ZyXEL Communications gs2200-48 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation ZyXEL Communications gs2200-48. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel ZyXEL Communications gs2200-48 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation ZyXEL Communications gs2200-48 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation ZyXEL Communications gs2200-48 devrait contenir:
- informations sur les caractéristiques techniques du dispositif ZyXEL Communications gs2200-48
- nom du fabricant et année de fabrication ZyXEL Communications gs2200-48
- instructions d'utilisation, de réglage et d’entretien de l'équipement ZyXEL Communications gs2200-48
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage ZyXEL Communications gs2200-48 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles ZyXEL Communications gs2200-48 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service ZyXEL Communications en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées ZyXEL Communications gs2200-48, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif ZyXEL Communications gs2200-48, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation ZyXEL Communications gs2200-48. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    www .zyxel.com www .zyxel.com GS2200-48 Intelligent Layer 2 Switch Copyright © 2009 ZyXEL Communications Corporation Firmware V ersion 3.80 Edition 1, 7/2009 Default Login Details IP Address http://192.168.0.1 (Out-of -band MGMT port) http://192.168.1.1 (In-band ports) User Name admin Pa ss wo rd 12 34[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide GS2200-48 User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who w ant to configure the Switch using the web configurator or via commands. Related Document ation • W eb Configurator On line He lp Embedded web help for descriptions of individual screens and supplementary [...]

  • Page 4

    About This User's Guide GS2200-48 User’s Guide 4 Need More Help? More help is av ailable at www.zyx el.com. • Download Library Search for the latest produc t updates an d documentation from this link. Re ad the T ech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Int erface R eference Gui[...]

  • Page 5

    Document Conventions GS2200-48 User’s Guide 5 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User’ s Guide. W arnings tell you about things that could harm you or your device. Note: Notes tell you other import ant informat ion (for e xample, other things you may need to configure or help ful tips) or[...]

  • Page 6

    Document Conventions GS2200-48 User’s Guide 6 Icons Used in Figures Figures in this User’ s Guide may use the following generic icons. The Sw itch icon is not an exact representation of y our device. The Switch Computer Notebook computer Server DSLAM Firewa ll Te l e p h o n e Swi tch Ro u te r[...]

  • Page 7

    Safety Warnings GS2200-48 User’s Guide 7 Safety Warnings • Do NO T use this product near water , for exam ple, in a wet basement or n ear a swimming pool. • Do NO T expose your device to dampness, dust or corrosive liquids. • Do NO T store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is [...]

  • Page 8

    Safety Warnings GS2200-48 User’s Guide 8[...]

  • Page 9

    Contents Overview GS2200-48 User’s Guide 9 Contents Overview Introduction .......................................... ..................................................... ................... .......... 21 Getting to Know Y our Switch .............. ................ ............. ................ ................ ............. ........... .. 23 Ha[...]

  • Page 10

    Contents Overview GS2200-48 User’s Guide 10 Management ................................................... ..................................................... ............ ..... 269 Maintenance ................ ................ ............. ................ ................. ............ ................. ........ ......... 271 Access Control [...]

  • Page 11

    Table of Contents GS2200-48 User’s Guide 11 Table of Contents About This User's Guide ........................................... ..................................................... .......... 3 Document Conventions.................................................................. ......................................... .5 Safety Warning[...]

  • Page 12

    Table of Contents GS2200-48 User’s Guide 12 3.2.2 External Backup Power Supply Connecto r ............ ............. ................ ............. .......... 37 3.2.3 Console Port ............... .... ... ............. ... ... ... .... ... ... ... ............. ... .... ... ... ... .... ... ... ........... .. 37 3.3 LEDs ............... ........[...]

  • Page 13

    Table of Contents GS2200-48 User’s Guide 13 7.6 IP Setup .... ............. ................. ............ ................. ............. ................ ............. ...... ............. 71 7.6.1 IP Interfaces .................... ............ .... ... ... ... .... ... ............. ... ... ... .... ... ............. ... ... ... ... .... 71 7[...]

  • Page 14

    Table of Contents GS2200-48 User’s Guide 14 1 1.1.2 How STP Works ........ ................ ............. ................. ................ ............. ................ . 106 1 1.1.3 STP Port S tates ................... ............. ................ ................ ............. ................ ........ 10 7 1 1.1.4 Multiple STP ...........[...]

  • Page 15

    Table of Contents GS2200-48 User’s Guide 15 Chapter 17 Port Security............................................................... ................................................... ........ 145 17.1 About Port Security .......... ................ ............. ................ ................ ................. ............ . .... 145 17.2 Por[...]

  • Page 16

    Table of Contents GS2200-48 User’s Guide 16 22.1.3 IGMP Snooping ...................... ................ ................. ............ ................. ................ . 176 22.1.4 IGMP Snooping and VLANs ....... ................. ................ ................ ................ ........... 1 76 22.2 Multicast S tatus .. ............. ......[...]

  • Page 17

    Table of Contents GS2200-48 User’s Guide 17 24.7 ARP Inspection Configure ... ................ ............. ................. ................ ................ .............. 22 5 24.7.1 ARP Inspection Port Configure ......... ...... ................. ............ ................. ............ ..... 227 24.7.2 ARP Inspection VLAN Configure ... [...]

  • Page 18

    Table of Contents GS2200-48 User’s Guide 18 29.4.1 DHCP Relay Agent Info rmation .............. ................. ............ ................. ............ ..... 252 29.4.2 Configuring DHCP Glob al Relay ....... ................ ............. ................ ............. ........... 2 53 29.4.3 Global DHCP Relay Co nfigurat ion Example ......[...]

  • Page 19

    Table of Contents GS2200-48 User’s Guide 19 32.3.1 SNMP v3 and Security ......... ............. ................ ............. ................ ............. ........... 2 81 32.3.2 Supported MIBs ....... ................ ................. ............. ................ ................ .............. 281 32.3.3 SNMP Trap s ..... ................[...]

  • Page 20

    Table of Contents GS2200-48 User’s Guide 20 37.2 Viewing the IP T able ... ................... ...... ....... ................ ............. ................ ............. ........ ... 318 Chapter 38 ARP T able ........................................................ ..................................................... ........... ...... 321 38.[...]

  • Page 21

    21 P ART I Introduction Getting to Know Y our Switch (23) Hardware Installation and Connecti on (29) Hardware Overview (33)[...]

  • Page 22

    22[...]

  • Page 23

    GS2200-48 User’s Guide 23 C HAPTER 1 Getting to Know Your Switch This chapter introduces the main applications and features of the Switch. It al so introduces the wa ys you can manage the Switch. 1.1 Introduction The GS2200-48 is a stand- alone layer 2 Gigabit Ethernet (GbE) switch. It comes with 44 100/1000 Mbps Ethernet ports, 4 Dual P ersonali[...]

  • Page 24

    Chapter 1 Getting to Know Your Switch GS2200-48 User’s Guide 24 connect to high-speed department s ervers via the Switch. Y ou can provide a fast uplink connection by using t he Gi gabit uplink ports on the Switch. Figure 1 Bridging Ap plication 1.1.2 High Performance Switching Example The Switch is ideal for connecting two geogr aphically disper[...]

  • Page 25

    Chapter 1 Getting to Kn ow Your Switch GS2200-48 User’s Guide 25 1.1.3 Gigabit Ethernet to the Desktop The Switch is an i deal solution for small net works which demand high bandwidth for a group of heavy traffic users. Y ou ca n connect computers an d servers directly to the Switch’ s port or connect other switches to the Switch. Use the Gigab[...]

  • Page 26

    Chapter 1 Getting to Know Your Switch GS2200-48 User’s Guide 26 Shared resources such as a serv er can be used by al l ports in the same VLAN as the server . In the following figure only po rts that need access to the server need to be part of VLAN 1. P orts on the S wit ch can belong to other VLAN g roups too. Figure 4 Shared Serve r Using VLAN [...]

  • Page 27

    Chapter 1 Getting to Kn ow Your Switch GS2200-48 User’s Guide 27 • Back up the configur ation (and make sure you know how to restore it). Restoring an e arlier wo rking conf iguratio n may be usef ul if the device becomes unstable or even cr ashes. If you forget your password, you will have to reset the Switch to it s factory default set tings.[...]

  • Page 28

    Chapter 1 Getting to Know Your Switch GS2200-48 User’s Guide 28[...]

  • Page 29

    GS2200-48 User’s Guide 29 C HAPTER 2 Hardware Installation and Connection This chapter shows you how t o install and connect the S witch. 2.1 Freest anding Inst allation 1 Make sure the Switch is clean and dry . 2 Set the Swit ch on a smo oth, leve l surface strong enough to support the weight of the Switch and the c onnected cables. Make sure th[...]

  • Page 30

    Chapter 2 Hardware Installation and Connection GS2200-48 User’s Guide 30 Note: For proper ventilation, allow at le ast 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially imp ort ant for enclosed rack installations. 2.2 Mounting the Switch on a Rack This section lists the ra c k mounting [...]

  • Page 31

    Chapter 2 Har d war e In sta lla tion an d Conn ec tion GS2200-48 User’s Guide 31 3 Re peat steps 1 and 2 to install the second mounting br acket on the other side of the Switch. 4 Y ou may now mount the Switch on a r ack. Proceed to the next section. 2.2.3 Mounting the Switch on a Rack 1 P osition a mounting br acket (that is already att ached t[...]

  • Page 32

    Chapter 2 Hardware Installation and Connection GS2200-48 User’s Guide 32[...]

  • Page 33

    GS2200-48 User’s Guide 33 C HAPTER 3 Hardware Overview This chapter describes the front panel and rear p anel of the S w itch and shows you how to make the hardware connections. 3.1 Front Panel Connections The figure below shows the front panel of the S witch. Figure 8 Front Panel The following table describes t he ports. 100/1000 Mbps RJ-45 Ethe[...]

  • Page 34

    Chapter 3 Har d war e Ov er vie w GS2200-48 User’s Guide 34 3.1.1 1000Base-T Port s The Switch has 48 1000Base- T auto-negotiating, auto-crossover Ethernet ports (4 of which are part of the Dual P ersonality interfaces). In 100/10 00 Mbps Gigabit Ethernet, the speed can be 100 Mbps or 1000 Mbps. The duplex mode can be both half or full duplex at [...]

  • Page 35

    Chapter 3 Hardware Overview GS2200-48 User’s Guide 35 • T ype: SFP connection interface • Connection speed: 1 Gi gabit per second (Gbps) T o avoid possible eye injury , do not look into an operating fiber- optic module’ s connectors. 3.1.3.1 T ransceiver Inst allation Use the following steps to install a mini GBIC transceiver (SFP or XFP mo[...]

  • Page 36

    Chapter 3 Har d war e Ov er vie w GS2200-48 User’s Guide 36 1 Open the transceiv er’s latch (latch styles v ary). Figure 1 1 Opening the T ransceiver ’s Latch Example 2 Pull the transceiver out of the slot. Figure 12 T ransceiver Removal Example 3.2 Rear Panel The following figures show the rear panel of the switch. The r ear pa nel contain s[...]

  • Page 37

    Chapter 3 Hardware Overview GS2200-48 User’s Guide 37 The following table describes t he ports on the rear panel. 3.2.1 Power Connector Make sure you are using the correct po wer source as shown on the panel. T o connect the power to the Switch, insert the female end of power cord to the power receptacle on the rear panel. Co nnect the other end [...]

  • Page 38

    Chapter 3 Har d war e Ov er vie w GS2200-48 User’s Guide 38 Connect the male 9-pin end of the RS-232 console cable to the cons ole port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer . 3.3 LEDs The following table describes t he LEDs. T able 3 LEDs LED COLOR ST A TUS DESCRIPTION BPS Green Bl[...]

  • Page 39

    39 P ART II Basic Configuration The W eb Configur ator (41) Initial Setup Example (51) System Status and P ort Statistics (57) Basic Setting (63)[...]

  • Page 40

    40[...]

  • Page 41

    GS2200-48 User’s Guide 41 C HAPTER 4 The Web Configurator This section introduces the config uratio n and functions of the web configurator . 4.1 Introduction The web configurator is an HTML -based management interface that allows easy Switch setup an d m an agement v ia Inter net browser . Use Internet Explorer 6 .0 and later or Netscape Navigat[...]

  • Page 42

    Chapter 4 The Web Con figurator GS2200-48 User’s Guide 42 3 The login screen appears. The defa ult username is admin and associated default password is 1234 . The date and time displ ay as sh own if y ou have not configured a time server nor manually entered a time and date in the General Setup screen. Figure 14 W eb Configurator: Login 4 Click O[...]

  • Page 43

    Chapter 4 T he Web Configurator GS2200-48 User’s Guide 43 A - Click the menu items to open submenu li nks, and then click on a submenu link to open the screen in the main w in d ow. B, C, D , E - These are quick lin ks whic h allow you to perform certain tasks no matter which s creen you are currently working in. B - Click t his link t o save you[...]

  • Page 44

    Chapter 4 The Web Con figurator GS2200-48 User’s Guide 44 The following table lists the v arious web configur ator screens within the sub-links. T able 5 Web Configurator Screen Sub-links Details BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT System Info Gener al Setup Swit ch S e tup IP Setu p Por t S e t u p VLAN (Status) VLAN P o[...]

  • Page 45

    Chapter 4 T he Web Configurator GS2200-48 User’s Guide 45 The following table descri bes the links in the na vigation panel. T able 6 Web Configurator Screen Sub-links Details BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT IP Source Guard IP Source Guard Static Binding DHCP Snooping - DHCP Snooping Configure -- DHCP Snooping Port Co[...]

  • Page 46

    Chapter 4 The Web Con figurator GS2200-48 User’s Guide 46 Bandwidth Control This link takes you to screens where you can cap the maximum bandwidth allowed from specified source(s) to specified destination(s). Broadcast Storm Control This link takes you to a screen to set up broadcast filters. Mirroring This link takes you to screens where you can[...]

  • Page 47

    Chapter 4 T he Web Configurator GS2200-48 User’s Guide 47 4.3.1 Change Y our Password After you log i n for the first time, it is recommended you change the default administr ator password. Click Man agement > Access Control > Logins to display the next screen. Figure 16 Change Administrator Login Password Maintenance This link takes you to[...]

  • Page 48

    Chapter 4 The Web Con figurator GS2200-48 User’s Guide 48 4.4 Saving Y our Configuration When you are done modifying th e s ettings in a screen, click Apply to save yo ur changes back to the run-time memory . Settings in the run-time memory are lost when the Switch’ s power is turned off . Click the Save link in the upper right hand corner of t[...]

  • Page 49

    Chapter 4 T he Web Configurator GS2200-48 User’s Guide 49 4.6.1 Reload the Configuration File Uploading the factory -default configur ation file replaces the current c onfiguration file with the factory -default confi gur ation file. This means that you will lose all previous configur ations and the speed of the c onsole port will be res et to th[...]

  • Page 50

    Chapter 4 The Web Con figurator GS2200-48 User’s Guide 50 The Switch i s now rein itialize d with a defau lt configu ration file in cludin g the de fault password of “1234” . 4.7 Logging Out of the W eb Configurator Click Logout in a screen to exit the web configurator . Y ou have to log in with your password again after you log out. This is [...]

  • Page 51

    GS2200-48 User’s Guide 51 C HAPTER 5 Initial Setup Example This chapter shows how to set up the S witch for an example network. 5.1 Overview The following lists the configur ation steps for the example network: • Configure an I P interfa ce • Configure DHCP server settings • Create a VLAN • Set port VLAN ID •E n a b l e R I P 5.1.1 Conf[...]

  • Page 52

    Chapter 5 Initi al Set up Ex amp l e GS2200-48 User’s Guide 52 new IP interface. Th is allows the Switch to route tr affic between the RD and Sales networks. Figure 19 Initia l Setup Network Example: IP Interface 1 Connect y our computer to t he MGMT port that i s used only for management. Make sure your computer is in the same subnet as the MGMT[...]

  • Page 53

    Chapter 5 Initi al Set up Ex amp le GS2200-48 User’s Guide 53 5 In the VID field, enter the ID of the VLAN group to which you want this IP interface to belong. This is the same as the VLAN ID you configure in the Static VLAN screen. 6 Click Add to sav e the settings to the run-ti me memory . Settings in the run-time memory are lost when the Switc[...]

  • Page 54

    Chapter 5 Initi al Set up Ex amp l e GS2200-48 User’s Guide 54 In this example, you want to configure port 1 as a member of VLAN 2. Figure 20 Initia l Setup Network Example: VLAN 1 Click Advanced Application > VLAN in the navigati on panel and click t he Static VLAN link. 2 In the Static VLAN screen, select ACTIVE , enter a descriptive name in[...]

  • Page 55

    Chapter 5 Initi al Set up Ex amp le GS2200-48 User’s Guide 55 3 Since the VLAN2 network is connected t o po rt 1 on the Switch, select Fixed to configure port 1 to be a perman ent member of the VLAN only . 4 T o ensure that VLAN-unawa re devices (such as computers and hubs) can receive frames properly , clea r the TX Tagging check bo x to set the[...]

  • Page 56

    Chapter 5 Initi al Set up Ex amp l e GS2200-48 User’s Guide 56 5.1.5 Enabling RIP T o exchange routing information with other routing devices across different routing domains, enable RIP (R outing Information Protocol) in the RIP screen. 1 Click IP Application and RIP in the na vigation panel. 2 Select Both in the Directi on field to set the Swit[...]

  • Page 57

    GS2200-48 User’s Guide 57 C HAPTER 6 System Status and Port Statistics This chapter describes the system s tatus (web configur ator home page) and port details screens. 6.1 Overview The home screen of the web configur ator displays a port s tatistical summary with links to each port showing s tatistical details.[...]

  • Page 58

    Chapter 6 S ystem Status and Port Sta tistics GS2200-48 User’s Guide 58 6.2 Port S t atus Summary T o view the port statistics, click Status in all web configurator screens to displa y the Status screen as sho wn next. Figure 22 S tatus The following table describes t he labels in this screen. T able 8 Status LABEL DESCRIPTION P ort This identifi[...]

  • Page 59

    Chapter 6 System Status and Port Statistics GS2200-48 User’s Guide 59 6.2.1 S t atus: Port Det ails Click a number in the Port column in the Status screen to display individual p ort statistics. Use t his screen to check status and detailed perf ormance data about an individual port on the S witch. Figure 23 S tatus: Port Det ails Tx KB/s This fi[...]

  • Page 60

    Chapter 6 S ystem Status and Port Sta tistics GS2200-48 User’s Guide 60 The following table describes t he labels in this screen. T able 9 Status > Port Details LABEL DESCRIPTION Po r t I n f o P ort NO. This field displays the port number y ou are viewing. Name This field displays the name of the port. Link This field displays the speed (eith[...]

  • Page 61

    Chapter 6 System Status and Port Statistics GS2200-48 User’s Guide 61 Single This is a count of successfully transmitted packets for which transmission is inhibited by exactly one collision. Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision. Excessiv e This is a count of p[...]

  • Page 62

    Chapter 6 S ystem Status and Port Sta tistics GS2200-48 User’s Guide 62[...]

  • Page 63

    GS2200-48 User’s Guide 63 C HAPTER 7 Basic Setting This chapter describes how to configure the System Info, General Setup , Switch Setup , IP Setup and Port Setup screens. 7.1 Overview The System Info screen displays gener al Switch information (such as fi rmware version number) and hardware polling information (such as fan speeds). The General S[...]

  • Page 64

    Chapter 7 Basic Setting GS2200-48 User’s Guide 64 7.2 System Information In the navigation panel, click Basic Setting > System Info to displ ay the screen as shown. Y ou can check the firmware version number and monitor the Switch temperature, fan speeds an d voltag e in this screen. Figure 24 Basic Setting > System Info The following table[...]

  • Page 65

    Chapter 7 Basic Setting GS2200-48 User’s Guide 65 Te m p e r a t u r e MAC , CPU , and PHY refer to the location of the temperature sensors on the Switch printed circuit board. Current This shows the current temper ature at this sensor . MAX This field displays the maximum temperature measured at this sensor . MIN This field displays the minimum [...]

  • Page 66

    Chapter 7 Basic Setting GS2200-48 User’s Guide 66 7.3 General Setup Use this screen to configure genera l set t ings such as the system name and time. Click Basic Setting and Gener al Setup in the navigation panel to display the screen as shown. Figure 25 Basic Setting > General Setup The following table describes t he labels in this screen. T[...]

  • Page 67

    Chapter 7 Basic Setting GS2200-48 User’s Guide 67 Use Time Server when Bootup T ype the time service protocol that your timeserver uses. Not all time servers support all protocols, so you may have to use trial and error to find a protocol that works. The ma in differences between them are the time format. When you select the Daytime (RFC 867) for[...]

  • Page 68

    Chapter 7 Basic Setting GS2200-48 User’s Guide 68 7.4 Introduction to VLANs A VLAN (Virtual Local Area Network) allo ws a ph ysical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one grou p. With VLAN, a device cannot directly talk to or hear from device[...]

  • Page 69

    Chapter 7 Basic Setting GS2200-48 User’s Guide 69 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display t he screen as shown. The VLAN setup scre ens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. R efer to the chapter on VLAN. Figure 26 Basic Setti[...]

  • Page 70

    Chapter 7 Basic Setting GS2200-48 User’s Guide 70 Join Timer Join Timer sets the duration of the Join P eriod timer for GVRP in milliseconds. Each port has a Join Period timer . The allowed Join Time range is between 100 and 6 5535 milliseconds; the default is 200 milliseconds. See Section 8. 1 on pa ge 79 for more background information. Leave T[...]

  • Page 71

    Chapter 7 Basic Setting GS2200-48 User’s Guide 71 7.6 IP Setup Use the IP Setup screen to configure the default gateway d evice, the default domain name server and add IP domains. 7.6.1 IP Interfaces The Switch needs an IP address for it to be managed ov er the network. The factory default in-band IP address is 192. 168.1.1. The subnet mask speci[...]

  • Page 72

    Chapter 7 Basic Setting GS2200-48 User’s Guide 72 The following table describes t he labels in this screen. T able 13 Basic Setting > IP Setup LABEL DESCRIPTION Default Gateway T ype the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254. Domain Name Server DNS (Domain Name S ystem) is for mapping [...]

  • Page 73

    Chapter 7 Basic Setting GS2200-48 User’s Guide 73 7.7 Port Setup Use this screen to configure Switch port setting s.Cli ck Basic Setting > Port Setup in the navigation panel to display the conf iguration screen. Figure 28 Basic Setting > Port Setup IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain. VID This f[...]

  • Page 74

    Chapter 7 Basic Setting GS2200-48 User’s Guide 74 The following table describes t he labels in this screen. T able 14 Basic Setting > Port Setup LABEL DESCRIPTION P ort This is the port index number . * Settings in this row apply to all ports. Use this row only if y ou want to make some settings the same for all ports. Use this row first to se[...]

  • Page 75

    Chapter 7 Basic Setting GS2200-48 User’s Guide 75 802.1p Priority This priority value is added to incoming fr ames without a (802.1p) priority queue tag. See Pr iority Queue Assignment in T able 12 on page 69 for more information. BPDU Control Configure the way to treat BPDUs receiv ed on this port. Y ou must activate bridging control protocol tr[...]

  • Page 76

    Chapter 7 Basic Setting GS2200-48 User’s Guide 76[...]

  • Page 77

    77 P ART III Advanced Setup VLAN (79) Static MAC F orward Setup (99) Filtering (103) Spanning T ree Protocol (105) Bandwidth Control (123) Broadcast Storm Control (127) Mirroring (129) Link Aggregation (131) P ort Authentication (139) P ort Security (145) Classifier (149) P olicy Rule (157) Queuing Method (165) VLAN Stacking (16 9) Multicast (175) [...]

  • Page 78

    78[...]

  • Page 79

    GS2200-48 User’s Guide 79 C HAPTER 8 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-bas ed VLANs. 8.1 Introduction to IEEE 802.1Q T agged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN m[...]

  • Page 80

    Chapter 8 VLAN GS2200-48 User’s Guide 80 switch, the Swit ch first decides where to forward the fr ame and then strips off the VLAN tag. T o forw ard a fr ame from an 802.1Q VLAN-una ware switch to an 802.1Q VLAN-aware switc h, the Switch first de cide s where to forward the fr ame, and then inserts a VLAN tag reflecting the ingress port's d[...]

  • Page 81

    Chapter 8 VLAN GS2200-48 User’s Guide 81 8.3 Port VLAN T runking Enable VLAN Trunking on a port to allow fr ames belonging to unknown VLAN groups to pass through that port. This is us eful if y ou w ant to set up VLAN grou ps on end devices without ha ving to co nfigure the same VLAN groups on intermediary devices. The following figure describes [...]

  • Page 82

    Chapter 8 VLAN GS2200-48 User’s Guide 82 allow fr ames with VLAN group tags 1 an d 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s). Figure 29 Port VLAN T runking 8.4 Select the VLAN T ype Select a VLAN type in the Basic Setting > Switch Setup screen. Figure 30 Switch Setup: Select VLAN T ype 8.5 S[...]

  • Page 83

    Chapter 8 VLAN GS2200-48 User’s Guide 83 8.5.1 S t atic VLAN S t atus See Section 8.1 on page 79 for more information on Static VLAN. Clic k Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 31 Advanced Application > VLAN: VLAN S t atus The following table describes t he labels in [...]

  • Page 84

    Chapter 8 VLAN GS2200-48 User’s Guide 84 8.5.2 S t atic VLAN Det ails Use this screen to view detai led port se ttings and status of the VLAN group . See Section 8.1 on page 79 for more information on stat ic VLAN. Click on an index number in the VLAN Status screen to display VLAN det ails. Figure 32 Advanced Application > VLAN > VLAN Detai[...]

  • Page 85

    Chapter 8 VLAN GS2200-48 User’s Guide 85 static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next. Figure 33 Advanced Application > VLAN > S tatic VLAN The following table describes t he related labels in this screen. T able 18 Advanced Application > VLAN > S tatic VLAN LABEL DESCRIPTION ACTIVE Sele[...]

  • Page 86

    Chapter 8 VLAN GS2200-48 User’s Guide 86 Control Select Norma l for the port to dynamically join this VLAN group using GVRP . This is the default selection. Select Fixed for the port to be a permanent member of this VLAN group. Select Forbidden if you want to prohibit the port from joining this VLAN group. T agging Sel ect TX Tagging if you want [...]

  • Page 87

    Chapter 8 VLAN GS2200-48 User’s Guide 87 8.5.4 Configure VLAN Port Settings Use the VLAN Port Set ti ng screen to co nfigure the static VLAN (IEEE 802.1Q) settings on a port. See Section 8.1 on page 79 for more information on static VLAN. Click the VLAN Port Setting link in th e VLAN Status screen. Figure 34 Advanced Application > VLAN > VL[...]

  • Page 88

    Chapter 8 VLAN GS2200-48 User’s Guide 88 8.6 Subnet Based VLANs Subnet based VLANs allow y ou to group tr affic into logical VLANs based on the source IP subnet you s pecify . When a fr ame is received on a port, the Switch checks if a tag is added already and the IP subnet it came from. The untag ged packets fr om the same IP su bnet are then pl[...]

  • Page 89

    Chapter 8 VLAN GS2200-48 User’s Guide 89 services). All untagged i ncoming fr ames will be clas sified based on their source IP subnet and prioritiz ed accordingly . That is, video services receive the highest priority and data the lowest. Figure 35 Subnet Based VLAN Applicat ion Example 8.7 Configuring Subnet Based VLAN Click Subnet Based VLAN i[...]

  • Page 90

    Chapter 8 VLAN GS2200-48 User’s Guide 90 Note: Subnet based VLAN applies to un-tagg ed packet s and is applicable only when you use IEEE 802.1Q t agged VLAN. Figure 36 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes t he labels in this screen. T able 20 Advanced Application > VLAN >[...]

  • Page 91

    Chapter 8 VLAN GS2200-48 User’s Guide 91 8.8 Protocol Based VLANs Protocol based VLANs allow y ou to group tr affic into logi cal VLANs based on the protocol you s pecify . When an u pstream f rame is received on a port (confi gured for a protocol based VLAN), t he Switch checks if a tag is added already and its protocol. The untagged packets of [...]

  • Page 92

    Chapter 8 VLAN GS2200-48 User’s Guide 92 T alk tr affic from port 6 and 7 will be in another group and ha ve higher priority than ARP traffic when they go through the upli nk port to a backbone switch C. Figure 37 Protocol Based VLAN Application Example 8.9 Configuring Protoc ol Based VLAN Click Protocol B ased VLAN in the VLAN Port Setting scree[...]

  • Page 93

    Chapter 8 VLAN GS2200-48 User’s Guide 93 The following table describes t he labels in this screen. T able 21 Advanced Application > VLAN > VL AN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Active Check this bo x to activate this protocol based VLAN. P ort T ype a port number to be inclu ded in this protocol based VLAN. Thi[...]

  • Page 94

    Chapter 8 VLAN GS2200-48 User’s Guide 94 8.10 Create an IP-based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. Foll ow these steps using the screen below: 1 Activ ate this protocol based VLAN. 2 T ype the port number you w ant to include in this protocol based VLAN. T ype 1 . 3 Give this protocol-ba[...]

  • Page 95

    Chapter 8 VLAN GS2200-48 User’s Guide 95 8.1 1 Port-based VLAN Setup P or t-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. P ort-based VLANs require all owed outgoing ports to be defined for each port. Therefore, if y ou wish to allow t wo subscr iber ports to talk to ea[...]

  • Page 96

    Chapter 8 VLAN GS2200-48 User’s Guide 96 The following screen shows users on a port-based, all- connected VLAN configu ration. Figure 40 Advanced Application > VLAN > Po rt Based VLAN Setup (All Connected)[...]

  • Page 97

    Chapter 8 VLAN GS2200-48 User’s Guide 97 The following screen shows users on a port-based, port -isolated VLAN configu ration. Figure 41 Advanced Application > VLAN: Port Ba se d VLAN Setup (Port Isolation)[...]

  • Page 98

    Chapter 8 VLAN GS2200-48 User’s Guide 98 The following table describes t he labels in this screen. T able 22 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation . All connected means all ports can communicate with each other , that is, there are no virtual LANs. All incomi [...]

  • Page 99

    GS2200-48 User’s Guide 99 C HAPTER 9 Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 9.1 Overview This chapter discusses how to configure forw arding rules based on MAC addresses of devices on your network. 9.2 Configuring S t atic MAC Forwarding A static MAC address is an address that has been manually ente[...]

  • Page 100

    Chapter 9 Static MAC Forward Setup GS2200-48 User’s Guide 100 Click Adv anced Applications > Static MAC Forwarding in the navigati on panel to display the configur ation screen as shown. Figure 42 Advanced Application > S tatic MAC Forwarding The following table describes t he labels in this screen. T able 23 Advanced Application > S t a[...]

  • Page 101

    Chapter 9 Static MAC Forward Setup GS2200-48 User’s Guide 101 P ort This field displays the port w here the MAC address sh own in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete che ck boxes. T able 23 Advanced Application > S t atic MAC Forwardi[...]

  • Page 102

    Chapter 9 Static MAC Forward Setup GS2200-48 User’s Guide 102[...]

  • Page 103

    GS2200-48 User’s Guide 103 C HAPTER 10 Filtering This chapter discusses MAC address port fil tering. 10.1 Configure a Filtering Rule Configure the S witch to filter tr affic base d on the tr affic’ s source, destinat ion MAC addresses and/or VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen[...]

  • Page 104

    Chapter 10 Filtering GS2200-48 User’s Guide 104 Action Select Discard source to drop frames from th e source MAC address (specified in the MAC field). The Switch can still send frames to the MAC address. Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The Switch can still receive frames ori[...]

  • Page 105

    GS2200-48 User’s Guide 105 C HAPTER 11 Spanning Tree Protocol The Switch suppor ts Spanning T ree Protocol (STP), R apid Spanning T ree Protocol (RSTP) and Multiple Spanning T ree Protoc ol (MSTP) as defined in the foll owing standards. • IEEE 802.1D Spanning T ree Protocol • IEEE 802.1w Rapid Spanning T ree Protocol • IEEE 802.1s Multiple [...]

  • Page 106

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 106 P ath cost is the cost of tr ansmitting a frame onto a LAN through that port. The recommended cost is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost. On each bridge, the bridge communicates wi th the root throug h the[...]

  • Page 107

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 107 1 1.1.3 STP Port St ates STP assigns fiv e port states to eliminate packet loopi ng. A bridge port is not allowed to go direct ly from blocking state to forw arding state so as to eliminate transient loops. 1 1.1.4 Multiple STP Multiple Spanning T ree Protocol (IEEE 802. 1s) is backwar[...]

  • Page 108

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 108 blocked as STP and RSTP allow only one link i n the network and block the redundant link. Figure 44 STP/RSTP Network Example With MSTP , VLANs 1 and 2 are mapp ed to di fferent span ning trees in the network. Thus traf fic from the two VLANs tr avel on different paths. The following f[...]

  • Page 109

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 109 Devices that belong to the same MST re gion are configured to hav e the same MSTP configuration identificati on settings . These include the following parameters: • Name of the MST region • Revision level as the uniqu e nu m be r for the MST regio n • VLAN-to-MST Instance mapping[...]

  • Page 110

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 11 0 and single spanning tree devi ces. A ne t work may contain multiple MST regions and other network segments running RSTP . Figure 47 MSTP and Legacy RSTP Network Example 1 1.2 S p anning T ree Protocol St atus Screen The Spanning T ree Protocol status scree n changes depending on what[...]

  • Page 111

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 111 1 1.3 S p anning T ree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch. Click Configuration in t he Advanced Application > Spanning Tree Proto col . Figure 49 Advanced Application > S panning T ree Protocol > Configuratio[...]

  • Page 112

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 11 2 1 1.4 Configure Rapid S p anning T ree Protocol Use this screen to configure RSTP settings, see Section 11.1 on page 105 for more informat ion on RS TP . C lick RSTP in the Advanced Application > Spanning Tree Proto col screen. Figure 50 Advanced Application > S panni ng T ree [...]

  • Page 113

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 11 3 The following table describes t he labels in this screen. T able 28 Advanced Application > S p anning T ree Protocol > RSTP LABEL DESCRIPTION Status Click Status to display the RSTP Status screen (see Figure 51 on page 114 ). Active Select this check box to activ ate RSTP . Clea[...]

  • Page 114

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 11 4 1 1.5 Rapid S p anning T ree Protocol St atus Click Advanced Application > Spanning Tree Pro tocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 105 for more information on RSTP . Note: This screen is only available af ter you activat[...]

  • Page 115

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 11 5 The following table describes t he labels in this screen. T able 29 Advanced Application > S p anning T ree Protocol > S tatus: RSTP LABEL DESCRIPTION Configuration C lick Configuration to specify which STP mode you w ant to activate. Click RSTP to edit RSTP settings on the Swit[...]

  • Page 116

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 11 6 1 1.6 Configure Multiple S p anning T ree Protocol T o configure MSTP , click MSTP in the Advanced Applicatio n > Spanning Tree Protocol screen. See Section 11.1.4 on page 107 for more information on MSTP . Figure 52 Advanced Application > S panni ng T ree Protocol > MSTP[...]

  • Page 117

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 11 7 The following table describes t he labels in this screen. T able 30 Advanced Application > S p anning T ree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 53 on page 119 ). Active Select this check box to activ ate MSTP on the[...]

  • Page 118

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 11 8 Bridge Priority Set the priority of the Switch for the specific spanning tree instance. The lower the number , the more likely the Switch will be chosen as the root bridge within the spanning tree instance. Enter priority values between 0 and 61440 in increments of 4096 (thus valid v[...]

  • Page 119

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 11 9 1 1.7 Multiple S p anning T ree Protocol St atus Click Advanced Applicat ion > Spanning Tree Protoc ol in the navigation panel to display the status screen as shown next. See Section 11.1.4 on page 107 for more information on MSTP . Note: This screen is only available af ter you ac[...]

  • Page 120

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 120 The following table describes t he labels in this screen. T able 31 Advanced Application > S p anning T ree Protocol > S tatus: MSTP LABEL DESCRIPTION Configuration C lick Configuration to specify which STP mode you w ant to activate. Click MSTP to edit MSTP settings on the S wi[...]

  • Page 121

    Chapter 11 Spanning Tr ee Protocol GS2200-48 User’s Guide 121 Internal Cost This is the path cost from the root port in this MST instance to the regional root switch. P ort ID This is the priority and number of the port on the Sw itch through which this Switch must communicate with the root of th e MST instance. T able 31 Advanced Application >[...]

  • Page 122

    Chapter 11 Spanning Tr ee Protoc ol GS2200-48 User’s Guide 122[...]

  • Page 123

    GS2200-48 User’s Guide 123 C HAPTER 12 Bandwidth Control This chapter shows you how y ou can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwid th Control Overview Bandwidth control means defining a maxi mum allowab le bandwidth for incoming and/or out-going tr affic flows on a port. 12.1.1 CIR and PIR The Committed Inform[...]

  • Page 124

    Chapter 12 Bandwidth Control GS2200-48 User’s Guide 124 12.2 Bandwid th Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 54 Advanced Application > Bandwid th Control The following table describes t he related labels in this screen. T able 32 Advanced Applicatio[...]

  • Page 125

    Chapter 12 Band wid th Contr ol GS2200-48 User’s Guide 125 Pe a k Rat e Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the incoming traffic flow on a port. Active Select this check bo x to activate egress r ate limits on this port. Egress Rate Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out[...]

  • Page 126

    Chapter 12 Bandwidth Control GS2200-48 User’s Guide 126[...]

  • Page 127

    GS2200-48 User’s Guide 127 C HAPTER 13 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 13.1 Broadcast S torm Control Setup Broadcast storm control limits the number of broadcast, multicast and destinat ion lookup failure (DLF ) packets the S witch re ceives per second on the port[...]

  • Page 128

    Chapter 13 Broadcast Storm Control GS2200-48 User’s Guide 128 The following table describes t he labels in this screen. T able 33 Advanced Application > Broadcast S torm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. P ort This field displays a[...]

  • Page 129

    GS2200-48 User’s Guide 129 C HAPTER 14 Mirroring This chapter discusses port mirroring s etup screens. 14.1 Port Mirroring Setup P o r t m i r r o r i n g a l l o w s y o u t o c o p y a t r a f f i c f l o w t o a m o n i t o r p o r t ( t h e p o r t y o u c o p y the traffic to) in order th at you ca n examine th e traffic f r om th e m o ni t[...]

  • Page 130

    Chapter 14 M irr or in g GS2200-48 User’s Guide 130 The following table describes t he labels in this screen. T able 34 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activ ate port mirroring on the Switch. Clear this check box to disable the feature. Monitor Po r t The monitor port is the port you copy the [...]

  • Page 131

    GS2200-48 User’s Guide 131 C HAPTER 15 Link Aggregation This chapter shows you how t o logically aggr egate phy sical links t o form one logical, higher-bandwid th link. 15.1 Link Aggregation Overview Link aggregation (trunking) is the groupi ng of physical por ts into one log i ca l higher-capacity link. Y ou may want to trunk ports i f for exam[...]

  • Page 132

    Chapter 15 Li nk Aggr eg a tion GS2200-48 User’s Guide 132 LACP also allows port redundancy , that is, if an operational port fails, then one of the “standby” ports become operational wi thout user interv ention. Please note that: • Y ou must connect all ports point -to-point to the same Ethernet switch and configure the ports for LACP trun[...]

  • Page 133

    Chapter 15 L ink Aggr eg a tion GS2200-48 User’s Guide 133 The following table descri bes the labels in this screen. T able 37 Advanced Application > Link Aggregation S tatus LABEL DESCRIPTION Index This field displays the trunk ID to identify a trunk group , that is, one logical link containing multiple ports. Enabled Port These are the ports[...]

  • Page 134

    Chapter 15 Li nk Aggr eg a tion GS2200-48 User’s Guide 134 15.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 15.1 on page 131 for more informat ion on link aggre gation. Figure 58 Advanced Application > Link Aggreg ation > Link Aggregati[...]

  • Page 135

    Chapter 15 L ink Aggr eg a tion GS2200-48 User’s Guide 135 15.5 Link Aggregation Control Protocol Click in the Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to displa y the screen shown next. See Section 15.2 on page 131 for more infor mation on dynamic link aggregation. Figure 59 Advanced Application > Lin[...]

  • Page 136

    Chapter 15 Li nk Aggr eg a tion GS2200-48 User’s Guide 136 The following table describes t he labels in this screen. 15.6 S t atic T r unking Example This example shows you how to create a static port trunk group for ports 2-5. T able 39 Advanced Application > Link Aggregation > Link Aggregatio n Setting > LACP LABEL DESCRIPTION Link Agg[...]

  • Page 137

    Chapter 15 L ink Aggr eg a tion GS2200-48 User’s Guide 137 1 Make your physical connections - make sure that the ports that you w ant to belong to the trunk group are connected to the same destina tion. The followin g figure shows ports 2-5 on swit ch A connected to switch B . Figure 60 T runking Example - Physical Connections 2 Configure static [...]

  • Page 138

    Chapter 15 Li nk Aggr eg a tion GS2200-48 User’s Guide 138 Y our trunk group 1 ( T1 ) configur ation is now complete; you do not need to go to any additional screens.[...]

  • Page 139

    GS2200-48 User’s Guide 139 C HAPTER 16 Port Authentication This chapter describes the IEEE 802. 1x and MAC authentication methods. 16.1 Port Authentication Overview P ort authentication is a w ay to v alidate access to ports on the Switch to clients based on an external server (authentic ation server). The S witch supports the following methods f[...]

  • Page 140

    Chapter 16 Port Authentication GS2200-48 User’s Guide 140 request to a RADIUS server . The RADIUS se rver validat es whether this client is allowed access to the port. Figure 62 IEEE 802.1x Authentication Process 16.1.2 MAC Authentication MAC authentication works in a very sim ilar way to IEEE 802.1x authentication. The main difference is that th[...]

  • Page 141

    Chapter 16 Port Authentication GS2200-48 User’s Guide 141 client connecting to a port on the Switch along with a password configured specifically for MAC authenti cation on the Switc h. Figure 63 MAC Authentication Process 16.2 Port Authentication Configuration T o enable port authentication, first activ a te the port authentication method(s) y o[...]

  • Page 142

    Chapter 16 Port Authentication GS2200-48 User’s Guide 142 16.2.1 Activate IEEE 802.1x Security Use this screen to activ ate IEEE 802.1x security . In the Port Authentication screen click 802. 1x to displa y the configurat ion screen as shown. Figure 65 Advanced Application > Port Authentication > 802.1x The following table describes t he la[...]

  • Page 143

    Chapter 16 Port Authentication GS2200-48 User’s Guide 143 16.2.2 Activate MAC Authentication Use this screen to activ ate MAC authentication. In t he Port Authentication screen click MAC Authentication to di splay the configur ation screen as shown. Figure 66 Advanced Application > Port Authentication > MAC Authentication R eauthenticati on[...]

  • Page 144

    Chapter 16 Port Authentication GS2200-48 User’s Guide 144 The following table describes t he labels in this screen. T able 41 Advanced Application > Port Authentication > MAC Authen tication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: Y ou must first enable MAC authentication on the Switc[...]

  • Page 145

    GS2200-48 User’s Guide 145 C HAPTER 17 Port Security This chapter shows you how t o set up port securit y . 17.1 About Port Security P ort security allows only packet s with dynamically learned MAC addresses and/or configured static MAC ad dresses to pass throug h a port on the S witch. Th e Switch can learn up to 16K MAC addresses in total with [...]

  • Page 146

    Chapter 17 Port Secu rity GS2200-48 User’s Guide 146 17.2 Port Security Setup Click Advanced Application > Port Security in the navigati on panel to displa y the screen as shown. Figure 67 Advanced Application > Port Security The following table describes t he labels in this screen. T able 42 Advanced Application > Port Security LABEL DE[...]

  • Page 147

    Chapter 17 Port Security GS2200-48 User’s Guide 147 Address Learning MAC address learning re duces outgoing broadcast traffic. For MAC address learning to occur on a port, the port itself must be activ e with address learning enabled. Limited Number of Learned MAC Address Use this field to limit the number of (dynamic) MAC addresses that may be l[...]

  • Page 148

    Chapter 17 Port Secu rity GS2200-48 User’s Guide 148[...]

  • Page 149

    GS2200-48 User’s Guide 149 C HAPTER 18 Classifier This chapter introduces and shows you how to configure the packet classif ier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay , and the networking me thods used to control the use of bandwidth. Wit[...]

  • Page 150

    Chapter 18 Classifier GS2200-48 User’s Guide 150 Click Advanced Application > Classifier in the navigation panel to display the configurati on screen as shown. Figure 68 Advanced Applicatio n > Classifier The following table describes t he labels in this screen. T able 43 Advanced Application > Classifier LABEL DESCRIPTION Active Select [...]

  • Page 151

    Chapter 18 Classifier GS2200-48 User’s Guide 151 Layer 2 Specify the fields below to configure a layer 2 classifier . VLAN Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided. Priority Select Any to classify traffic from any priority lev el or select the second option and s[...]

  • Page 152

    Chapter 18 Classifier GS2200-48 User’s Guide 152 18.3 V iewing and Editing Classifier Configuration T o view a summary of t he classifier configur ation, scroll down to the s ummary table at the bottom of the Classifier screen. T o change the settings of a rule, click a number in the Index field. Note: When two rules conflict with each other , a [...]

  • Page 153

    Chapter 18 Classifier GS2200-48 User’s Guide 153 The following table describes t he labels in this screen. The following table shows some other common Ethernet types and the corresponding protocol number . In the Internet Protocol, there is a field called “Protocol” t o identify the IP protocol type. The following table s hows some common pro[...]

  • Page 154

    Chapter 18 Classifier GS2200-48 User’s Guide 154 Some of the most common IP ports are: T able 47 Common TCP and UDP Port Numbers PORT NUMBER PORT NAME 21 FTP 23 T elnet 25 SMTP 53 DNS 80 HT TP 110 POP3[...]

  • Page 155

    Chapter 18 Classifier GS2200-48 User’s Guide 155 18.4 Classifier Example The following screen shows an example of conf iguring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. Figure 70 Classifier: Example After you hav e configured a classifier , you can conf igure a policy to define action(s) on the classif[...]

  • Page 156

    Chapter 18 Classifier GS2200-48 User’s Guide 156[...]

  • Page 157

    GS2200-48 User’s Guide 157 C HAPTER 19 Policy Rule This chapter shows you how t o configure policy rules. 19.1 Policy Rules Overview A classifier dist inguishes traffic into flows based on the configured criteria (refer to Chapter 18 on page 149 for more information). A policy rule ensures that a tr affic flow gets the requested treatment in the [...]

  • Page 158

    Chapter 19 Policy Rule GS2200-48 User’s Guide 158 The DSCP value determines the forwarding behavior , the PHB (Per-Hop Behavior), that each pack et gets across the DiffSer v network. Based on the marking rule, different kinds of tr affic can be marked for different kinds of forwarding. R esources can then be allocated according to the DS CP v alu[...]

  • Page 159

    Chapter 19 Policy Rule GS2200-48 User’s Guide 159 Click Advanced Applications > Policy Rule in the navigation panel t o display the screen as shown. Figure 71 Advanced Application > Policy Rule[...]

  • Page 160

    Chapter 19 Policy Rule GS2200-48 User’s Guide 160 The following table describes t he labels in this screen. T able 48 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy . Name Enter a descriptive name for identification purposes. Classifier(s) This field dis plays the active classifier(s) you co[...]

  • Page 161

    Chapter 19 Policy Rule GS2200-48 User’s Guide 161 19.3 V iewing and Editin g Policy Configuration T o view a summary of t he classifier configur ation, scroll down to the s ummary table at the bottom of the Policy screen. T o change the settings of a rule, click a number in the Index field. Figure 72 Advanced Application > Policy Rule: Summary[...]

  • Page 162

    Chapter 19 Policy Rule GS2200-48 User’s Guide 162 The following table describes t he labels in this screen. T able 49 Policy: Summary Table LABEL DESCRIPTION Index This field displa ys the policy index num ber . Click an index number to edit the policy . Active This field displays Yes when policy is activated and No when is it deactivated. Name T[...]

  • Page 163

    Chapter 19 Policy Rule GS2200-48 User’s Guide 163 19.4 Policy Example The figure below shows an example Policy screen where y ou configure a policy to limit bandwidth and discard out -of-profi le traffic on a tr affic flow classified using the Example classifier (r efer to Section 18.4 on page 155 ). Figure 73 Policy Example example[...]

  • Page 164

    Chapter 19 Policy Rule GS2200-48 User’s Guide 164[...]

  • Page 165

    GS2200-48 User’s Guide 165 C HAPTER 20 Queuing Method This chapter introduces the queuing methods supported. 20.1 Queuing Method Overview Queuing is us ed to help solve performa nce degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffi c. See al so Priority Queue Assignment[...]

  • Page 166

    Chapter 20 Q ue u ing Me tho d GS2200-48 User’s Guide 166 different tr affic queues . By defaul t, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. Guar anteed bandwidth is calculated as follows: For example, usi ng the default setting, Q0 on P ort 1 gets a guar anteed bandwidth of: 20.1.3 W eighted Round Robin Scheduling (WRR) Ro u n[...]

  • Page 167

    Chapter 20 Queuing Me thod GS2200-48 User’s Guide 167 20.2 Configuring Queuing Click Advanced Application > Queuing Method in the na vigation panel. Figure 74 Advanced Application > Que uing Method The following table describes t he labels in this screen. T able 50 Advanced Application > Queuing Method LABEL DESCRIPTION P ort This label [...]

  • Page 168

    Chapter 20 Q ue u ing Me tho d GS2200-48 User’s Guide 168 Method Select SPQ (Strictly Prior ity Queuing), WFQ (Weighted Fair Queuing) or WRR (Weighted Round Robin) . Strictly Priority services queues based on priority only . When the highest priority queue empties, traffic on the next highest-priority queue begins. Q7 has the highest priority and[...]

  • Page 169

    GS2200-48 User’s Guide 169 C HAPTER 21 VLAN Stacking This chapter shows you how t o configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN S t acking Overview A service provider c an use VLAN stacking to allow i t to distinguish multiple customers VLANs, even those with the sa me [...]

  • Page 170

    Chapter 21 VLAN Stacking GS2200-48 User’s Guide 170 distinguish customer A and tag 48 to disti nguish customer B at ed ge device 1 and then stripping those tags at edge device 2 as the data frames leav e the network. Figure 75 VLAN S tacking Example 21.2 VLAN S t acking Port Roles Each port can hav e one of the following VLAN stacking “roles”[...]

  • Page 171

    Chapter 21 VLAN Stacking GS2200-48 User’s Guide 171 21.3 VLAN T ag Format A VLAN tag (service pro vider VLAN st acki ng or customer IEEE 802.1Q) consists of the following th ree fields. Type is a standard Ethernet type code id entifying the fr ame and indicates that whether the frame carries IEEE 802.1Q tag information. SP TPID (Service Provider [...]

  • Page 172

    Chapter 21 VLAN Stacking GS2200-48 User’s Guide 172 Configure the fields as highlighted in the Switch VLAN Stacking screen. T able 52 Single and Double Tagged 802.11Q Frame Format DA SA Len/ Etype Dat a FCS Untagged Ethernet frame DA SA TPI D Priorit y VI D Len/ Etype Dat a FCS IEEE 802.1Q customer tagged frame D A SA SPTPI D Priori ty VI D TPI D[...]

  • Page 173

    Chapter 21 VLAN Stacking GS2200-48 User’s Guide 173 21.4 Configuring VLAN S t acking Click Advanced Applications > VLAN Stacking to disp l ay the sc re en as shown. Figure 76 Advanced Application > VLAN S t acking The following table describes t he labels in this screen. T able 54 Advanced Application > VLAN Stacking LABEL DESCRIPTION Ac[...]

  • Page 174

    Chapter 21 VLAN Stacking GS2200-48 User’s Guide 174 Role Select Access Port to have the S witch add the SP TPID tag to all incoming frames received on th is port. Select Access Port for ingress ports at the edge of the service provide r's netw ork. Select Tunnel Port (available for Gigabit ports only) for egress ports at the edge of the serv[...]

  • Page 175

    GS2200-48 User’s Guide 175 C HAPTER 22 Multicast This chapter shows you how t o configure various multicast features. 22.1 Multicast Overview T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast deliv ers IP packets to just a group [...]

  • Page 176

    Chapter 22 Multicast GS2200-48 User’s Guide 176 22.1.3 IGMP Snooping The Switch can passiv ely snoop on IGMP pack ets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP pack ets pa ssing through it, picks out the group registration informa t ion , and configu res mul[...]

  • Page 177

    Chapter 22 Multicast GS2200-48 User’s Guide 177 22.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 22.1 on page 175 for more i nformation on multicasting. Figure 78 Advanced Application > Mult icast > Multicast Sett ing P ort This field displays the port [...]

  • Page 178

    Chapter 22 Multicast GS2200-48 User’s Guide 178 The following table describes t he labels in this screen. T able 56 Advanced Application > Multicast > Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these setting s to configure IGMP Snooping. Active Select Act ive to enable IGMP Snooping to forward group multicast traffic only to port[...]

  • Page 179

    Chapter 22 Multicast GS2200-48 User’s Guide 179 22.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the Max Group Num. Enter the number of multicast groups this port is allowed to join. Once a port is registered in the specifie[...]

  • Page 180

    Chapter 22 Multicast GS2200-48 User’s Guide 180 screen as shown. See Section 22.1.4 on page 176 for more information on IG MP Snooping VLAN. Figure 79 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN The following table describes t he labels in this screen. T able 57 Advanced Application > Multicast > Multi[...]

  • Page 181

    Chapter 22 Multicast GS2200-48 User’s Guide 181 22.5 IGMP Filtering Profile An IGMP filter in g profile sp ec if ies a range of multic as t groups th at cl ie nts connected to the Switch are able to join. A profile contains a r ange of multicast IP addresses which you w ant cli ents to be able to join. Profiles are assigned to ports (in the Multi[...]

  • Page 182

    Chapter 22 Multicast GS2200-48 User’s Guide 182 Click Advanced Applications > Multicast > Multicast Setting > IGMP Filtering Profile link to display th e sc re en as shown. Figure 80 Advanced Application > Multicast > Mu lticast Setting > IGMP Filtering Profile The following table describes t he labels in this screen. T able 58 [...]

  • Page 183

    Chapter 22 Multicast GS2200-48 User’s Guide 183 22.6 MVR Overview Multicast VLAN R egist ration (MVR) is designed for applications (such as Media-on- Demand ( MoD)) th at use mul ticast traffi c across an Ethernet ring-based ser vice provider network. MVR allows one single multicast VLAN t o be shared among different subscriber VLANs on the netwo[...]

  • Page 184

    Chapter 22 Multicast GS2200-48 User’s Guide 184 22.6.2 MVR Modes Y ou can set your Switch to operate in either dynamic or compatible mode. In dynamic mode, the Switc h sends IGMP leav e and join reports to the other multicast devices (s uch as multicast routers or serv ers) in the multicast VL AN. This allows the multicast devices to update the m[...]

  • Page 185

    Chapter 22 Multicast GS2200-48 User’s Guide 185 22.7 General MVR Configuration Use the MVR screen to create multicast VL ANs and select the receiv er port(s) and a source port for each multicast VLAN. Click Advanced Applications > Multicast > Multicast Setting > MVR link to disp l ay th e sc reen as shown next. Note: Y ou can create up t[...]

  • Page 186

    Chapter 22 Multicast GS2200-48 User’s Guide 186 Multicast VLAN ID Enter the VLAN ID (1 to 40 94) of the multicast VLAN. 802.1p Priority Select a priority level (0-7) with which the Switch replaces the priority in outgoing IGMP control packets (bel onging to this multicast VLAN). Mode Spe cify the MVR mode on the Switch. Choices are Dynamic and Co[...]

  • Page 187

    Chapter 22 Multicast GS2200-48 User’s Guide 187 22.8 MVR Group Configuration All source ports and receiv er ports belo nging to a multicast group can recei ve multicast data sent to thi s multicast group. Configure MVR IP mul ticast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. Note: A port can [...]

  • Page 188

    Chapter 22 Multicast GS2200-48 User’s Guide 188 22.8.1 MVR Configuration Example The following figure shows a network ex ample where ports 1, 2 and 3 on the Switch bel ong to VLAN 1. In addition, po rt 7 belongs to the mul ticast group with VID 200 to receive multi cast traffic ( the News and Movie channels) from the remote streaming media server[...]

  • Page 189

    Chapter 22 Multicast GS2200-48 User’s Guide 189 T o configure the MVR settings on the S w itch, create a mul ticast group in the MVR screen and set the receiv er and source ports. Figure 86 MVR Configu ration Example T o set the Switc h to forward the multicast group traffic to the subscribers, configure multicast group sett ings in the Group Con[...]

  • Page 190

    Chapter 22 Multicast GS2200-48 User’s Guide 190 following figure shows an exa mpl e where two multicast groups ( News and Movie ) are configured for the multicast VLAN 200. Figure 87 MVR Group Configuration Example Figure 88 MVR Group Configuration Example example example[...]

  • Page 191

    GS2200-48 User’s Guide 191 C HAPTER 23 Authentication & Accounting This chapter describes how to configure au thentication and acco unting settings on the Switch. 23.1 Authentication, Authorization and Accounting Authentication is the process of determin ing who a user is and validating access to the Switch. The Switch can authenticate users [...]

  • Page 192

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 192 23.1.2 on page 192 ) as external authentication, authorization and accounting servers. Figure 89 AAA Server 23.1.1 Local User Account s By storing user profiles locally on the S wit ch, your Swit ch is able to authenticate and authorize users without inter acting wi th a n[...]

  • Page 193

    Chapter 23 Authentication & Accounting GS2200-48 User’s Guide 193 Click Advanced Application > Auth and Acct in the navigation panel to displa y the screen as shown. Figure 90 Advanced Application > Auth and Acct 23.2.1 RADIUS Server Setup Use this screen to configure yo ur RADIUS server settings. See Section 23.1.2 on page 192 for more[...]

  • Page 194

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 194 The following table describes t he labels in this screen. T able 62 Advanced Application > Auth and Acct > RADIUS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your RADIUS authentication settings. Mode This field only applies if y[...]

  • Page 195

    Chapter 23 Authentication & Accounting GS2200-48 User’s Guide 195 23.2.2 T ACACS+ Server Setup Use this screen to configure yo ur T ACACS+ server settings. See Section 23.1. 2 on page 192 for more information on T ACACS+ se rvers. Click on the TACACS+ Server Setup link in the Authentication and Accountin g screen to view the screen as shown. [...]

  • Page 196

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 196 The following table describes t he labels in this screen. T able 63 Advanced Application > Auth and Acct > T ACACS+ Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your T ACACS+ authentication settings. Mode This field is only v ali[...]

  • Page 197

    Chapter 23 Authentication & Accounting GS2200-48 User’s Guide 197 23.2.3 Authentication and Accounting Setup Use this screen to configure authentication and accounting settings on the Swit ch. Click on the Auth and Acct S etup link in the Authentication and Accoun ting screen to view the screen as shown. Figure 93 Advanced Application > Au[...]

  • Page 198

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 198 The following table describes t he labels in this screen. T able 64 Advanced Application > Auth and Acct > Auth an d Acct Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch. Privilege Enable [...]

  • Page 199

    Chapter 23 Authentication & Accounting GS2200-48 User’s Guide 199 23.2.4 V endor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access d evice (for example, the Switch). A company can create V endor Specific Attributes (VSAs) to expand the function ality of[...]

  • Page 200

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 200 The Switch supp orts VSAs that allow y ou to perform the following actions b ased on user authentication: • Limit bandwi dth on incoming or outgoing tr affic for the port the user connects to. • Assign acc o un t privile ge levels for the authen ticated u ser . The VSA[...]

  • Page 201

    Chapter 23 Authentication & Accounting GS2200-48 User’s Guide 201 IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This will also set the port’ s VID . The followin g table describes the values you need to configure. Note that the bolded values in the table are fix ed v alues as defined in RFC 3580. 23.3 Supported [...]

  • Page 202

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 202 23.3.1.2 Attributes Used to Login Users User-Name User-P assword NAS-Identifier NAS-IP- Address 23.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP- Address NAS-Port NAS-Port - T ype - This value is se t t o Ethernet(15) on the Switch[...]

  • Page 203

    Chapter 23 Authentication & Accounting GS2200-48 User’s Guide 203 23.3.2.2 Attributes Used for Accounting Exec Event s The attributes are listed in the following table along with the ti me that they are sent (the difference between Console and T elnet/SSH Exec events is that the T elnet/SSH ev ents utilize the Calling- Station-Id at tribute):[...]

  • Page 204

    Chapter 23 Auth en tic at ion & Accoun ting GS2200-48 User’s Guide 204 NAS-P ort DD D Class DD D Called-Station- Id DD D Calling-Station-Id DD D NAS-Identifier DD D NAS-P ort- T ype DD D Acct-S tatus- T ype DD D Acct-Delay - Time DD D Acct-S ession-Id DD D Acct- Authentic DD D Acct- Input-Octets DD Acct-Output -Octets DD Acct-Session- Time DD[...]

  • Page 205

    GS2200-48 User’s Guide 205 C HAPTER 24 IP Source Guard Us e I P s o ur ce g ua r d t o f i lt er unauthorized DHC P and AR P packets in your network. 24.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in yo ur network. A binding contains these key attribut es:[...]

  • Page 206

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 206 24.1.1 DHCP Snooping Overview Use DHCP s nooping t o filter u nau th orized DHCP packets on the netwo rk and to build the binding tab le dynamically . This can prevent clients from getting IP addresses from unauthorized DHCP servers. 24.1.1.1 T rusted vs. Untrusted Port s Every port is either[...]

  • Page 207

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 207 Y ou can configure the nam e and location of the file on the external TF TP server . The file has the following format: Figure 94 DHCP Snooping Dat abase File Format The <initial-checksum> helps distinguis h between the bindings in the latest update and the bindings from previous upda te[...]

  • Page 208

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 208 3 Configure trusted and untrusted ports, an d specify the maximum number of DHCP packets t hat each port can receive per second. 4 Configure static bindings. 24.1.2 ARP Inspection Overview Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of man[...]

  • Page 209

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 209 • They ap pe ar only in the ARP Inspection screens and commands, not in the MAC Address Filter screens and commands. 24.1.2.2 T rusted vs. Untrusted Port s Every port is either a trusted port or an untrusted p o rt for A R P inspecti on. Th is setting is independent of the t rusted/untrusted[...]

  • Page 210

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 210 the bindings by snooping DHCP packets (dynami c bindings) and from informati on provided manually by administr ators (static bindings). T o open this screen, click Advanced Application > IP Source Guard . Figure 96 IP Source Guard The following table describes t he labels in this screen. 2[...]

  • Page 211

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 21 1 new static binding replaces the origin al one. T o open this screen, click Advanced Application > IP Source Guard > Static Binding . Figure 97 IP Source Guard S t atic Binding The following table describes t he labels in this screen. T able 71 IP Source Guard Static Binding LABEL DESCRI[...]

  • Page 212

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 212 P ort This field displays the port number in the binding. If this field is blank, the binding applies to all ports. Delete Select this, and click Delete to remove the specified entry . Cancel Click this to clear the Delet e check boxes abo ve. T able 71 IP Source Guard Static Binding (continu[...]

  • Page 213

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 213 24.4 DHCP Snooping Use this scre en to look at various statis tics about the DHCP snooping database. T o open this screen, click Advanced Application > IP Source Guard > DHCP Snooping .[...]

  • Page 214

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 214 Figure 98 DHCP Snooping[...]

  • Page 215

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 215 The following table describes t he labels in this screen. T able 72 DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database. Y ou can con figure them in the DHCP S nooping Configure screen. See Section 24.5 on page 217 . Agent U[...]

  • Page 216

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 216 Successful transfers This field displays the number of times the Switch read bindings from or updated the bindings in the DHC P snooping database successfully . F ailed transfers This field displays the number of times the Switch was unable to read bindings from or update th e bindings in the[...]

  • Page 217

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 217 24.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and conf igure the DHCP snooping database. Th e DHCP snooping databa se stores the current bindings on a secure, external TFTP s[...]

  • Page 218

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 218 The following table describes t he labels in this screen. T able 73 DHCP Snooping Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch. Y ou still have to enable DHCP snooping on spec ific VLAN and specify trusted ports. Note: The Switch will drop all DHCP requ[...]

  • Page 219

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 219 24.5.1 DHCP Snooping Port Configure Use this screen to specify whether ports are trusted or untrusted ports for DHCP snooping. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports. Y ou can also specify the maximum number for DHCP packets t ha[...]

  • Page 220

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 220 The following table describes t he labels in this screen. 24.5.2 DHCP Snooping VLAN Configure Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP rela y agent option 82 informati on ( Chapt er 29 on page 249 ) to DHCP requ ests that the Swit[...]

  • Page 221

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 221 open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN . Figure 101 DHCP Snooping VLAN Configure The following table describes t he labels in this screen. T able 75 DHCP Snooping VLAN Configure LABEL DESCRIPTION Show VLAN Use this section [...]

  • Page 222

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 222 24.6 ARP Inspection S t atus Use this screen to look at the current list of MAC address filters that were c reated because the Switch identified an unau thorized ARP pack et. When the Switch identifies an unauthorized ARP packet, it automatically cr eates a MAC addres s filter to block tr aff[...]

  • Page 223

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 223 24.6.1 ARP Inspection VLAN St atus Use this screen to look at various statistics about ARP p ackets in each VL AN. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status . Figure 103 ARP Inspection VL AN S t atus The following table describes[...]

  • Page 224

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 224 24.6.2 ARP Inspection Log St atus Use this scre en t o look at lo g m es s a g e s th at we re generated by ARP pac kets and that have not been sent to the syslog server yet. T o op en this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status . Figure 10[...]

  • Page 225

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 225 24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Swit ch. Y ou can also configure the length of time the Switch stores reco rds of discarded ARP pack ets and global Sender Mac This field displays the source MAC address of the ARP packet. Sender IP This field displa[...]

  • Page 226

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 226 settings for the ARP inspection log. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure . Figure 105 ARP Inspection Co nfigure The following table describes t he labels in this screen. T able 79 ARP Inspection Configure LABEL DESCRIPTION A[...]

  • Page 227

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 227 24.7.1 ARP Inspection Port Configure Use this screen to specify whether port s are trusted or untrusted ports for ARP inspection. Y ou can also specify the maximum rate at which the Sw itch receives Log buffer size Enter the maximum number (0-1024) of log messages that were generated by ARP pa[...]

  • Page 228

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 228 ARP packets on each untrusted po rt. T o open this screen, click Advanc ed Application > IP Source Guard > ARP Inspection > Configure > Port . Figure 106 ARP Inspection Po rt Configure The following table describes t he labels in this screen. T able 80 ARP Inspection Port Configur[...]

  • Page 229

    Chapter 24 IP Source Guard GS2200-48 User’s Guide 229 24.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specif y when the Switch gener ates log messages for receiv ing ARP packets from each VLAN. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure[...]

  • Page 230

    Chapter 24 IP Source Gua rd GS2200-48 User’s Guide 230 End VID Enter the highest VLAN ID you w ant to manage in the section below . Apply Click this to display the specified range of VLANs in the section below . VID This field displays the VLAN ID of each VLAN in the r ange specified above. If y ou configure the * VLAN, the settings are applied t[...]

  • Page 231

    GS2200-48 User’s Guide 231 C HAPTER 25 Loop Guard This chapter shows you how to config ure the Swit ch to guard against loops on the edge of your network. 25.1 Loop Guard Overview Loop guard allows you to configure the S w itch to shut down a port if it detects that packets sent out on that port loop back to the Swit ch. While you can use Spannin[...]

  • Page 232

    Chapter 25 Loop Guard GS2200-48 User’s Guide 232 • It will receive its own broadcast messages that it sends out as they lo op back. It will then re-broadcast those messages agai n. The following figure shows port N on switch A connected to switch B . Switch B is in loop state. When broadcast or multi cast packets leav e port N and reach switch [...]

  • Page 233

    Chapter 25 Loop Guar d GS2200-48 User’s Guide 233 port N . The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 1 1 1 Loop Guard - Network Loop Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (se e Section 7.7 on page 73 ) or v[...]

  • Page 234

    Chapter 25 Loop Guard GS2200-48 User’s Guide 234 The following table describes t he labels in this screen. T able 82 Advanced Application > Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the Switch. The Switch generates syslog, internal log messages as well as SNMP traps when it shuts down a port via the loop gu[...]

  • Page 235

    235 P ART IV IP Application Static R outing (237) RIP (239) Differentiated Services ( 241) DHCP (249) VRRP (259)[...]

  • Page 236

    236[...]

  • Page 237

    GS2200-48 User’s Guide 237 C HAPTER 26 Static Routing This chapter shows you how t o configure static routes. 26.1 Configuring S t atic Routing Static routes tell the Switch how to forw ard IP traffic when you configure the TCP/ IP paramet ers manually . Click IP Application > Static Routing in the navigation p anel to display the screen as sh[...]

  • Page 238

    Chapter 26 Static Routing GS2200-48 User’s Guide 238 IP Subnet Mask Enter the subnet mask for this destination. Gateway IP Address Enter the IP address of the gateway . The gateway is an immediate neighbor of your S witch that will forward the pack et to the destination. The gateway must be a rou ter on the same segment as your Switch. Metric The[...]

  • Page 239

    GS2200-48 User’s Guide 239 C HAPTER 27 RIP This chapter shows you how t o configure RIP (R outing Information Protocol). 27.1 RIP Overview RIP (Routing Information Protocol) allows a routin g d ev ice to exchan ge routing information with other routers. The Direction f ield control s the se nding an d receiving of RIP pack ets. When set to: • B[...]

  • Page 240

    Chapter 27 RIP GS2200-48 User’s Guide 240 automatically created when you configure a new IP domain in the IP Setup screen (refer to Section 7.6 on page 71 ). Figure 1 14 IP Application > RIP The following table describes t he labels in this screen. T able 84 IP Application > RIP LABEL DESCRIPTION Active Select this check box to enable RIP o[...]

  • Page 241

    GS2200-48 User’s Guide 241 C HAPTER 28 Differentiated Services This chapter shows you how to conf igure Di fferentiated Services (DiffServ) on the Swit ch . 28.1 DiffServ Overview Quality of Service (QoS) is used to prioriti ze source-to-destination tr affic flows. All packets in t he flow are g ive n the same priori ty . Y ou can use CoS (class [...]

  • Page 242

    Chapter 28 Differe ntiated Services GS2200-48 User’s Guide 242 kinds of tr affic can be marked fo r di fferent p riorities of forw arding. Resources c an then be allocated according to the DSCP v alues and the configured policies. 28.1.2 DiffServ Network Example The following figure depicts a DiffServ netw ork consisting of a group of directly co[...]

  • Page 243

    Chapter 28 Differentiated Services GS2200-48 User’s Guide 243 specifies the a verag e rate at which packets are admitted to the network. The PIR is greater than or equal to the CIR. CIR and PIR v alues are based on the guaranteed and maximum bandwidth respectiv e ly as negotiated between a service provider and client. T wo Rate Three Color Marker[...]

  • Page 244

    Chapter 28 Differe ntiated Services GS2200-48 User’s Guide 244 decrease it. P ackets that have been previo usly marked red or yellow can only be marked with an equal or higher pack et loss priority . P a ck ets marked red (high packet loss priority) continue to be red without eval uation against the PIR or CIR . P ack et s marked yel low can only[...]

  • Page 245

    Chapter 28 Differentiated Services GS2200-48 User’s Guide 245 The following table describes t he labels in this screen. 28.3.1 Configuring 2-Rate 3 Color Marker Settings Use this screen to configur e TR TCM settings. Click the 2-rat e 3 Color Marker link in the DiffServ screen to display the screen as shown next . T able 85 IP Application > Di[...]

  • Page 246

    Chapter 28 Differe ntiated Services GS2200-48 User’s Guide 246 Note: Y ou cannot enable both TR TCM and Bandwid th Control at the same time. Figure 120 IP Ap plication > DiffServ > 2-rate 3 Color Marker The following table describes t he labels in this screen. T able 86 IP Application > DiffServ > 2-r ate 3 Color Marker LABEL DESCRIPT[...]

  • Page 247

    Chapter 28 Differentiated Services GS2200-48 User’s Guide 247 28.4 DSCP-to-IEEE 802.1p Priority Settings Y ou can configure the DSCP to IEEE 802.1p mapping to allow the Swit ch to prioritize all tr affi c based on the incoming DSCP v alue according to the DiffServ to IEEE 802.1p mapping table. The following table shows the de fault DSCP-to- IEEE8[...]

  • Page 248

    Chapter 28 Differe ntiated Services GS2200-48 User’s Guide 248 28.4.1 Configuring DSCP Settings T o change the DSCP-IEEE 802. 1p mapping, click the DSCP Setting link in the DiffServ screen to display the screen as shown next. Figure 121 IP Ap plication > DiffServ > DSCP Setting The following table describes t he labels in this screen. T abl[...]

  • Page 249

    GS2200-48 User’s Guide 249 C HAPTER 29 DHCP This chapter shows you how t o configure the DHCP feature. 29.1 DHCP Overview DHCP (Dynamic Host Configur ation Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP conf iguration at start-up from a server . Y ou can configure the Switch as a DHCP se rver or a DHCP rela y agent. [...]

  • Page 250

    Chapter 29 DHCP GS2200-48 User’s Guide 250 • VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured as a DHCP server for one VLAN and at the same time the Switch can be configured to relay DHCP requests for clients in another VLAN. 29.2 DHCP S t atus Click IP Application > DHCP in the na vigation panel. The DHC[...]

  • Page 251

    Chapter 29 DHCP GS2200-48 User’s Guide 251 this screen to view detail s regarding DH CP server set tings conf igured on the Swit ch . Figure 123 IP Application > DHCP > DHCP Server S tatus Detail The following table describes t he labels in this screen. T able 90 IP Application > DHCP Server Status Detail LABEL DESCRIPTION Start IP Addre[...]

  • Page 252

    Chapter 29 DHCP GS2200-48 User’s Guide 252 29.4 DHCP Relay Configure DHCP relay on the Switch if the DHCP client s and the DHCP server are not in the same broadcast domain. During the initi al IP address leasing, the Switch helps to relay network information (such as t he IP address and subnet mask) between a DHCP client and a DHCP se rver . Once[...]

  • Page 253

    Chapter 29 DHCP GS2200-48 User’s Guide 253 29.4.2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen. Click IP Application > DHCP in the navigation panel and click the Global link to display the scre en as shown. Figure 124 IP Application > DHCP > Global The following table describes t he labels in this sc[...]

  • Page 254

    Chapter 29 DHCP GS2200-48 User’s Guide 254 29.4.3 Global DHCP Relay Configuration Example The follow figure shows a network exampl e where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domains. Figure 125 Global DHCP Relay Network Example Configure t[...]

  • Page 255

    Chapter 29 DHCP GS2200-48 User’s Guide 255 29.5 Configuring DHCP VLAN Settings Use this screen to configure your DHCP se ttings based on the VLAN domain of the DHCP clients. Cl ick IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. Note: Y ou must set up a management IP address for [...]

  • Page 256

    Chapter 29 DHCP GS2200-48 User’s Guide 256 Server Use this section if you want to conf igure the Switch to function as a DHCP server for this VLAN. Client IP P ool Starting Address Specify the first of the contiguous addresses in the IP address pool. Size of Client IP P ool Specify the size, or count of the IP address pool. The S witch can issue [...]

  • Page 257

    Chapter 29 DHCP GS2200-48 User’s Guide 257 29.5.1 Example: DHCP Relay for T wo VLANs The following example dis plays two VLANs (VIDs 1 and 2) for a campus network. T wo DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP request s from the dormitor y rooms (VLAN 1) to the DHCP server with an IP address of 192.168.1[...]

  • Page 258

    Chapter 29 DHCP GS2200-48 User’s Guide 258 For the example netw ork, configure the VLAN Setting screen as shown. Figure 129 DHCP Relay for T wo VLANs Configuration Example example[...]

  • Page 259

    GS2200-48 User’s Guide 259 C HAPTER 30 VRRP This chapter shows you how t o configure and monitor the Virtual R outer Redundancy Protocol (VRRP) on the S witch. 30.1 VRRP Overview Each host on a network is configured to send packets t o a statically configured default gateway (this S w i tch). The default gateway can become a s ingle point of fail[...]

  • Page 260

    Chapter 30 VRRP GS2200-48 User’s Guide 260 default gateway . If switch A has a higher priority , it is the master router . Switch B , having a lower priority , is the backup router . Figure 130 VRRP: Example 1 If switch A (the master router) is unav ailable, switch B takes ov er . T raffic is then processed by switch B . 30.2 VRRP S t atus Click [...]

  • Page 261

    Chapter 30 VR RP GS2200-48 User’s Guide 261 30.3 VRRP Configuration The following sections describe the different parts of the VRRP Configur ation screen. 30.3.1 IP Interface Setup Before configuring VRRP , first create an IP interface (or routing domain) in the IP Setup screen (see the Section 7.6 on page 71 for more in formation). Click IP Appl[...]

  • Page 262

    Chapter 30 VRRP GS2200-48 User’s Guide 262 Note: Routing domains with the sa me VLAN ID are not displayed in the t able indicated. Figure 132 IP Ap plication > VRRP Configuration > IP Interface The following table describes t he labels in this screen. T able 95 IP Application > VRRP Configuration > IP Interface LABEL DESCRIPTION Index[...]

  • Page 263

    Chapter 30 VR RP GS2200-48 User’s Guide 263 30.3.2 VRRP Parameters This section describes the VRRP parameters. 30.3.2.1 Advertisement Interval The master router sends out Hel lo message s to let the ot her backup routers know that it is still up and running. The time interv al between sending the Hello messages is the advertisement interv al. By [...]

  • Page 264

    Chapter 30 VRRP GS2200-48 User’s Guide 264 30.3.3 Configuring VRRP Parameters After you set up an IP interface, co nfigure the VRRP par ameters in the VRRP Configuration screen. Figure 133 IP Ap plication > VRRP Configuration > VRRP Parameters The following table describes t he labels in this screen. T able 96 IP Application > VRRP Confi[...]

  • Page 265

    Chapter 30 VR RP GS2200-48 User’s Guide 265 30.3.4 Configuring VRRP Parameters View the VRRP configur ation summary at the bottom of the screen. Figure 134 VRRP Configuration: Summary The following table describes t he labels in this screen. 30.4 VRRP Configuration Examples The following sections show two VRRP configuration examples on the Switch[...]

  • Page 266

    Chapter 30 VRRP GS2200-48 User’s Guide 266 30.4.1 One Subnet Network Example The figure below shows a simple VR RP network with only one virtual router VR1 (VRID =1) and tw o switches . The network is connected to the W AN via an uplink gatewa y G (172.21.1.100). The host computer X is set to use VR1 as the default gateway . Figure 135 VRRP Confi[...]

  • Page 267

    Chapter 30 VR RP GS2200-48 User’s Guide 267 After configuring and saving the VRRP config uration, the VRRP Status screens for both switches are shown next. Figure 138 VRRP Example 1: VRRP S tatus on Switch A Figure 139 VRRP Example 1: VRRP S tatus on Switch B 30.4.2 T wo Subnet s Example The following figure depicts an exampl e in which two swit [...]

  • Page 268

    Chapter 30 VRRP GS2200-48 User’s Guide 268 VR1 (refer to Section 30.4.2 on page 267 ). Configure the VRRP par ameters on the switches as shown in the fi gures below . Figure 141 VRRP Example 2: VRRP Paramet e r Settings for VR2 on Switch A Figure 142 VRRP Example 2: VRRP Paramet e r Settings for VR2 on Switch B After configuring and saving the VR[...]

  • Page 269

    269 P ART V Management Maintenance (271) Access Control (279) Diagnostic (299) Syslog (301) Cluster Management (305) MAC T able (313) IP T able (317) ARP T able (321) Routi ng T able (323) Configure Clone (325)[...]

  • Page 270

    270[...]

  • Page 271

    GS2200-48 User’s Guide 271 C HAPTER 31 Maintenance This chapter explains how to configure the mainte nance screens that let you maintain the firmware and configur ation files. 31.1 The Maintenance Screen Use this screen to manage firmware and yo ur confi gur ation files. Click Management > Maintenance in the navigation panel to open the follow[...]

  • Page 272

    Chapter 31 Maintenance GS2200-48 User’s Guide 272 31.2 Load Factory Default Follow the steps below to rese t the Switch bac k to th e fa ctory defau lts. 1 In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch c onfigur ation i nformation y ou configured and return to the factory de faults. 2 Clic[...]

  • Page 273

    Chapter 31 Maintenance GS2200-48 User’s Guide 273 31.3 Save Configuration Click Config 1 to sav e the current configur ation settings permanently to Configuration 1 on the Switch. Click Config 2 to sav e the current configur ation settings to Configuration 2 on the Switch. Alternativel y , click Save on the top right-hand corner in any screen to [...]

  • Page 274

    Chapter 31 Maintenance GS2200-48 User’s Guide 274 Be sure to upload the correct m odel firmware as uploading the wrong model firmware m ay damage your device. From the Maintenance screen, display the Firmware Upgrade screen as shown next. Figure 148 Mana gement > Maintenance > Firmware Upgrade T ype the path and file name of t he firmware f[...]

  • Page 275

    Chapter 31 Maintenance GS2200-48 User’s Guide 275 31.7 Backup a Configuration File Backing up your S witch configur ations allo ws you to create various “snapshots” of your device from which you ma y restore at a later date. Back up your c urrent Switch confi guratio n to a computer using the Backup Configuration screen. Figure 150 Management[...]

  • Page 276

    Chapter 31 Maintenance GS2200-48 User’s Guide 276 Z yNOS (Z yXEL Network Operating System, so meti mes referred to as the “r as” file) is the system firmware and ha s a “bin” filename extension. 31.8.1.1 Example FTP Commands ftp> put firmware.bin ras This is a sample FTP session showing the tr ansfer of the computer file "firmware[...]

  • Page 277

    Chapter 31 Maintenance GS2200-48 User’s Guide 277 6 Use put to tr ansfer files from the computer to the Swit ch, for example, pu t firmware.bin ras transfers the firmware on your computer (firmware.bin) to the Switch and renames it to “r as” . Similarly , put config.cfg config tr ansfers the configuration fi le on your co mputer (con fi g.cfg[...]

  • Page 278

    Chapter 31 Maintenance GS2200-48 User’s Guide 278[...]

  • Page 279

    GS2200-48 User’s Guide 279 C HAPTER 32 Access Control This chapter describes how to c ontrol access to the Sw itch. 32.1 Access Control Overview A console port and FTP are allowed one se ssion ea ch , T elnet and SSH share nine sessions, up to fiv e W eb sessions (five di fferent usernames and passwords) and/or limitless SNMP access control sessi[...]

  • Page 280

    Chapter 32 Access Control GS2200-48 User’s Guide 280 32.3 About SNMP Simple Network Manageme nt Protocol (SNM P) is an application layer protocol used to manage and monitor T CP/IP-based devices. SNMP is used to exchange management information between the network manage ment system (NMS) and a network element (NE). A manager station can manage an[...]

  • Page 281

    Chapter 32 Access Control GS2200-48 User’s Guide 281 SNMP itself is a simple request /respon se protocol based on the manager/agent model. The manager issues a request an d the agent returns responses using t he following protocol operations: 32.3.1 SNMP v3 and Security SNMP v3 enhances security for SNMP management. SNMP managers can be required [...]

  • Page 282

    Chapter 32 Access Control GS2200-48 User’s Guide 282 32.3.3 SNMP T raps The Switch se nds traps to an SNMP mana ger when an e vent occurs. The following tables outline the SNMP traps by category . An OID (Object ID) th at begins with “ 1.3.6.1.4.1.890.1.5. 8. ” is defined in privat e MIBs. Otherwis e, it is a st and a rd MIB OID. T able 103 S[...]

  • Page 283

    Chapter 32 Access Control GS2200-48 User’s Guide 283 intrusionlo ck IntrusionLockEventOn 1.3.6.1.4.1.890.1.5.8. 53.3 7.2.1 This trap is sent when intrusion lock occurs on a port. loopguard LoopguardEventOn 1.3.6.1.4.1 .890.1.5.8.53.3 7.2.1 This tr ap is sent when loopguard shuts down a port. T able 103 SNMP System Traps (continued) OPTION OBJECT [...]

  • Page 284

    Chapter 32 Access Control GS2200-48 User’s Guide 284 accounting RADIUSAcctNotR eachable EventOn 1.3.6.1.4.1.890.1 .5.8.53.3 7.2.1 This trap is sent when there is no response message from the RADIUS accounting server . RADIUSAcctNotR eachable EventClear 1.3.6.1.4.1.890.1 .5.8.53.3 7.2.2 This trap is sent when the RADIUS accounting server can be re[...]

  • Page 285

    Chapter 32 Access Control GS2200-48 User’s Guide 285 32.3.4 Configuring SNMP From the Access Control screen, display the SNMP screen. Y ou can click Ac cess Control to go back to the Access Control screen. Figure 153 Management > Access Control > SNMP rmon RmonRisingAlarm 1.3.6.1.4.1.890. 1.5.1.1.16 .0.1 This trap is sent when a v ariable g[...]

  • Page 286

    Chapter 32 Access Control GS2200-48 User’s Guide 286 The following table describes t he labels in this screen. T able 108 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) val ue s . V ersion Select the SNMP version for the Switch. The SNMP version on t[...]

  • Page 287

    Chapter 32 Access Control GS2200-48 User’s Guide 287 Security Level Select whether you w ant to implemen t authentication and/or encryption for SNMP communication from this user . Choose: • noauth -to use the username as the password string to send to the SNMP manager . This is equiv ale nt to the Get, Set and T rap Community in SNMP v2c. This [...]

  • Page 288

    Chapter 32 Access Control GS2200-48 User’s Guide 288 32.3.5 Configuring SNMP T rap Group From the SNMP screen, click Trap Group to view the screen as shown. Use the Trap Grou p screen to specify the t ypes of SNMP trap s that should be sent to each SNMP manager . Figure 154 Management > Access Control > SNMP > Trap Group The following ta[...]

  • Page 289

    Chapter 32 Access Control GS2200-48 User’s Guide 289 • An administr ator is someone who can both view and configure Switch c hanges. The username for the Administrator is alwa ys admin . The default administrator password is 1234 . Note: It is highly recommended t hat you change the default administrator p assword ( 1234 ). • A non-administr [...]

  • Page 290

    Chapter 32 Access Control GS2200-48 User’s Guide 290 32.4 SSH Overview Unlike T elnet or FTP , which transmi t data in clear text, SSH (Secure Shell) is a secure communication protocol that combin es authentication and data encryption to provide secure encrypted communication bet ween two hosts over an unsecured network. Figure 156 SSH Communicat[...]

  • Page 291

    Chapter 32 Access Control GS2200-48 User’s Guide 291 32.5 How SSH works The following table summarizes how a secure connection is established between two remot e hosts. Figure 157 How SSH W orks 1 Host Identificat io n The SSH client send s a connection request to the SSH server . The server identifies itself with a host k ey . The client encrypt[...]

  • Page 292

    Chapter 32 Access Control GS2200-48 User’s Guide 292 3 Authentication and Data T r ansmission After the identification is verified and data encrypt ion activ ated, a secure tunnel is established between the client and th e serv er . The client then sends its authentication information (u ser name and password) to th e server to log in to the serv[...]

  • Page 293

    Chapter 32 Access Control GS2200-48 User’s Guide 293 1 HT TPS connection requests from an SSL - aware web browser go to port 443 (by default) on the Switch’ s WS (web server). 2 HT TP connection requests fr om a web brow ser go t o port 80 (by default) on the Switch’ s WS (web server). Figure 158 HTTPS Implement ation Note: If you disable HTT[...]

  • Page 294

    Chapter 32 Access Control GS2200-48 User’s Guide 294 Y ou see the following Security Al ert screen in Internet Explorer . Select Yes to proceed to the web configurator login screen; if you select No , then web configur ator access is block ed. Figure 159 Security Aler t Dialog Box (Internet Explorer) 32.8.2 Net scape Navigator W arning Messages W[...]

  • Page 295

    Chapter 32 Access Control GS2200-48 User’s Guide 295 Select Accept this certificate permanently to import the S witch’ s certificate into the SSL client. Figure 160 Security Certificate 1 (Net scape) Figure 161 Security Certificate 2 (Net scape) example example[...]

  • Page 296

    Chapter 32 Access Control GS2200-48 User’s Guide 296 32.8.3 The Main Screen After you accept the certifi cate and ente r the login username and password, the Switch main screen appears. The l ock displayed in t he bottom right of the browser status bar denotes a secure connection. Figure 162 Example: Lock Denoting a Secure Conn ection 32.9 Servic[...]

  • Page 297

    Chapter 32 Access Control GS2200-48 User’s Guide 297 computer(s)” for each service in the Remote Management screen (discussed later). Cli c k Access Control to go back to the main Access Control scre en. Figure 163 Manageme nt > Access Control > Service Access Control The following table describes t he fields in this screen. 32.10 Remote [...]

  • Page 298

    Chapter 32 Access Control GS2200-48 User’s Guide 298 Y ou can specify a group of one or more “trusted computers” from which an administr ator may use a service to manage the Sw itch. Click Access Control to return to the Access Control screen. Figure 164 Management > Access Control > Remote Management The following table describes t he [...]

  • Page 299

    GS2200-48 User’s Guide 299 C HAPTER 33 Diagnostic This chapter explains the Diagnostic screen. 33.1 Diagnostic Click Management > Diagnostic in the naviga tion panel to open thi s screen. Us e this screen to check sys tem logs, ping IP addresses or perf orm port tests. Figure 165 Manageme nt > Diagnostic[...]

  • Page 300

    Chapter 33 Diagnostic GS2200-48 User’s Guide 300 The following table describes t he labels in this screen. T able 1 13 Management > Diag nostic LABEL DESCRIPTION System Log Click Display to display a log of ev ents in the multi-line text box. Click Cl ear to empty the text box and reset the syslog entry . IP Ping T ype the IP addre ss of a dev[...]

  • Page 301

    GS2200-48 User’s Guide 301 C HAPTER 34 Syslog This chapter explains the syslog screens. 34.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to sy s lo g servers that col l e ct the event messages. A sys log-enabled device can generate a syslog message and send it to a syslog server . Sy[...]

  • Page 302

    Chapter 34 Sy slog GS2200-48 User’s Guide 302 34.2 Syslog Setup Click Management > Syslog in the navigation panel to displa y this screen. The syslog feature sends logs to an external sy slog serv er . Use this screen to configure the device’ s system logging set tings. Figure 166 Manageme nt > Syslog The following table describes t he la[...]

  • Page 303

    Chapter 34 Syslog GS2200-48 User’s Guide 303 34.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to open the following screen. Use this s creen to configure a list of external syslog servers . Figure 167 Manageme nt > Syslog > Server Setup The following table describes t he labels in this screen. T able 1 16 Manag[...]

  • Page 304

    Chapter 34 Sy slog GS2200-48 User’s Guide 304[...]

  • Page 305

    GS2200-48 User’s Guide 305 C HAPTER 35 Cluster Management This chapter introduces cluster management. 35.1 Clustering Management S t atus Overview Cluster Management allows you to manage switc hes through one Switch, call ed the cluster manager . The switches must be directly connected and be in the same VLAN group so as to be able to communicate[...]

  • Page 306

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 306 In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are clust er members. Figure 168 Clustering App lication Example 35.2 Cluster Management S t atus Click Management > Clus ter Management in the navigati[...]

  • Page 307

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 307 The following table describes t he labels in this screen. 35.2.1 Cluster Member Switch Management Go to the Clustering Management St atus screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web config[...]

  • Page 308

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 308 configurator home page and the home pa ge that you'd see if y ou accessed it directly are different. Figure 170 Cluster Management: Clu ster Mem ber Web Configurator Screen[...]

  • Page 309

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 309 35.2.1.1 Uploading Firmware to a Cluster Member Switch Y ou can use F TP to upload firmware to a cluster member switch through the cluster manager swi tch as sh own in the following example. Figure 171 Example: Uploading Firmware to a Cluster Memb er Switch The following table explains s[...]

  • Page 310

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 310 35.3 Clustering Management Configuration Use this screen to configure clustering management. Click Configuration from the Cluster Management screen t o display the next screen. Figure 172 Manageme nt > Clustering Management > Configuration The following table describes t he labels [...]

  • Page 311

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 31 1 VID This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster . Switches that are not in the same VLAN group are not visible in the Clustering Cand idates list. This fi[...]

  • Page 312

    Chapter 35 Clust er Managem en t GS2200-48 User’s Guide 312[...]

  • Page 313

    GS2200-48 User’s Guide 313 C HAPTER 36 MAC Table This chapter introduces the MAC Table sc reen. 36.1 MAC T able Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forw arded or fil tered ac ross the Switch’ s ports. When a device (which may belong to a VLAN group) sends a packet which is forw [...]

  • Page 314

    Chapter 36 M AC Ta b le GS2200-48 User’s Guide 314 • If the Switch has already learned the port for this MAC address , but the destination port is the same as the port it came in on, then it filters the fr ame. Figure 173 MAC T able Flowchart 36.2 V iewing the MAC T able Click Management > MAC Table in the navigation panel to dis play the f [...]

  • Page 315

    Chapter 36 MAC Table GS2200-48 User’s Guide 315 MAC Address This is the MAC address of the device from which this incoming frame came. VID This is the VLAN group to which this frame belongs. P ort This is the port from which the above MAC address w as learned. T ype This shows whether the MAC address is dynamic (learned by the S witch) or static [...]

  • Page 316

    Chapter 36 M AC Ta b le GS2200-48 User’s Guide 316[...]

  • Page 317

    GS2200-48 User’s Guide 317 C HAPTER 37 IP Table This chapter introduces the IP ta ble. 37.1 IP T able Overview The IP Table screen shows how packet s are forwarded or f iltered across the Switch’ s ports. When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch , the IP address of the device is [...]

  • Page 318

    Chapter 37 IP Table GS2200-48 User’s Guide 318 • If the Switch has already learned the port for this IP address, but the destination port is the same as the port it came in on, then it fi lters the packet. Figure 175 IP T able Flowchart 37.2 V iewing the IP T able Click Management > IP Table i n the na vigation panel to display the followi n[...]

  • Page 319

    Chapter 37 IP Table GS2200-48 User’s Guide 319 VID This is the VLAN group to which the packet belongs. P ort This is the port from which the abov e IP address was learned. This field displays CPU to indicate the IP addre ss belongs to the Switch. T ype This shows whether the IP address is dynamic (learned by the Switch) or static (belonging to th[...]

  • Page 320

    Chapter 37 IP Table GS2200-48 User’s Guide 320[...]

  • Page 321

    GS2200-48 User’s Guide 321 C HAPTER 38 ARP Table This chapter introduces ARP T able. 38.1 ARP T able Overview Address Resolution Protocol (ARP) is a pr otocol for mapping an Internet Protocol address (IP address) to a physi c al machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) addr[...]

  • Page 322

    Chapter 38 ARP Tab le GS2200-48 User’s Guide 322 38.2 V iewing the ARP T able Click Management > ARP Table in t he navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s). Figure 177 Management > ARP T able The following table describes t he labels in this screen. T able 123 Management > ARP [...]

  • Page 323

    GS2200-48 User’s Guide 323 C HAPTER 39 Routing Table This chapter introduces the routing table. 39.1 Overview The routing table contains the rout e information to the network(s) that the Switch can reach. The Switch automatically u pdates the routing table with the RIP information received from other Ethernet devices. 39.2 V iewing the Routing T [...]

  • Page 324

    Chapter 39 Rou tin g Ta b l e GS2200-48 User’s Guide 324[...]

  • Page 325

    GS2200-48 User’s Guide 325 C HAPTER 40 Configure Clone This chapter shows you how y ou can copy the settings of one port onto other ports. 40.1 Configure Clone Cloning allows yo u to copy the basic and adv anced settings from a source port to a destination port or ports. Click Manage ment > Configure Clone to open the following screen. Figure [...]

  • Page 326

    Chapter 40 Con fig ur e Clo ne GS2200-48 User’s Guide 326 The following table describes t he labels in this screen. T able 125 Management > Configure Clone LABEL DESCRIPTION Source/ Destination Po r t Enter the source port under the Sourc e label. This port’s attributes are copied. Enter the destination port or ports under the Destination la[...]

  • Page 327

    327 P ART VI Product S p ecifications Product Specifications (329)[...]

  • Page 328

    328[...]

  • Page 329

    GS2200-48 User’s Guide 329 C HAPTER 41 Product Specifications The following tables summarize the Swit ch’ s hardware and firmw are feat ures. T able 126 Hardware Specifications SPECIFICATION DESCRIPTION Dimensions Standard 19” rack mountable 438 mm (W) x 310 mm (D) x 44.45 mm (H) W eight 4.9 Kg P ower Specification AC: 100 - 240 VAC 50/60 Hz [...]

  • Page 330

    Chapter 41 Product Specifications GS2200-48 User’s Guide 330 LEDs Main switch: BPS, PWR, SYS, ALM, Per Gigabit port: Green: 1000 Mbps Amber: 100 Mbps Per m ini-GBIC port: LNK, ACT Operating Environment T emperature: 0º C ~ 45º C (32º F ~ 113º F) Humidity: 10 ~ 90% (non-condensing) Storage Environment T emperature: -10º C ~ 70º C (14º F ~ 1[...]

  • Page 331

    Chapter 41 Product Specifications GS2200-48 User’s Guide 331 MAC Address Filter Filter tr affic based on the source and/or destination MAC address and VLAN group (ID). DHCP (Dynamic Host Configuration Protocol) Use this feature to have the S witch assign IP addresses, an IP default gateway and DNS servers to computers on your network. IGMP Snoopi[...]

  • Page 332

    Chapter 41 Product Specifications GS2200-48 User’s Guide 332 STP (Spanning T ree Protocol) / RSTP (R apid STP) (R)STP detects and breaks network loops and provides backup links between switches, bridges or route rs. It allows a Switch to interact with other (R)STP -compliant switches in you r network to ensure that only one path exists between an[...]

  • Page 333

    Chapter 41 Product Specifications GS2200-48 User’s Guide 333 T able 128 Switching Specifications Layer 2 Fea t ur e s Bridging 8K MA C addresses Static MAC address filtering by source/destination Broadcast storm control Static MAC address forwarding Switching Throughput: • 1488000 pps for 1000Base- T 64byte packet • 148800 pps for 100Base- TX[...]

  • Page 334

    Chapter 41 Product Specifications GS2200-48 User’s Guide 334 The following list, which is not exhaust ive , illust rates the standards supported in the Switch. Layer 3 Fea t ur e s IP Capability IPV4 support 64 IP routing domains 256 IP address table Wire speed IP forwarding Ro ut i n g protocols RIP-V1/V2 Static Routing VRRP IP services DHCP rel[...]

  • Page 335

    Chapter 41 Product Specifications GS2200-48 User’s Guide 335 RFC 2698 T wo Rate Three Color Marker (TR T CM) RFC 2865 RADIUS - V endor Specific Attribute RFC 2674 P-BRIDGE-MIB, Q-BRIDGE-MIB RFC 3046 DHCP Relay RFC 3164 Syslog RFC 3376 Internet Group Management Protocol, V ersion 3 RFC 3414 User-based Security Model (USM) for version 3 of the Simp[...]

  • Page 336

    Chapter 41 Product Specifications GS2200-48 User’s Guide 336[...]

  • Page 337

    337 P ART VII Appendices and Index Legal Information (339) Index (343)[...]

  • Page 338

    338[...]

  • Page 339

    GS2200-48 User’s Guide 339 A PPENDIX A Legal Information Copyright Copyright © 2009 by Z yXEL Communications Corpor ation. The contents of this publication ma y not be reproduced in any part or as a whole, transcrib ed, stored in a retriev al syst em, tr anslated into an y language , or transmitted in an y form or by any me ans, electronic, mech[...]

  • Page 340

    Appendix A Leg al In fo rm at ion GS2200-48 User’s Guide 340 • This dev ice m u st accept any in terferen ce received, including interference that may cause undesired operations. FCC W arning This device has been tested and found to comply with the limits for a Clas s A digital switch, pursuant to Part 15 of the FCC Rules . These limits are des[...]

  • Page 341

    Appendix A Legal Information GS2200-48 User’s Guide 341 Viewing Certifications 1 Go to http://www . zyxel.com . 2 Select your prod uct on the Z yXEL home page to go to that product's page. 3 Select the certification y ou wish to view from this page. ZyXEL Limited W arranty Z yXEL warr ants to the original end user (p urchaser) that this pr o[...]

  • Page 342

    Appendix A Leg al In fo rm at ion GS2200-48 User’s Guide 342[...]

  • Page 343

    Index GS2200-48 User’s Guide 343 Index Numerics 802.1P priority 75 A access control limitations 279 login account 288 remote management 297 service port 296 SNMP 280 accounting setup 197 address learning, MAC 89 , 92 Address R esolution Protocol (ARP) 321 , 325 , 326 administrator password 289 age 11 7 aggregator ID 134 , 135 aging time 69 applic[...]

  • Page 344

    Index GS2200-48 User’s Guide 344 switch models 305 VID 31 1 web config urator 307 cluster manager 305 cluster member 305 command interface 26 Common and Internal Spanning T ree (CIST) 107 Common and Internal Spanning T ree, See CIST 109 configuration 238 change running config 273 configuration file 49 backup 275 restore 49 , 274 saving 273 config[...]

  • Page 345

    Index GS2200-48 User’s Guide 345 file names 275 filtering 103 rules 103 filtering database, MAC table 313 firmware 64 upgrade 273 , 309 flow control 74 back pressure 74 IEEE802.3x 74 forwarding delay 11 7 frames tagged 88 untagged 88 front panel 33 FTP 26 , 275 file transfer procedure 276 restrictions over W AN 277 G GARP 80 GARP (Generic Attribu[...]

  • Page 346

    Index GS2200-48 User’s Guide 346 L LACP system priority 136 timeout 136 layer 2 features 333 layer 3 features 334 LEDs 38 limit MAC address learning 147 link aggregation 131 dynamic 131 ID information 132 setup 134 , 135 status 133 lockout 48 log 300 login 41 password 47 login account Administrator 289 non-administr ator 289 login accounts 288 co[...]

  • Page 347

    Index GS2200-48 User’s Guide 347 hello time 11 7 Max Age 120 max age 11 7 max hops 11 7 MST region 108 network example 107 path cost 11 8 port priority 11 8 revision level 11 7 MSTP (Multiple Spanning T ree Protocol) 105 MTU (Multi- T enant Unit) 68 multicast 175 802.1 priority 178 and IGMP 175 IP addresses 175 overview 175 setup 177 , 178 multic[...]

  • Page 348

    Index GS2200-48 User’s Guide 348 and IEEE 802.1Q tagging 91 example 94 hexadecimal notation for protocols 90 , 93 isolate traffic 91 priority 90 , 93 PVID 80 , 88 PVID (Priority Frame) 80 Q QoS 333 and classifier 149 queue weight 166 queuing 165 SPQ 166 WFQ 166 WRR 166 queuing method 165 , 168 R RADIUS 192 advantages 192 and authentication 192 Ne[...]

  • Page 349

    Index GS2200-48 User’s Guide 349 implementation 292 SSH (Secure Shell) 290 SSL (Secure Socket Layer) 292 standby ports 132 static bindings 205 static MAC address 99 static MAC forwarding 89 , 92 , 99 static routes 237 , 238 static trunking example 136 Static VLAN 84 static VLAN control 86 tagging 86 status 42 , 58 LED 38 link aggregation 133 port[...]

  • Page 350

    Index GS2200-48 User’s Guide 350 T unnel Protocol Attribute, and RADIUS 200 T wo Rate Three Color Marker (TR T CM) 242 T wo Rate Three Color Marker , see TR TCM 242 Ty p e o f S e r v i c e ( To S ) 241 U untrusted ports ARP inspection 209 DHCP snooping 206 user profiles 192 V V endor Specific Attribute See VSA ventilation holes 29 VID 72 , 79 , [...]

  • Page 351

    Index GS2200-48 User’s Guide 351 WRR (W eighted R ound Robin Scheduling 166 Z Z y NOS (Z yXEL Network Oper ating S ystem) 276[...]

  • Page 352

    Index GS2200-48 User’s Guide 352[...]