Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SupportNotes
FirmwareVersion3.80 March2009 Edition1.0
ZyXEL
INDEX Switch Management & Maintenance .............................................................................. 4 Firmware Upgrade ...................................................................................................... 4 Using the Web Configurator ............................................................................... 4 Using the Console Port ....................................................................................... 5 Using FTP ........................................................................................................... 5 Restore a Configuration File ....................................................................................... 5 Using the Web Configurator ............................................................................... 5 Using the Console Port ....................................................................................... 6 Using FTP ........................................................................................................... 7 Backing Up a Configuration File ................................................................................ 7 Using the Web Configurator ............................................................................... 7 Using the Console Port ....................................................................................... 8 Using FTP ........................................................................................................... 8 Load Factory Defaults................................................................................................. 8 Using the Web Configurator ............................................................................... 8 Using the Console Port ....................................................................................... 9 PON port service VLAN ................................................................................................. 10 Scenario..................................................................................................................... 10 OLT Port Setup Configuration .................................................................................. 11 Configuring the downstream rule ..................................................................... 11 Configuring the upstream rule .......................................................................... 12 Applying the upstream rule............................................................................... 12 Applying the upstream rule............................................................................... 14 VLAN Configuration ................................................................................................ 15 Configuring the switch VLAN table ................................................................. 15 Configuring the switch VLAN port settings ..................................................... 18 ONU customer service VLAN ........................................................................................ 20 Scenario................................................................................................................... 20 ONU Rule Profile Configuration ............................................................................ 21 Configuring the ONU upstream policy rules on CVLAN=10 .......................... 21 Configuring the ONU upstream policy rules on CVLAN=20 .......................... 21 Configuring the ONU downstream default policy rules ................................... 22 Configuring the ONU upstream default policy rules ........................................ 23 Configuring the ONU Rule Profile for VLAN=10 ........................................... 24 Configuring the ONU Rule Profile for VLAN=20 ........................................... 25 ONU Setup ................................................................................................................ 27 Configuring the EPON ONU Setup for the ONU on VLAN10........................ 27 Configuring the EPON ONU Setup for the ONU on VLAN20........................ 28 VLAN Configuration ................................................................................................ 28 Configuring the switch VLAN table ................................................................. 28 Configuring the switch VLAN port settings ..................................................... 30 DHCP Relay ..................................................................................................................... 31 What is DHCP Relay?............................................................................................... 31 What is DHCP Relay Agent Information Option 82? ............................................... 31
ZyXEL
Notes ......................................................................................................................... 31 How does DHCP Replay (and Option 82) work? ..................................................... 32 Private Format ........................................................................................................... 33 DHCP Relay Option 82 Application ......................................................................... 34 Setting up a DHCP Relay Option 82 Environment........................................... 34 VLAN ............................................................................................................................... 36 What is Virtual LAN? ............................................................................................... 36 VLAN Overview ............................................................................................... 36 Port-based VLAN ............................................................................................. 36 Port-based VLAN across multiple switches ..................................................... 38 How to configure Port-Based VLAN ....................................................................... 39 Configuring the Switch Using the Web Configurator ....................................... 40 Configuring the Switch Using the CLI ............................................................. 43 What is IEEE 802.1Q Tag-based VLAN?................................................................. 44 How 802.1Q VLAN works ....................................................................................... 45 Setting up VLAN Trunking .............................................................................. 48 IP Multicasting ................................................................................................................ 51 Configuring IGMP snooping in your switch............................................................. 51 Configuration of IGMP snooping by web......................................................... 51 Configuration of IGMP and IGMP snooping by CLI ....................................... 53 Overview of MVR .................................................................................................... 54 MVR Mode ....................................................................................................... 55 Operation Mode ................................................................................................ 55 Scenario of MVR .............................................................................................. 56 Configuration via Web ...................................................................................... 56 Configuration via CLI ....................................................................................... 61 Spanning Tree Protocol .................................................................................................. 68 What is Spanning Tree Protocol? .............................................................................. 68 How STP Works ........................................................................................................ 69 Overview of MSTP ................................................................................................... 72 Scenario&Benefits ............................................................................................ 73 Configuration using the Web GUI Switch A ................................................. 76 Configuration using the Web GUI Switch B OLT-1308S-22...................... 83 Configuration using the Web GUI Switch C ................................................. 91 Configuration using the Web GUI Switch D ............................................... 100 Switching security ......................................................................................................... 109 MAC freeze............................................................................................................. 109 trTCM ............................................................................................................................. 111 Overview of trTCM ................................................................................................. 111 Scenario................................................................................................................... 112 Configuration using the Web GUI .................................................................. 113 Configuration using the CLI ........................................................................... 114 SNMPv3 ......................................................................................................................... 115 Introduction to SNMP ............................................................................................. 115 Difference between SNMPv3 and others (SNMPv1 and SNMPv2c) ............. 115 Scenario................................................................................................................... 117
ZyXEL
Configuration ZyXEL switch using the Web GUI .......................................... 118 Adding a new device via SNMPc ................................................................... 121 Configuration ZyXEL switch using the CLI................................................... 128 Loop Guard ................................................................................................................... 129 Loop Guard Overview ............................................................................................ 129 Scenario................................................................................................................... 130 Configuration using the CLI (Switch A)......................................................... 132 IPSubnetting VLAN...................................................................................................... 133 IPSubnetting VLAN Overview ............................................................................... 133 Scenario................................................................................................................... 133 Configuration using the Web GUI .................................................................. 135 Configuration using the CLI ........................................................................... 141 IP Source Guard ............................................................................................................ 142 Overview of IP Source Guard ................................................................................. 142 Classifier & Policy rule setup on your Switch ............................................................ 154 Classifier Configuration .......................................................................................... 155 Policy Rule Configuration .............................................................................. 156 Cluster Management Overview ...................................................................... 158 How Cluster Management works.................................................................... 158 Configuring Cluster Management................................................................... 159 FAQ ................................................................................................................................ 163 What are the default IP parameter settings?.............................................................. 163 What is the default login Name and Password to log into the Web Configurator? .. 163 How to access my SWITCH through the console port? ........................................... 163 What is default login password for console, telnet, and FTP login? ........................ 163 How to change the password?................................................................................... 163 How to access the Command Line Interface (CLI)? ................................................ 164 If I have forgotten the password, how to reset the password to the default setting? 164 How to configure the IP address? ............................................................................. 164 Is Online Help available on the Web Configurator? ................................................. 165 How to restart device from the Web Configurator? .................................................. 165 How to check the current running firmware version? .............................................. 166 Is the mini GBIC transceiver hot-swappable? .......................................................... 166 What is "Dual-Personality interface"? ...................................................................... 166 Can I enable IGMP snooping on the Switch which is acting as an IGMP Router? .. 166 Can I enable MVR and IGMP snooping at the same time? ...................................... 166
ZyXEL
SwitchManagement&Maintenance
FirmwareUpgrade
UsingtheWebConfigurator 1. Download(andunzipped)thecorrectmodelfirmwaretoyourcomputer. 2. ClickManagement>Maintenanceinthenavigatorpaneltodisplaythefollowing screen.
3. ClicktheClickHerelinkforFirmwareUpgradetodisplaythefollowingscreen.
ZyXEL
UsingFTP 1. Download(andunzipped)thecorrectmodelfirmwaretoyourcomputer. 2. LaunchtheFTPclientonyourcomputertologintoswitch.(Fromthecommand prompt,typeftp<DeviceIP>). 3. Press[ENTER]whenpromptedforausername. 4. EntertheadministratorloginpasswordtoaccesstheswitchanddisplayFTPprompt. 5. Enterbintosetthetransfermodetobinary. 6. Useputtotransferthefirmwarefromthecomputertotheswitch,forexample: putfirmware.binras0transfersthefirmwareonyourcomputer(firmware.bin)to theswitch. 7. Enterbyetologoutfromtheswitch.
RestoreaConfigurationFile
UsingtheWebConfigurator 1. ClickManagement>Maintenanceinthenavigatorpaneltodisplaythefollowing screen.
ZyXEL
2. ClicktheClickHerelinkforRestoreConfigurationtodisplaythefollowingscreen.
3. IntheFilePathfield,clickBrowsetolocatethefirmwarefile. 4. ClickRestoretostartrestoringconfiguration. UsingtheConsolePort ConnecttotheconsoleportandlaunchTerminalEmulationsoftware. Restarttheswitchtoenterthedebugmodeviatheterminal. EnterATLC UseXmodemprotocoltotransfer(SendFile)theconfigurationfile(witha.romfile extension). 5. EnterATGOtorestarttheswitchafterfiletransferandtheconfigurationrestore processesarecomplete. 1. 2. 3. 4.
ZyXEL
UsingFTP 1. Download(andunzipped)thecorrectmodelfirmwaretoyourcomputer. 2. LaunchtheFTPclientonyourcomputertologintotheswitch.(Fromthecommand prompt,typeftp<SwitchIP>. 3. Press[ENTER]whenpromptedforausername 4. EntertheadministratorloginpasswordtoaccesstheswitchanddisplayFTPprompt. 5. Enterbintosetthetransfermodetobinary. 6. Useputtotransfertheconfigurationfilefromthecomputertotheswitch,for example:putcomfig.romrom0transferstheconfigurationfileonyourcomputer (config.rom)totheswitchandrenamesittorom0. 7. Enterbyetologoutfromtheswitch.
BackingUpaConfigurationFile
UsingtheWebConfigurator 1. ClickManagement>Maintenanceinthenavigatorpaneltodisplaythefollowing screen.
2. ClicktheClickHerelinkforBackupConfigurationtodisplaythefollowingscreen.
ZyXEL
3. ClickBackuptodisplaytheFileDownloaddialog.Then,clickSavetobackupthe configurationtextfiletoalocationyouspecifyonyourcomputer. UsingtheConsolePort ConnecttotheconsoleportandlaunchaTerminalEmulationsoftware. Restarttheswitchtoenterthedebugmodeviatheterminal. EnterATTD. UseXmodemprotocoltotransfer(ReceiveFile)theconfigurationfile(witha.rom fileextension). 5. EnterATGOtorestarttheswitchafterfiletransferandtheconfigurationbackup processesarecomplete. UsingFTP 1. 2. 3. 4.
1. Download(andunzipped)thecorrectmodelfirmwaretoyourcomputer. 2. LaunchtheFTPclientonyourPCtologintotheswitch.(Fromthecommandprompt, typeftp<SwitchIP> 3. Press[ENTER]whenpromptedforausername 4. EntertheadministratorloginpasswordtoaccesstheswitchanddisplayFTPprompt. 5. Enterbintosetthetransfermodetobinary. 6. Usegettotransfertheconfigurationfilefromtheswitchtoyourcomputer,for example:getrom0config.romtransferstheconfigurationfileontheswitch (rom0)toyourcomputerandrenamesitconfig.rom. 7. Enterbyetologoutfromtheswitch.
LoadFactoryDefaults
UsingtheWebConfigurator 1. ClickManagement>Maintenanceinthenavigationpaneltodisplaythefollowing screen.
ZyXEL
ZyXEL
PONportserviceVLAN
Scenario
10
ZyXEL
OLTPortSetupConfiguration
Configuringthedownstreamrule 1. GotoBasicSetting>OLTPortSetup>OLTpolicyPortRuleProfile
2. 3. 4. 5. 6. 7. 8. 9.
10. Clickadd
11
ZyXEL
Configuringtheupstreamrule 1. GotoBasicSetting>OLTPortSetup>OLTpolicyPortRuleProfile
ChecktheActivebox Enterthename,e.g.PON1_US SelectthePrecedence,e.g.7 ChecktheActiveboxforClause1 SelectAlwaysmatchfortheOperatorinClause1 ChecktheActiveboxforIndex1 SelectAddVLANtagforActioninIndex1 SelectServiceVLANforVLANLayerinIndex1 Input0x8100forTPIDinIndex1 SelecttheCoSinIndex1,e.g.0 InputtheVIDinIndex1,e.g.200 ClickAdd
12
ZyXEL
3.
ClickUpstreamOLTPortRules
4.
SelectPON1_USfortheUpstreamOLTPolicyPortRuleProfile
13
ZyXEL
5.
ClickAdd
4.
SelectPON1_DSfortheUpstreamOLTPolicyPortRuleProfile
14
ZyXEL
5.
ClickAdd
VLANConfiguration
ConfiguringtheswitchVLANtable 1. 2. GotoAdvancedApplication>SwitchAdvance>VLAN ClickStaticVLAN
3. 4.
ClickVID=1tochoosetheVLAN1 UnchecktheActiveboxtodeactivate
15
ZyXEL
16
ZyXEL
16. CheckiftheVLANissetcorrectly
17
ZyXEL
3. 4. 5.
18
ZyXEL
6.
ClickAdd
19
ZyXEL
ONUcustomerserviceVLAN
Scenario
20
ZyXEL
ONURuleProfileConfiguration
ConfiguringtheONUupstreampolicyrulesonCVLAN=10 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. GotoBasicSetting>ONURuleProfile>ONUPolicyRuleProfile ChecktheActivebox EntertheName,e.g.CVLAN10US SelectthePrecedence,e.g.3 ChecktheActiveboxinClause1 SelectL2DestAddrtobetheFieldinClause1 SelectAlwaysmatchtobetheOperatorinClause1 EntertheValuetobe00:00:00:00:00:00inClause1 ChecktheActiveboxinIndex1 SelectSetVID;AddTag;ForwardtobetheActioninIndex1 EntertheVIDtobe10inIndex1
12. ClickAdd
ZyXEL
12. ClickAdd
ConfiguringtheONUdownstreamdefaultpolicyrules 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. GotoBasicSetting>ONURuleProfile>ONUPolicyRuleProfile ChecktheActivebox EntertheName,e.g.DSDef01 SelectthePrecedence,e.g.3 ChecktheActiveboxinClause1 SelectL2DestAddrtobetheFieldinClause1 SelectAlwaysmatchtobetheOperatorinClause1 EntertheValuetobe00:00:00:00:00:00inClause1 ChecktheActiveboxinIndex1 SelectSetPath;ForwardtobetheActioninIndex1
22
ZyXEL
11. ClickAdd
ConfiguringtheONUupstreamdefaultpolicyrules 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. GotoBasicSetting>ONURuleProfile>ONUPolicyRuleProfile ChecktheActivebox EntertheName,e.g.USDef01 SelectthePrecedence,e.g.3 ChecktheActiveboxinClause1 SelectL2DestAddrtobetheFieldinClause1 SelectAlwaysmatchtobetheOperatorinClause1 EntertheValuetobe00:00:00:00:00:00inClause1 ChecktheActiveboxinIndex1 SelectSetPath;ForwardtobetheActioninIndex1
23
ZyXEL
12. ClickAdd
ConfiguringtheONURuleProfileforVLAN=10 1. 2. 3. 4. 5. 6. 7. 8. 9. GotoBasicSetting>ONURuleProfile ChecktheActiveboxatthetop EntertheName,e.g.10profile ChecktheActiveboxforIndex1inDownstreamONUPolicyRules SelectDSDef01forIndex1inDownstreamONUPolicyRules ChecktheActiveboxforIndex1inUpstreamONUPolicyRules SelectUSDef01forIndex1inUpstreamONUPolicyRules ChecktheActiveboxforIndex2inUpstreamONUPolicyRules SelectCVLAN10DSforIndex2inUpstreamONUPolicyRules
24
ZyXEL
10. ClickAdd
25
ZyXEL
5. 6. 7. 8. 9.
26
ZyXEL
ONUSetup
ConfiguringtheEPONONUSetupfortheONUonVLAN10 1. 2. GotoBasicSetting>ONUSetup ClickthePort01onClickhere
3. 4. 5. 6.
7.
ClickAdd
27
ZyXEL
7.
ClickAdd
VLANConfiguration
ConfiguringtheswitchVLANtable 1. 2. GotoAdvancedApplication>SwitchAdvance>VLAN ClickStaticVLAN
28
ZyXEL
3. 4. 5. 6. 7. 8. 9.
29
ZyXEL
3.
Enter200forthePVIDinPort11
4.
ClickAdd
30
ZyXEL
DHCPRelay
WhatisDHCPRelay?
DHCP(DynamicHostConfigurationProtocol,RFC2131andRFC2132)allows individualclientstoobtainTCP/IPconfigurationatstartupfromaDHCPserver.Youcan configuretheIPDSLAMtorelayDHCPrequeststooneormoreDHCPserversandthe serversresponsesbacktotheclients.YoucanspecifydefaultDHCPserversforallVLAN, andyoucanspecifyDHCPserversforeachVLAN.
WhatisDHCPRelayAgentInformationOption82?
TheIPDSLAMcanaddinformationtoDHCPrequeststhatitrelaystoaDHCPserver. Thishelpsprovideauthenticationaboutthesourceoftherequests.Youcanalsospecify additionalinformationfortheIPDSLAMtoaddtotheDHCPrequeststhatitrelaysto theDHCPserver. TheDHCPrelayagentinformationfeatureaddsanAgentInformationfieldtothe option82fieldoftheDHCPheadersofclientTCP/IPconfigurationrequestframesthat theIPDSLAMrelaystoaDHCPserver.TheIPDSLAMsupportstwoformatsfortheDHCP relayagentinformation:PrivateandTR101.
Notes
DHCPRelayisusedforpassingmessagesbetweenDHCPclientandserver RelayAgentInformationOption(Option82)isanoptioninsertedandremovedbyDHCP relayagent TheoptionisusedforDHCPservertoprovidedifferentservicestoDHCPclients
31
ZyXEL
HowdoesDHCPReplay(andOption82)work?
DHCP Request
DHCP Request
Option
DHCP Request
Option
DHCPReply
DHCPReply
Option
DHCPReply
Option
32
ZyXEL
PrivateFormat
Code Len AgentInformationField
82
i1
i2
i3
i4
iN
SubOpt
Len
SuboptionValue
Suboption1standsforAgentCircuitIDSuboption Suboption2standsforAgentRemoteIDSuboption
Thisaboveisprivateformat;itisveryeasytounderstandwhyitiscalledDHCP RelayAgentInformationOption82.Itusesnumber82asanoptioncodenumberinthe headoftheDHCPOptionpacketfield.Eachoption82packetcarriesmanysuboption fieldswithmanysubvalues.ThesubvalueisusedforprovidinginformationtoDHCP server. TheinitialassignmentofDHCPRelayAgentSuboptionsincludestwosuboption codes.Thatis1standsforAgentCircuitIDSuboptionand2forAgentRemoteID Suboption.AgentCircuitIDSuboptionencodesanagentlocalidentifierofthecircuit fromwhichaDHCPclienttoserverpacketwasreceived.Itisintendedtobeusedby agentsinrelayingDHCPresponsesbacktothepropercircuit.SincetheCircuitIDisonly toaparticularrelayagentlocal,acircuitIDshouldbequalifiedwiththegateway addressvaluethatidentifiestherelayagent.IPDSLAMusesthisSuboption.
33
ZyXEL
DHCPRelayOption82Application
ISPmaywanttolimitthenumberofIPaddressorprovidesomespecificclientIP addressesbasedontheswitchports,VLANIDandoption82string.Theycaneasily achievethiswiththeDHCPRelayOption82featureandaDHCPserverthatsupports Option82. Thefollowingfigureshowsanetworkexample:
SettingupaDHCPRelayOption82Environment Inthisexample,wewillshowyouhowtoconfigureDHCPrelaysettingstoallowa computertoobtainaspecificIPaddressfromaDHCPserverbasedontheOption82 string. Inthisnetworkenvironment,wewilluseanOLT1308S22withacomputerconnected toanONUtothefirstPONport.TheOption82stringissettoOLT1308S22. 6. GotoIPApplication>DHCP>Global 7. ChecktheActivebox 8. TypetheIPaddressofRemoteDHCPServer1,e.g.192.168.1.50: 9. ChecktheOption82box 10. ChecktheInformationbox
34
ZyXEL
11. TypetheInformationstring,e.g.OLT1308S22
Aswecanseefromtheselectedregionmarkedinred,theoption82isaddedonwith thecorrectstring,i.e.OLT1308S22.
35
ZyXEL
VLAN
WhatisVirtualLAN?
VLANOverview AVLAN(VirtualLocalAreaNetwork)allowsaphysicalnetworktobepartitioned intomultiplelogicalnetworks.Stationsonalogicalnetworkbelongtoagroupknownas theVLANGroup.Astationcanbelongtomorethanonegroup.Stationsinthesame VLANgroupcancommunicatewitheachother.WithVLAN,astationcannotdirectly communicatewithstationsthatarenotinthesameVLANgroup(s);thetrafficmustfirst gothrougharouter.InGEPONapplications,VLANisvitalinprovidingisolationand securityamongsubscribers.Whenproperlyconfigured,VLANpreventsonesubscriber fromaccessingthenetworkresourcesofanotheronthesameLAN.Thusauserwillnot seetheprintersandharddisksofanotheruserinthesamebuilding.VLANalsoincreases networkperformancebylimitingbroadcaststoasmallerandmoremanageablelogical broadcastdomain.AVLANgroupisabroadcastdomain.IntraditionalLayer2switched environments,allbroadcastpacketsgotoeachandeveryindividualport.WithVLAN,all broadcastsareconfinedtoaspecificbroadcastdomain.TherearetwoVLAN implementations:PortbasedVLANandIEEE802.1qTaggedVLAN.OLT1308S22 supportsbothVLANimplementations.ThemajordifferencebetweenbothVLAN implementationsisthatTaggedVLANcancrossLayer2switchesbutPortbasedVLAN cannot. PortbasedVLAN PortbasedVLANsareVLANswherethepacketforwardingdecisionisbasedonthe destinationMACaddressanditsassociatedport.Youmustdefineoutgoingportsallowed foreachportwhenusingportbasedVLANs.NotethatVLANonlygovernstheoutgoing traffic.Intheotherword,itisunidirectional. Therefore,ifyouwishtoallowtwosubscriberportstotalktoeachother,e.g.,between conferenceroomsinahotel,youmustdefinetheegress(outgoingport)forbothports. Anegressportisanoutgoingport,thatis,aportthroughwhichadatapacketleaves. Inthefollowingfigure,fivehosts(A,B,C,DandE)areconnectedtoa5portlayer2 switchwhichsupportedportbasedVLAN. Case1: HostsAandBcancommunicatewitheachother,becausetheyareinthesameVLAN group.ButHostsAandBcannotcommunicatewithHostsC,D,andE.
36
ZyXEL
37
ZyXEL
ForSwitch2,ports1,2,and3areallowedtocommunicatewithuplinkport4,butnot withotherports. Switch2VLAN1memberport:port1andport4 Switch2VLAN2memberport:port2andport4 Switch2VLAN3memberport:port3andport4 ForSwitch3,ports2,3,and4areallowedtocommunicatewithuplinkport1,butnot withotherports. Switch3VLAN1memberport:port2andport1 Switch3VLAN2memberport:port3andport1 Switch2VLAN3memberport:port4andport1 HostAcannotcommunicatewithHostBduetotheportbasedVLANimplementation onSwitch2.HostCcannotcommunicatewithHostDduetotheportbasedVLAN implementationonSwitch3.However,theuplinkportsonbothSwitch2andSwitch3 connecttothenonVLANSwitch1.HostsAandBisabletocommunicatewithHostsC andDthroughthenonVLANswitchbecauseportbasedVLANcannotcrossmultiple switches. Toprovidesecuritybetweenswitches,youmustinstallanotherportbasedVLANswitch fortheuplink.Eachportontheuplinkswitchalsoshouldbeseparatedintodifferent VLANs,exceptfortheportconnectiontothegateway.Sosubscriberscanonlyconnect tothegatewayforInternetaccessbutnotcommunicatewitheachother.
38
ZyXEL
ForSwitch1,ports1,2,and3areallowedtocommunicatewithuplinkport4,butnotwith otherports. Switch1VLAN1memberport:port1andport4 Switch1VLAN2memberport:port2andport4 Switch1VLAN3memberport:port3andport4
HowtoconfigurePortBasedVLAN
PortbasedVLANsareVLANswherethepacketforwardingdecisionisbasedonthe destinationMACaddressanditsassociatedport.
39
ZyXEL
Inthisscenario,PortBasedVLANisusedtoseparateonephysicalswitchintotwo smallerlogicalswitches.Ports1~4and17,18belongtothesameVLANgroup,andports 5~8areinanothergroup.PortbasedVLANsarespecificonlytotheswitchonwhich theywerecreated. ConfiguringtheSwitchUsingtheWebConfigurator 1. UseanRJ45Ethernetcabletoconnectacomputertothemanagementportonthe switch. 2. BydefaultthemanagementIPaddressoftheswitchis192.168.0.1/24 3. SettheIPsettingsonyourcomputerto192.168.0.2/24 4. OpenawebbrowsersuchasIEandenterhttp://192.168.0.1astheURL. 5. Whenprompted,enteradminastheusernameand1234asthepassword. 6. Afteryouhaveloggedinsuccessfully,themainwebconfiguratorscreendisplays.
40
ZyXEL
41
ZyXEL
9. Finally,verifythesettings.IfyouhaveconfiguredtheVLANsettingsproperly,PCA canpingPCBandPCZbutnotPCCorPCDandviceversa. 10. Forexample, PCA:192.168.1.4/24 PCB:192.168.1.5/24 PCC:192.168.1.6/24 PCD:192.168.1.7/24 PCZ:192.168.1.99/24 11. PINGPCBfromPCA(successfulreplymessages)
42
ZyXEL
12. PINGPCZfromPCA(successfulreplymessages)
13. PINGPCCfromPCA(notsuccessfulwithrequesttimedoutmessage)
43
ZyXEL
7.
Afterenteringthecommands,usethewritememorycommandundertheenable modetosaveyourconfiguration.
WhatisIEEE802.1QTagbasedVLAN?
IntheIEEE802.1Qstandard,TagbasedVLANusesanextratagintheMACheader toidentifytheVLANmembershipofaframeacrossbridges.ThistagisusedforVLAN andQoS(QualityofService)priorityidentification.TheVLANscanbecreatedstatically byanadministratorordynamicallythroughGVRP.TheVLANIDassociatesaframewith aspecificVLANandprovidestheinformationthatswitchesneedtoprocesstheframe acrossthenetwork.Ataggedframeisfourbyteslongerthananuntaggedframeand containstwobytesofTPID(TagProtocolIdentifier,residingwithinthetype/lengthfield oftheEthernetframe)andtwobytesofTCI(TagControlInformation,startsafterthe sourceaddressfieldoftheEthernetframe).
44
ZyXEL
TPID:TPIDhasadefinedvalueof8100inhex.Whenaframehasthe EtherTypeequalto8100,thisframecarriestheIEEE802.1Q/802.1Ptag. Priority:ThefirstthreebitsoftheTCIdefineuserpriority,givingeight(2^3) prioritylevels.IEEE802.1Pdefinestheoperationforthese3userprioritybits. CFI:CanonicalFormatIndicatorisasinglebitflag,alwayssettozerofor Ethernetswitches.CFIisusedforcompatibilityreasonbetweenEthernettype networkandTokenRingtypenetwork.IfaframereceivedatanEthernetport hasaCFIsetto1,thenthatframeshouldnotbeforwardedasitistoan untaggedport. VID:VLANIDistheidentificationoftheVLAN,whichisusedbythestandard 802.1Q.Itis12bitslongandallowstheidentificationof4096(2^12)VLANs.Of the4096possibleVIDs,aVIDof0isusedtoidentifypriorityframesandvalue 4095(FFF)isreserved,sothemaximumpossibleVLANconfigurationsare 4,094. NotethatuserpriorityandVLANIDareindependentofeachother.Aframe withVID(VLANIdentifier)ofnull(0)iscalledapriorityframe,meaningthat onlytheprioritylevelissignificantandthedefaultVIDoftheingressportis givenastheVIDoftheframe.
How802.1QVLANworks
BasedontheVIDinformationinthetag,theswitchforwardsandfiltersframeson theports.PortswiththesameVIDcancommunicatewitheachother.IEEE802.1QVLAN functiondefinesthreetasks:IngressProcess,ForwardingProcessandEgressProcess.
45
ZyXEL
1.IngressProcess: Eachportiscapableofpassingtaggedoruntaggedframes.IngressProcessidentifiesif theincomingframescontainatag,andclassifiestheincomingframesbelongingtoa VLAN.EachporthasitsownIngressrule.IfanIngressruleacceptstaggedframesonly, theswitchwilldropallincomingnontaggedframesontheport.IfanIngressrule acceptsallframetypes,theswitchallowbothincomingtaggedanduntaggedframeson theport. Whenataggedframeisreceivedonaport,itcarriesatagheaderthathasanexplicit VID.IngressProcessdirectlypassesthetaggedframetoForwardingProcess. AnuntaggedframedoesnotcarryanyVIDtowhichitbelongs.Whenanuntaggedframe isreceived,IngressProcessinsertsatagcontainedthePVIDintotheuntaggedframe. EachphysicalporthasadefaultVIDcalledPVID(PortVID).PVIDisassignedtountagged framesorprioritytaggedframes(frameswithnull(0)VID)receivedonthisport.
46
ZyXEL
port,thisportmustbetheegressportofthisVID.Theegressportisanoutgoingport forthespecifiedVLAN,thatis,frameswithaspecifiedVIDtagcangothroughthisport. FilteringDatabasestoresandorganizesVLANregistrationinformationusefulfor switchingframestoandfromswitchports.Itconsistsofstaticregistrationentries(Static VLANorSVLANtable)anddynamicregistrationentries(DynamicVLANorDVLANtable). SVLANtableismanuallyaddedandmaintainedbytheadministrator. DVLANtableisautomaticallylearnedviaGVRPprotocol,andcan'tbecreatedor updatedbytheadministrator. VLANentriesinFilteringDatabasehavethefollowinginformation: 1.VID:VLANID 2.Port:Theswitchportnumber 3.AdControl:Registrationadministrationcontrol.Thereare3typesofadcontrol, includingforbiddenregistration,fixedregistrationandnormalregistration. Forbiddenregistration:Thisportisforbiddentobetheegressportofthe specifiedVID. Fixedregistration:Whileadcontrolisfixedregistration,itmeansthisisa staticregistrationentry.ThisportistheegressportofthespecifiedVID(a memberportofthespecifiedVLAN).FrameswiththespecifiedVIDtagcango throughthisport. Normalregistration:Whileadcontrolisnormalregistration,itmeansthisisa dynamicregistrationentry.Theforwardingdecisionisdependedonthe DynamicVLANtable. 4.EgresstagControl:ThisinformationisusedforEgressProcess.Thevaluemaybe taggedoruntagged.Ifthevalueistagged,outgoingframesontheegressportistagged. Ifthevalueisuntagged,thetagwillberemovedbeforeaframeleavestheegressport.
47
ZyXEL
3.EgressProcess: TheEgressProcessdecidesiftheoutgoingframesistobesenttaggedoruntagged.The EgressProcessreferstotheegresstagcontrolinformationinFilteringDatabase.Ifthe valueistagged,outgoingframesontheegressportistagged.Ifthevalueisuntagged, thetagwillberemovedbeforeaframeleavestheegressport. SettingupVLANTrunking WiththebenefitofdeployingVLANtrunking,youcanconnecttwoswitches throughaportthatisconfiguredastheVLANtrunkingport.VLANtaggedframesfrom PC1connectedtoswitch1canreachPC2connectedtoswitch2throughtheVLAN trunkingport.Inthisexample,port5onswitch1isconfiguredastheVLANTrunking portwhileonswitch2,port10istheVLANTrunkingport. Thefollowingfigureshowsthenetworkexample.
48
ZyXEL
Theconfigurationscreenforswitch1isshownasfollows.
Theconfigurationscreenforswitch2isshownasfollows.
49
ZyXEL
50
ZyXEL
IPMulticasting
ConfiguringIGMPsnoopinginyourswitch
IGMPsnoopingisdesignedforscenarioswithmulticasttraffic.Itoperatesonthe underlyingIGMPmechanismwherealayertwoswitchpassivelylistenstotheIGMP Query,ReportandLeave(IGMPversion2)packetstransmittedbetweentheIGMP routerandclientsandcollectspassingIGMPmessages.Afterthat,theswitchrecords themessagesgroupregistrationinformation,andconfiguresthemulticasting informationaccordingly.Ifthemulticastgroupinformationisunknown(notrecordedon theswitch),theswitchdiscardsthatmulticasttraffic.Onlytheregisteredclientsthat jointhegroupwillreceivemulticaststreamfromtheIGMProuter.Thusthissignificantly reducesthemulticasttrafficforwardeddowntotheclients.AnotheradvantageofIGMP snoopingistoallowtheintermediateswitchtolearnmulticastgroupinformation withoutmanuallyconfiguringswitches. ConfigurationofIGMPsnoopingbyweb Inthisexample,weenabletheIGMPfunctionontheGS4024(anIGMProuter)to connecttoamultimediaserver.Also,weenableIGMPsnoopingfunctiononthe OLT1308S22themultimediaclientsareconnectto.
51
ZyXEL
1. InGS4024,clicktheIPApplication,selectIGMPwhere,IGMPfunctioncanbe enabledandwecanselecteitherIGMPv1orIGMPv2.
52
ZyXEL
ConfigurationofIGMPandIGMPsnoopingbyCLI 1.EnableIGMPfunctioninGS4024 Intheconfiguremode GS4024(config)#routerigmp 2.EnableIGMPsnoopingintheOLT1308S22 IntheconfiguremodeofCLI, OLT1308S22(config)#igmpsnooping 3.DisplaytheIGMPStatus IntheexecmodeofCLI OLT1308S22#showmulticast 4.DisplaytheIGMPsnoopingStatus IntheexecmodeofCLI OLT1308S22#showigmpsnooping ______________________________________________________________ Note:OnethingneedstobementionedisthatintheIGMProuter,wedonotneedto enableIGMPsnoopingfunction. ______________________________________________________________
53
ZyXEL
OverviewofMVR
MVRreferstoMulticastVLANRegistrationthatenablesamediaservertotransmit multicaststreaminasinglemulticastVLANwhileclientsreceivingmulticastVLAN streamcanresideindifferentVLANs.ClientsindifferentVLANsintendingtojoinor leavethemulticastgroupsimplysendtheIGMPJoin/leavemessagetoareceiverport. Thereceiverportbelongingtooneofthemulticastgroupscanreceivemulticaststream frommediaserver.IntheFigure1,withoutsupportofMVR,theMulticaststreamfrom themediaserverandthesubscribermustresideinthesameVLAN.ForeachVLAN,A mediaserverisrequiredtotransmitmulticaststreamonceandtotally,mediaserver transmits6times.IntheFigure2,onthecontrary,withMVR,amediaserverisrequired totransmitmulticasttraffictoclientsindifferentVLANsatonce.
54
ZyXEL
MVRMode
55
ZyXEL
isanothersubscriberintheVLAN,subscribermustrespondwithinthemaxresponse time.Ifthereisnosubscriber,theswitcheliminatesthisreceiverport. ImmediateLeaveOperation SubscribersendsanIGMPleavemessagetotheswitchtoleavethemulticast. SubscribersdonotneedtowaitfortheswitchCPUtosendanIGMPgroupspecific querythroughthereceiverportVLAN.Theswitchwillimmediatelyeliminatethis receiverport. ScenarioofMVR Inthefollowingsection,wewillprovideanexampletoillustratehowtoconfigureMVR. Inthisscenario,themainjobofmediaserveristotransmitthemediastreamviaport10 toGS4024.ThemulticasttrafficflowingintotheGS4024willbetaggedwithPVID=100. IntheOLT1308,weenabletheMVRfunctiontoallocatethemulticasttrafficfrom GS4024toseparateVLANhosts.
ConfigurationviaWeb
56
ZyXEL
57
ZyXEL
58
ZyXEL
59
ZyXEL
OpenAdvancedApplication>VLAN>VLANPortSettingtochangePVIDfortheports1, 2and3.
60
ZyXEL
ConfigurationviaCLI
61
ZyXEL
1. OntheOLT1308S22,intheconfiguremode,createMVLAN100
2. IntheMVLAN100,settheport1,2,3,12tobefixedport,andtaggedatport12.
62
ZyXEL
3. OntheOLT1308S22,intheconfiguremode,createVLAN30,andsettheport1,12 tobefixedport,anduntaggedatport1.
4. OntheOLT1308S22,intheconfiguremode,createVLAN40,andsettheport2,12 tobefixedport,anduntaggedatport2.
63
ZyXEL
5. OntheOLT1308S22,intheconfiguremode,createVLAN50,andsettheport3,12 tobefixedport,anduntaggedatport3.
6. OntheOLT1308S22,setthePVIDofspecificVLAN30
ZyXEL
7. OntheOLT1308S22,setthePVIDofspecificVLAN40
8. OntheOLT1308S22,setthePVIDofspecificVLAN50
65
ZyXEL
9. OntheOLT1308S22,intheconfiguremode,enableIGMPsnooping
10. DefinetheDynamicmode
66
ZyXEL
11. OntheOLT1308S22,intheMVR100,setupthemulticastgroupaddress.
14. Inexecmode,inputwritememorytosavealloftheabovechanges.
67
ZyXEL
SpanningTreeProtocol
WhatisSpanningTreeProtocol?
SpanningTreeProtocol(STP)isaLayer2protocoldesignedtorunonthebridges andtheswitches.ThespecificationforSTPisdefinedinIEEE802.1d.Themainpurpose ofSTPistoensurethatyoudonotrunintoaloopsituationwhenyouhaveredundant pathsinyournetwork.STPdetects/disablesnetworkloopsandprovidesbackuplinks betweenswitchesorbridges.ItallowsthedevicetointeractwithotherSTPcompliant devicesinyournetworktoensurethatonlyonepathexistsbetweenanytwostations onthenetwork. TheredundanttopologywithoutSTPwillcausethefollowingproblem: 1.Broadcaststorm: WithoutSpanningTreeloopavoidancemechanism,eachswitchwillendlesslyflood broadcastpacketstoallports.Thissituationiscalledbroadcaststorm. WhenHostsendsabroadcastframe,likeanARPrequesttoRouter,theframewill bereceivedbySwitchA. SwitchAidentifiesthedestinationMACaddressfield(broadcastFF:FF:FF:FF:FF:FF) intheframeanddeterminetoflooditontoSegmentB. WhenthebroadcastframearrivesatSwitchB,theswitchwillrepeataboveprocess, floodittoSegmentA. Thebroadcastframewillendlesslytravelaroundtheloopnetworkevenidthe routerhasalreadyreceivedthisframe.
68
ZyXEL
HowSTPWorks
SpanningTreeprovidesaloopfreenetwork.WhenaswitchsupportingSTP recognizesaloopinthenetworktopology,itblocksoneormoreredundantports. SpanningTreeProtocolcontinuallyexploresthenetwork,sowhenthenetworktopology changes,STPautomaticallyreconfigurestheswitchportsinordertoavoidthefailureby blockingcertainport. Spanningtreealgorithmawareswitches(bridges)exchangeconfiguration messagesperiodically.TheconfigurationmessageisamulticastframecalledBPDU (BridgeProtocolDataUnit)orHellomessage.AccordingtoBPDU,theseSTPaware switches(bridges)willconstructaloopfreenetworkwitha"tree"architecture. STPoperationisdescribedbelow: 1.Selectarootbridge Onlyoneswitch/bridgecanbeselectedastherootbridgeinagivennetwork. Allotherdecisionsinthenetwork,suchaswhichportisblockedandwhichportisputin forwardingmode,aremaderegardingthisrootbridge.Therootbridgeisthe"root"of theconstructed"tree". OneoftheimportantfieldsincludedintheBPDUisthebridgeID. EachbridgehasuniquebridgeID.Therootbridgeisthebridgewiththelowest bridgeIDinthespanningtreenetwork. ThebridgeIDincludestwoparts,bridgepriority(2bytes)andbridgeMACaddress
All contents copyright 2009 ZyXEL Communications Corporation. 69
ZyXEL
(6bytes).The802.1ddefaultbridgepriorityis32768.E.g.foraswitchwithdefault priority32768(8000hex),MACaddressis00:A0:C5:12:34:56,itsbridgeIDis 8000:00A0:C512:3456. Ontherootbridge,allitsportsaredesignatedports.Designatedportsarealways intheforwardingstate.Whileinforwardingstate,portcanreceiveandsend traffic. 2.Selectarootportforthenonrootbridge Forthenonrootswitch/bridge,therewillbeonerootport.Therootportistheport throughwhichthisnonrootswitch/bridgecommunicateswiththerootbridge(the "leaf"sideofthe"tree"). Therootportistheportonthenonrootbridgewiththelowestpathcosttothe rootbridge.Therootportisnormallyinforwardingstate. PathcostisthetotalcostoftransmittingaframeontoaLANthroughthatportto bridgeroot.Itisassignedaccordingtothebandwidthofthelink.Theslowerthe media,thehigherthecost. SomeofthepathcostsspecifiedintheIEEE802.1dspecificationarelistedbelow.
3.Whenmultipleportshavethesamepathcosttorootbridge,theportwith lowestportpriorityisselectedasrootport. 3.Selectadesignatedportoneachsegment ForeachLANsegment(collisiondomain),thereisadesignatedport.Thedesignated porthasthelowestcosttotherootbridge.Designatedportsarenormallyinthe forwardingstatetoforwardandreceivetraffictothesegment.Ifmorethanoneportin thesegmenthavethesamepathcost,theportonwhichbridgehasthelowestbridgeID isselectedasadesignatedport. AfterSTPdeterminesthelowestcostspanningtree,itenablesallrootportsand designatedports,anddisablesallotherports.Networkpacketsarethereforeonly forwardedbetweenrootportsanddesignatedports,eliminatinganypossiblenetwork loops.STPawaredevicesexchangeBridgeProtocolDataUnits(BPDUs)periodically. WheneverthebridgedLANtopologychanges,anewspanningtreeisconstructed.
70
ZyXEL
1. SwitchAbridgeID=8000:00A0:C511:1111,SwitchBbridgeID= 8000:00A0:C522:2222,SwitchCbridgeID=0001:00A0:C533:3333.SwitchChasthe lowestbridgeID,soSwitchCistherootbridge.Allportsoftherootbridgeare designatedports,soPort1isdesignatedport. 2. FornonrootbridgeSwitchA,Port1pathcosttorootbridgeis19,Port2pathcostis 119,100(SwitchAPort2)+19(SwitchBPort1).ForSwitchB,Port1pathcostis19, Port2pathcostis119.Rootport=Port1ofSwitchAandSwitchBbecauseithas thelowestpathcosttotherootbridgeSwitchC. 3. OnSegmentA,bothPort2ofSwitchAandSwitchBhavethesamepathcosttoroot bridge.SinceSwitchAhaslowerbridgeIDthanSwitchB,thedesignatedportis selectedonSwitchA.SoPort2ofSwitchAisdesignatedport.Blocking=Port2of SwitchB,thenondesignatedportonthesegment.Forwarding=Alldesignated portsandrootports.
71
ZyXEL
OverviewofMSTP
MultipleSpanningTreeProtocol(IEEE802.1s)isbackwardcompatiblewithSTP/RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networkstoincludethefollowingfeatures:
One Common and Internal Spanning Tree (CIST) that represents the entire network'sconnectivity. Grouping of multiple bridges (or switching devices) into regions that appear as onesinglebridgeonthenetwork. A VLAN can be mapped to a specific Multiple Spanning Tree Instance (MSTI). MSTIallowsmultipleVLANstousethesamespanningtree. LoadbalancingispossibleastrafficfromdifferentVLANscanusedistinctpathsin aregion.
MSTRegion: An MST region is a logical grouping of multiple network devices that appears as a singledevicetotherestofthenetwork.EachMSTPenableddevicecanonlybelongto oneMSTregion.
MSTInstance: AnMSTInstance(MSTI)isaspanningtreeinstance.VLANscanbeconfiguredtorun on a specific MSTI. Each created MSTI is identified by a unique number (known as an MSTID)knowninternallytoaregion.ThusanMSTIdoesnotspanacrossMSTregions.
72
ZyXEL
If we use STP/RSTP in this topology, all traffics from D to hosts connected to other switcheswillgothroughtherootport.
All contents copyright 2009 ZyXEL Communications Corporation. 73
ZyXEL
TrafficonSTP/RSTPenabledtopology.
NowwhatifweappliedMSTPinthesametopology?
When therere traffics belong to VLAN2 and VLAN3. Each of them can go through differentuplinks.
74
ZyXEL
75
ZyXEL
ConfigurationusingtheWebGUISwitchA 1. 2. 3. 4. 5. ConnectMGMTportwithaPCorNotebookviatheRJ45Cable. Bydefault,theMGMTIPoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intheURLfield. By default, the username for the administrator is admin and the corresponding passwordis1234. 6. After successful login you will see a screen similar to the one on the screenshot below.
7. First of all, you need to enable the switchs MSTP function. To do so, click items depictedbelow.AdvancedApplication>SpanningTreeProtocol>Configuration
76
ZyXEL
8. After step 7. It will direct you to a Spanning Tree Configuration page, choose MultipleSpanningTreethenclicktheApplybutton.
77
ZyXEL
10. At the Multiple Spanning Tree Protocol page, create a MSTI 0 setting by following steps.AllportswanttojoinMSTPmustbeincludedintoMSTI0 A. ConfiguretheMSTPbridgeparameters.(Allswitchesinthesameregionmust have the same Configuration Name, Revision Number and vlanMSTI mapping.) i. CheckActive ii. ConfiguretheHelloTime iii. ConfiguretheMaxAgetime iv. ConfiguretheForwardingDelaytime v. ConfiguretheMaxhops vi. ConfiguretheConfigurationName vii. ConfiguretheRevisionNumber viii. ClickApplybottom
78
ZyXEL
B. Configure the MSTI parameters and choose which vlan should join this MSTI andclickAdd.BecauseswitchAistherootofthisregion,wemustsetthe BridgePriorityofMSTI0to0
C. ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
11. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
79
ZyXEL
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
12. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjoin thisMSTIandclickAdd
80
ZyXEL
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
81
ZyXEL
B.Createvlan2forMSTI1andclickAdd
C.Createvlan3forMSTI2andclickAdd
82
ZyXEL
ConfigurationusingtheWebGUISwitchBOLT1308S22 1. 2. 3. 4. 5. ConnecttheMGMTporttoaPCorNotebookwiththeRJ45Cable. Bydefault,theMGMTIPaddressoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intotheURLfield. By default, the username for the administrator is admin and the password is 1234. 6. Aftersuccessfullylogginginyouwillseeascreensimilartotheonebelow.
83
ZyXEL
7. First of all, you need to enable the switchs MSTP function. To do so, click items depictedbelow.AdvancedApplication>SwitchAdvance>SpanningTreeProtocol> Configuration
8. After step 7. It will direct you to a Spanning Tree Configuration page, choose MultipleSpanningTreethenclicktheApplybutton.
84
ZyXEL
10. At the Multiple Spanning Tree Protocol page, create a MSTI 0 setting by following steps.AllportswanttojoinMSTPmustbeincludedintoMSTI0
85
ZyXEL
A.ConfiguretheMSTPbridgeparameters.(Allswitchesinthesameregion MusthavethesameConfigurationName,RevisionNumberand vlanMSTImapping.) i. CheckActive ii. ConfiguretheHelloTime iii. ConfiguretheMaxAgetime iv. ConfiguretheForwardingDelaytime v. ConfiguretheMaxhops vi. ConfiguretheConfigurationName vii. ConfiguretheRevisionNumber viii. ClickApplybottom
B.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
C.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
86
ZyXEL
11. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd.BecauseSwitchBistherootofMSTI1,weneedtoconfigure theBridgePriorityofthisinstanceto0
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
12. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
87
ZyXEL
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
B.Createvlan2forMSTI1andclickAdd
All contents copyright 2009 ZyXEL Communications Corporation. 88
ZyXEL
C.Createvlan3forMSTI2andclickAdd
89
ZyXEL
14. CreatethePVIDforthedownlinkportconnectedtotheHost.
90
ZyXEL
ConfigurationusingtheWebGUISwitchC 1. 2. 3. 4. 5. ConnectMGMTportwithaPCorNotebookviatheRJ45Cable. Bydefault,theMGMTIPoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intheURLfield. By default, the username for the administrator is admin and the corresponding passwordis1234. 6. After successful login you will see a screen similar to the one on the screenshot below.
7. First of all, you need to enable the switchs MSTP function. To do so, click items depictedbelow.AdvancedApplication>SpanningTreeProtocol>Configuration
91
ZyXEL
8. After step 7. It will direct you to a Spanning Tree Configuration page, choose MultipleSpanningTreethenclicktheApplybutton.
92
ZyXEL
10. At the Multiple Spanning Tree Protocol page, create a MSTI 0 setting by following steps.AllportswanttojoinMSTPmustbeincludedintoMSTI0
A.ConfiguretheMSTPbridgeparameters.(Allswitchesinthesameregion MusthavethesameConfigurationName,RevisionNumberand vlanMSTImapping.) i. CheckActive ii. ConfiguretheHelloTime iii. ConfiguretheMaxAgetime iv. ConfiguretheForwardingDelaytime v. ConfiguretheMaxhops vi. ConfiguretheConfigurationName vii. ConfiguretheRevisionNumber viii. ClickApplybottom
93
ZyXEL
B.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
C.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
94
ZyXEL
11. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd.
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
95
ZyXEL
12. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd.BecauseSwitchCistherootofMSTI2,weneedtoconfigure theBridgePriorityofthisinstanceto0
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
96
ZyXEL
B.Createvlan2forMSTI1andclickAdd
97
ZyXEL
C.Createvlan3forMSTI2andclickAdd
98
ZyXEL
15. CreatethePVIDforthedownlinkportconnectedtotheHost.
99
ZyXEL
ConfigurationusingtheWebGUISwitchD 1. 2. 3. 4. 5. ConnectMGMTportwithaPCorNotebookviatheRJ45Cable. Bydefault,theMGMTIPoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intheURLfield. By default, the username for the administrator is admin and the corresponding passwordis1234. 6. After successful login you will see a screen similar to the one on the screenshot below.
7. First of all, you need to enable the switchs MSTP function. To do so, click items depictedbelow.AdvancedApplication>SpanningTreeProtocol>Configuration
100
ZyXEL
8. After step 7. It will direct you to a Spanning Tree Configuration page, choose MultipleSpanningTreethenclicktheApplybutton.
101
ZyXEL
10. At the Multiple Spanning Tree Protocol page, create a MSTI 0 setting by following steps.AllportswanttojoinMSTPmustbeincludedintoMSTI0 A.ConfiguretheMSTPbridgeparameters.(Allswitchesinthesameregion MusthavethesameConfigurationName,RevisionNumberand vlanMSTImapping.) i. CheckActive ii. ConfiguretheHelloTime iii. ConfiguretheMaxAgetime iv. ConfiguretheForwardingDelaytime v. ConfiguretheMaxhops vi. ConfiguretheConfigurationName vii. ConfiguretheRevisionNumber viii. ClickApplybottom
102
ZyXEL
B.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
C.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
103
ZyXEL
11. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
104
ZyXEL
12. At the Multiple Spanning Tree Protocol page, create a MSTI 1 setting by following steps. A.ConfiguretheMSTIparametersandchoosewhichvlanshouldjointhisMSTI andclickAdd
B.ChoosewhichportshouldbeincludedinthisMSTI.ClickAdd
105
ZyXEL
B.Createvlan2forMSTI1andclickAdd
106
ZyXEL
C.Createvlan3forMSTI2andclickAdd
107
ZyXEL
14. CreatethePVIDforthedownlinkportconnectedtotheHost.
108
ZyXEL
Switchingsecurity
MACfreeze
Asanaddedprotectionagainstnetworkintrusionattacks,ZyXELhasimplemented theMACFreezefeatureonOLT1308S22.Securityhasbeenthemainfocusofour Ethernetswitchdesign.WiththeMACfreezefeatureenabled,dynamicMACaddresses onspecifiedportsarestoredinthestaticMACaddresstable.Atthesametime,MAC addresslearningisdisabledontheseportsthusdenyingnetworkaccessforcomputers withinunknownMACaddresses.WithouttheMACfreezefunction,anycomputercan accessthenetworkthroughaswitchport.Theportautomaticallylearnsthecomputers MACaddressandstoresittotheMACaddresstable. ActivatetheMACfreezefunctiononaportbyenteringtheportsecurity[portnumber] MACfreezecommandintheCLI.ThefollowingfigureshowsanexamplewheretheMAC freezefeatureisenabledonport11.Theswitchautomaticallycopiesalldynamically learntMACaddressontheport11tothestaticMACaddress.
YoucandisplaytheStaticMACAddressscreeninthewebconfiguratortoviewthe copiedMACaddresses.
109
ZyXEL
Figure2:DisplayingMACAddressesfromMACFreeze
110
ZyXEL
trTCM
OverviewoftrTCM
Two Rate Three Color Marker (TRTCM, defined in RFC 2698) is a type of traffic policing that identifies packets by comparing them to two userdefined rates: the CommittedInformationRate(CIR)andthePeakInformationRate(PIR).TheCIRspecifies the average rate at which packets are admitted to the network. The PIR should be greater than or equal to the CIR. CIR and PIR values are based on theguaranteedand maximumbandwidthrespectivelyasnegotiatedbetweenaserviceproviderandclient. A packet is marked red if it exceeds the Peak Information Rate (PIR). Otherwise it is markedeitheryelloworgreendependingonwhetheritexceedsordoesn'texceedthe CommittedInformationRate(CIR).
111
ZyXEL
Scenario
Considerthefollowingtopology:
Forpolicyreason,wewanttolettheCIRfromHostAtoHostBbe10MbpsandthePIR is 60Mbps. However, the link speed between Host A and port 1 is negotiated at 100Mbps. What we have to do is to implement traffic policing on the port 1s ingress queue.Thus,aggregatedtrafficfromHostAwillbelimitedattheconfiguredspeedand packetswillbecolored(whichmeanstheDSCPvaluewillberesetaftergoingthrough theswitch)accordingtotheCIRandPIRvaluesetontheswitch.
112
ZyXEL
ConfigurationusingtheWebGUI 1. 2. 3. 4. 5. ConnecttheMGMTporttoaPCorNotebookwiththeRJ45Cable. Bydefault,theMGMTIPaddressoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intotheURLfield. By default, the username for the administrator is admin and the password is 1234. 6. Aftersuccessfullylogginginyouwillseeascreensimilartotheonebelow.
7. ClickAdvancedApplication>SwitchAdvance>trTCM
113
ZyXEL
8. In the 2Rate 3 Color Marker page, check the Active checkbox. Select colorblind modeinthemodeselection.
9. ChecktheActivecheckboxonport1,settheCommitRate(CIRvlaue)ofport1to 10000Kbps (10Mbps). Set the Peak Rate(PIR value) of port 1 to 60000Kbps (60Mbps). 10. SettheDSCPofgreento56,yellowto32,redto16.
ConfigurationusingtheCLI OLT1308S22#config OLT1308S22(config)# interfaceportchannel1 trtcm trtcmcir10000 trtcmpir60000 trtcmdscpgreen56 trtcmdscpyellow32 trtcmdscpred16
114
ZyXEL
SNMPv3
IntroductiontoSNMP
SNMPisasetofoperationsthatallowtheadministratortochangethestateofthe SNMPbaseddevices,suchasUNIXsystems,Windowssystems, Switches,Routersetc. TheSNMPsystemconsistsofthreeparts:SNMPmanager,SNMPagent,andMIB.SNMP agents are the controlled devices where SNMP manager is playing the role of the managingdevice.TheMIB(ManagementInformationBase)isadatabaseofthemanaged devicesthatwillbetracked.
DifferencebetweenSNMPv3andothers(SNMPv1andSNMPv2c) SNMPv3 (Simple Network Management Protocol version 3) can be thought of as SNMPv2 with additional security and administration capabilities. In SNMPv1 and SNMPv2, the authentication method amounts to nothing more than a password (the communitystring),whichwassentinplaintext.InSNMPv3,securitycanbeenhancedby encrypting the SNMP messages, only the authenticated receivers can decrypt the message.
115
ZyXEL
InZyXELswitches,therearethreesecuritylevels: 1. noauth:TousetheusernameasthepasswordstringtosendtotheSNMPmanager. 2. auth: To implement an authentication algorithm for SNMP messages sent by this user. 3. priv: To implement authentication and encryption for SNMP messages sent by this user. TherearetwoauthenticationmethodsimplementedonZyXELswitches,(i)MD5(ii)SHA andtwoencryptionmethods(i)DES(ii)AES
116
ZyXEL
Scenario
BelowisasimpletopologywhichcouldgiveusacommonviewaboutSNMP.
There are three SNMP components in this topology: Manager, Agent, and MIB. In this sample,weuseSNMPcasthemanagerserver.SNMPccouldbeinstalledonaWindows system.
117
ZyXEL
ConfigurationZyXELswitchusingtheWebGUI 1. 2. 3. 4. 5. ConnecttheMGMTporttoaPCorNotebookwiththeRJ45Cable. Bydefault,theMGMTIPaddressoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intotheURLfield. By default, the username for the administrator is admin and the password is 1234. 6. Aftersuccessfullylogginginyouwillseeascreensimilartotheonebelow.
7. ToentertheSNMPpage,clickManagement>AccessControl>SNMP
8. IntheSNMPpage,wecanchoosewhatSNMPversion,SNMPv2c,SNMPv3orboth. Here we choose to use SNMPv3. Then configure the Get Community, Set Community, and Trap Community values. The term Community is nothing more than password. Get Community means: The password to get the SNMP messages andsoon.Hereweusethedefaultcommunitiestoletuserseasiertounderstand.By default,thecommunitiesarepublic.
118
ZyXEL
10. ConfiguretheUserinformation.TherewecanchooseSecurityLevel,Authentication methods, and encryption methods. Here we use noauth for no authentication. ClickApply.
119
ZyXEL
OverviewofSNMPc
The following diagram shows the main elements of SNMPc. SNMPc includes the followingfunctions: MainButtonBar:Buttonandcontrolstoexecutecommandsquickly EditButtonBar:Buttontoquicklyinsertmapelement EventLogTool:Buttontodisplayfilteredeventlogentries ViewWindowArea:MapView,MibTablesandMibGraphwindowsaredisplayed here. ViewWindowArea:MapView,MibTablesandMibGraphwindows. Figure2MainelementsofSNMPc
120
ZyXEL
AddinganewdeviceviaSNMPc Inthefollowingexample,wewillillustratehowtogetstartedwithaddinganewdevice withSNMPcandNetAtlas.FollowtheproceduresfromStep1toStep8. Step 1: In the edit button bar shown in the Figure 4, click the icon to insert a new element. Figure4AddinganewDevice
121
ZyXEL
Step 2: In the map object properties, insert the label name and the IP address of the selecteddevice.Inthisexample,weset192.168.1.1astheIPaddressofyourSwitchas shownonFigure5 Figure5MapObjectProperties
122
ZyXEL
Step 3: In the map object properties, select Access tab to set the parameters of Read AccessModetoSNMPV3NoAuthshownonFigure6. Figure6ReadAccessmode
123
ZyXEL
Step 4: In the map object properties, select Access tab to set the parameters of Read /WriteAccessModetoSNMPV3NoAuthshownonFigure7. Figure7Read/WriteAccessMode
124
ZyXEL
Step 5: In the map object properties, select Access tab to set the parameters of Read communitytopublicasshownonFigure8. Figure8ReadCommunity
125
ZyXEL
Step 6: In the map object properties, select Access tab to set the parameters of Read /writecommunitytopublicasonFigure9. Figure9Read/writeCommunity
126
ZyXEL
Step 8: After successfully created a SNMP management entry, the link is up when the iconshowsgreen.TheSNMPsessionisdistributedandtheSNMPmanagercancontrol thedevicefromthesessionfromnowon.
127
ZyXEL
ConfigurationZyXELswitchusingtheCLI OLT1308S22#config OLT1308S22(config)# snmpserverversionv3 /*Using the default communities, thus, no more SNMPv3 related configuration needed*/
128
ZyXEL
LoopGuard
LoopGuardOverview
Loopguardallowsyoutoconfiguretheswitchtoshutdownaportifitdetectsthat packetssentoutonthatportloopbacktotheswitch. Loop guard is designed to handle loop problems on the edge of your network. This canoccurwhenaportisconnectedtoaswitchthatisinaloopstate.Loopstateoccurs asaresultofhumanerror.Ithappenswhentwoportsonaswitchareconnectedwith the same cable. When a switch in loop state sends out broadcast messages the messages loop back to the switch and are rebroadcast again and again causing a broadcaststorm. BelowdescribeshowloopguardworksonSwitchA.
129
ZyXEL
Scenario
130
ZyXEL
ConfigurationusingtheWebGUI(SwitchA) 1. 2. 3. 4. 5. ConnecttheMGMTporttoaPCorNotebookwiththeRJ45Cable. Bydefault,theMGMTIPaddressoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intotheURLfield. By default, the username for the administrator is admin and the password is 1234. 6. Aftersuccessfullylogginginyouwillseeascreensimilartotheonebelow.
131
ZyXEL
10. Nowtheloopguardfunctionisenabledonport1.
132
ZyXEL
IPSubnettingVLAN
IPSubnettingVLANOverview
Subnet based VLANs allow users to group traffic into logical VLANs based on the sourceIPaddressandIPsubnet.Whenaframeisreceivedonaport,theswitchchecks where the IP subnet it came from and what the source IP address is. The untagged packetsfromthesameIPsubnetarethenplacedinthesamesubnetbasedVLAN.The most significant advantage of using subnet based VLANs is that the priority can be dividedandtunedbaseonwhatVLANthetrafficbelongsto.
Scenario
Consideringthefollowingtopology: Purpose: TrafficfromVoIPphone(sourceIP:192.168.1.10)willbecategorizedintoVLAN3. TrafficfromIPTV(sourceIP:192.168.5.10)willbecategorizedintoVLAN4. TrafficfromthePC(sourceIP:192.168.10.10)willbecategorizedintoVLAN5.
133
ZyXEL
WhentherearedifferentIPservicesrequirementbehindamodem(e.g.VoIP,IPTV,and Commondatanetworking).ToseparatetheIPservicesintheedgesite,wecanclassify differentVLANsforeachIPservice. By distinguishing each service, Service Providers can do further policy controlling for eachVLAN. In this topology, three IP services are needed by customer, VoIP, IPTV, and general networkaccess.EachclientbelongstodifferentIPsubnets.Wecanachievethispurpose usingtheswitchwithIPSubnettingVLANfunction.
134
ZyXEL
ConfigurationusingtheWebGUI 15. ConnecttheMGMTporttoaPCorNotebookwiththeRJ45Cable. 16. Bydefault,theMGMTIPaddressoftheoutbandportis192.168.0.1/24 17. SetyourNICto192.168.0.100/24 18. OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intotheURLfield. 19. By default, the username for the administrator is admin and the password is 1234. 20. Aftersuccessfullylogginginyouwillseeascreensimilartotheonebelow.
135
ZyXEL
22. CreateVLAN3,includeport1andport2.Port1connectstothemodemandpackets goinginandoutthisportshouldnthaveVLANtag.Port2connectstotherouterin the CO, and packets going in and out port 2 should have different VLAN tags accordingtoitsIPaddress.ClickAdd.
23. CreateVLAN4,includeport1andport2.Port1connectstothemodemandpackets goinginandoutthisportshouldnthaveVLANtag.Port2connectstotherouterin the CO, and packets going in and out port 2 should have different VLAN tags accordingtoitsIPaddress.ClickAdd.
136
ZyXEL
24. CreateVLAN5,includeport1andport2.Port1connectstothemodemandpackets goinginandoutthisportshouldnthaveVLANtag.Port2connectstotherouterin the CO, and packets going in and out port 2 should have different VLAN tags accordingtoitsIPaddress.ClickAdd.
137
ZyXEL
26. GotoSubnetBasedVLANpage.
138
ZyXEL
27. In the Subnet Based VLAN page, first we have to activate this function. Check the Activecheckboxtoenableit.ClickApply
28. CreatetheSubnetBasedVLANentryfortheVoIPphone.
Here we see that packets from 192.168.1.10/24 will be attached a VLAN tag 3 and its prioritywillbesetto2.ClickAdd
139
ZyXEL
29. CreatetheSubnetBasedVLANentryfortheIPTVdevice.
Here we see that packets from 192.168.5.10/24 will be attached a VLAN tag 4 and its prioritywillbesetto5.ClickAdd 16.CreatetheSubnetBasedVLANentryforthePC.
Hereweseethatpacketsfrom192.168.10.10/24willbeattachedaVLANtag5andits prioritywillbesetto7.ClickAdd
140
ZyXEL
ConfigurationusingtheCLI OLT1308S22#config OLT1308S22(config)# vlan3 nameVLAN3 normal312 fixed12 untagged1 exit vlan4 name"VLAN4" normal312 fixed12 untagged1 exit vlan5 name"VLAN5" normal312 fixed12 untagged1 exit subnetbasedvlan subnetbasedvlannameVoIPsourceip192.168.1.10maskbits24vlan3priority2 subnetbasedvlannameIPTVsourceip192.168.5.10maskbits24vlan4priority5 subnetbasedvlannamePCsourceip192.168.10.10maskbits24vlan5priority7
141
ZyXEL
IPSourceGuard
OverviewofIPSourceGuard
IPSourceGuardisanewfeatureinZyNOS3.80.Itallowstheswitchtoidentifywho hasthepermissiontoaccessthenetwork.Furthermore,devicecancheckthebindingof MACaddress,IPaddress,VLANtag,andingressportofpackets.Hadanyparameterbe mismatching,thepacketwillbedropped.Thebelowscenarioisanexample:
142
ZyXEL
1. If unauthorized user connects to an external switch, IP Source Guard will drop packetscomingfromtheuser.IPorMACaddressmismatching.
2. IfHostAchangestheconnectingport,theswitchwilldroppacketscomingfromHost A.portmismatching.
143
ZyXEL
3. IftheVLANtagisdifferentfromthetableofswitch.ThepacketsfromHostAwillbe droppedbecauseofthemismatchingofVLAN.
144
ZyXEL
Scenario
Herewedliketodemonstrateasituationwithaportchanging.Considerthescenario below: Figure 1
145
ZyXEL
Figure 2
146
ZyXEL
ConfigurationusingtheWebGUI 1. 2. 3. 4. 5. ConnecttheMGMTporttoaPCorNotebookusingtheRJ45Cable. Bydefault,theMGMTIPaddressoftheoutbandportis192.168.0.1/24 SetyourNICto192.168.0.100/24 OpenanInternetbrowser(e.g.IE)andenterhttp://192.168.0.1intotheURLfield. By default, the username for the administrator is admin and the password is 1234. 6. Aftersuccessfullyloggingin,youwillseeascreensimilartotheonebelow.
7. ClickAdvancedApplication>SwitchAdvance>IPSourceGuard>StaticBindingto gototheIPSourceGuardStaticBindingpage.
147
ZyXEL
8. IntheIPSourceGuardStaticBindingpage,settheMAC,IP,VLAN,andPortbinding thenclickAdd.BelowisanexampleofbindingtheGatewaytoport12.
9. ThenwecontinuetoaddanewbindingofHostA.
148
ZyXEL
149
ZyXEL
12. ClickVLANtoopentheARPInspectionVLANConfigurepage.
150
ZyXEL
ThenthelowerpartwillshoweachVLANsconfiguration.SinceweuseVLAN1asHost AsVLAN,weneedtoenableitonVLAN1.
151
ZyXEL
14. Afterstep13,theStaticBindingissuccessfullyconfigured.
152
ZyXEL
153
ZyXEL
Classifier&Policyrulesetuponyour Switch
ThissectionshowsyouhowtoallowtrafficfromcertainIPaddressesanddeny others.Thiscanbedoneeasilyusingclassifierandpolicyrules. First,youneedtocreateaclassifierruletogrouptrafficintodataflowsbasedon informationsuchasthesourceaddress,destinationaddress,portnumberandpacket format.Inthisexample,wegrouptrafficbasedonthepacketformatandsetthe OLT1308S22toapplyitspolicyrules.Thefollowingliststhethreeclassifierrulesthat wewilldefineinthisexample: 1. PacketwithasourceIPaddressof192.168.1.20 2. Packetsonport2 3. ARPtrafficfortesting Oncepacketclassificationsettingsaredone,wecreatepolicyrulestospecifytheactions onthematchedpacketssotheygetthedeservedtreatmentinthenetwork.Here,we alsodefinethreepolicyrules. 1. Forwardtrafficfrom192.168.1.20only(onthefirstclassifier) 2. Discardallthetrafficfromport2(onthesecondclassifier) 3. ForwardARPpackets(onthethirdclassifier) Thefollowingfiguresshowthescreensettingsforeachclassifierrule.
154
ZyXEL
ClassifierConfiguration
Classifier1
Classifier2
155
ZyXEL
Classifier3
156
ZyXEL
2. Policyruleonclassifier2
3. Policyruleonclassifier3
157
ZyXEL
ClusterManagementOverview
ClusterManagement(alsoknownasistacking)allowsyoutomanageupto8 switchesthroughasingleIP.Thisallowsyoutomanageupto8switchessimultaneously inthesamebroadcastdomainandusingthesameVLANgroupID.Theclustermanager whichcanmanageotherswitchesiscalledthemasterdevice.
HowClusterManagementworks
Step1:
158
ZyXEL
159
ZyXEL
2. Youmustthenentertheadministratorloginaccountpasswordfortheselected switch.ClickAdd.
160
ZyXEL
3. IntheClusteringManagementStatusscreen,clicktheindexnumberforacluster membertoaccesstheconfigurationscreenforthatdevice.
4. InMemberMenuscreen,youcanclicktochangethesettingsoftheclustermember, exceptClusterManagement,FirmwareUpgradeandRestoreConfiguration.
161
ZyXEL
5. Tocheckthestatusofeachclustermember,clickManagementCluster ManagementClusteringManagementStatus.
162
ZyXEL
FAQ
WhatarethedefaultIPparametersettings? IPaddress:192.168.1.1 Subnet:255.255.255.0 WhatisthedefaultloginNameandPasswordtologintotheWebConfigurator? ID:admin Password:1234 HowtoaccessmySWITCHthroughtheconsoleport? Connectthemale9pinendoftheconsolecabletotheconsoleportoftheswitch. Connectthefemaleendtoaserialport(COM1,COM2orotherCOMport)ofyour computer.Launchaterminalemulationsoftwareconfiguredtothefollowsettings: Terminalemulation:VT100 Baudrate:115200bps Databits:8 Parity:none Stopbit:1 Flowcontrol:none Whatisdefaultloginpasswordforconsole,telnet,andFTPlogin? Password:1234
163
ZyXEL
HowtoaccesstheCommandLineInterface(CLI)? TherearetwowaystoaccesstheCommandLineInterface:throughtheconsoleportor Telnet.Ifyouwanttoaccessthroughtheconsoleport,RefertotheHowtoaccessthe Switchthroughtheconsoleport?sectionformoreinformation. IfIhaveforgottenthepassword,howtoresetthepasswordtothedefaultsetting? Ifyouhavechangedandforgottenthepassword,youwillneedtoreloadthefactory defaultconfiguration.Notethatallyourpreviousconfigurationwillbelost. 1. Connecttheconsolecabletoyourcomputerandlaunchaterminalemulation software. 2. Restarttheswitch,andpressanykeytoenterthedebugmodeatthePressanykey toenterDebugModewithin3secondsprompt. 3. Enteratlc. 4. WhenthestartingXMODEMuploadmessagedisplays,startXMODEMuploadof thedefaultconfiguration(rom)filetotheswitch. 5. Afterthefileuploadprocessiscomplete,enteratgotoexitfromthedebugmode. 6. Thesystemwillautomaticallyrestart.Waituntilthesystemhasrestartedbeforeyou loginagain.ThedefaultIPaddressis192.168.1.1andthedefaultpasswordis1234.
164
ZyXEL
2. ClickConfig1orConfig2(dependingonwhichconfigurationyouwanttoload)button nexttoRebootSystemwillrestarttheswitch.
165
ZyXEL
IstheminiGBICtransceiverhotswappable? Yes,itishotswappable.Youcanchangetransceiverswhiletheswitchisoperating. Whatis"DualPersonalityinterface"? DualPersonalityGbEinterfacemeansthatone1000BaseTCopperportandoneSFP portsharesthesamephysicalinterface.Onlyoneofthemcanbeusedatatime. DualPersonalityinterfaceisalsoknownasa"ComboPort". CanIenableIGMPsnoopingontheSwitchwhichisactingasanIGMPRouter? No.YoudonotneedtoenableIGMPSnoopingonanIGMPRouter.IGMPSnooping shouldbeenabledontheaccesslayerdevice,whichisnormallyaL2switch. CanIenableMVRandIGMPsnoopingatthesametime? Yes.
166