provided manually by an administrator. This field displays the source VLAN ID in the binding. This field displays the port number in the binding. If this field is blank, the binding applies to all ports. XGS-4526/4528F/4728F User's Guide 265 - ZyXEL XGS-4528F | User Guide - Page 266
at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 119 DHCP Snooping 266 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 267
the Switch has tried to access the DHCP snooping database for any reason. This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 268
Switch has ignored because the Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore. 268 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 269
Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database Guard > DHCP Snooping > Configure. Figure 120 DHCP Snooping Configure XGS-4526/4528F/4728F User's Guide 269 - ZyXEL XGS-4528F | User Guide - Page 270
is scheduled to occur before the current update has finished successfully or timed out. In this case, the Switch waits to start the next update until it completes the current one. Enter the location of the DHCP values in this screen to their last-saved values. 270 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 271
screen to specify whether ports are trusted or untrusted ports for DHCP snooping. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports. DHCP Snooping > Configure > Port. Figure 121 DHCP Snooping Port Configure XGS-4526/4528F/4728F User's Guide 271 - ZyXEL XGS-4528F | User Guide - Page 272
VLAN Configure Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 41 on page 361) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To 272 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 273
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 274
This field displays how long (in seconds) the MAC address filter remains in the Switch. You can also delete the record manually (Delete). Reason This field displays the reason the ARP packet was discarded. MAC+VLAN this to clear the Delete check boxes above. 274 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 275
Forwarded This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted. Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted. XGS-4526/4528F/4728F User's Guide 275 - ZyXEL XGS-4528F | User Guide - Page 276
into this log message. The Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message. You can configure this interval in the ARP Inspection Configure screen. See Section 26.7 on page 277. 276 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 277
configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure. Figure 126 ARP Inspection Configure XGS-4526/4528F/4728F User's Guide 277 - ZyXEL XGS-4528F | User Guide - Page 278
syslog server (Chapter 48 on page 425) to use this. Enter 0 if you do not want the Switch to send log messages generated by ARP packets to the syslog server. The relationship between Syslog rate and Log the values in this screen to their last-saved values. 278 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 279
. Rate and Burst Interval settings have no effect on trusted ports. Specify the maximum rate (1-2048 packets per second) at which the Switch receives ARP packets from each port. The Switch discards any additional ARP packets. Enter 0 to disable this limit. XGS-4526/4528F/4728F User's Guide 279 - ZyXEL XGS-4528F | User Guide - Page 280
length (1-15 seconds) of the burst interval. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link you configure the * VLAN, the settings are applied to all VLANs. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 281
Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click this to reset the values in this screen to their last-saved values. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 282
Chapter 26 IP Source Guard 282 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 283
and again causing a broadcast storm. If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: • It will receive broadcast messages sent out from the switch in loop state. XGS-4526/4528F/4728F User's Guide 283 - ZyXEL XGS-4528F | User Guide - Page 284
network loops. The following figure illustrates three switches forming a loop. A sample path of the loop guard probe packet is also shown. In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on 284 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 285
the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 8.7 on page 113) or via commands (see the Ethernet Switch CLI Reference Guide). 27.2 Loop MSTP) enabled. Figure 133 Advanced Application > Loop Guard XGS-4526/4528F/4728F User's Guide 285 - ZyXEL XGS-4528F | User Guide - Page 286
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 286 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 287
The Switch translates the VLAN ID from 12 into 123 before forwarding the packets. Any packets carrying a VLAN tag other than 12 (such as 10) and received on port 3 will be dropped. Figure 134 VLAN mapping example 12 10 123 Port 3 10 Service Provider Network XGS-4526/4528F/4728F User's Guide 287 - ZyXEL XGS-4528F | User Guide - Page 288
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 288 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 289
Add to insert the entry in the summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link or not. Name This is the descriptive name for this rule. XGS-4526/4528F/4728F User's Guide 289 - ZyXEL XGS-4528F | User Guide - Page 290
(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. 290 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 291
C and D. Topology change information can be propagated throughout the service provider's network. To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and XGS-4526/4528F/4728F User's Guide 291 - ZyXEL XGS-4528F | User Guide - Page 292
ports. • The Tunnel port is an egress port at the edge of the service provider's network and connected to another service provider's switch. Incoming encapsulated layer-2 protocol packets received on a tunnel port are decapsulated and sent to an access port. 292 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 293
address does not exist in the address table of a switch on the service provider's network. Note: All the edge switches in the service provider's network should be set to use the same MAC address for encapsulation. Port This field displays the port number. XGS-4526/4528F/4728F User's Guide 293 - ZyXEL XGS-4528F | User Guide - Page 294
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 294 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 295
for monitoring switched networks. An sFlow agent embedded on a switch or router gets troubleshooting. For example, you can use it to know which IP address or which type of traffic caused network congestion. Figure 140 sFlow Application sFlow Agent sFlow Collector XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 296
-port basis. Active Note: Changes in this row are copied to all the ports as soon as you make them. Select this to allow the Switch to monitor traffic on this port and generate and send sFlow datagram to the specified collector. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 297
not need to be in the same subnet as the Switch, but it must be accessible from the Switch. Apply Cancel Note: Configure UDP port 6343 (the default) on a NAT router to allow port forwarding if can manage. Figure 142 Advanced Application > sFlow > Collector XGS-4526/4528F/4728F User's Guide 297 - ZyXEL XGS-4528F | User Guide - Page 298
to the factory defaults. Index This Switch uses to send sFlow datagram to the collector. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to begin configuring this screen afresh. 298 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 299
31.1.1 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled, the Switch adds a vendor-specific tag to PADI (PPPoE Active Discovery Initialization) and PADR ( sub-options, which contain additional information about the PPPoE client. XGS-4526/4528F/4728F User's Guide 299 - ZyXEL XGS-4528F | User Guide - Page 300
ID sub-option. The next field specifies the length of the field. The Switch takes the Circuit ID string you manually configure for a VLAN on a port as the highest priority and the Circuit VLAN ID (1 byte) (1 byte) (1 byte) (2 byte) (1 byte) (4 bytes) 300 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 301
a PPPoE client and received on an untrusted port, the Switch adds a vendor-specific tag to the packet and then forwards it to the trusted port(s). • The Switch discards PADO and PADS packets which are sent from a PPPoE server but received on an untrusted port. XGS-4526/4528F/4728F User's Guide 301 - ZyXEL XGS-4528F | User Guide - Page 302
PPPoE Intermediate Agent 31.3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional subscriber information that the server can use as shown. Figure 144 Advanced Application > PPPoE > Intermediate Agent 302 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 303
default is the Switch's CLI commands) on the Switch, the Switch will use the string specified in the access-node-identifier field. Specify a string that the Switch Switch add extra information to PPPoE discovery packets from PPPoE clients on a per-port basis. XGS-4526/4528F/4728F User's Guide 303 - ZyXEL XGS-4528F | User Guide - Page 304
will drop all PPPoE packets if you enable the PPPoE Intermediate Agent on the Switch and there are no trusted ports. Click the Port link in the Intermediate Agent screen to display Note: Changes in this row are copied to all the ports as soon as you make them. 304 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 305
Port > VLAN screen) has the highest priority. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on IA settings that apply to a specific VLAN on a port. XGS-4526/4528F/4728F User's Guide 305 - ZyXEL XGS-4528F | User Guide - Page 306
all the VLANs as soon as you make them. Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub-option for this VLAN on the specified port. Spaces are allowed. The Circuit ID you configure here has the highest priority. 306 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 307
whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown. Figure 147 Advanced Application > PPPoE > Intermediate Agent > VLAN XGS-4526/4528F/4728F User's Guide 307 - ZyXEL XGS-4528F | User Guide - Page 308
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 308 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 309
to enable the port(s) or allow the packets on a port manually via the web configurator or the commands. With error-disable recovery, you can set the disabled port(s) to become active or start receiving the packets again after the time interval you specify. XGS-4526/4528F/4728F User's Guide 309 - ZyXEL XGS-4528F | User Guide - Page 310
screen to limit the maximum number of control packets (ARP, BPDU and/ or IGMP) that the Switch can receive or transmit on a port. Click the Click Here link next to CPU protection in Detect screen. Figure 149 Advanced Application > Errdisable > CPU protection 310 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 311
on page 311 for detailed information. Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save shown. Figure 150 Advanced Application > Errdisable > Errdisable Detect XGS-4526/4528F/4728F User's Guide 311 - ZyXEL XGS-4528F | User Guide - Page 312
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 312 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 313
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 313 - ZyXEL XGS-4528F | User Guide - Page 314
Chapter 32 Error Disable 314 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 315
which port(s) in a VLAN is not isolated by adding it to the promiscuous port list. The Switch automatically adds other ports in this VLAN to the isolated port list and blocks traffic between the isolated Otherwise, this VLAN is blocked from the whole network. XGS-4526/4528F/4728F User's Guide 315 - ZyXEL XGS-4528F | User Guide - Page 316
summary table below and save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or configuration. Clear Click Clear to clear the fields to the factory defaults. Index This is the index number of the rule. Active XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 317
rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. XGS-4526/4528F/4728F User's Guide 317 - ZyXEL XGS-4528F | User Guide - Page 318
Chapter 33 Private VLAN 318 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 319
static route to connect to services offered by your ISP behind router R2. You create another static route to communicate with a separate network behind a router R3 connected to the Switch. Figure 154 Example of Static Routing Topology A R1 Internet R3 R2 XGS-4526/4528F/4728F User's Guide 319 - ZyXEL XGS-4528F | User Guide - Page 320
or 3 is usually a good number. Add Click Add to insert a new static route to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on to set the above fields back to the factory defaults. 320 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 321
neighbor of your Switch that will forward the packet to the destination. This field displays the cost of transmission for routing purposes. Click Delete to remove the selected entry from the summary table. Click Cancel to clear the Delete check boxes. XGS-4526/4528F/4728F User's Guide 321 - ZyXEL XGS-4528F | User Guide - Page 322
Chapter 34 Static Route 322 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 323
the destination address only and the Switch takes the shortest path to forward a packet. Policy routing provides a mechanism to override the default routing behavior and alter the packet can use policy routing to distribute traffic among multiple paths. XGS-4526/4528F/4728F User's Guide 323 - ZyXEL XGS-4528F | User Guide - Page 324
Click Add to insert a new policy routing profile to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses Click Clear to set the above fields back to the factory defaults. Index This field displays the index number of the policy XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 325
the default Switch does not perform normal routing on packets that match any of the policy routes. Click Rule Configuration in the IP Application > Policy Routing screen to display the screen as shown. Figure 157 IP Application > Policy Routing > Rule Configuration XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 326
of the gateway. The gateway is an immediate neighbor of your Switch that will forward the packet to the destination. Click Add to Click Clear to set the above fields back to the factory defaults. This field displays whether the policy route profile is enabled or XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 327
and the broadcasting method of the RIP packets that the Switch sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is If two routes have the same administrative distance value, the Switch XGS-4526/4528F/4728F User's Guide 327 - ZyXEL XGS-4528F | User Guide - Page 328
supported on the Switch. Table 111 Default Distance Value ROUTE SOURCE ADMINISTRATIVE DISTANCE Local 0 Static 1 OSPF 110 RIP 120 36.2 Configuring RIP Click IP Application > RIP in the navigation panel to display the screen as shown. You cannot manually XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 329
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 329 - ZyXEL XGS-4528F | User Guide - Page 330
Chapter 36 RIP 330 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 331
between two areas. A stub area, at the edge of an AS is not a transit area since there is only one connection to the stub area. XGS-4526/4528F/4728F User's Guide 331 - ZyXEL XGS-4528F | User Guide - Page 332
interface is a link between a layer-3 device and an OSPF network. An interface has state information, an IP address and subnet mask associated with it. 332 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 333
and make sure LSAs are sent to the rest of the network. In most cases the default DR/BDR election is fine, but in some situations it must be controlled. In the DR. 37.1.5 Configuring OSPF To configure OSPF on the Switch, do the following tasks: 1 Enable OSPF XGS-4526/4528F/4728F User's Guide 333 - ZyXEL XGS-4528F | User Guide - Page 334
This field displays whether OSPF is activated (Running) or not (Down). Interface The text box displays the OSPF status of the interface(s) on the Switch. Neighbor The text box displays the status of the neighboring router participating in the OSPF network. 334 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 335
Adjacent This field displays the number of neighbor router(s) that is adjacent to Neighbor Count the Switch. Neighbor Neighbor ID This field displays the router ID of the neighbor. Pri This field the IP address of the layer-3 device that sends the LSAs. XGS-4526/4528F/4728F User's Guide 335 - ZyXEL XGS-4528F | User Guide - Page 336
LABEL DESCRIPTION Active OSPF is disabled by default. Select this option to enable it. Router ID Router ID uniquely identifies the Switch in an OSPF. Enter a unique ID (that uses the format of an IP address in dotted decimal notation) for the Switch. 336 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 337
OSPF supports three levels of authentication: • None - no authentication is used. • Simple - authenticate link state updates using an 8 printable ASCII character password. • MD5 - authenticate link state updates using a 16 printable ASCII character password. XGS-4526/4528F/4728F User's Guide 337 - ZyXEL XGS-4528F | User Guide - Page 338
set the Switch to not send/receive LSAs. Summary Default Route Cost Specify a cost (between 0 and 16777215) used to add a default route into a stub area for routes which are external to an OSPF domain. If you do not set a route cost, no default route is added. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 339
Click Clear to set the above fields back to the factory defaults. 37.4.1 View OSPF Area Information Table The bottom of Switch using OSPF routing protocol. A summary address is used to cover more than one routing entries in order to reduce the routing table size. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 340
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 340 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 341
address which can cover multiple networks. Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the screen. Figure 166 IP Application > OSPF Configuration > OSPF Interface XGS-4526/4528F/4728F User's Guide 341 - ZyXEL XGS-4528F | User Guide - Page 342
None (default), Simple and MD5. To participate in an OSPF network, you must make the authentication method and/or password settings elections. Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 343
format with dotted decimal notation) of an area to associate the interface to that area. Peer Router Enter the ID of a peer border router. ID XGS-4526/4528F/4728F User's Guide 343 - ZyXEL XGS-4528F | User Guide - Page 344
(default), Simple and MD5. To exchange OSPF packets with a peer border router, you must make the authentication method and/or password enter a password 16character long. Add Click Add to save your changes to the Switch's run-time memory. The Switch loses these XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 345
CHAPTER 38 IGMP This chapter shows you how to configure the Switch as a multicast router. See also Section 24.4 on page 232 for information on IGMP 255.255.255). A multicast server sends packets addressed to a particular multicast group (multicast IP address). XGS-4526/4528F/4728F User's Guide 345 - ZyXEL XGS-4528F | User Guide - Page 346
multicast routers check if any hosts on their network are still members of a specific multicast group. The Switch supports IGMP version 1 (IGMP-v1), version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). Refer multicast router believes that there are group members 346 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 347
The Switch sends IGMP Query packets to all ports. The Switch then listens for IGMP Report packets, and it records which port the messages came from. It then delivers multicast traffic to only those ports from which it received a request to join a multicast group. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 348
memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 348 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 349
-dvmrp-v3-10. DVMRP provides multicast forwarding capability to a layer-3 switch that runs both the IPv4 protocol (with IP Multicast support) and the IGMP protocol. The DVMRP metric is a hop count of graft message ("G") to undo the prune is sent to the parent. XGS-4526/4528F/4728F User's Guide 349 - ZyXEL XGS-4528F | User Guide - Page 350
the multicast delivery tree. 39.3 Configuring DVMRP Configure DVMRP on the Switch when you wish it to act as a multicast router ("mrouter"). Click IP Application > DVMRP in the navigation panel to display the screen as shown. Figure 174 IP Application > DVMRP 350 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 351
DVMRP on this IP routing domain. Apply Click Apply to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link warning screen. Figure 176 DVMRP: Unable to Disable IGMP Error XGS-4526/4528F/4728F User's Guide 351 - ZyXEL XGS-4528F | User Guide - Page 352
DEFAULT VALUE Probe interval 10 sec Report interval 35 sec Route expiration time 140 sec Prune lifetime Variable (less than two hours) Prune retransmission time 3 sec with exponential back off Graft retransmission time 5 sec with exponential back off 352 XGS-4526/4528F/4728F User - ZyXEL XGS-4528F | User Guide - Page 353
Services (DiffServ) on the Switch. 40.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service on the marking rule different XGS-4526/4528F/4728F User's Guide 353 - ZyXEL XGS-4528F | User Guide - Page 354
Chapter 40 Differentiated Services kinds of traffic can be marked for different priorities of traffic policing that identifies packets by comparing them to two user-defined rates: the Committed Information Rate (CIR) and the Peak Information Rate (PIR). The CIR 354 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 355
and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client. Two Rate Three Color Marker evaluates incoming packets and marks them with one a packet loss priority of a packet but it cannot XGS-4526/4528F/4728F User's Guide 355 - ZyXEL XGS-4528F | User Guide - Page 356
Chapter 40 Differentiated Services decrease it. Packets that have been previously marked red or yellow can only be marked with an equal or IP Application > DiffServ in the navigation panel to display the screen as shown. Figure 182 IP Application > DiffServ 356 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 357
Services The following table describes the labels in this screen. Table 126 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch. Port This field displays the index number of a port on the Switch next. XGS-4526/4528F/4728F User's Guide 357 - ZyXEL XGS-4528F | User Guide - Page 358
Chapter 40 Differentiated Services Note: You cannot enable both TRTCM and Active Select this to activate TRTCM (Two Rate Three Color Marker) on the Switch. The Switch evaluates and marks the packets based on the TRTCM settings. Mode Port * Note on the port. 358 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 359
Services 802.1p mapping to allow the Switch to prioritize all traffic based on default DSCP-to-IEEE802.1p mapping. Table 128 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0 - 7 8 - 15 16 - 23 24 - 31 32 - 39 40 - 47 48 - 55 56 - 63 IEEE 802.1p 0 1 2 3 4 5 6 7 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 360
Services Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 360 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 361
screen you should use for configuration depends on the DHCP services you want to offer the DHCP clients on your network. Choose the configuration screen based on the following criteria: • Global - The Switch forwards all DHCP requests to the same DHCP server. XGS-4526/4528F/4728F User's Guide 361 - ZyXEL XGS-4528F | User Guide - Page 362
> DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch's DHCP server mode. Index This is the index number. VID This field displays the DHCP server configuration to view the screen as shown. Use 362 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 363
value sent to clients from this DHCP server instance. Default Gateway This field displays the default gateway value sent to clients from this DHCP server already assigned to the Switch itself. Hostname This field displays the system name of the client. XGS-4526/4528F/4728F User's Guide 363 - ZyXEL XGS-4528F | User Guide - Page 364
Name in Basic Settings > General Setup. The following describes the DHCP relay information that the Switch sends to the DHCP server: Table 132 Relay Agent Information FIELD LABELS DESCRIPTION Slot ID (1 system name set in Basic Settings > General Setup. 364 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 365
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 365 - ZyXEL XGS-4528F | User Guide - Page 366
the Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. Figure 189 DHCP Relay Configuration Example 366 EXAMPLE XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 367
number of the VLAN to which these DHCP settings apply. DHCP Status Select whether the Switch should function as a DHCP Server or Relay for the specified VID. If you select Server then fields related to DHCP relay configuration are grayed out and vice versa. XGS-4526/4528F/4728F User's Guide 367 - ZyXEL XGS-4528F | User Guide - Page 368
default gateway device. Gateway Primary/ Secondar y DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Relay Use this section if you want to configure the Switch 368 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 369
IP address of 172.23.10.100. Figure 191 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.23.10.100 XGS-4526/4528F/4728F User's Guide 369 - ZyXEL XGS-4528F | User Guide - Page 370
Chapter 41 DHCP For the example network, configure the VLAN Setting screen as shown. Figure 192 DHCP Relay for Two VLANs Configuration Example EXAMPLE 370 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 371
to a statically configured default gateway (this Switch). The default gateway can become a switches (A and B) implementing one virtual router VR1 to ensure the link between the host X and the uplink gateway G. Host X is configured to use VR1 (192.168.1.20) as the XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 372
default gateway. If switch A has a higher priority, it is the master router. Switch B, having a lower priority, is the backup router. Figure 193 VRRP: Example 1 172.21.1.1 172.21.1.100 172.21.1.10 If switch A (the master router) is unavailable, switch router. 372 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 373
is up. Otherwise, this field is Dead. Poll Interval(s) Stop This field displays Probe when this Switch is check for the link state. The text box displays how often (in seconds) this screen : You can only configure VRRP on interfaces with unique VLAN IDs. XGS-4526/4528F/4728F User's Guide 373 - ZyXEL XGS-4528F | User Guide - Page 374
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to discard all changes made in this table. 374 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 375
it will preempt the lower priority backup router that is the master. Disable preempt mode to prevent this from happening. By default, a layer 3 device with the same IP address as the virtual router will become the master router regardless of the preempt mode. XGS-4526/4528F/4728F User's Guide 375 - ZyXEL XGS-4528F | User Guide - Page 376
Gateway This field is 100 by default. Enter the IP address of the uplink gateway in dotted decimal notation. Primary Virtual IP Secondary Virtual IP The Switch checks the link to the uplink decimal notation. This field is ignored when you enter 0.0.0.0. 376 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 377
in this table. Clear Click Clear to set the above fields back to the factory defaults. 42.3.4 Configuring VRRP Parameters View the VRRP configuration summary at the bottom of the screen following sections show two VRRP configuration examples on the Switch. XGS-4526/4528F/4728F User's Guide 377 - ZyXEL XGS-4528F | User Guide - Page 378
. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below. Figure 199 VRRP Example 1: VRRP Parameter Settings on Switch A EXAMPLE Figure 200 VRRP Example 1: VRRP Parameter Settings on Switch B 378 EXAMPLE XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 379
Virtual Router Network 172.21.1.1 172.21.1.100 172.21.1.10 You need to configure the VRRP Configuration screen for virtual router VR2 on each switch, while keeping the VRRP configuration in example 1 for virtual router XGS-4526/4528F/4728F User's Guide 379 - ZyXEL XGS-4528F | User Guide - Page 380
for VR2 on Switch B EXAMPLE After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 206 VRRP Example 2: VRRP Status on Switch A EXAMPLE Figure 207 VRRP Example 2: VRRP Status on Switch B EXAMPLE 380 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 381
packet destined for a host device on a local area network arrives at the Switch, the Switch looks in the ARP Table and if it finds the address, it sends it Learning Mode The Switch supports three ARP learning modes: ARP-Reply, Gratuitous-ARP, and ARP-Request. XGS-4526/4528F/4728F User's Guide 381 - ZyXEL XGS-4528F | User Guide - Page 382
default, the Switch is in ARP-Reply learning mode and updates the ARP table only with the ARP replies to the ARP requests sent by the Switch. This can help prevent ARP spoofing. In the following example, the Switch , it can also use gratuitous ARP to inform 382 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 383
MAC address from the ARP request sent by host A. The Switch then forwards host B's ICMP reply to host A right after getting host B's MAC address and ICMP reply. A ARP Request ARP Reply ICMP Request ICMP Reply B ARP Request ARP Reply ICMP Request ICMP Reply XGS-4526/4528F/4728F User's Guide 383 - ZyXEL XGS-4528F | User Guide - Page 384
sent by the Switch. Select Gratuitous-ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request. Select ARP-Request to have the Switch update the ARP table with both ARP replies, gratuitous ARP requests and ARP requests. 384 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 385
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 385 - ZyXEL XGS-4528F | User Guide - Page 386
Chapter 43 ARP Learning 386 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 387
learns the next-hop(s) using ARP and determines routing path(s) for a destination. The Switch supports Equal-Cost MultiPath (ECMP) to forward packets destined to the same device (A for example the screen as shown next. Figure 209 IP Application > Load Sharing XGS-4526/4528F/4728F User's Guide 387 - ZyXEL XGS-4528F | User Guide - Page 388
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 388 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 389
2) is currently operating on the Switch. Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen. Restore Configurati on Configuration screen. Load Factory Default Click Click Here to reset the configuration to the factory default settings. XGS-4526/4528F/4728F User's Guide 389 - ZyXEL XGS-4528F | User Guide - Page 390
may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address (192.168.1.1). 45.3 Save Configuration Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch. 390 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 391
the Switch. 45.5 Firmware Upgrade Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. XGS-4526/4528F/4728F User - ZyXEL XGS-4528F | User Guide - Page 392
Switch and apply the new firmware immediately. (Firmware upgrades are only applied after a reboot). Click Upgrade to load the new firmware. After the firmware Switch, so your backup configuration file is automatically renamed when you restore using this screen. 392 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 393
known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch's settings, they can be saved back to your computer under a filename of your choosing. XGS-4526/4528F/4728F User's Guide 393 - ZyXEL XGS-4528F | User Guide - Page 394
your computer. 2 Enter open, followed by a space and the IP address of your Switch. 3 Press [ENTER] when prompted for a username (the default is "admin"). 4 Enter your password as requested (the default is "1234"). 5 Enter bin to set transfer mode to binary. 394 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 395
FTP will not work when: • FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. XGS-4526/4528F/4728F User's Guide 395 - ZyXEL XGS-4528F | User Guide - Page 396
Chapter 45 Maintenance 396 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 397
the Ethernet Switch CLI Reference Guide for more information on disabling multi-login. 46.2 The Access Control Main Screen Click Management > Access Control in the navigation panel to display the main screen as shown. Figure 216 Management > Access Control XGS-4526/4528F/4728F User's Guide 397 - ZyXEL XGS-4528F | User Guide - Page 398
a Switch. Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. 398 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 399
, only the intended recipients can read them. 46.3.2 Supported MIBs MIBs let administrators collect statistics and monitor status and performance. The Switch supports the following MIBs: • SNMP MIB II (RFC 1213 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP XGS-4526/4528F/4728F User's Guide 399 - ZyXEL XGS-4528F | User Guide - Page 400
52" are specific to the XGS4526 switch. The OIDs beginning with "1.3.6.1.4.1.890.1.5.8.39" are specific to the XGS4528F switch. The OIDs beginning with "1.3.6.1.4.1.890.1.5.8. fan speed returns to the normal operating range. 1.3.6.1.4.1.890.1.5.8.46.3 1.2.2 400 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 401
trap is sent when the Switch resets by an administrator through a management interface. RebootEvent 1.3.6.1.4.1.890.1.5.8.46.3 1.2.1 1.3.6.1.4.1.890.1.5.1.1.2 This trap is sent when the Switch reboots by an administrator through a management interface. XGS-4526/4528F/4728F User's Guide 401 - ZyXEL XGS-4528F | User Guide - Page 402
1.3.6.1.4.1.890.1.5.8.39.3 1.2.1 This trap is sent when the Switch fails to get the time and date from a time Switch ceases the action taken on a port, such as shutting down the port or discarding packets on the port, after the specified recovery interval. 402 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 403
is sent when entries in the remote database have any updates. Link Layer Discovery Protocol (LLDP), defined as IEEE 802.1ab, enables LAN devices that support LLDP to exchange their configured settings. This helps eliminate configuration mismatch issues. XGS-4526/4528F/4728F User's Guide 403 - ZyXEL XGS-4528F | User Guide - Page 404
trap is sent when authentication fails due to incorrect user name and/or password. RADIUSNotReachableEve ntOn 1.3.6.1.4.1.890.1.5.8.46.3 1.2.1 1.3.6.1.4.1.890.1.5.8.52.3 trap is sent when the RADIUS server can be reached. 1.3.6.1.4.1.890.1.5.8.46.3 1.2.2 404 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 405
trap is sent when a ping test is completed. This trap is sent when a traceroute test fails. This trap is sent when a traceroute test is completed. XGS-4526/4528F/4728F User's Guide 405 - ZyXEL XGS-4528F | User Guide - Page 406
1.3.6.1.4.1.890.1.5.8.52.1 This trap is sent when the MSTP 07.70.1 root switch changes. 1.3.6.1.4.1.890.1.5.8.39.1 07.70.1 1.3.6.1.4.1.890.1.5.8.46.1 07.70.1 % of the MAC table is used. 1.3.6.1.4.1.890.1.5.8.39.3 1.2.2 1.3.6.1.4.1.890.1.5.8.46.3 1.2.2 406 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 407
Version Select the SNMP version for the Switch. The SNMP version on the Switch must match the version on the SNMP manager. Choose SNMP version 2c (v2c), SNMP version 3 (v3) or both (v3v2c). Note: SNMP version 2c is backwards compatible with SNMP version 1. XGS-4526/4528F/4728F User's Guide 407 - ZyXEL XGS-4528F | User Guide - Page 408
the password sent Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 408 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 409
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 409 - ZyXEL XGS-4528F | User Guide - Page 410
settings on the Switch. Authentication Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is generally considered stronger than MD5, but is slower. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 411
method used for SNMP communication with this user. Group This field displays the SNMP group to which this user belongs. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide 411 - ZyXEL XGS-4528F | User Guide - Page 412
name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped). New Password Enter your new system password. Retype to confirm Retype your new system password for confirmation 412 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 413
passwords for up to four users. These users have read-only access. You can give users higher privileges via the CLI. For more information on assigning privileges see the Ethernet Switch CLI Reference Guide. User Name Set a user 222 SSH Communication Example XGS-4526/4528F/4728F User's Guide 413 - ZyXEL XGS-4528F | User Guide - Page 414
client computer. 2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. 414 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 415
certificates is optional and if selected means the SSL-client must send the Switch a certificate. You must apply for a certificate for the browser from a Certificate Authority (CA) that is a trusted CA on the Switch. Please refer to the following figure. XGS-4526/4528F/4728F User's Guide 415 - ZyXEL XGS-4528F | User Guide - Page 416
access. 46.9.1 Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. Click View Certificate if you want to verify that the certificate is from the Switch. 416 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 417
screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape. XGS-4526/4528F/4728F User's Guide 417 - ZyXEL XGS-4528F | User Guide - Page 418
Chapter 46 Access Control Select Accept this certificate permanently to import the Switch's certificate into the SSL client. Figure 226 Security Certificate 1 (Netscape) EXAMPLE EXAMPLE EXAMPLE Figure 227 Security Certificate 2 (Netscape) EXAMPLE 418 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 419
enter the login username and password, the Switch main screen appears. The Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure "trusted XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 420
this option for the corresponding services that you want to allow to access the Switch. Service Port For Telnet, SSH, FTP, HTTP or HTTPS services, you may change the default service port by typing the new , display the Remote Management screen as shown next. 420 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 421
the client IP address of a computer requesting a service or protocol matches the range set here. The Switch immediately disconnects the session if it does not match. Select services that may be used for managing the Switch from the specified trusted computers. XGS-4526/4528F/4728F User's Guide 421 - ZyXEL XGS-4528F | User Guide - Page 422
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 422 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 423
Click Display to display a log of events in the multi-line text box. Click Clear to empty the text box and reset the syslog entry. XGS-4526/4528F/4728F User's Guide 423 - ZyXEL XGS-4528F | User Guide - Page 424
the IP address of a device that you want to ping in order to test a connection. Ethernet Port Test Click Ping to have the Switch ping the IP address (in the field to the left). Enter a port number and click Port Test to perform an internal loopback test. 424 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 425
: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. XGS-4526/4528F/4728F User's Guide 425 - ZyXEL XGS-4528F | User Guide - Page 426
. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 426 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 427
Add Click Add to save your changes to the Switch's run-time memory. The Switch loses these changes if it is turned off or loses afresh. Clear Click Clear to return the fields to the factory defaults. Index This is the index number of a syslog server entry XGS-4526/4528F/4728F User's Guide 427 - ZyXEL XGS-4528F | User Guide - Page 428
] 802.1x Authentication - retransmit EAPOL-START packet [User-Name ] [NAS-Port ] 802.1x RADIUS server timeout [UserName ] [NAS-Port ] 802.1x - Invalid Tunnel-Type [User-Name ] [NAS-Port ] 428 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 429
Ingress|Egress> [User-Name ] [NAS-Port ] 802.1x - Invalid VLAN-ID [User-Name ] [NAS-Port ] 802.1x - Invalid VLAN setting, the switch is with server becomes reachable Invalid Service Type: USER [] XGS-4526/4528F/4728F User's Guide 429 - ZyXEL XGS-4528F | User Guide - Page 430
SYSLOG_NOTICE RFACE SP_SYSLOG_TYPE_INTE SYSLOG_NOTICE RFACE MESSAGE Privilege out of range: USER [] TACAS+ account server becomes reachable TACAS+ : Bias Over Warn High Threshold() On Port , Current Value : 430 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 431
cleared System has reset without management command Another image was booted voltage value is lower than its limit voltage value XGS-4526/4528F/4728F User's Guide 431 - ZyXEL XGS-4528F | User Guide - Page 432
SYSLOG_ERR CH Load factory default configuration failed SP_SYSLOG_TYPE_SWIT SYSLOG_ERR CH firmware successfully SP_SYSLOG_TYPE_SWIT SYSLOG_INFO CH Upgrade system firmware failed SP_SYSLOG_TYPE_SWIT SYSLOG_INFO CH Restore system configuration successfully 432 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 433
default Switch becomes the STP new root STP topology changes mac vlan ip port count last update time MAC address table is full MAC address table is recovered to normal state Hardware host table is full XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 434
defect|RDICCM defect> RMON falling alarm PoE overload event (port ) PoE short-circuit event (port ) PoE over system budget event (port ) 434 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 435
compatible with ZyXEL cluster management implementation. Cluster Manager The cluster manager is the Switch through which you manage the cluster member switches. Cluster Members Cluster members are the switches being managed by the cluster manager switch. XGS-4526/4528F/4728F User's Guide 435 - ZyXEL XGS-4528F | User Guide - Page 436
A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 234 Clustering Application Example screen. Note: A cluster can only have one manager. Figure 235 Management > Cluster Management 436 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 437
Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web XGS-4526/4528F/4728F User's Guide 437 - ZyXEL XGS-4528F | User Guide - Page 438
Chapter 49 Cluster Management configurator home page and the home page that you'd see if you accessed it directly are different. Figure 236 Cluster Management: Cluster Member Web Configurator Screen 438 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 439
cluster member switch. fw-00-a0-c5-01-23-46 This is the cluster member switch's firmware name as seen in the cluster manager switch. config-00-a0-c5-01-23-46 This is the cluster member switch's configuration file name as seen in the cluster manager switch. XGS-4526/4528F/4728F User's Guide 439 - ZyXEL XGS-4528F | User Guide - Page 440
must be directly connected and in the same VLAN group to belong to the same cluster. Switches that are not in the same VLAN group are not visible in the Clustering Candidates list. This field is ignored if the Clustering Manager is using Port- based VLAN. 440 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 441
member switch's System Name. Model This is the cluster member switch's model name. Remove Select this checkbox and then click the Remove button to remove a cluster member switch from the cluster. Cancel Click Cancel to begin configuring this screen afresh. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 442
Chapter 49 Cluster Management 442 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 443
the Switch has already learned the port for this MAC address, then it forwards the frame to that port. • If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 444
Chapter 50 MAC Table • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it MAC forwarding table or MAC filtering table from the MAC table using this screen. Figure 240 Management > MAC Table 444 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 445
and all traffic sent from the MAC address(es) will be blocked by the Switch. Search Click this to search data in the MAC table according to your input criteria dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). XGS-4526/4528F/4728F User's Guide 445 - ZyXEL XGS-4528F | User Guide - Page 446
Chapter 50 MAC Table 446 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 447
the Switch has already learned the port for this IP address, then it forwards the packet to that port. • If the Switch has not already learned the port for this IP address, then the packet is flooded to all ports. Too much port flooding leads to network congestion. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 448
Chapter 51 IP Table • If the Switch has already learned the port for this IP address, but the destination port is the same as the port it came displays the index number. IP Address This is the IP address of the device from which the incoming packets came. 448 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 449
. Port This is the port from which the above IP address was learned. This field displays CPU to indicate the IP address belongs to the Switch. Type This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). XGS-4526/4528F/4728F User's Guide 449 - ZyXEL XGS-4528F | User Guide - Page 450
Chapter 51 IP Table 450 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 451
ARP Works When an incoming packet destined for a host device on a local area network arrives at the Switch, the Switch's ARP program looks in the ARP Table and if it finds the address, it sends it to the then sends the packet to the MAC address that replied. XGS-4526/4528F/4728F User's Guide 451 - ZyXEL XGS-4528F | User Guide - Page 452
displays the port to which the device connects. CPU means this learned IP address is the Switch's management IP address. This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). 452 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 453
The routing table contains the route information to the network(s) that the Switch can reach. The Switch automatically updates the routing table with the RIP information received from other - learned from incoming RIP packets or STATIC added as a static entry. XGS-4526/4528F/4728F User's Guide 453 - ZyXEL XGS-4528F | User Guide - Page 454
Chapter 53 Routing Table 454 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 455
and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. Figure 245 Management > Configure Clone XGS-4526/4528F/4728F User's Guide 455 - ZyXEL XGS-4528F | User Guide - Page 456
time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. 456 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 457
if the DC power supply is connected in AC/DC models). 5 Disconnect and re-connect the power adaptor or cord to the Switch (in AC models or if the AC power supply is connected in AC/DC models). 6 If the problem continues, contact the vendor. The ALM LED is on. XGS-4526/4528F/4728F User's Guide 457 - ZyXEL XGS-4528F | User Guide - Page 458
2 Use the console port to log in to the Switch. 3 Use the MGMT port to log in to the Switch, the default IP address of the MGMT port is 192.168.0.1. 4 If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page 54. 458 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 459
Suggestions • Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HTTP. I can see the Login screen, but I cannot log in to the Switch. XGS-4526/4528F/4728F User's Guide 459 - ZyXEL XGS-4528F | User Guide - Page 460
Chapter 55 Troubleshooting 1 Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are casesensitive, so make sure client set cannot get permission to access the Switch. 460 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 461
into the Switch's nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 45.3 on page 390 for more information about how to save your configuration. XGS-4526/4528F/4728F User's Guide 461 - ZyXEL XGS-4528F | User Guide - Page 462
Chapter 55 Troubleshooting 462 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 463
summarize the Switch's hardware and firmware features. Table 171 Hardware Specifications SPECIFICATION DESCRIPTION Dimensions Standard 19" rack mountable Weight 438 mm (W) x 310 mm (D) x 44.45 mm (H) XGS-4526: 4.75 Kg Power Specification XGS-4528F or XGS-4728F: 4.9 Kg XGS-4526: AC: 100 - ZyXEL XGS-4528F | User Guide - Page 464
A), CE EMC (Class A) 464 Table 172 Firmware Specifications FEATURE DESCRIPTION Default IP Address In band: 192.168.1.1 Default Subnet Mask Administrator User Name Default Password Out of band (Management port): 192.168.0.1 255.255.255.0 (24 bits) admin 1234 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 465
service provider to provide different service Switch assign IP addresses, an IP default gateway and DNS servers to computers on your network. IGMP Snooping The Switch supports Switch how to forward IP traffic when you configure the TCP/IP parameters manually. XGS-4526/4528F/4728F User's Guide 465 - ZyXEL XGS-4528F | User Guide - Page 466
security that allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch supports authentication, authorization and accounting services via RADIUS and TACACS+ AAA servers. 466 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 467
. You can configure the Switch to update the ARP table with with an ARP reply or a gratuitous ARP request and/or an APR request. Load sharing allows the Switch to forward packets destined to the same device through different routing paths of equal path cost. XGS-4526/4528F/4728F User's Guide 467 - ZyXEL XGS-4528F | User Guide - Page 468
Supports GVRP Double tagging for VLAN stacking Protocol Based VLAN Subnet Based VLAN Selective Q-in-Q VLAN translation (mapping) Port Aggregation Private VLAN Supports IEEE 802.3ad; static and dynamic (LACP) port trunking 12 groups (up to 8 ports each) 468 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 469
control Layer 3 Features IP Capability IPV4 support 128 IP routing domains 2K IP address table in the XGS-4526 or XGS-4528F; 8K IP address table in the XGS-4728F 512 routing paths in the XGS-4526 or XGS-4528F; 8K routing paths in the XGS-4728F IPv6 Wire speed IP forwarding MLD snooping proxy - ZyXEL XGS-4528F | User Guide - Page 470
Password encryption sFlow User access right Error disable The following list, which is not exhaustive, illustrates the standards supported in the Switch. Table 174 Standards Supported Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II 470 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 471
Product Specifications Table 174 Standards Supported (continued) STANDARD DESCRIPTION RFC DHCP) RFC 2138 RADIUS (Remote Authentication Dial In User Service) RFC 2139 RADIUS Accounting RFC 2236 Internet Group Network Management Protocol (SNMP) XGS-4526/4528F/4728F User's Guide 471 - ZyXEL XGS-4528F | User Guide - Page 472
Chapter 56 Product Specifications 472 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 473
. Authentication protocol used by some servers. Border Gateway Protocol. DHCP Client. DHCP Server. A popular videoconferencing solution from White Pines Software. Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. XGS-4526/4528F/4728F User's Guide 473 - ZyXEL XGS-4528F | User Guide - Page 474
file sharing for network environments. Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. 474 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 475
transfer of data over public networks. This is the data channel. Remote Command Service. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Protocol used for (Terminal Access Controller Access Control System). XGS-4526/4528F/4728F User's Guide 475 - ZyXEL XGS-4528F | User Guide - Page 476
to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. 476 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 477
, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does two conditions: • This device may not cause harmful interference. XGS-4526/4528F/4728F User's Guide 477 - ZyXEL XGS-4528F | User Guide - Page 478
found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of .11. 478 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 479
kind to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number ( firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 480
Appendix B Legal Information 480 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 481
Units) 148 Bridge Protocol Data Units (BPDUs) 148 bridging 468 C CDP 294 certifications 477 notices 478 viewing 479 CFI (Canonical Format Indicator) 117 changing the password 53 Cisco Discovery Protocol, see CDP CIST 152 XGS-4526/4528F/4728F User's Guide 481 - ZyXEL XGS-4528F | User Guide - Page 482
359 network example 354 PHB 353 dimensions 463 disclaimer 477 double-tagged frames 219 DR (Designated Router) 333 DS (Differentiated Services) 353 DSCP DSCP-to-IEEE802.1p mapping 359 service level 353 what it does 353 DSCP (DiffServ Code Point) 353 DVMRP 482 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 483
broadcast address 381, 451 Ethernet port test 424 Ethernet ports 38 default settings 39 example summary address 341 exchange RIP and OSPF information file names 393 filtering 145 rules 145 XGS-4526/4528F/4728F User's Guide filtering database, MAC table 443 firmware 102 upgrade 391, 439 flow control - ZyXEL XGS-4528F | User Guide - Page 484
port based 347 setup 348 version 227 version 3 347 versions supported 346 IGMP (Internet Group Management Protocol) 227, 346 IGMP Internet Protocol version 6, see IPv6 introduction 27 IP capability 469 interface 110, 373 routing domain 110 services 469 setup 110 IP XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 485
412 multiple 412 number of 412 login password 413 loop guard 283 how it works firmware 391 restoring configuration 392 maintenance 389 current configuration 389 main screen 389 Management Information Base (MIB) 398 management port 135 managing the device XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 486
virtual links 343 vs RIP 331 OSPF (Open Shortest Path First) 331 OSPF redistribution 339 P PAGP 294 password 53 administrator 412 PHB (Per-Hop Behavior) 353 ping, test connection 424 policy 209, 212, 326 and advanced settings 455, 456 basic settings 455, 456 486 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 487
port 315 product registration 479 protocol based VLAN 128 XGS-4526/4528F/4728F User's Guide Index and IEEE 802.1Q tagging 128 example 131 documentation 3 remote management 420 service 421 trusted computers 421 resetting 54, 390 to factory default settings 390 restoring configuration 54, - ZyXEL XGS-4528F | User Guide - Page 488
54, 390 Secure Shell See SSH security 469 service access control 419 service port 420 sFlow 295 collector 297 configuration 296 datagram 411 setup 407 traps 409 users 410 version 3 and security 399 versions supported 398 SNMP traps 400 supported 400, 401, 403, XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 489
354 Type of Service (ToS) 353 T TACACS+ 244 setup 247 TACACS+ (Terminal Access Controller AccessControl System Plus) 243 tagged VLAN 117 temperature 464 U UDLD 294 UniDirectional Link Detection, see UDLD untrusted ports ARP inspection 263 DHCP snooping 260 XGS-4526/4528F/4728F User's Guide 489 - ZyXEL XGS-4528F | User Guide - Page 490
Index PPPoE IA 301 user profiles 244 V Vendor Specific Attribute See VSA ventilation holes 34 VID 112, 117, 121, 122, 221 number of possible VIDs 479 web configurator 31, 47 getting help 56 layout 48 login 47 logout 56 navigation panel 50 weight, queuing 216 490 XGS-4526/4528F/4728F User's Guide - ZyXEL XGS-4528F | User Guide - Page 491
Weighted Round Robin Scheduling (WRR) 216 WFQ (Weighted Fair Queuing) 216 WRR (Weighted Round Robin Scheduling 216 Z ZyNOS (ZyXEL Network Operating System) 394 Index XGS-4526/4528F/4728F User's Guide 491
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
 |
 |
www.zyxel.com
www.zyxel.com
XGS-4526/4528F/4728F
Intelligent Layer 3+ Switch
Copyright © 2011
ZyXEL Communications Corporation
Firmware Version 4.00
Edition 1, 03/2011
Default Login Details
IP Address
(Out-of-band
MGMT port)
(In-band ports)
User Name
admin
Password
1234