ZyXEL Communications metrogigabit switch manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications metrogigabit switch, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications metrogigabit switch one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications metrogigabit switch. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications metrogigabit switch should contain:
- informations concerning technical data of ZyXEL Communications metrogigabit switch
- name of the manufacturer and a year of construction of the ZyXEL Communications metrogigabit switch item
- rules of operation, control and maintenance of the ZyXEL Communications metrogigabit switch item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications metrogigabit switch alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications metrogigabit switch, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications metrogigabit switch.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications metrogigabit switch item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www .zyxel.com www .zyxel.com MGS3700-12C MetroGigabit Switch Copyright © 2012 ZyXEL Communications Corporation Firmware V ersion 3.90 Edition 15, 11/2012 Default Login Details IP Address http://192.168.1.1 http://192.168.0.1 (Out-of -band MGMT port) User Name admin Pa ss wo rd 12 34[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide MGS3700-12C User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who w ant to configure the Switch using the web configurator . Related Document ation •Q u i c k S t a r t G u i d e The Quick Start Guide is de signed to help you get your S witch up and running right away .[...]

  • Page 4

    About This User's Guide MGS3700-12C User’s Guide 4 Need More Help? More help is av ailable at www.zyx el.com. • Download Library Search for the latest produc t updates an d documentation from this link. Re ad the T ech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Int erface R eference G[...]

  • Page 5

    Document Conventions MGS3700-12C User’s Guide 5 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User’ s Guide. W arnings tell you about things that could harm you or your device.MGS3700-12C Note: Notes tell you other import ant informat ion (for e xample, other things you may need to configure or help[...]

  • Page 6

    Document Conventions MGS3700-12C User’s Guide 6 Icons Used in Figures Figures in this User’ s Guide may use the following generic icons . The Switch icon is not an exact representation of y our device. The Switch Computer Notebook computer Server DSLAM Firewa ll Te l e p h o n e Ro u t e r[...]

  • Page 7

    Safety Warnings MGS3700-12C User’s Guide 7 Safety Warnings • Do NO T use this product near water , for exam ple, in a wet basement or near a swimming pool. • Do NO T expose your device to dampness, dust or corrosive liquids. • Do NO T store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is[...]

  • Page 8

    Safety Warnings MGS3700-12C User’s Guide 8[...]

  • Page 9

    Contents Overview MGS3700-12C User’s Guide 9 Contents Overview Introduction and Hardware ................................................ ................................................... 23 Getting to Know Y our Switch . ............. ................ ................ ................ ............. ................ ........ .. 25 Hardware Inst[...]

  • Page 10

    Contents Overview MGS3700-12C User’s Guide 10 PPPoE ............... ................. ................................................................ ............. ............ . ........... 317 Private VLAN ......... ... ... ... .... ... ... ............. ... ... .... ............. ... ... ... .... ............ .... ... ... ... ............ ...[...]

  • Page 11

    Table of Contents MGS3700-12C User’s Guide 11 Table of Contents About This User's Guide ................................................................ ........................................ .. 3 Document Conventions.................................................................. ......................................... .5 Safety Warni[...]

  • Page 12

    Table of Contents MGS3700-12C User’s Guide 12 3.1.4 Management Port ... ... ............. ... ... .... ... ... ............. ... .... ... ... ... ............. ... .... ... ... ... ... ....... 39 3.1.5 Power Connector ............. ... ... ... ... .... ............. ... ... ... .... ... ... ... ... .... ... ............. ... ... ... .... ... 39 3[...]

  • Page 13

    Table of Contents MGS3700-12C User’s Guide 13 6.6 How to Do Port I solation in a VLAN . ................ ............. ................ ................ ................ ....... 85 6.6.1 Creating a VLAN .............. ............ ................. ................ ............. ................ ............. ... 8 6 6.6.2 Creating a Private VLAN[...]

  • Page 14

    Table of Contents MGS3700-12C User’s Guide 14 9.6 Subnet Based V LANs ........... ................ ............. ................. ................ ............. ................ . 126 9.7 Configuring Subnet Based VLAN ............... ... ... .... ............. ... ... ... ... .... ... ... ... .... ... ............. . 1 27 9.8 Protocol Based VLAN[...]

  • Page 15

    Table of Contents MGS3700-12C User’s Guide 15 14.2 Bandwidth Control Setup ............ ................ ................ ................ ................ ................ ..... 1 70 Chapter 15 Broadcast St orm Control .......................................................................... ........................... 173 15.1 Broadcast S torm[...]

  • Page 16

    Table of Contents MGS3700-12C User’s Guide 16 Chapter 20 Classifier .......................................................... ........................................................... ........... 21 1 20.1 About the Classifier and QoS ........ ............. ................ ............. ................ ............. ............ 21 1 20.2 Co[...]

  • Page 17

    Table of Contents MGS3700-12C User’s Guide 17 24.3 Multicast Setting ........ ... ... ... .... ... ............. ... ... ... .... ... ... ... .... ... ... ............. ... ... .... ... ... ... .. ..... . 241 24.4 IGMP Snooping VLAN .. ............. ................ ................ ............. ................ ................ ........ 24 4 24[...]

  • Page 18

    Table of Contents MGS3700-12C User’s Guide 18 Chapter 27 Loop Guard............................................ ............................................................... ................. 295 27.1 Loop Guard Overview ......... ............. ................ ................. ............ ................. ................ . 295 27.2 Loop Gu[...]

  • Page 19

    Table of Contents MGS3700-12C User’s Guide 19 32.6 PPPoE IA for VLAN ....... ............. ................ ................ ............. ................ ................ ....... .3 2 5 Chapter 33 Private VLAN ................................................................................... ................................ ...... 327 33.1 Pri[...]

  • Page 20

    Table of Contents MGS3700-12C User’s Guide 20 37.3.3 Global DHCP Relay Co nfigurat ion Example ..... ................ ................ ............. ........ 352 37.4 Configuring DHCP VLAN Settings ........ ............. ............. ................ ............. ................ . 353 37.4.1 Example: DHCP Relay for T wo VLANs ... .......... ..[...]

  • Page 21

    Table of Contents MGS3700-12C User’s Guide 21 39.9 Service Port Access Control . ............ ................. ............. ............ ................. ............ ..... 38 5 39.10 Remote Management ....... ................ ................ ............. ................ ................ ........... 386 Chapter 40 Diagnostic................[...]

  • Page 22

    Table of Contents MGS3700-12C User’s Guide 22 46.3 Switch Configuration ...... .......... ............ ................. ............. ................ ............. ............ .. ... 418 Chapter 47 Product Sp ecifications .............................................. ........................................................... 419 47.1 Fan Mod[...]

  • Page 23

    23 P ART I Introduction and Hardware Getting to Know Y our Switch (25) Hardware Installation and Connecti on (31) Hardware Overview (35) Tu t o r i a l s ( 6 3 ) v3.91(AAFX.0)[...]

  • Page 24

    24[...]

  • Page 25

    MGS3700-12C User’s Guide 25 C HA PT ER 1 Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction The MGS3700-12C is a lay er 2 stand-alone Gigabit Ethernet (GbE) switch. The Switch has 12 GbE dual personality int erfaces with each interface comprising one mini-GBIC slot and one 100/10[...]

  • Page 26

    Chapter 1 Getting to Know Your Switch MGS3700-12C User’s Guide 26 In this example, all computers can share hi gh-speed applications on the server . T o expand the network, simply add more networking devi ces such as switches, routers, computers, print servers etc. Figure 1 Backbone Application 1.1.2 Bridging Example In this example application th[...]

  • Page 27

    Chapter 1 Getting to Kn ow Your Switch MGS3700-12C User’s Guide 27 1.1.3 High Performance Switching Example The Switch is ideal for connecting two netw orks that need high b andwidth. In the following example, use trunking to connect these two networks. Switching to higher -speed LANs such as A TM (Asynchronous T ransmissi on Mode) is not feasibl[...]

  • Page 28

    Chapter 1 Getting to Know Your Switch MGS3700-12C User’s Guide 28 Shared resources such as a serv er can be used by al l ports in the same VLAN as the server . In the following figure only po rts that need access to the serv er need to be part of VLAN 1. P orts can belong to other VLAN g roups too. Figure 4 Shared Serve r Using VLAN Example 1.2 I[...]

  • Page 29

    Chapter 1 Getting to Kn ow Your Switch MGS3700-12C User’s Guide 29 • W eb Configurator . This is recommend ed for everyd ay management of the S witch using a (supported) web browser . See Chapter 4 on page 47 . • Command Line Interface. Line comma nds offer an alternative to the web configurator and in some cases are nece ssary to configure a[...]

  • Page 30

    Chapter 1 Getting to Know Your Switch MGS3700-12C User’s Guide 30[...]

  • Page 31

    MGS3700-12C User’s Guide 31 C HA PT ER 2 Hardware Installation and Connection This chapter shows you how t o install and connect the S witch. 2.1 Inst allation Scenarios The Switch can be placed on a desktop or r ack -mounted on a standard EIA r ack. Use the rubber feet in a desktop installation and the brack ets in a r ack -mounted installation.[...]

  • Page 32

    Chapter 2 Hardware Installation and Connection MGS3700-12C User’s Guide 32 5 Attach the rubber feet to each corner on the bottom of the Switch. These rubber feet help protect the Switch from shoc k or vibration and ensure space between devices when stacking. Figure 5 Att aching Rubber Feet Note: Do NOT block the ventilation ho les. Leave sp ace b[...]

  • Page 33

    Chapter 2 Har d war e In sta lla tion an d Conn ec tion MGS3700-12C User’s Guide 33 2.3.2 Att aching the Mounting Bracket s to the Switch 1 P osition a mounting br acket on one side of the Switch, lining up the four screw holes on the brack et with the screw ho les on the si de of the Switch. Figure 6 Att aching the Mounting Bracket s 2 Using a #[...]

  • Page 34

    Chapter 2 Hardware Installation and Connection MGS3700-12C User’s Guide 34 2.3.3 Mounting the Switch on a Rack 1 P osition a mounting br acket (that i s alread y attached to the Swit ch) on one side of the rack, lining up the two sc rew holes on the br acket with the screw holes on the side of the rack. Figure 7 Mounting the Switch on a Rack 2 Us[...]

  • Page 35

    MGS3700-12C User’s Guide 35 C HA PT ER 3 Hardware Overview This chapter describes the front panel and rear p anel of the Sw itch and shows you how to make the hardware connections. 3.1 Front Panel The following figure shows the front panel of the Switch. The front panel contains the Switch LEDs, 12 dual pe rsonality interfaces each consisting of [...]

  • Page 36

    Chapter 3 Har d war e Ov er vie w MGS3700-12C User’s Guide 36 3.1.1 Console Port For local management, you can use a computer with terminal emulation software configured to the following par ameters: • VT100 • T erminal emulation • 9600 bps • No parity , 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console[...]

  • Page 37

    Chapter 3 Hardware Overview MGS3700-12C User’s Guide 37 When auto-negotiation is turned on, a Et hernet port negotiates with the peer automatically to determine the connection speed and d uplex mode. If the peer Ethernet port does not support auto-negot iation or turns off this feature, the Switch determi nes the connection speed by detecting the[...]

  • Page 38

    Chapter 3 Har d war e Ov er vie w MGS3700-12C User’s Guide 38 3.1.3.1 T ransceiver Inst allation Use the following steps to install a mini-GBIC transceiver (SFP module). 1 Insert the transceiv er into the slot with the exposed section of PCB board facing down. 2 Press the tr ansceiver firmly until i t clicks into place. 3 The Switch automaticall [...]

  • Page 39

    Chapter 3 Hardware Overview MGS3700-12C User’s Guide 39 3 Pull the transceiver out of the slot. Figure 1 1 Removing the Fiber Optic Ca bles Figure 12 Opening the T ransceiver ’s Latch Example Figure 13 T ransceiver Removal Example 3.1.4 Management Port The MGMT ( management) port is used for local management . Connect directly to this port usin[...]

  • Page 40

    Chapter 3 Har d war e Ov er vie w MGS3700-12C User’s Guide 40 Use only power wires of the required di ameter for connecting the Switch to a power supply . 3.1.5.1 AC Power Connection Connect the female end of the po wer cord to the power socket of your S witch. Connect the other end of the cord to a power outlet. 3.1.5.2 DC Power Connection The S[...]

  • Page 41

    Chapter 3 Hardware Overview MGS3700-12C User’s Guide 41 3.1.6 Signal Slot The Signal slot (fitted wit h the signal connector) allows you to connect devices to the Switch, such as sensors or other Z yXEL switches which support the external alarm feat ure. This feature is in additi on to the syst em alarm, which detect s abnormal temperatures, volt[...]

  • Page 42

    Chapter 3 Har d war e Ov er vie w MGS3700-12C User’s Guide 42 3 Insert the alarm connector into the Signal slot. Figure 14 Connecting a Sensor to the Signal Slot 4 T o connect an output device, repeat the pr evious steps but this time connect to either pins (1,2) or (2,3) on the Signal connector . Y ou can also daisy-chain the external alarm to a[...]

  • Page 43

    Chapter 3 Hardware Overview MGS3700-12C User’s Guide 43 2 When daisy -chaining further S witches ensure that the sig nal output pins y ou use are the same as those you used when conne cting to the first switch, as shown i n the diagr am below . Figure 15 Daisy-chaining an External Alarm Sens or to Other Switches of the Same Model 3.2 Rear Panel T[...]

  • Page 44

    Chapter 3 Har d war e Ov er vie w MGS3700-12C User’s Guide 44 3.4 Configuring the Switch Y ou may use th e embedded web co nfigur ator or command lin e interface to configure the Switch. If you’re using th e web configurator , you need Inte rnet Explorer 5.5 and later or Net scape Navigator 6 and later . PWR Green On The system is turned on. Of[...]

  • Page 45

    Chapter 3 Hardware Overview MGS3700-12C User’s Guide 45 Y ou can access the command line interface using a terminal emulation progr am on a computer connected t o the Switch console port (s ee Section 3.1.1 on page 3 6 ) or access the Switc h using T elnet. The next part of this guide discusses configur ing the Switc h using the we b configur ato[...]

  • Page 46

    Chapter 3 Har d war e Ov er vie w MGS3700-12C User’s Guide 46[...]

  • Page 47

    MGS3700-12C User’s Guide 47 C HA PT ER 4 The Web Configurator This section introduces the config uratio n and functions of the web configurator . 4.1 Introduction The web configurator is an HTML -based management interface that allows easy Switch setup an d managemen t via Internet br owser . Use Interne t Explorer 6.0 and later or Netscape Navig[...]

  • Page 48

    Chapter 4 The Web Con figurator MGS3700-12C User’s Guide 48 3 The login screen appears. The defa ult username is admin (case sensitive) and associated de fault passwo rd is 1234 . The date and time display as shown i f you have not configured a time server nor manually ent ered a time and date in the General Setup screen. Figure 17 W eb Configura[...]

  • Page 49

    Chapter 4 T he Web Configurator MGS3700-12C User’s Guide 49 A - Click the menu items to open submenu li nks, and then click on a submenu link to open the screen in the main window ( F ). B , C , D , E - These are quick links which allo w y ou to perform certain tasks no matter which screen you are currently working in. B - Click t his link t o sa[...]

  • Page 50

    Chapter 4 The Web Con figurator MGS3700-12C User’s Guide 50 The following table descri bes the links in the na vigation panel. T able 4 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This link takes you to a screen that displays general system and hardware monitoring inform ation. General Setup This link takes y ou to a screen[...]

  • Page 51

    Chapter 4 T he Web Configurator MGS3700-12C User’s Guide 51 Queuing Method This link takes you to a screen wh ere you can con figure queui ng with associated queue weights for each port. VLAN Stacking This link takes yo u to screens where you can configure VLAN stacking which helps to distinguish multiple customers VLANs. Multicast This link take[...]

  • Page 52

    Chapter 4 The Web Con figurator MGS3700-12C User’s Guide 52 4.3.1 Change Y our Password After you log i n for the first time, it is recommended you change the default administr ator password. Click Man agement > Access Control > Logi ns to display the next screen. Figure 19 Change Administrator Login Password 4.4 Saving Y our Configuration [...]

  • Page 53

    Chapter 4 T he Web Configurator MGS3700-12C User’s Guide 53 Click the Save link in the upper right hand corner of the web configur ator to sav e your configur ation to nonvol atile memory . Nonvolatile memory refers to the Switch’ s stor age that remains even if the Switch’ s power is turned off . Note: Use the Save link when you are d one wi[...]

  • Page 54

    Chapter 4 The Web Con figurator MGS3700-12C User’s Guide 54 previous configur ations and the speed of the c onsole port will be res et to the default of 9600bps with 8 data bit, no parity , one stop bit and flow control set to none. The password will also be rese t to “1234” and the IP address t o 192.168.1.1. T o upload the configur ation fi[...]

  • Page 55

    Chapter 4 T he Web Configurator MGS3700-12C User’s Guide 55 4.7 Logging Out of the W eb Configurator Click Logout in a screen to exit the web configurator . Y ou have to log in with your password again after you log out. This is recommended after you fini sh a management session for security reasons. Figure 21 W eb Configurator: Logout Scre en 4.[...]

  • Page 56

    Chapter 4 The Web Con figurator MGS3700-12C User’s Guide 56[...]

  • Page 57

    MGS3700-12C User’s Guide 57 C HA PT ER 5 Initial Setup Example This chapter shows how to set up the S witch for an example network. 5.1 Overview The following lists the configur ation steps for the initial setup: • Create a VLAN • Set port VLAN ID • Configure the Swi tch IP management address 5.1.1 Creating a VLAN VLANs confine broad cast f[...]

  • Page 58

    Chapter 5 Initi al Set up Ex amp l e MGS3700-12C User’s Guide 58 1 Click Advanced Application > VLAN in the navigati on panel and click t he Static VLAN link. 2 In the Static VLAN screen, select ACTIVE , enter a descriptiv e name in the Name field and enter 2 in the VLAN Group ID field fo r the VLAN2 network. Note: The VLAN Group ID field in t[...]

  • Page 59

    Chapter 5 Initi al Set up Ex amp le MGS3700-12C User’s Guide 59 In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2. Figure 23 Initia l Setup Network Example: Port VID 1 Click Advanced Applications > VLAN in the navigation panel. Then click the VLAN Por t Setting li[...]

  • Page 60

    Chapter 5 Initi al Set up Ex amp l e MGS3700-12C User’s Guide 60 5.2 Configuring Switch Management IP Address The default management IP address of the Switc h is 192.168.1.1. Y ou can configure another IP address in a differ ent subnet for management purposes. The following figure shows an exa mple. Figure 24 Initia l Setup Example: Management IP[...]

  • Page 61

    Chapter 5 Initi al Set up Ex amp le MGS3700-12C User’s Guide 61 3 Click Basic Setting > IP Setup in the navigation panel. 4 Configure the related fields in the IP Setup screen. 5 For t h e VLAN2 network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask. 6 In the VID field, enter the ID of the VLAN group to which y ou wa[...]

  • Page 62

    Chapter 5 Initi al Set up Ex amp l e MGS3700-12C User’s Guide 62[...]

  • Page 63

    MGS3700-12C User’s Guide 63 C HA PT ER 6 Tutorials This chapter provides some examples of using the web configur ator to set up and use the Switch. The tutorials include: • How to Use DHCP Snooping on the Switch • How to Use DHCP Rela y on the Switch • How to Use PPPoE IA on the Switch • How to Use Error Disable and R ecov ery on the Swit[...]

  • Page 64

    Chapter 6 Tutorials MGS3700-12C User’s Guide 64 The settings in t his tutorial are as the following. 1 Access the Switch from t he MGMT port through http://192.168 .0.1 by def ault. Log into the Switch by entering the username (default: admin ) and password (default: 1234 ). 2 Go to Advanced Application > VLAN > Static VLAN , and create a V[...]

  • Page 65

    Chapter 6 Tutorials MGS3700-12C User’s Guide 65 3 Go to Advanced Application > VLAN > VLAN Port Setting , and set the PV ID of the ports 5, 6 and 7 to 100. This tags untagged incoming frames on ports 5, 6 and 7 with the tag 100. Figure 27 T utorial: T ag Untagged Fr ames 4 Go to Advanced Application > IP Source Guard > DHCP snooping &[...]

  • Page 66

    Chapter 6 Tutorials MGS3700-12C User’s Guide 66 5 Click the Port link at the top right corner . 6 The DHCP Snooping Port Configure screen appears. Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5. K eep ports 6 and 7 Untrusted because they are connected to DHCP clients. Click Apply . Figur[...]

  • Page 67

    Chapter 6 Tutorials MGS3700-12C User’s Guide 67 8 Click Save at the top right corner of the web configurator to sa ve the configurat ion permanently . 9 Connect your DHCP server to p ort 5 and a computer (as DHCP client) t o either port 6 or 7. The computer should be ab le to get an IP address from the DHCP server . If you put the DHCP server on [...]

  • Page 68

    Chapter 6 Tutorials MGS3700-12C User’s Guide 68 the system name, VLAN ID and port nu mber in the DHCP request. Client A connects to the S witch’ s port 2 in VLAN 102. Figure 32 T utorial: DH CP Relay Scenario 6.2.2 Creating a VLAN Fol low the steps below to configure port 2 as a member of VLAN 102. 1 Access th e web configurator throug h the Sw[...]

  • Page 69

    Chapter 6 Tutorials MGS3700-12C User’s Guide 69 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q . Click Apply to save the settings to the run-time memory . Figure 33 T utorial: Set VLAN T ype to 802.1Q 3 Click Advanced Application > VLAN > Static VLAN . 4 In the Static VLAN screen, select ACTIVE , enter a descripti v[...]

  • Page 70

    Chapter 6 Tutorials MGS3700-12C User’s Guide 70 7 Click Add to sav e the settings to the run-time memory . Settings in the run-time memory are lost when the Switc h’ s power is turned off . Figure 34 T utorial: Create a S tatic VLAN 8 Click the VLAN St atus link in the Static VLAN screen a nd then the VLAN Port Setting link in the VLAN Status s[...]

  • Page 71

    Chapter 6 Tutorials MGS3700-12C User’s Guide 71 10 Click Apply t o save y our changes back to the run-time memory . Figure 36 T utorial: Add T ag for Frames Received on Port 2 11 Click the Save link in the upper right c orner of the web configur ator to sav e your configu ration permane ntly . 6.2.3 Configuring DHCP Relay Follow the steps belo w [...]

  • Page 72

    Chapter 6 Tutorials MGS3700-12C User’s Guide 72 5 Click Apply t o save y our changes back to the run-time memory . Figure 37 T utorial: Set DHCP Server and Relay Information 6 Click the Save link in the upper right c orner of the web configur ator to sav e your configu ration permane ntly . 7 The DHCP server can then assign a specif ic IP address[...]

  • Page 73

    Chapter 6 Tutorials MGS3700-12C User’s Guide 73 Figure 38 T utorial: PPPoE Intermediate Agentt T utorial Overview Note: For related information about PPPoE I A, see Section 32.4 on p age 320 . The settings in this tutorial are as follows: 6.3.1 Configuring Switch A 1 Click Advanced Application > PPPo E > Intermediate Agent . Select Active t[...]

  • Page 74

    Chapter 6 Tutorials MGS3700-12C User’s Guide 74 2 Select Untrusted for port 5 and enter userC as Circuit-id and 00134900000A as Remote-id. Select Trusted for port 12 and then leave the other fields empty . Click Apply . Then Click Intermediate Agent on the top of the screen. 3 The Intermediate Agent screen appears. Click VLAN on the top of the sc[...]

  • Page 75

    Chapter 6 Tutorials MGS3700-12C User’s Guide 75 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in this example. Click Apply . 5 Then select Yes to enable PPP oE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Sw itch to add these two string s to frames t agged with VLAN 1 and pass [...]

  • Page 76

    Chapter 6 Tutorials MGS3700-12C User’s Guide 76 1 Click Advanced Application > PPPo E > Intermediate Agent . Select Active then clic k Apply . Click Port on the top of the screen. 2 Select Trusted for ports 11 and 12 and then click Apply . Then Click Intermediate Agent on the top of the screen.[...]

  • Page 77

    Chapter 6 Tutorials MGS3700-12C User’s Guide 77 3 The Intermediate Agent screen appears. Click VLAN on the top of the screen. 4 Enter 1 for both Start VID and End VID . Click Apply . 5 Then select Yes to enable PPP oE IA in VLAN 1 and also select Circuit-id and Remote-id to allow the Sw itch to add these two string s to frames t agged with VLAN 1[...]

  • Page 78

    Chapter 6 Tutorials MGS3700-12C User’s Guide 78 6.4 How to Use Error Disable and Recovery on the Switch This tutorial shows y ou how to shut down a port when: • there is a loop occurred or • too many ARP requests (o ver 100 pack ets per second ) received on a port Y ou also want the Switch to w ait for a period (10 minutes) before resuming th[...]

  • Page 79

    Chapter 6 Tutorials MGS3700-12C User’s Guide 79 2 Click Advanced Application > Errdisable > CPU Protection , select ARP as the reason, enter 100 as the r ate limit (packets per second ) for the first entry (port *) to apply the s etting to all po rts. Then clic k Apply . 3 Click Advanced Application > Errd isable > Errdisable Detect ,[...]

  • Page 80

    Chapter 6 Tutorials MGS3700-12C User’s Guide 80 4 Click Advanced Application > Errdisable > Errdisable Recovery , select Active and Timer Status for loopguard and ARP entries. Also enter 180 (180 seconds = 3 minutes) in the Interval field for both entries. Then click Apply . 6.5 How to Set Up a Guest VLAN All ports on the Switch are i n VLA[...]

  • Page 81

    Chapter 6 Tutorials MGS3700-12C User’s Guide 81 6.5.1 Creating a Guest VLAN Fol low the steps below to config ure port 1, 2, 3 and 10 as a member of VLAN 200. 1 Access th e web configurator throug h the Switch’s management port. 2 Go to Basic Setting > Switch Setup an d set the V LAN type to 802 .1Q . Click Apply to save the settings to the [...]

  • Page 82

    Chapter 6 Tutorials MGS3700-12C User’s Guide 82 7 Click Add to sav e the settings to the run-time memory . Settings in the run-time memory are lost when the Switc h’ s power is turned off . 8 Click the VLAN St atus link in the Static VLAN screen a nd then the VLAN Port Setting link in the VLAN Status sc reen. 9 Enter 200 in the PVID f ield for [...]

  • Page 83

    Chapter 6 Tutorials MGS3700-12C User’s Guide 83 10 Click Apply t o save y our changes back to the run-time memory . 11 Click the Save link in the upper right c orner of the web configur ator to sav e your configu ration permane ntly . 6.5.2 Enabling IEEE 802.1x Port Authentication Fol low the steps below to enable port au thentication to v alidat[...]

  • Page 84

    Chapter 6 Tutorials MGS3700-12C User’s Guide 84 2 Select the first Active checkbo x to enable 802.1x au thenti cation on the Switch. Select the Active checkbo xes for ports 1 to 8 to turn on 802.1x authenticat ion on the selected ports. Click Apply . 6.5.3 Enabling Guest VLAN 1 Click the Guest Vl an link in the 802.1x scr een.[...]

  • Page 85

    Chapter 6 Tutorials MGS3700-12C User’s Guide 85 2 Select Active and enter the guest VLAN ID (200 in this example) on ports 1, 2 and 3. The Switch puts unauthentic ate d clients i n the specified guest VLAN. Set Host-mode to Multi-Secure to have the Switch auth enticate each client that connects to one of these ports, and spec ify the maximum numb[...]

  • Page 86

    Chapter 6 Tutorials MGS3700-12C User’s Guide 86 Private VLAN to do port isolation in a VLAN instead of assi gning each port to a separate VL AN and creating a different IP routing domain for each individual port. In this example, you put ports 2 to 5 in VLAN 123 and create a priv ate VLAN rule for VLAN 123 to block t raffic between p orts 2, 3 an[...]

  • Page 87

    Chapter 6 Tutorials MGS3700-12C User’s Guide 87 4 In the Static VLAN screen, select ACTIVE , enter a descripti ve name (VLAN 123 for example) in the Name field and enter 123 in the VLAN Group ID field. 5 Select Fixed to configure ports 2, 3, 4 and 5 to be permanent members of this VLAN. 6 Clear the TX Tagging check box to set the Switch to remov [...]

  • Page 88

    Chapter 6 Tutorials MGS3700-12C User’s Guide 88 8 Click the VLAN St atus link in the Static VLAN screen a nd then the VLAN Port Setting link in the VLAN Status sc reen. 9 Enter 123 in the PVID f ield for ports 2, 3, 4 and 5 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the[...]

  • Page 89

    Chapter 6 Tutorials MGS3700-12C User’s Guide 89 6.6.2 Creating a Private VLAN Rule Fol low the steps below to configure priv ate VLAN for VLAN 123. 1 Click Advanced Application > Private VLAN . 2 In the Private VLAN screen, select Active . Enter a descriptive name (Priv a teVLAN123 for example) in the Name field and enter 123 in the VLAN I D f[...]

  • Page 90

    Chapter 6 Tutorials MGS3700-12C User’s Guide 90[...]

  • Page 91

    91 P ART II Basic Configuration System Status and P ort Statistics (93) Basic Setting (99)[...]

  • Page 92

    92[...]

  • Page 93

    MGS3700-12C User’s Guide 93 C HA PT ER 7 1 1/2012 System Status and Port Statistics This chapter describes the system s tatus (web configur ator home page) and port details screens. 7.1 Overview The home screen of the web configurator di splays a port stat istical sum mary with links to each port showing s tatistical details.[...]

  • Page 94

    Chapter 7 S ystem Status and Port Sta tistics MGS3700-12C User’s Guide 94 7.2 Port S t atus Summary T o view the port statistics, click Status in all web configurator screens to display the Status screen as sho wn next. Figure 39 S tatus The following table describes t he labels in this screen. T able 7 Status LABEL DESCRIPTION P ort This identif[...]

  • Page 95

    Chapter 7 System Status and Port Statistics MGS3700-12C User’s Guide 95 Up Time This field shows the total amount of time in hours, minutes and seconds the port has been up. Clear Counter Enter a port number and then click Clear Counter to er ase the recorded statistical information for that port, or select Any to clear statistics for all ports. [...]

  • Page 96

    Chapter 7 S ystem Status and Port Sta tistics MGS3700-12C User’s Guide 96 7.2.1 S t atus: Port Det ails Click a number in the Port column in the Status screen to display individual p ort statistics. Use t his screen to check status and detailed performance data about an individual port on the S witch. Figure 40 S tatus > Port Det ails The foll[...]

  • Page 97

    Chapter 7 System Status and Port Statistics MGS3700-12C User’s Guide 97 Name This field displays the name of the port. Link This field displays the speed (either 10 M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex ( F for full duplex or H for half duplex). It also shows the cable type ( Copper or Fiber ). Status I f STP (Spann[...]

  • Page 98

    Chapter 7 S ystem Status and Port Sta tistics MGS3700-12C User’s Guide 98 Control This field shows the number of con trol packets received (including those with CRC error) but it does not include the 802.3x Pause pack ets. TX Collision The following fields display informat ion on collisions while transmitting. Single This is a count of successful[...]

  • Page 99

    MGS3700-12C User’s Guide 99 C HA PT ER 8 Basic Setting This chapter describes how to configure the System Info, General Setup , Switch Setup , IP Setup and Port Setup screens. 8.1 Overview The System Info screen displays gener al Switch information (such as fi rmware version number) and hardware polling information (such as fan speeds). The Gener[...]

  • Page 100

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 100 8.2 System Information In the navigation panel, click Basic Setting > System Info to displ ay the screen as shown. Y ou can check the firmware version number and monitor the Switch’ s temperature, fan speed and voltage in this screen. Figure 41 Basic Setting > System Info The following [...]

  • Page 101

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 101 AC Power This field displays On when the Switch is using AC power and Absent when AC power is not av ailable. DC Power This field displays On when the Switch is using DC power , Present when the Switch is connected to DC power but does not use it, and Absent when DC power is not av ailable. BPS[...]

  • Page 102

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 102 8.3 General Setup Use this screen to configure genera l sett ings such as the system name and time. Click Basic Setting > Gener al Setup in the navigation panel to display the screen as shown. Figure 42 Basic Setting > General Setup The following table describes t he labels in this screen[...]

  • Page 103

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 103 Use Time Server when Bootup Enter the time service pro tocol that your timeserv er uses. Not all time servers support all protocols, so you may have to use trial and error to find a protocol that works. The ma in differences between them are the time format. When you select the Daytime (RFC 867[...]

  • Page 104

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 104 8.4 Introduction to VLANs A VLAN (Virtual Local Area Network) allo ws a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one grou p. With VLAN, a device cannot directly talk to or hear from devi[...]

  • Page 105

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 105 8.4.1 Smart Isolation T o block tr affic between two specific ports withi n the Switch, y ou can use port isolation or private VLAN ( see Chapter 33 on page 327 for more information). However , it does not work across multiple switches. F or example, broadcast traffic from isolated ports on a s[...]

  • Page 106

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 106 Note: The uplink port connecte d to the Internet should be the root po rt. Otherwise, with smart isolation enabled, the isolated port s cannot access the Internet. 8.5 Switch Setup Screen Click Basic Setting > Switch Setup in the navigation panel to display the screen as shown. The VLAN setu[...]

  • Page 107

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 107 Smart Isolation Select Active to enable smart isolation on the S witch. The designated port(s) then becomes the isolated port. Smart isolation allows you to prevent isolated ports on different switch es from transmitting tr affic to each other . Note: T o use smart isolation, y ou should ha ve [...]

  • Page 108

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 108 8.6 IP Setup Use the IP Setup screen to configure the Switch IP address, default gatew ay device, the default d omain name serv er and the management VLAN ID . The default gateway specifies the IP address of the default gateway (next hop ) for outgoing traffi c. 8.6.1 Management IP Addresses Th[...]

  • Page 109

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 109 Note: Y ou must configure a VLAN first. Figure 44 Basic Setting > IP Setup The following table describes t he labels in this screen. T able 12 Basic Setting > IP Setup LABEL DESCRIPTION Domain Name Server DNS (Domain Name System) is for mappin g a domain name to its corresponding IP addre[...]

  • Page 110

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 11 0 Default Management Specify which traffic flow ( In-Band or Ou t-of-band ) the S witch is to send packets originating from itself (such as SNMP traps) or pack ets with unknown source. Select Out-of-band to have the Switch send the packets to the out- of-band management port. This means that dev[...]

  • Page 111

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 111 In-band IP Addresses Y ou can create up to 64 IP addresses, which are used to access and manage the Switch from the ports belonging to the pre-defin ed VLAN(s). Y ou must conf igure a VLAN first. IP Address E nter the IP address fo r managing the S witch by the me mbers of the VLAN specified in[...]

  • Page 112

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 11 2 8.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the conf iguration screen. Figure 45 Basic Setting > Port Setup The following table describes t he labels in this screen. T able 13 Basic Setting > Por[...]

  • Page 113

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 11 3 Speed/ Duplex Select the speed and the duplex mode of the Ethernet connection on this port. Choices are Auto , 10M/Half Duplex , 10M/Full Duplex , 100M/ Half Duplex , 100M/Full Duplex and 1000M/Full Duplex . Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automa[...]

  • Page 114

    Chapter 8 Basic Setting MGS3700-12C User’s Guide 11 4[...]

  • Page 115

    11 5 P ART III Advanced VLAN (117) Static MAC F orward Setup (137) Static Multicast Forw ard Setup (141) Filtering (145) Spanning T ree Protocol (147) Bandwidth Control (169) Broadcast Storm Control (173) Mirroring (175) Link Aggregation (185) P ort Authentication (195) P ort Security (205) Classifier (211) P olicy Rule (219) Queuing Method (227) V[...]

  • Page 116

    11 6[...]

  • Page 117

    MGS3700-12C User’s Guide 11 7 C HA PT ER 9 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-bas ed VLANs. 9.1 Introduction to IEEE 802.1Q T a gged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the[...]

  • Page 118

    Chapter 9 VLAN MGS3700-12C User’s Guide 11 8 9.1.1 Forwarding T agged and Unt agged Frames Each port on the Swit ch is capable of passing tagged or unta gged frames. T o forward a fr ame from an 802.1Q VLAN- aware swit ch to an 802.1Q VLAN-unaware switch, the Swit ch first decides where to forw ard the frame and then strips off the VLAN tag. T o [...]

  • Page 119

    Chapter 9 VLAN MGS3700-12C User’s Guide 11 9 Please refer to the following table fo r common IEEE 802.1Q VLAN terminology . 9.3 Port VLAN T runking Enable VLAN Trunking on a port to allow fr ames belonging to unknown VLAN groups to pass through that port. This is us eful if yo u want to set up VLAN groups on end devices without ha ving to co nfig[...]

  • Page 120

    Chapter 9 VLAN MGS3700-12C User’s Guide 120 VLAN group tags 1 and 2 (VLAN groups th at are unknown to those switches) to pass through their VLAN trunking port(s). Figure 46 Port VLAN T runking 9.4 Select the VLAN T ype Select a VLAN type in the Basic Setting > Switch Setup screen. Figure 47 Switch Setup > Select VLAN T ype 9.5 S t atic VLAN[...]

  • Page 121

    Chapter 9 VLAN MGS3700-12C User’s Guide 121 9.5.1 S t atic VLAN S t atus See Section 9.1 on page 117 for more information on Static VLAN. Cl ick Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 48 Advanced Application > VLAN: VLAN S t atus The following table describes t he labels[...]

  • Page 122

    Chapter 9 VLAN MGS3700-12C User’s Guide 122 9.5.2 VLAN Det ails Use this screen to view detai led port se ttings and status of the VLAN group . See Section 9.1 on page 117 for more information on static VLAN. Click on an index number in the VLAN Status screen to display VLAN det ails. Figure 49 Advanced Application > VLAN > VLAN Detail The [...]

  • Page 123

    Chapter 9 VLAN MGS3700-12C User’s Guide 123 static VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next. Figure 50 Advanced Application > VLAN > S tatic VLAN The following table describes t he related labels in this screen. T able 17 Advanced Application > VLAN > S tatic VLAN LABEL DESCRIPTION ACTIVE S[...]

  • Page 124

    Chapter 9 VLAN MGS3700-12C User’s Guide 124 * Settings in this row apply to all ports. Use this row only if y ou want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port -by-port basis. Note: Changes in this row are copied to all t he ports as soon as you make them. Contr[...]

  • Page 125

    Chapter 9 VLAN MGS3700-12C User’s Guide 125 9.5.4 Configure VLAN Port Settings Use the VLAN Port Set ting screen to co nfigure the static VLAN (IEEE 802.1Q) settings on a port. See Section 9.1 on page 117 for more information on static VLAN. Click the VLAN Port Setting link in th e VLAN St atus screen. Figure 51 Advanced Application > VLAN >[...]

  • Page 126

    Chapter 9 VLAN MGS3700-12C User’s Guide 126 9.6 Subnet Based VLANs Subnet based VLANs allow y ou to group tr affic into logical VLANs based on the source IP subnet you s pecify . When a fr ame is received on a port, the Switch checks if a tag is added already and the IP subnet it came from. The untag ged packets fr om the same IP su bnet are then[...]

  • Page 127

    Chapter 9 VLAN MGS3700-12C User’s Guide 127 Y ou configure a subnet based VLAN with priority 6 and VID of 100 for tr affic received from IP subnet 172.16.1. 0/24 (voice services). Y ou also have a subnet based VLAN with priority 5 and VID of 200 for tr affic received from IP subnet 192.168.1.0/24 (video services). Lastly , you configure VLAN wit [...]

  • Page 128

    Chapter 9 VLAN MGS3700-12C User’s Guide 128 Note: Subnet based VLAN applies to un-tagg ed packet s and is applicable only when you use IEEE 802.1Q t agged VLAN. Figure 53 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes t he labels in this screen. T able 19 Advanced Application > VLAN &[...]

  • Page 129

    Chapter 9 VLAN MGS3700-12C User’s Guide 129 9.8 Protocol Based VLANs Protocol based VLANs allow y ou to group tr affic into logi cal VLANs based on the protocol you spec ify . When an ups tream fr ame is received on a port (configured for a protocol based VLAN), t he Switch checks if a tag is added already and its protocol. The untagged packets o[...]

  • Page 130

    Chapter 9 VLAN MGS3700-12C User’s Guide 130 for ARP traff ic received on port 1, 2 and 3. Y ou also have a protocol based VLAN B with priority 2 for Appl e T alk traffic receiv ed on port 6 and 7. All upstream ARP traffic from port 1, 2 and 3 will be grou ped together , and all upstream Apple T alk traffic from port 6 and 7 will be in another gro[...]

  • Page 131

    Chapter 9 VLAN MGS3700-12C User’s Guide 131 The following table describes t he labels in this screen. T able 20 Advanced Application > VLAN > VL AN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Active Check this bo x to activate this protocol based VLAN. P ort T ype a port to be included in this protocol based VLAN. This por[...]

  • Page 132

    Chapter 9 VLAN MGS3700-12C User’s Guide 132 9.10 Create an IP-based VLAN Example This example shows you how to create an IP VLAN which includes ports 1, 4 and 8. Fo llow these steps: 1 Activ ate this protocol based VLAN. 2 T ype the port number you w ant to include in this protocol based VLAN. T y pe 1 . 3 Give this protocol-based VLAN a desc rip[...]

  • Page 133

    Chapter 9 VLAN MGS3700-12C User’s Guide 133 P ort-based VLANs require all owed outgoing ports to be defined for each port. Therefore, if y ou wish to allow t wo subscr iber ports to talk to each oth er , for example, between conference rooms in a hotel, y ou must define t he egress (an egress port is an outgoing port, that is, a port through whic[...]

  • Page 134

    Chapter 9 VLAN MGS3700-12C User’s Guide 134 9.1 1.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation p anel to display the next screen. Figure 57 Port Ba sed VLAN Setup (All Connected) Figure 58 Port Ba sed VLAN Setup (Por[...]

  • Page 135

    Chapter 9 VLAN MGS3700-12C User’s Guide 135 The following table describes t he labels in this screen. T able 21 Port Based VLAN Setup label Description Setting Wizard Choose All connected or Port isolation . All connected means all ports can communicate with each other , that is, there are no virtual LANs. All incomi ng and outgoing ports are sel[...]

  • Page 136

    Chapter 9 VLAN MGS3700-12C User’s Guide 136[...]

  • Page 137

    MGS3700-12C User’s Guide 137 C HA PT ER 10 Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 10.1 Overview This chapter discusses how to configure forw arding rules based on MAC addresses of devices on your network. 10.2 Configuring S t atic MAC Forwarding A static MAC address is an address that has been manua[...]

  • Page 138

    Chapter 10 St at ic MAC Fo rw ard Setup MGS3700-12C User’s Guide 138 Click Advanced Applications > Static MAC Forwarding in the na vigation panel to display the configur ation screen as shown. Figure 59 Advanced Application > S tatic MAC Forwarding The following table describes t he labels in this screen. T able 22 Advanced Application >[...]

  • Page 139

    Chapter 10 Static MAC Fo rward Setup MGS3700-12C User’s Guide 139 VID This field displays the ID number of the VLAN group. P ort This field displa ys the port where the MAC address shown in the next field will be forwarded. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete che ck boxe[...]

  • Page 140

    Chapter 10 St at ic MAC Fo rw ard Setup MGS3700-12C User’s Guide 140[...]

  • Page 141

    MGS3700-12C User’s Guide 141 C HA PT ER 11 Static Multicast Forward Setup Use these screens to configure stat ic Multicast address forwarding. 1 1.1 S t atic Multicast Forwarding Overview A multicast MAC address is the MAC addres s of a member of a multicast group. A static multicast address is a multicas t MAC address that has been manually ente[...]

  • Page 142

    Chapter 11 St at ic Mu lt ica s t Fo rw ar d Set up MGS3700-12C User’s Guide 142 connected to port 3. Fi gure 62 shows fr ames being forwarded to ports 2 and 3 within VLAN group 4. Figure 60 No S tatic Multicast Forwardin g Figure 61 S tatic Mutlicast Forwardin g to A Single Port Figure 62 S tatic Mutlicast Forwardin g to Multiple Ports 1 1.2 Con[...]

  • Page 143

    Chapter 11 Static Mu lticast Forward Setup MGS3700-12C User’s Guide 143 Click Advanced Applications > Static Multicast Forwarding to display the configurati on screen as shown. Figure 63 Advanced Application > S tat ic Multicast Forwarding The following table describes t he labels in this screen. T able 23 Advanced Application > S t atic[...]

  • Page 144

    Chapter 11 St at ic Mu lt ica s t Fo rw ar d Set up MGS3700-12C User’s Guide 144 Active This field displays whether a static multicast MAC address forwarding rule is active ( Yes ) or not ( No ). Y ou may tempor arily deactivate a rule without deleting it. Name This field displays the descriptive name for identification purposes for a static mult[...]

  • Page 145

    MGS3700-12C User’s Guide 145 C HA PT ER 12 Filtering This chapter discusses MAC address port fil tering. 12.1 Configure a Filtering Rule Filtering means sifting tr affic going throug h the Switch based on the source and/or destination MAC addresse s and VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display [...]

  • Page 146

    Chapter 12 Filtering MGS3700-12C User’s Guide 146 The following table describes t he related labels in this screen. T able 24 Advanced Application > FIltering LABEL DESCRIPTION Active Make sure to select this check box to activ ate your rule. Y ou may temporarily deactiv ate a rule without de leting it by deselecting this check box. Name T ype[...]

  • Page 147

    MGS3700-12C User’s Guide 147 C HA PT ER 13 Spanning Tree Protocol The Switch suppor ts Spanning T ree Protocol (STP), R apid Spanning T ree Protocol (RSTP) and Multiple Spanning T ree Protoc ol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning T ree Protocol • IEEE 802.1w Rapid Spanning T ree Protocol • IEEE 802.1s Multip[...]

  • Page 148

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 148 P ath cost is the cost of tr ansmitting a frame onto a LAN through that port. The recommended cost is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost. On each bridge, the root port is the port through which this brid[...]

  • Page 149

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 149 13.1.3 STP Port S t ates STP assigns fiv e port states to eliminate packet loopi ng. A bridge port is not allowed to go direct ly from blocking state to forw arding state so as to eliminate transient loops. 13.1.4 Multiple RSTP MRSTP (Multiple RSTP) is Z yXEL ’s proprietar y featu[...]

  • Page 150

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 150 Note: Each port can belong to one STP tree only . Figure 65 MRST P Network Exa mpl e 13.1.5 Multiple STP Multiple Spanning T ree Protocol (IEEE 802.1s) is backward compatible with STP/ RSTP and addresses the limit ations of existing spanning tree pr otocols (STP and RSTP) in network[...]

  • Page 151

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 151 blocked as STP and RSTP allow only one link i n the network and block the redundant link. Figure 66 STP/RSTP Network Example With MSTP , VLANs 1 and 2 are mapped to di fferent spanni ng trees in the network. Thus traf fic from the two VLANs tr avel on different paths. The following [...]

  • Page 152

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 152 Devices that belong to the same MST re gion are configured to hav e the same MSTP configuration identificati on settings . These include the following parameters: • Name of the MST region • Revision level as the uniqu e number for t he MST region • VLAN-to-MST Instance mapping[...]

  • Page 153

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 153 and single spanning tree devi ces. A ne t work may contain multiple MST regions and other network segments running RSTP . Figure 69 MSTP and Legacy RSTP Network Example 13.2 S p anning T ree Protocol St atus Screen The Spanning T ree Protocol status scree n changes depending on what[...]

  • Page 154

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 154 13.3 S p anning T ree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch. Click Configuration in t he Advanced Application > Spanning Tree Protocol . Figure 71 Advanced Application > S panning T ree Protocol > Configurati[...]

  • Page 155

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 155 13.4 Configure Rapid S p anning T ree Protocol Use this screen to configure RSTP settings, see Section 13.1 on page 147 for more informat ion on RS TP . Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 72 Advanced Application > S panni ng T ree Pr[...]

  • Page 156

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 156 Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority , the switch with the lowest MAC address will the n [...]

  • Page 157

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 157 13.5 Rapid S p anning T ree Protocol St atus Click Advanced Application > Spanning Tree Pro tocol in the navigation panel to display the status screen as shown next. See Section 13.1 on page 147 for more information on RSTP . Note: This screen is only available af ter you activat[...]

  • Page 158

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 158 The following table describes t he labels in this screen. T able 29 Advanced Application > Spanning Tree Protocol > Status: RSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you w ant to activate. Click RSTP to edit RSTP settings on the Switch.[...]

  • Page 159

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 159 13.6 Configure Multiple Rapid S p anning T ree Protocol T o configure MRSTP , click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1 on page 147 for more information on MRSTP . Figure 74 Advanced Application > S panning T ree Protocol > MR[...]

  • Page 160

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 160 Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority , the switch with the lowest MAC address will the n [...]

  • Page 161

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 161 13.7 Multiple Rapid S p anning T ree Protocol S t atus Click Advanced Applicat ion > Spanning Tree Protoc ol in the navigation panel to display the status screen as shown next. See Section 13.1 on page 147 for more information on MRSTP . Note: This screen is only available af ter[...]

  • Page 162

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 162 The following table describes t he labels in this screen. T able 31 Advanced Application > Spanning Tree Protocol > Status: MRST P LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you w ant to activate. Click MRSTP to edit MRSTP settings on the S w[...]

  • Page 163

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 163 13.8 Configure Multiple S p anning T ree Protocol T o configure MSTP , click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1.5 on page 150 for more information on MSTP . Figure 76 Advanced Application > S panni ng T ree Protocol > MSTP[...]

  • Page 164

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 164 The following table describes t he labels in this screen. T able 32 Advanced Application > S p anning T ree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 77 on page 166 ). Active Select this check box to activ ate MSTP on t[...]

  • Page 165

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 165 Bridge Priority Set the priority of the Switch for the specific spanning tree instance. The lower the number , the more li kely the Switch will be chosen as the root bridge within the spanning tree instance. Enter priority values between 0 and 61440 in increments of 4096 (thus valid[...]

  • Page 166

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 166 13.9 Multiple S p anning T ree Protocol St atus Click Advanced Applicat ion > Spanning Tree Protoc ol in the navigation panel to display the status screen as shown next. See Section 13.1.5 on page 150 for more information on MSTP . Note: This screen is only available af ter you a[...]

  • Page 167

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 167 The following table describes t he labels in this screen. T able 33 Advanced Application > Spanning Tree Protocol > Status: MSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you w ant to activate. Click MSTP to edit MSTP settings on the S witch[...]

  • Page 168

    Chapter 13 Spanning T ree Protoc ol MGS3700-12C User’s Guide 168 Internal Cost This is the path cost from the root port in this MST instance to the regional root switch. P ort ID This is the priority and number of the port on the Sw itch through which this Switch must communicate with the root of th e MST instance. T able 33 Advanced Application [...]

  • Page 169

    MGS3700-12C User’s Guide 169 C HA PT ER 14 Bandwidth Control This chapter shows you how y ou can cap the maximum bandwidth using the Bandwidth Control screen. 14.1 Bandwid th Control Overview Bandwidth control means defining a maxi mum allowab le bandwidth for incoming and/or out-going tr affic flows on a port. 14.1.1 CIR and PIR The Committed In[...]

  • Page 170

    Chapter 14 Bandwidth Control MGS3700-12C User’s Guide 170 14.2 Bandwid th Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 78 Advanced Application > Bandwid th Control The following table describes t he related labels in this screen. T able 34 Advanced Applicat[...]

  • Page 171

    Chapter 14 Band wid th Contr ol MGS3700-12C User’s Guide 171 Active Select this check box to activ ate peak rate limits on this port. Pe a k Rat e Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the incoming traffic flow on a port. Pe a k Burst Specify the maximum number of bytes of unused peak bandwidth capacity that can [...]

  • Page 172

    Chapter 14 Bandwidth Control MGS3700-12C User’s Guide 172[...]

  • Page 173

    MGS3700-12C User’s Guide 173 C HA PT ER 15 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 15.1 Broadcast S torm Control Setup Broadcast storm control limits the number of broadcast, multicast and dest ination lookup failure (DLF ) packets the S witch re ceives per second on the [...]

  • Page 174

    Chapter 15 Broadcast Storm Control MGS3700-12C User’s Guide 174 The following table describes t he labels in this screen. T able 35 Advanced Application > Broadcast S torm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. P ort This field displays[...]

  • Page 175

    MGS3700-12C User’s Guide 175 C HA PT ER 16 Mirroring This chapter discusses port mirroring s etup screens. 16.1 Port Mirroring Setup P o r t m i r r o r i n g a l l o w s y o u t o c o p y a t r a f f i c f l o w t o a m o n i t o r p o r t ( t h e p o r t y o u c o p y the traffic to) in order th at you can examin e the traffic from the m onitor[...]

  • Page 176

    Chapter 16 M irr or in g MGS3700-12C User’s Guide 176 The following table describes t he labels in this screen. T able 36 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activ ate port mirroring on the Switch. Clear this check box to disable the feature. Monitor Po r t The monitor port is the port you copy th[...]

  • Page 177

    Chapter 16 M irr or ing MGS3700-12C User’s Guide 177 16.2 RMirror RMirror lets you redirect data flows that you monitor on a source switch to a different destination switch, which all ows a centrali zed network analyzer or probe to capture packets for an entire LAN. Beca use traff ic flows are not directly copied to monitor port, but reflected on[...]

  • Page 178

    Chapter 16 M irr or in g MGS3700-12C User’s Guide 178 Figure 81 Rmirror Architecture 16.2.2 RMirror Configuration Click  Advance d  Application  >  Mirroring  >RMirr o r  on  the  up  right  of  the  navig ation  panel  to  displa y  the  RMirro r  screen.  Us e  this  screen ?[...]

  • Page 179

    Chapter 16 M irr or ing MGS3700-12C User’s Guide 179 Figure 82 Advanced Application > Mirroring> RMirro r The  follo wing  table  describes  the  labels  in  this  scr een. 16.2.3 Source It will mirror port traffic to intermediate switch or destination switch by RMirror VLAN. In different scenario of source switch, t[...]

  • Page 180

    Chapter 16 M irr or in g MGS3700-12C User’s Guide 180 Figure 83 Advanced Application > Mirroring> RMirro r > Source The  follo wing  table  describes  the  labels  in  this  scr een. T able 39 Advanced Application > Mirroring> RMirror > Source LABEL DESCRIPTION RMirror VLAN Select a RMirror VLAN ID (that [...]

  • Page 181

    Chapter 16 M irr or ing MGS3700-12C User’s Guide 181 16.2.4 Destination It will monitor port tr affic from intermed iate switch or source switch by RMirror VLAN. The configuration contains: RMirror VLAN, monitor-port and connected- port. If the destination switch is other supplier switch device, i t needs to support 802.1q for basis function on R[...]

  • Page 182

    Chapter 16 M irr or in g MGS3700-12C User’s Guide 182 Figure 84 Advanced Application > Mirrori ng> RMirror > Destination The following table describes t he labels in this screen. T able 40 Advanced Application > Mirroring> RMirror > De stination LABEL DESCRIPTION RMirror VLAN Select a RMirror VLAN ID (that you configured in th e[...]

  • Page 183

    Chapter 16 M irr or ing MGS3700-12C User’s Guide 183 16.2.5 Connected Port The connected-port is the physical port connected to other switch in the same RMirror VLAN, and it can't be Mirror port or Monitor P ort. Click Advanced Application > Mirrorin g> RMirror > Connected Port on the up right of the na vigation panel to displ ay th[...]

  • Page 184

    Chapter 16 M irr or in g MGS3700-12C User’s Guide 184 The  follo wing  table  describes  the  labels  in  this  scr een. T able 41 Advanced Application > Mirroring> RMirror > Connected Port LABEL DESCRIPTION RMirror  VLAN Select  a  RMirro r  VLAN  ID  (that  you  conf ig ured  in  th[...]

  • Page 185

    MGS3700-12C User’s Guide 185 C HA PT ER 17 Link Aggregation This chapter shows you how t o logically aggr egate phy sical links t o form one logical, higher-bandwid th link. 17.1 Link Aggregation Overview Link aggregation (trunking) is the groupi ng of physical por ts into one log ical higher-capacity link. Y ou may want to trunk ports i f for ex[...]

  • Page 186

    Chapter 17 Li nk Aggr eg a tion MGS3700-12C User’s Guide 186 When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote en d of a li nk to establish trunk groups. LACP also allows port redundancy , that is, if an operational port fails, then one of the “standby” ports become operational [...]

  • Page 187

    Chapter 17 L ink Aggr eg a tion MGS3700-12C User’s Guide 187 17.3 Link Aggregation S t atus Click Advanced Application > Link Aggregation in the navigation panel. The Link Aggregation Status screen d isplays by default. See Sect ion 17.1 on page 185 for more information. Figure 86 Advanced Application > Link Aggregation S t atus The followi[...]

  • Page 188

    Chapter 17 Li nk Aggr eg a tion MGS3700-12C User’s Guide 188 Criteria This shows the outgoing traffic distribution algorith m used in this trunk group. P ackets from the same source and/or to the same destination are sent over the same link within the trun k. src-mac means the Switch distributes traffic based on the packet’ s source MAC address[...]

  • Page 189

    Chapter 17 L ink Aggr eg a tion MGS3700-12C User’s Guide 189 17.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 17.1 on page 185 for more informat ion on link ag gregation. Figure 87 Advanced Application > Link Aggreg ation > Link Aggrega[...]

  • Page 190

    Chapter 17 Li nk Aggr eg a tion MGS3700-12C User’s Guide 190 Criteria Select the outgoing traffic distribution type. P ackets from the same source and/or to the same destination are sent ov er the same link within the trunk. By default, the Switch uses the src-dst-mac distribution type. If the Switch is behind a router , the packet’s destinatio[...]

  • Page 191

    Chapter 17 L ink Aggr eg a tion MGS3700-12C User’s Guide 191 17.5 Link Aggregation Control Protocol Click Advanced Application > Link Aggregation > Link A ggregation Setting > LACP to display the screen shown next. See Section 17.2 on page 185 for more information on d ynamic link aggregation. Figure 88 Advanced Application > Link Agg[...]

  • Page 192

    Chapter 17 Li nk Aggr eg a tion MGS3700-12C User’s Guide 192 17.6 S t atic T runking Example This example shows you how to create a static port trunk group for ports 2-5. Syst e m Priority LACP system priority is a number be tween 1 and 65,535. The switch with the lowest system priority (and lowest port number if system priority is the same) beco[...]

  • Page 193

    Chapter 17 L ink Aggr eg a tion MGS3700-12C User’s Guide 193 1 Make your physical connections - make sure that the ports that you w ant to belong to the trunk group are connected to the same destinati on. The following figure shows ports 2-5 on swit ch A connected to switch B . Figure 89 T runking Example - Physical Connections 2 Configure static[...]

  • Page 194

    Chapter 17 Li nk Aggr eg a tion MGS3700-12C User’s Guide 194 Y our trunk group 1 ( T1 ) configur ation is now complete; you do not need to go to any additional screens.[...]

  • Page 195

    MGS3700-12C User’s Guide 195 C HA PT ER 18 Port Authentication This chapter describes the IEEE 802. 1x and MAC authentication methods. 18.1 Port Authentication Overview P ort authentication is a w ay to v alidate access to ports on the Switch to clients based on an external server (authentic ation server). The S witch supports the following metho[...]

  • Page 196

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 196 request to a RADIUS server . The RADIUS se rver v alidates whether this client is allowed access to the port. Figure 91 IEEE 802.1x Authentication Process 18.1.2 MAC Authentication MAC authentication works in a very sim ilar way to IEEE 802.1x authentication. The main difference is that [...]

  • Page 197

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 197 client connecting to a port on the Switch along with a password configured specifically for MAC authenti cation on the Switc h. Figure 92 MAC Authentication Process 18.2 Port Authentication Configuration T o enable port authentication, first activ a te the port authentication method(s) y[...]

  • Page 198

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 198 18.2.1 Activate IEEE 802.1x Security Use this screen to activ ate IEEE 802.1x security . In the Port Authentication screen, click 802.1x to display the config uration s creen as shown. Figure 94 Advanced Application > Port Authentication > 802.1x The following table describes t he [...]

  • Page 199

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 199 18.2.2 Guest VLAN When 802.1x port authentication is enable d on the Swit ch and its ports, client s that do not hav e the correct credentials are block ed from using the port(s). Y ou can configure your S witch to have one VLAN that acts as a guest VLAN. If you enable the guest VLAN ( 1[...]

  • Page 200

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 200 rights gr anted to the Guest VLAN depe nds on how the network administrator configures switches or routers with the gu est network feature. Figure 95 Guest VLAN Example Use this screen to enable and as si gn a Guest VLAN to a port. In the Port Authentication > 802.1x screen, click Gue[...]

  • Page 201

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 201 The following table describes t he labels in this screen. T able 48 Advanced Application > Port Authentication > 802.1 x > Guest VLAN LABEL DESCRIPTION P ort This field displays a port number . * Settings in this row apply to all ports. Use this row only if you w ant to make som[...]

  • Page 202

    Chapter 18 Port Authentication MGS3700-12C User’s Guide 202 18.2.3 Activate MAC Authentication Use this screen to activ ate MAC authentication. In t he Port Authentication screen click MAC Authentication to di splay the configur ation screen as shown. Figure 97 Advanced Application > Port Authentication > MAC Authentication The following ta[...]

  • Page 203

    Chapter 18 MGS3700-12C User’s Guide 203 Timeout Specify the amount of time before the Switch allows a client MAC address that fails authentication to try and authenticate again. Maximum time is 3000 seconds. When a client fails MAC authentication , its MAC address is learned by the MAC address table with a status of denied. The timeout period y o[...]

  • Page 204

    Chapter 18 MGS3700-12C User’s Guide 204[...]

  • Page 205

    MGS3700-12C User’s Guide 205 C HA PT ER 19 Port Security This chapter shows you how t o set up port securit y . 19.1 About Port Security P ort security allows only packet s with dynamically learned MAC addresses and/or configured static MAC ad dresses to pass th rough a port on the Sw itch. The Switch can learn up to 16K MAC ad dresses in total w[...]

  • Page 206

    Chapter 19 Port Secu rity MGS3700-12C User’s Guide 206 19.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. Figure 98 Advanced Application > Port Security The following table describes t he labels in this screen. T able 50 Advanced Application > Port Security LABEL DE[...]

  • Page 207

    Chapter 19 Port Security MGS3700-12C User’s Guide 207 * Settings in this row apply to all ports. Use this row only if you w ant to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port -by-po rt basis. Note: Changes in this row are copied to all the ports as soon as you make t[...]

  • Page 208

    Chapter 19 Port Secu rity MGS3700-12C User’s Guide 208 19.3 VLAN MAC Address Limit Use this screen to set t he MAC address le arning limit on per-port and per- VLAN basis. Click VLAN MAC Address Lim it in the Advanced Application > Port Security screen to display the screen as shown. Figure 99 Advanced Application > Port Secu rity > VLAN[...]

  • Page 209

    Chapter 19 Port Security MGS3700-12C User’s Guide 209 Active This field displays Yes when the rule is activated and No when is it deactivated. P ort This field displays the number of the port to which this rule is applied. VID This is the VLAN ID number to which the port belongs. Limit Number This is the maximum number of MAC addresses which a po[...]

  • Page 210

    Chapter 19 Port Secu rity MGS3700-12C User’s Guide 210[...]

  • Page 211

    MGS3700-12C User’s Guide 21 1 C HA PT ER 20 Classifier This chapter introduces and shows you how to configure the packet classif ier on the Switch. 20.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay , and the networking me thods used to control the use of bandwidth[...]

  • Page 212

    Chapter 20 Classifier MGS3700-12C User’s Guide 212 Click Advanced Application > Classifier in the navigation panel to displa y the configurati on screen as shown. Figure 100 Advanced App lication > Classifier The following table describes t he labels in this screen. T able 52 Advanced Application > Classifier LABEL DESCRIPTION Active Sel[...]

  • Page 213

    Chapter 20 Classifier MGS3700-12C User’s Guide 213 Layer 2 Specify the fields below to configure a layer 2 classifier . VLAN Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided. When VLAN mapping is enable d, this is the translated VLAN ID you set in the VLAN Mapping Config[...]

  • Page 214

    Chapter 20 Classifier MGS3700-12C User’s Guide 214 20.3 V iewing and Editing Classifier Configuration T o view a summary of t he classifier configur ation, scroll down to the s ummary table at the bottom of the Classifier screen. T o change the settings of a rule, cl ick a number in the Index field. Note: When two rules conflict with each other ,[...]

  • Page 215

    Chapter 20 Classifier MGS3700-12C User’s Guide 215 The following table describes t he labels in this screen. The following table shows some other common Ethernet types and the corresponding protocol number . In the Internet Protocol there is a field, called “Protocol” , to identify the next level protocol. The foll owing table shows some comm[...]

  • Page 216

    Chapter 20 Classifier MGS3700-12C User’s Guide 216 Some of the most common T C P and UDP port numbers are: See Append ix A on pa ge 431 for information on commonly used port numbers. 20.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from M AC ad dress 00:50:ba:ad:4f:81 on po[...]

  • Page 217

    Chapter 20 Classifier MGS3700-12C User’s Guide 217 After you hav e configured a classifier , you can configure a poli cy (in the Policy screen) to def ine action(s) on the classified traffic f low. Figure 102 Classifier: Example[...]

  • Page 218

    Chapter 20 Classifier MGS3700-12C User’s Guide 218[...]

  • Page 219

    MGS3700-12C User’s Guide 219 C HA PT ER 21 Policy Rule This chapter shows you how t o configure policy rules. 21.1 Policy Rules Overview A classifier dist inguishes traf fic into flows based on the configured criteria (refer to Chapter 20 on page 211 for more information). A policy rule ensures that a tr affic flow gets the requested treatment in[...]

  • Page 220

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 220 The DSCP value determines the forwarding behavior , the PHB (Per-Hop Behavior), that each pack et gets across the DiffSer v network. Based on the marking rule, different kinds of tr affic can be marked for different kinds of f orwarding. R esources can then be allocated according to the DS CP v [...]

  • Page 221

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 221 Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. Figure 103 Advanced App lication > Policy Rule The following table describes t he labels in this screen. T able 57 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this op[...]

  • Page 222

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 222 Classifier(s) This field dis plays the active classifier(s) you configure in th e Classifier screen. Select the classifier(s) to which this policy rule applies. T o select more than one classifier , press [SHIF T] and select the choices at the same time. Pa ra m e t e r s Set the fields below fo[...]

  • Page 223

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 223 21.3 V iewing and Editin g Policy Configuration T o view a summary of t he classifier configur ation, scroll down to the s ummary table at the bottom of the Policy screen. T o change the settings of a rule, click a number in the Index field. Figure 104 Advanced App lication > Policy Rule: Sum[...]

  • Page 224

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 224 The following table describes t he labels in this screen. T able 58 Advanced Application > Policy Rule: Summary Table LABEL DESCRIPTION Index This field displays the policy index num ber . Click an index number to edit the policy . Active This field displays Yes when policy is activ ated and [...]

  • Page 225

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 225 21.4 Policy Example The figure below shows an example Policy screen where y ou configure a policy to limit bandwidth and discard out -of-profi le traffic on a tr affic flow classified using the Example classifier (r efer to Section 20.4 on page 216 ). Figure 105 Policy Example[...]

  • Page 226

    Chapter 21 Policy Rule MGS3700-12C User’s Guide 226[...]

  • Page 227

    MGS3700-12C User’s Guide 227 C HA PT ER 22 Queuing Method This chapter introduces the queuing methods supported. 22.1 Queuing Method Overview Queuing is used to help s olve perform a nce degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffi c. See also Priority Queue Assign[...]

  • Page 228

    Chapter 22 Q ue u ing Me tho d MGS3700-12C User’s Guide 228 22.1.3 W eighted Round Robin Scheduling (WRR) Ro und Robi n Scheduling services queues on a rotating basis and is activ ated only when a port has more traffic than it can handle. A queue is a gi ven an amount of bandwidth irrespective of the incoming tr a ffic on t hat port. This queue t[...]

  • Page 229

    Chapter 22 Queuing Method MGS3700-12C User’s Guide 229 22.2 Configuring Queuing Click Advanced Application > Queuing Method in the na vigation panel. Figure 106 Advanced App lication > Queuing Method[...]

  • Page 230

    Chapter 22 Q ue u ing Me tho d MGS3700-12C User’s Guide 230 The following table describes t he labels in this screen. T able 59 Advanced Application > Queuing Method LABEL DESCRIPTION P ort This label shows the port you are configuring. Method Select SPQ (Strictly Priority Queuing), WFQ (W eighted F air Queuing) or WRR (W eighted Round R obin)[...]

  • Page 231

    MGS3700-12C User’s Guide 231 C HA PT ER 23 VLAN Stacking This chapter shows you how t o configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 23.1 VLAN S t acking Overview A service provider c an use VLAN stacking (also known as Q-in-Q) to allow it to distinguish multipl e customers VLANs,[...]

  • Page 232

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 232 distinguish customer A and tag 48 to disti nguish customer B at ed ge device 1 and then stripping those tags at edge device 2 as the data frames leav e the network. Figure 107 VLAN S tacking Examp le 23.2 VLAN S t acking Port Roles Each port can hav e three VLAN stacking “roles” , Nor mal [...]

  • Page 233

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 233 23.3 VLAN T ag Format A VLAN tag (service pro vider VLAN stacki ng or customer IEEE 802.1Q) consists of the following three fields . TPID (T ag Protocol Identifier) is a standard Ethernet type code identify ing the frame and indicates that whether the fr ame carries IEEE 802.1Q tag information[...]

  • Page 234

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 234 23.4 Configuring VLAN S t acking Click Advanced Applications > VLAN Stacking to disp lay the screen as shown. Note: Y ou can not enable VLAN mapp ing and VLAN stacking at the same time. Figure 108 Advanced App lication > VLAN S t acking The following table describes t he labels in this s[...]

  • Page 235

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 235 23.4.1 Port-based Q-in-Q Port -based Q-in-Q lets t he Switch treat a ll frames received on the same port as the same VLAN flows and add the same ou t er VLAN tag to them, ev en they have different customer VLAN IDs. * Settings in this row apply to all ports. Use this row only if you want to ma[...]

  • Page 236

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 236 Click Port-based QinQ in the Advanced Application > VLAN Stacking screen to display the screen as shown. Figure 109 Advanced App lication > VLAN S t acking > Port-based QinQ The following table describes t he labels in this screen. T able 64 Advanced Application > VLAN Stacking >[...]

  • Page 237

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 237 23.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Switc h to add different outer VLAN tags to the incoming frames received on one port according to their inner VLAN tags. Note: Selective Q-in-Q rules are only ap plied to single-t agged frames received on th e access ports. [...]

  • Page 238

    Chapter 23 VLAN Stacking MGS3700-12C User’s Guide 238 Priority Select a priority level (from 0 to 7). This is the service pro vider’s priority level that adds to the frames receiv ed on this port. "0" is the lowest priority level and "7" is the highest. ”No change” do not change the frame’ s priority on this port. Add [...]

  • Page 239

    MGS3700-12C User’s Guide 239 C HA PT ER 24 Multicast This chapter shows you how t o configure various multicast features. 24.1 Multicast Overview T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast deliv ers IP packets to just a gr[...]

  • Page 240

    Chapter 24 Multicast MGS3700-12C User’s Guide 240 24.1.3 IGMP Snooping A Switch can passiv ely snoop on IGMP pack ets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP pack ets pa ssing through it, picks out the group registration informa tion, and conf igures mult [...]

  • Page 241

    Chapter 24 Multicast MGS3700-12C User’s Guide 241 24.3 Multicast Setting Click Advanced Applications > Multicast > Multicast Setting link to display the screen as shown. See Section 24.1 on page 239 for more i nformation on multicasting. Figure 1 12 Advanced Application > Mu lt icast > Multicast Setting The following table describes t[...]

  • Page 242

    Chapter 24 Multicast MGS3700-12C User’s Guide 242 Host Timeout Specify the time (from 1 to 16,711,450) in second s that elapses before the Switch remov es an IGMP group membership entry if it does not receive report messages from the port. 802.1p Priority Select a priority level (0-7) to which the Switch changes the priority in outgoing IGMP cont[...]

  • Page 243

    Chapter 24 Multicast MGS3700-12C User’s Guide 243 F ast Leave Enter an IGMP fast leave timeout value (from 200 to 6,348,800) in miliseconds. Select this option to ha ve the Switch use this timeout to update the forwarding table for the port. This defines how many seconds the Switch w aits for an IGMP report before removing an IGMP snooping member[...]

  • Page 244

    Chapter 24 Multicast MGS3700-12C User’s Guide 244 24.4 IGMP Snooping VLAN Click Advanced Applications > Multicast in the navigation panel. Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 24.1.4 on page 240 for more information on IG MP Snooping VLAN. Figure 1 13 Advanced Applica[...]

  • Page 245

    Chapter 24 Multicast MGS3700-12C User’s Guide 245 The following table describes t he labels in this screen. T able 68 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the S witch learn multicast group membership information of any VLANs automatically . Select fixed to ha[...]

  • Page 246

    Chapter 24 Multicast MGS3700-12C User’s Guide 246 24.5 IGMP Filtering Profile An IGMP filter ing profile s pecifies a range of mul ticast grou ps that clie nts connected to the Switch are able to join. A profile contains a range of multicast IP addresses which you w ant clients to be able to join. Profiles are assigned to ports (in the Multicast [...]

  • Page 247

    Chapter 24 Multicast MGS3700-12C User’s Guide 247 24.6 MVR Overview Multicast VLAN R egist ration (MVR) is designed for applications (such as Media-on- Demand (MoD)) that use multicast tr affic across an Ethernet ring-based service provider network. MVR allows one single multicast VLAN t o be shared among different subscriber VLANs on the network[...]

  • Page 248

    Chapter 24 Multicast MGS3700-12C User’s Guide 248 24.6.1 T ypes of MVR Port s In MVR, a source port i s a port on the S witch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast tr affic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the a[...]

  • Page 249

    Chapter 24 Multicast MGS3700-12C User’s Guide 249 for the multicast traffic. Otherwise, the Sw itch remov es the receiv er port from the forwarding tabl e. Figure 1 16 MVR Multicast T elevision Example 24.7 General MVR Configuration Use the MVR screen to create multicast VL ANs and select the receiver port(s) and a source port for each multicast [...]

  • Page 250

    Chapter 24 Multicast MGS3700-12C User’s Guide 250 Note: Y our Switch automatica lly creates a st atic VLAN (with the same VID) wh en you create a multicast VLAN in this screen. Figure 1 17 Advanced Application > Mu lticast > Multicast Setting > MVR The following table describes t he related labels in this screen. T able 70 Advanced Appli[...]

  • Page 251

    Chapter 24 Multicast MGS3700-12C User’s Guide 251 24.8 MVR Group Configuration All source ports and receiver ports belo nging to a multicast group can receive multicast data sent to thi s multicast group. Configure MVR IP mul ticast group address(es) in the Group Configuration screen. Click Group Configuration in the MVR screen. * Settings in thi[...]

  • Page 252

    Chapter 24 Multicast MGS3700-12C User’s Guide 252 Note: A port can belong to more than one multicast VLAN. However , IP multicast group addresses in dif ferent multicast VLANs cannot overlap. Figure 1 18 Advanced Application > Mu lticast > Multicast Setting > MVR: Group Configuration The following table describes t he labels in this scre[...]

  • Page 253

    Chapter 24 Multicast MGS3700-12C User’s Guide 253 24.8.1 MVR Configuration Example The following figure shows a network ex ample where ports 1, 2 and 3 on the Switch bel ong to VLAN 1. In addition, po rt 7 belongs to the mul ticast group with VID 200 to receive multi cast traffic ( the News and Movie channels) from the remote streaming media serv[...]

  • Page 254

    Chapter 24 Multicast MGS3700-12C User’s Guide 254 T o set the Switc h to forward the multicast group traffic to the subscribers, configure multicast group sett ings in the Group Configuration screen. The following figure shows an exa mpl e where two multicast groups ( News and Movie ) are configured for the multicast VLAN 200. Figure 121 MVR Grou[...]

  • Page 255

    MGS3700-12C User’s Guide 255 C HA PT ER 25 AAA This chapter describes how to config ure authentication, authorization and accounting settings on th e Switch. 25.1 Authentication, Authorization and Accounting (AAA) Authentication is the process of determin ing who a user is and valid ating access to the Switch. The Switch can authenticate users wh[...]

  • Page 256

    Chapter 25 AAA MGS3700-12C User’s Guide 256 25.1.2 on page 256 ) as external authentication, authorization and accounting servers. Figure 123 AAA Server 25.1.1 Local User Account s By storing user profiles locally on the S wit ch, your Swit ch is able to authenticate and authorize users without inter acting with a network AAA s erver . However , [...]

  • Page 257

    Chapter 25 AAA MGS3700-12C User’s Guide 257 Click Advanced Application > AAA in the navigation panel to displa y the screen as shown. Figure 124 Advanced Application > AAA 25.2.1 RADIUS Server Setup Use this screen to configure yo ur RADIUS server settings. See Section 25.1.2 on page 256 for more information on RADIUS servers and Section 25[...]

  • Page 258

    Chapter 25 AAA MGS3700-12C User’s Guide 258 The following table describes t he labels in this screen. T able 73 Advanced Application > AAA > RADIUS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your RADIUS authentication settings. Mode This field is only v alid if you configure multiple RADIUS servers. S[...]

  • Page 259

    Chapter 25 AAA MGS3700-12C User’s Guide 259 25.2.2 T ACACS+ Server Setup Use this screen to configure yo ur T ACACS+ server settings. See Section 25.1.2 on page 256 for more information on T ACACS+ se rvers. Click on the TACACS+ Server Setup link in the AAA screen to view the screen as shown. Figure 126 Advanced Application > AAA > T ACACS+[...]

  • Page 260

    Chapter 25 AAA MGS3700-12C User’s Guide 260 The following table describes t he labels in this screen. T able 74 Advanced Application > AAA > T ACACS+ Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your T ACACS+ authentication settings. Mode This field is only v alid if you configure multiple T ACACS + ser[...]

  • Page 261

    Chapter 25 AAA MGS3700-12C User’s Guide 261 25.2.3 AAA Setup Use this screen to configure authentication , authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 127 Advanced Application > AAA > AAA Setup Shared Secret Specify a password (up to 32 alphanumeric c[...]

  • Page 262

    Chapter 25 AAA MGS3700-12C User’s Guide 262 The following table describes t he labels in this screen. T able 75 Advanced Application > AAA > AAA Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch. Privilege Enable These fields specify which database the Switch shoul[...]

  • Page 263

    Chapter 25 AAA MGS3700-12C User’s Guide 263 Active Select this to activate authorization for a specified event types. Method Select whether you w ant to use RADIUS or T ACACS+ for authorization of specific types of events. RADIUS is the only method for IEEE 802.1x authorization. Accounting Use this section to configure accounting settings on the [...]

  • Page 264

    Chapter 25 AAA MGS3700-12C User’s Guide 264 25.2.4 V endor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access d evice (for example, the Switch). A company can create V endor Specific Attributes (VSAs) to expand the function ality of a RADIUS serv er . The Sw[...]

  • Page 265

    Chapter 25 AAA MGS3700-12C User’s Guide 265 25.2.4.1 T unnel Protocol Attribute Y ou can configure tunn el protocol attributes on the RADIUS serv er (refer to your RADIUS server documentation) to assign a port on the Switch to a VLAN based on IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This will also set the port’[...]

  • Page 266

    Chapter 25 AAA MGS3700-12C User’s Guide 266 Refer t o RFC 2865 for more information about RADIUS attributes used for authentication. R efer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists t he attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specifi[...]

  • Page 267

    Chapter 25 AAA MGS3700-12C User’s Guide 267 25.3.2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performi ng authenti cation. 25.3.2.1 Attributes Used fo r Accounting System Events NAS-IP- Address NAS-Identifier Acct- Status- T ype Acct-Session-ID - The format of A cct- Se[...]

  • Page 268

    Chapter 25 AAA MGS3700-12C User’s Guide 268 25.3.2.3 Attributes Used for Ac counting IEEE 802.1x Event s The attributes are listed in the following table along with the ti me of the session they are sent: Acct-S ession-Id Y Y Y Acct- Authentic Y Y Y Acct-Session- Time Y Y Acct- T erminate-Cause Y T able 79 RADIUS Attributes - Exec Events via Teln[...]

  • Page 269

    MGS3700-12C User’s Guide 269 C HA PT ER 26 IP Source Guard Us e I P s o ur ce g ua r d t o f i lt er unauthorized DHC P and AR P packets in your network. 26.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in yo ur network. A binding contains these key attribut[...]

  • Page 270

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 270 26.1.1 DHCP Snooping Overview Use DHCP s nooping t o filter u nauthorized DHCP packets on th e network and to build the binding tab le dynamically . This can prevent clients from getting IP addresses from unauthorized DHCP servers. 26.1.1.1 T rusted vs. Untrusted Port s Every port is either[...]

  • Page 271

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 271 Y ou can configure the nam e and location of the file on the external TFTP server . The file has the following format: Figure 128 DHCP Snooping Dat abase File Format The <initial-checksum> helps distinguis h between the bindings in the latest update and the bindings from previous upda [...]

  • Page 272

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 272 3 Configure trusted and untrusted ports, an d specify the maximum number of DHCP packets t hat each port can receive per second. 4 Configure static bindings. 26.1.2 ARP Inspection Overview Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of m[...]

  • Page 273

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 273 • They ap pear only in the ARP Ins pection screens and commands, not in the MAC Address Filter screens and commands. 26.1.2.2 T rusted vs. Untrusted Port s Every port is either a trusted port or an untrusted p ort for ARP in spection. Th is setting is independent of the t rusted/untrusted [...]

  • Page 274

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 274 the bindings by snooping DHCP packets (dynami c bindings) and from informati on provided manually by administr ators (static bindings). T o open this screen, click Advanced Application > IP Source Guard . Figure 130 IP Source Guar d The following table describes t he labels in this scree[...]

  • Page 275

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 275 new static binding replaces the origin al one. T o open this screen, click Advanced Application > IP Source Guard > Static Binding . Figure 131 IP Source Guar d S tatic Binding The following table describes t he labels in this screen. T able 82 IP Source Guard Static Binding LABEL DESC[...]

  • Page 276

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 276 Delete Select this, and click Delete to remove the specified entry . Cancel Click this to clear the Delete check boxes abo ve. T able 82 IP Source Guard Static Binding (continued) LABEL DESCRIPTION[...]

  • Page 277

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 277 26.4 DHCP Snooping Use this scre en to look at various statis tics about the DHCP snooping database. T o open this screen, click Advanced Application > IP Source Guard > DHCP Snooping . Figure 132 DHCP Snooping[...]

  • Page 278

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 278 The following table describes t he labels in this screen. T able 83 DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database. Y ou can con figure them in the DHCP Snooping Configure screen. See Section 26.5 on page 280 . Agent[...]

  • Page 279

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 279 Successful transfers This field displays the number of times the Switch read bindings from or updated the bindings in the DHC P snooping database successfully . F ailed transfers This fie ld displays the number of time s the Switch was unable to read bindings from or update th e bindings in [...]

  • Page 280

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 280 26.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and conf igure the DHCP snooping database. Th e DHCP snooping database stores the current bindings on a secure, external TFTP[...]

  • Page 281

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 281 The following table describes t he labels in this screen. T able 84 DHCP Snooping Configure LABEL DESCRIPTION Active Select this to en able DHCP snooping on th e Switch. Y ou still have to enable DHCP snooping on spec ific VLAN and specify trusted ports. Note: If DHCP is enabled and there ar[...]

  • Page 282

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 282 26.5.1 DHCP Snooping Port Configure Use this screen to specify whether ports are trusted or untrusted ports for DHCP snooping. Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed. Y ou can also specify the maximum number for DHCP packets t hat each port ([...]

  • Page 283

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 283 The following table describes t he labels in this screen. 26.5.2 DHCP Snooping VLAN Configure Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP rela y agent option 82 information ( Chapt er 37 on page 349 ) to DHCP requ ests that the Swit[...]

  • Page 284

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 284 open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN . Figure 135 DHCP Snooping VLAN Configure The following table describes t he labels in this screen. T able 86 DHCP Snooping VLAN Configure LABEL DESCRIPTION Show VLAN Use this secti[...]

  • Page 285

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 285 26.6 ARP Inspection S t atus Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unau thorized ARP pack et. When the Switch identifies an unauthorized ARP packet, it automatically cr eates a MAC addres s filter to block tr aff[...]

  • Page 286

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 286 26.6.1 ARP Inspection VLAN St atus Use this screen to look at various statistics about ARP p ackets in each VL AN. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status . Figure 137 ARP Inspection VL AN S t atus The following table descri[...]

  • Page 287

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 287 26.6.2 ARP Inspection Log St atus Use this scre en to look at log mes sages that we re generated by ARP pac kets and that have not been sent to the syslog server yet. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status . Figure 138 ARP In[...]

  • Page 288

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 288 26.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Swit ch. Y ou can also configure the length of time the Switch stores reco rds of discarded ARP pack ets and global Num Pkts This field displays the number of ARP packets that were consolidated into this log messa[...]

  • Page 289

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 289 settings for the ARP inspection log. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure . Figure 139 ARP Inspection Co nfigure The following table describes t he labels in this screen. T able 90 ARP Inspection Configure LABEL DESCRIPTION [...]

  • Page 290

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 290 26.7.1 ARP Inspection Port Configure Use this screen to specify whether port s are trusted or untrusted ports for ARP inspection. Y ou can also specify the maximum rate at which the Sw itch receives Syslog r ate Enter the maximum number of syslog messages the Switch can send to the syslog s[...]

  • Page 291

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 291 ARP packets on each untrusted po rt. T o open this screen, click Advanc ed Application > IP Source Guard > ARP Inspection > Configure > Port . Figure 140 ARP Inspection Po rt Configure The following table describes t he labels in this screen. T able 91 ARP Inspection Port Configu[...]

  • Page 292

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 292 26.7.2 ARP Inspection VLAN Configure Use this screen to enable ARP inspection on each VLAN and to specif y when the Switch gener ates log messages for receiv ing ARP packets from each VLAN. T o open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Config[...]

  • Page 293

    Chapter 26 IP Source Guard MGS3700-12C User’s Guide 293 Apply Click this to display the specified range of VLANs in the section below . VID This field displays the VLAN ID of each VLAN in the r ange specified above. If y ou configure the * VLAN, the settings are applied to all VLANs. Enabled Select Yes to enable ARP inspection on the VLAN. Select[...]

  • Page 294

    Chapter 26 IP Source G uard MGS3700-12C User’s Guide 294[...]

  • Page 295

    MGS3700-12C User’s Guide 295 C HA PT ER 27 Loop Guard This chapter shows you how to config ure the Switch to guard against loops on the edge of your network. 27.1 Loop Guard Overview Loop guard allows you to configure the S witch to shut down a port if it detects that packets sent out on that port loop back to the Swit ch. While you can use Spann[...]

  • Page 296

    Chapter 27 Loop Guard MGS3700-12C User’s Guide 296 • It will receive its own broadcast messages that it sends out as t hey loop back. It will then re-broadcast those messages agai n. The following figure shows port N on switch A connected to switch B . Switch B is in loop state. When broadcast or multi cast packets leav e port N and reach switc[...]

  • Page 297

    Chapter 27 Loop Guar d MGS3700-12C User’s Guide 297 port N . The Switch will shut down port N if it detects that the probe packet has returned to the Switch. Figure 145 Loop Guard - Network L oop Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (se e Section 8.7 on page 1 12 ) o[...]

  • Page 298

    Chapter 27 Loop Guard MGS3700-12C User’s Guide 298 The following table describes t he labels in this screen. T able 93 Advanced Application > Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the Switch. The Switch generates syslog, internal log messages as well as SNMP traps when it shuts down a port via the loop [...]

  • Page 299

    MGS3700-12C User’s Guide 299 C HA PT ER 28 VLAN Mapping This chapter shows you how t o conf igure VLAN mapping on the Switch. 28.1 VLAN Mapping Overview With VLAN mapping enabled, the S witch ca n map the VLAN ID and priority lev el of packets received from a priv ate network to those used in the service provider’ s network. The Switch checks i[...]

  • Page 300

    Chapter 28 VLAN Ma p ping MGS3700-12C User’s Guide 300 28.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the s creen as shown. Figure 148 VLAN Mapping The following table describes t he labels in this screen. T able 94 VLAN Mapping LABEL DESCRIPTION Active Select this option to enable V[...]

  • Page 301

    Chapter 28 VLAN Mapping MGS3700-12C User’s Guide 301 28.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLA N Mapping screen to displa y the screen as shown. Use this screen to enable an d edit the VL AN mapping rule(s). Figure 149 VLAN Mapping Configuration The following table describes t he labels in this screen. T able [...]

  • Page 302

    Chapter 28 VLAN Ma p ping MGS3700-12C User’s Guide 302 VID This is the cu stomer VLAN ID in the incoming packets. T ranslated VID This is the VLAN ID that re places the customer VLAN ID in the tagged packets. Priority This is the priority level that replaces the customer priority level in the tagged packets. Delete Check the rule(s) that you want[...]

  • Page 303

    MGS3700-12C User’s Guide 303 C HA PT ER 29 Layer 2 Protocol Tunneling This chapter shows y ou how to configure la yer 2 protocol tunneli ng on the Switch. 29.1 Layer 2 Protocol T unneling Overview Layer 2 protocol tunneling (L2PT) is used on the service provid er's edge devi ces. L2PT allows edge switches ( 1 and 2 in the following figure) t[...]

  • Page 304

    Chapter 29 Layer 2 Prot ocol Tunne ling MGS3700-12C User’s Guide 304 2 for P AgP (Port Aggreg ation Protocol), LACP or UDLD (UniDirecti onal Link Detection). Figure 151 L2PT Network Example 29.1.1 Layer 2 Protocol T unneling Mode Each port can have two lay er 2 protocol tunneling modes, Access and Tunnel . •T h e Access port is an ingress port [...]

  • Page 305

    Chapter 29 Layer 2 Protocol Tunn eling MGS3700-12C User’s Guide 305 29.2 Configuring Layer 2 Protocol T unneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. Figure 152 Advanced Applicatio n > Lay er 2 Protocol T unneling The following table describes t he labels in this scr[...]

  • Page 306

    Chapter 29 Layer 2 Prot ocol Tunne ling MGS3700-12C User’s Guide 306 * Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by -port basis. Note: Changes in this row are copied to all the ports as soon as you make them. CDP Select this option to have th e Switch tunnel CDP (Cisco Discover[...]

  • Page 307

    MGS3700-12C User’s Guide 307 C HA PT ER 30 sFlow This chapter shows you how t o configure sFlow to have t he Switch monitor tr affic in a network and send information to an sFlow collector for analysis. 30.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded on a switch or ro uter ge[...]

  • Page 308

    Chapter 30 sFlo w MGS3700-12C User’s Guide 308 30.2 sFlow Configuration Click Advanced Application > sFlow in the navigation panel to displ ay the screen as shown. Figure 154 Advanced App lication > sFlow The following table describes t he labels in this screen. T able 97 Advanced Application > sFlow LABEL DESCRIPTION Active Select this [...]

  • Page 309

    Chapter 30 sFlow MGS3700-12C User’s Guide 309 30.2.1 sFlow Collector Configuration Click the Collector link in th e sFlow screen to display the screen as shown. Y ou can configure up to four sFlow collectors in this screen. Y ou may want to configure more than one collector if the tr affic load to be monitored is more than one collector can manag[...]

  • Page 310

    Chapter 30 sFlo w MGS3700-12C User’s Guide 310 The following table describes t he labels in this screen. T able 98 Advanced Application > sFlow > Collector LABEL DESCRIPTION Collector Address Enter the IP address of the sFlow collector . UDP P ort Enter a UDP port number the Switch uses to send sFlow datagr am to the collector . If you chan[...]

  • Page 311

    MGS3700-12C User’s Guide 31 1 C HA PT ER 31 Error Diable This chapter shows you how t o configure the r ate limit for control pack ets on a port, and set the Switch t o take an action (such as to shut down a port or stop sending packets) on a port when the Switc h detects a pre-configured error . It also shows you how to confi gure the Switch to [...]

  • Page 312

    Chapter 31 Erro r Dia ble MGS3700-12C User’s Guide 312 31.3 The Error Disable Screen Use this screen to configure e rro r disable rel ated settings. Click Advanced Application > Errdisable in the na vigation panel to displa y the screen as shown. Figure 156 Advanced Applicatio n > Errdisable 31.4 CPU Protection Configuration Use this screen[...]

  • Page 313

    Chapter 31 Error Diabl e MGS3700-12C User’s Guide 313 The following table describes t he labels in this screen. 31.5 Error-Disable Detect Configuration Use this screen to hav e the Switch detect whether the control pack ets exceed the rate l imit configured for a port and configure the acti on to take once t he limit is exceeded. Click the Click [...]

  • Page 314

    Chapter 31 Erro r Dia ble MGS3700-12C User’s Guide 314 The following table describes t he labels in this screen. T able 100 Advanced Application > Errd isable > Errdisable Detect LABEL DESCRIPTION Cause This field displays the types of control packet that may cause CPU overload. * Use this row to make the setting th e same for all entries. [...]

  • Page 315

    Chapter 31 Error Diabl e MGS3700-12C User’s Guide 315 31.6 Error-Disable Recovery Configuration Use this screen to configure the Switch to automatica lly undo an action aft er the error is gone. Click the Click Here link next to Errdisable Recovery in the Advanced Application > Errdisable screen to display the screen as shown. Figure 159 Advan[...]

  • Page 316

    Chapter 31 Erro r Dia ble MGS3700-12C User’s Guide 316[...]

  • Page 317

    MGS3700-12C User’s Guide 317 C HA PT ER 32 PPPoE This chapter describes how the S witch gives a PPP oE termination server additional information that the server can use to id entify and authenticate a PPP oE client. 32.1 PPPoE Intermediate Agent Overview A PPP oE Intermediate Agent (PPPoE IA) is deployed between a PPP oE server and PPP oE clients[...]

  • Page 318

    Chapter 32 PPP oE MGS3700-12C User’s Guide 318 32.2.1 Sub-Option Format There are two types of sub-option: “ Age nt Circuit ID Sub-option” and “ Agent Remote ID Sub-option” . They have the following formats. The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent R emote ID sub-option. [...]

  • Page 319

    Chapter 32 PPPoE MGS3700-12C User’s Guide 319 32.2.1.2 WT -101 Default Circuit ID Synt ax If you do not configure a Circuit ID string for a specif ic VLAN on a port or for a specific port, and di sable the flex i ble Circuit ID syntax in the PPPoE > Intermediate Agent screen, the Switch automati cally generates a Ci rcuit ID string according t[...]

  • Page 320

    Chapter 32 PPP oE MGS3700-12C User’s Guide 320 32.3 PPPoE Use this screen to configure the PPP o E Intermediate Agent on the Switch. Click Advanced Application > PPPoE in the navigation panel to display the screen as shown. Click Click here to open the Intermediate Agent screen. Figure 160 Advanced Application > PPPoE 32.4 PPPoE Intermediat[...]

  • Page 321

    Chapter 32 PPPoE MGS3700-12C User’s Guide 321 The following table describes t he labels in this screen. 32.5 PPPoE IA Per-Port Use this screen to specif y whether individual ports are trusted or untrusted ports and have the S witch add extra information to PPPoE disco very packets from PPPoE clients on a per -port basis. T able 107 Advanced Appli[...]

  • Page 322

    Chapter 32 PPP oE MGS3700-12C User’s Guide 322 Note: The Switch will drop all PPPoE pa cket s if you enable the PPPoE Intermediate Agent on the Switch and there are n o trusted ports. Click Advanced Applicatio n > PPPoE > Intermediate Agent > Port to display the screen as shown. Figure 162 Advanced Application > PPPoE > Intermediat[...]

  • Page 323

    Chapter 32 PPPoE MGS3700-12C User’s Guide 323 Server Tr u s t e d S t a t e Select whether this port is a trusted port ( Trusted ) or an untrusted port ( Untrusted ). T rusted ports are uplink ports connected to PPPoE servers. • If a P ADO (PPPoE Active Discove ry Offer), PADS (PPPoE Activ e Discovery Session-confirmation), or P AD T (PPPoE Act[...]

  • Page 324

    Chapter 32 PPP oE MGS3700-12C User’s Guide 324 32.5.1 PPPoE IA Per-Port Per-VLAN Use this screen to configure PPP oE IA sett ings that apply to a specific VLAN on a port. Click Advanced Application > PPPoE > Intermediate Agent > Port > VLAN to display the scre en as shown. Figure 163 Advanced Application > PPPoE > Inte rmediate [...]

  • Page 325

    Chapter 32 PPPoE MGS3700-12C User’s Guide 325 32.6 PPPoE IA for VLAN Use this screen to set whether the PPPoE In termedi ate Agent is enabled on a VLAN and whether the Switch appends the Circ uit ID and/or R emote ID to PPPo E discove ry packets from a specific VLAN. Click Advanced Application > PPPoE > Intermediate Agent > VLAN to displ[...]

  • Page 326

    Chapter 32 PPP oE MGS3700-12C User’s Guide 326 End VID Enter the highest VLAN ID you w ant to configure in the section below . Apply Click Apply to display the specified range of VLANs in the section below . VID This field displays the VLAN ID of each VLAN in the range specified above. If you configure the * VLAN, the settings are applied to all [...]

  • Page 327

    MGS3700-12C User’s Guide 327 C HA PT ER 33 Private VLAN This chapter shows you how t o configure the Switc h to prevent communications between ports in a VLAN. 33.1 Private VLAN Overview Private VLAN all ows you to do port isolati on within a VLAN in a simple way . Y ou specify which port(s) in a VLAN is not isolated by adding it to the promiscuo[...]

  • Page 328

    Chapter 33 Private VLAN MGS3700-12C User’s Guide 328 33.2 Configuring Private VLAN Click Advanced Application > Private VLAN in the navigati on panel to displa y the screen as shown. Figure 166 Advanced Applicatio n > Private VLAN The following table describes t he labels in this screen. T able 1 1 1 Advanced Application > Private VLAN L[...]

  • Page 329

    Chapter 33 Private VLAN MGS3700-12C User’s Guide 329 Delete Check the rule(s) that you want to remov e in the De lete column and then click the Delete button. Cancel Click Cancel to clear the Delete che ck boxes. T able 1 1 1 Advanced Application > Private VLAN (continu ed) LABEL DESCRIPTION[...]

  • Page 330

    Chapter 33 Private VLAN MGS3700-12C User’s Guide 330[...]

  • Page 331

    MGS3700-12C User’s Guide 331 C HA PT ER 34 Green Ethernet This chapter shows you how t o configure the Switc h to reduce the ov erall power consumption of switch. 34.1 Green Ethernet Overview The purpose of Green Ethernet is to re duce the over all power consumption of switch. It provides three features to sa v e power in different scenarios. The[...]

  • Page 332

    Chapter 34 G re e n Ethe r ne t MGS3700-12C User’s Guide 332 34.2 Configuring Green Ethernet Click Advanced Application > Green Ethernet in the navigation panel to display the screen as shown. Figure 167 Advanced App lication > Green Ethernet The following table describes t he labels in this screen. T able 1 12 Advanced Application > Gre[...]

  • Page 333

    Chapter 34 Green E thernet MGS3700-12C User’s Guide 333 Apply Click Apply to sav e your changes to the Switch's run-time memory . The Switch loses these changes if it is turned off or loses power , so use the Save link on the top navigation panel to save y our changes to the non- volatile memory when you are done configuring. Cancel Click Ca[...]

  • Page 334

    Chapter 34 G re e n Ethe r ne t MGS3700-12C User’s Guide 334[...]

  • Page 335

    335 P ART IV IP Application Static R oute (337) Differentiated Services ( 341) DHCP (349)[...]

  • Page 336

    336[...]

  • Page 337

    MGS3700-12C User’s Guide 337 C HA PT ER 35 Static Route This chapter shows you how t o configure static routes. 35.1 S t atic Routing Overview The Switch usually uses the default ga teway to route outbou nd traffic from computers on the LAN to the Internet. T o ha ve t he Switch send data to devices not reachable through the default gat eway , us[...]

  • Page 338

    Chapter 35 Stat ic Route MGS3700-12C User’s Guide 338 35.2 Configuring S t atic Routing Click IP Application > Static Routing in the navigati on panel to display t he screen as shown. Figure 169 IP Ap plication > S t atic Routing The following table describes t he related la bels you use to create a static route. T able 1 13 IP Application [...]

  • Page 339

    Chapter 35 Static Route MGS3700-12C User’s Guide 339 Index This field displays the index number of the route. Click a number to edit the static route entry . Active This field displays Yes when the static route is activated and NO when it is deactivated. Name This field displays the descriptive name for this route. This is for identification purp[...]

  • Page 340

    Chapter 35 Stat ic Route MGS3700-12C User’s Guide 340[...]

  • Page 341

    MGS3700-12C User’s Guide 341 C HA PT ER 36 Differentiated Services This chapter describes how Differentiated Se rvices (DiffServ) fits into a quality of service strat egy and shows you how to configure T wo R ate Three Color Marker traffic policing on the Switch. 36.1 DiffServ Overview Quality of Service (QoS) is used to prioriti ze source-to-des[...]

  • Page 342

    Chapter 36 Differe ntiated Services MGS3700-12C User’s Guide 342 The DSCP v alue de termines the PH B (Per -Hop Beh avior), that each packet gets as it is forw arded across the DiffServ networ k. Based on the mark ing rule di fferent kinds of tr affic can be marked fo r different p riorities of forw arding. Re sources can then be allocated accord[...]

  • Page 343

    Chapter 36 Differentiated Services MGS3700-12C User’s Guide 343 T wo Rate Three Color Marker (TR TCM, defi ned in RFC 2698) is a type of traffic policing that identi fies packets by compar ing them to two user -defined rates: the Committed Information R ate (CIR) and the Peak Informati on Rate (PIR). The CIR specifies the a verag e rate at which [...]

  • Page 344

    Chapter 36 Differe ntiated Services MGS3700-12C User’s Guide 344 36.2.2 TRTCM-Color-aware Mode In color-a ware mode the ev aluation of th e packets uses the existing pack et loss priority . TR TCM can increase a p acket loss priority of a packet but it cannot decrease it. P ackets that have been previo usly marked red or yellow can only be marked[...]

  • Page 345

    Chapter 36 Differentiated Services MGS3700-12C User’s Guide 345 Click IP Application > DiffServ in the navigation panel to displa y the screen as shown. Figure 174 IP Ap plication > DiffServ The following table describes t he labels in this screen. T able 1 14 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enabl[...]

  • Page 346

    Chapter 36 Differe ntiated Services MGS3700-12C User’s Guide 346 36.3.1 Configuring 2-Rate 3 Color Marker Settings Use this screen to configure T RT CM settings. Click the 2-rat e 3 Color Marker link in the DiffServ screen to display the screen as shown next . Note: Y ou cannot enable both TR TCM and Bandwid th Control at the same time. Figure 17[...]

  • Page 347

    Chapter 36 Differentiated Services MGS3700-12C User’s Guide 347 36.4 DSCP-to-IEEE 802.1p Priority Settings Y ou can configure the DSCP to IEEE 802.1p mapping to allow the Swit ch to prioritize all traffic based on the incoming DSCP v alue according to the DiffServ to IEEE 802.1p mapping table. The following table shows the de fault DSCP-to- IEEE8[...]

  • Page 348

    Chapter 36 Differe ntiated Services MGS3700-12C User’s Guide 348 36.4.1 Configuring DSCP Settings T o change the DSCP-IEEE 802. 1p mapping click the DSCP Setting link in the DiffServ screen to display the screen as shown next. Figure 176 IP Ap plication > DiffServ > DSCP Setting The following table describes t he labels in this screen. T ab[...]

  • Page 349

    MGS3700-12C User’s Guide 349 C HA PT ER 37 DHCP This chapter shows you how t o configure the DHCP feature. 37.1 DHCP Overview DHCP (Dynamic Host Configur ation Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP conf iguration at start-up from a server . Y o u can configure the Switch as a DHCP se rver or a DHCP rela y ag[...]

  • Page 350

    Chapter 37 DHCP MGS3700-12C User’s Guide 350 37.2 DHCP S t atus Click IP Application > DHCP in the na vigation panel. The DHCP Status screen displays. Figure 177 IP Application > DHCP S tatus The following table describes t he labels in this screen. 37.3 DHCP Relay Configure DHCP relay on the Switch if the DHCP client s and the DHCP server [...]

  • Page 351

    Chapter 37 DHCP MGS3700-12C User’s Guide 351 The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field. The Option 82 fie ld is in the DHCP headers of clie nt DHCP request frames that the Switch relays t o a DHCP server . Relay Agent Information can include the System N ame of the Switch if you select this op[...]

  • Page 352

    Chapter 37 DHCP MGS3700-12C User’s Guide 352 The following table describes t he labels in this screen. 37.3.3 Global DHCP Relay Configuration Example The follow figure shows a network exampl e where the Switch is used to relay DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server that services the DHCP clients in both domai[...]

  • Page 353

    Chapter 37 DHCP MGS3700-12C User’s Guide 353 together w ith the D HCP requests to the DH C P se rv er . T h is al lo w s t he D HC P se rv er to assign the appropriate IP ad dress according to the VLAN ID . Figure 180 DHCP Relay Configuration Example 37.4 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the [...]

  • Page 354

    Chapter 37 DHCP MGS3700-12C User’s Guide 354 The following table describes t he labels in this screen. 37.4.1 Example: DHCP Relay for T wo VLANs The following example dis plays two VLANs (VIDs 1 and 2) for a campus network. T wo DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms ([...]

  • Page 355

    Chapter 37 DHCP MGS3700-12C User’s Guide 355 with an IP address of 192.168.1.100. R equests from the academic buil dings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 182 DHCP Relay for T wo VLANs For the example netw ork, configure the VLAN Setting screen as shown. Figure 183 DHCP Relay for T wo VLANs Con[...]

  • Page 356

    Chapter 37 DHCP MGS3700-12C User’s Guide 356[...]

  • Page 357

    357 P ART V Management Maintenance (359) Access Control (367) Diagnostic (389) Syslog (391) Cluster Management (395) MAC T able (403) ARP T able (407) Configure Clone (409)[...]

  • Page 358

    358[...]

  • Page 359

    MGS3700-12C User’s Guide 359 C HA PT ER 38 Maintenance This chapter explains how to confi gure the screens that let y ou maintain the firmware and configur ation files. 38.1 The Maintenance Screen Use this screen to manage firmware and yo ur configuration fil es. Click Management > Maintenance in the navi gation panel to open the following scr[...]

  • Page 360

    Chapter 38 Maintenance MGS3700-12C User’s Guide 360 38.2 Load Factory Default Follow the steps below to rese t the Switch bac k to the fact ory defaults . 1 In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch c onfiguration information y ou configured and return to the factory defaults. 2 Click [...]

  • Page 361

    Chapter 38 Maintenance MGS3700-12C User’s Guide 361 Alternativel y , click Save on the top right -hand corner in any screen to sa ve the configurati on changes to the current configur ation. Note: Clicking the Apply or Add button does NOT save the changes permane ntly . All unsaved changes are erased af ter you reboot the Switch. 38.4 Reboot Syst[...]

  • Page 362

    Chapter 38 Maintenance MGS3700-12C User’s Guide 362 Click Management > Maintenance > Firmware Upgrade to view the screen as shown next. Figure 187 Management > Mainte nance > Firmware Upgrade T ype the path and file name of t he firmware fil e you wish to upload to the Switch in the File Path text box or click Browse to locate it. Sel[...]

  • Page 363

    Chapter 38 Maintenance MGS3700-12C User’s Guide 363 38.7 Backup a Configuration File Backing up your S witch configurations allows you to create v arious “snap shots” of your device from which you ma y restore at a later date. Back up your c urrent Switch confi guratio n to a computer using the Backup Configuration screen. Figure 189 Manageme[...]

  • Page 364

    Chapter 38 Maintenance MGS3700-12C User’s Guide 364 Z yNOS (Z yXEL Network Oper ating System somet imes referred to as the “ras” file) is the system firmware and ha s a “bin” filename extension. 38.8.1.1 Example FTP Commands ftp> put firmware.bin ras This is a sample FTP session showing the tr ansfer of the computer file "firmware[...]

  • Page 365

    Chapter 38 Maintenance MGS3700-12C User’s Guide 365 6 Use put to tr ansfer files from the computer to the Swit ch, for example, pu t firmware.bin ras transf ers the firmware on your computer (firmw are.bin) to the Switch and renames it to “r as” . Similarly , put config.cfg config tr ansfers the configuration fi le on your co mputer (con fi g[...]

  • Page 366

    Chapter 38 Maintenance MGS3700-12C User’s Guide 366[...]

  • Page 367

    MGS3700-12C User’s Guide 367 C HA PT ER 39 Access Control This chapter describes how to c ontrol access to the Sw itch. 39.1 Access Control Overview A console port and FTP are allowed one se ssion ea ch, T elnet and SSH share ni ne sessions, up to fiv e W eb s essions (five different user names and passwords) and/ or limitless SNMP access control[...]

  • Page 368

    Chapter 39 Access Control MGS3700-12C User’s Guide 368 39.3 About SNMP Simple Network Manageme nt Protocol (SNM P) is an application la yer protocol used to manage and monitor T CP/IP-based devices. SNMP is used to exchange management information between the network manage ment system (NMS) and a network element (NE). A manager station can manage[...]

  • Page 369

    Chapter 39 Access Control MGS3700-12C User’s Guide 369 SNMP itself is a simple request /respon se protocol based on the manager/agent model. The manager issues a request an d the agent returns responses using t he following protocol operations: 39.3.1 SNMP v3 and Security SNMP v3 enhances security for SNMP management. SNMP managers can be require[...]

  • Page 370

    Chapter 39 Access Control MGS3700-12C User’s Guide 370 39.3.3 SNMP T raps The Switch se nds traps to an SNMP mana ger when an e vent occurs. The following tables outline the SNMP traps by category . An OID (Object ID) that begins with “ 1.3.6.1.4.1.890.1.5.8 ” is de fined in pri vate MIBs. Otherwis e, it is a standard MIB OID. T able 126 SNMP[...]

  • Page 371

    Chapter 39 Access Control MGS3700-12C User’s Guide 371 intrusionloc k IntrusionLockEventOn 1.3.6.1.4.1.890. 1.5.8.55.2 5.2.1 This trap is sent when intrusion lock occurs on a port. loopguard LoopguardEventOn 1.3.6.1.4.1.890. 1.5.8.55.2 5.2.1 This trap is sent when loopguard shuts d own a port. errdisable errdisableDetectT rap 1. 3.6.1.4.1.890.1.5[...]

  • Page 372

    Chapter 39 Access Control MGS3700-12C User’s Guide 372 autonegotiati on AutonegotiationF ailedEve ntOn 1.3.6.1.4.1.8 90.1.5.8.55.2 5 .2.1 This trap is sent when an Ethernet interface fails to auto-negotiate with the peer Ethernet interface. AutonegotiationF ailedEve ntClear 1.3.6.1.4.1.8 90.1.5.8.55.2 5 .2.2 This trap is sent when an Ethernet int[...]

  • Page 373

    Chapter 39 Access Control MGS3700-12C User’s Guide 373 accounting RADIUSAccountingNotR ea chableEventOn 1.3.6.1.4.1. 890.1.5.8.55. 25.2.1 This trap is sent when there is no response message from the RADIUS accounting server . RADIUSAccountingNotR ea chableEventClear 1.3.6.1.4.1. 890.1.5.8.55. 25.2.2 This trap is sent when the RADIUS accounting se[...]

  • Page 374

    Chapter 39 Access Control MGS3700-12C User’s Guide 374 39.3.4 Configuring SNMP Click Manageme nt > Access Control > SNMP to view the screen as shown. Use this screen to configure y our SNMP settings. Figure 192 Management > Access Contro l > SNMP mactable MacT ableFullEventOn 1. 3.6.1.4.1.890.1 .5.8.55.2 5.2.1 This trap is sent when m[...]

  • Page 375

    Chapter 39 Access Control MGS3700-12C User’s Guide 375 The following table describes t he labels in this screen. T able 131 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) val ue s . V ersion Select the SNMP version for the Switch. The SNMP version on[...]

  • Page 376

    Chapter 39 Access Control MGS3700-12C User’s Guide 376 Security Level Select whether you w ant to implemen t authentication and/or encryption for SNMP communication from this user . Choose: • noauth -to use the username as the password string to send to the SNMP manager . This is equivale nt to the Get, Set and T rap Community in SNMP v2c. This[...]

  • Page 377

    Chapter 39 Access Control MGS3700-12C User’s Guide 377 39.3.5 Configuring SNMP T rap Group Click Management > Access Control > SNMP > Trap Group to view the screen as shown. Use the Trap Group screen to sp ecify the t ypes of SNMP tr aps that should be sent to each SNMP manager . Figure 193 Management > Access Contro l > SNMP > [...]

  • Page 378

    Chapter 39 Access Control MGS3700-12C User’s Guide 378 39.3.6 Setting Up Login Account s Up t o f i ve p eo p l e (o n e a d m in i s t ra to r a n d four non-administr ators) may access the Switch via web configur ator at any one time. • An administr ator is someone who can both view and configure Switch c hanges. The username for the Administ[...]

  • Page 379

    Chapter 39 Access Control MGS3700-12C User’s Guide 379 39.4 SSH Overview Unlike T elnet or F TP , which transmit data in clear text, S SH (Secure Shell) is a secure communication protocol that combin es authentication and data encryption to provide secure encrypted communication between two hosts over an un secured network. Figure 195 SSH Communi[...]

  • Page 380

    Chapter 39 Access Control MGS3700-12C User’s Guide 380 39.5 How SSH works The following table summarizes how a secure connection is established between two remot e hosts. Figure 196 How SSH W orks 1 Host Identificat ion The SSH client send s a connection request to the SSH server . The server identifies itself with a host k ey . The client encryp[...]

  • Page 381

    Chapter 39 Access Control MGS3700-12C User’s Guide 381 3 Authentication and Data T ransmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and th e serv er . The client then sends its authentication information (u ser name and password) to th e server to log in to the serve[...]

  • Page 382

    Chapter 39 Access Control MGS3700-12C User’s Guide 382 1 HT TPS connection requests from an SSL - aware web browser go to port 443 (by default) on the Switch’ s WS (web server). 2 HT TP connection requests fr om a web brow ser go t o port 80 (by default) on the Switch’ s WS (web server). Figure 197 HTTPS Implement ation Note: If you disable H[...]

  • Page 383

    Chapter 39 Access Control MGS3700-12C User’s Guide 383 Y ou see the following Security Al ert screen in Internet Explorer . Select Yes to proceed to the web configurator login screen; if you select No , then web configur ator access is block ed. Figure 198 Security Aler t Dialog Box (Internet Explorer) 39.8.2 Net scape Navigator W arning Messages[...]

  • Page 384

    Chapter 39 Access Control MGS3700-12C User’s Guide 384 Select Accept this certificate permanently to import the S witch’ s certificate into the SSL client. Figure 199 Security Certificate 1 (Net scape) Figure 200 Security Certificate 2 (Net scape) example example example example[...]

  • Page 385

    Chapter 39 Access Control MGS3700-12C User’s Guide 385 39.8.3 The Main Screen After you accept the certifi cate and ente r the login username and password, the Switch main screen appears. The l ock displayed i n the bottom right of the browser status bar denotes a secure connection. Figure 201 Example: Lock Denoting a Secure Conn ection 39.9 Serv[...]

  • Page 386

    Chapter 39 Access Control MGS3700-12C User’s Guide 386 later). Cl ick Management > Access Control > Service Access Control to view the screen as shown. Figure 202 Management > Access Contro l > Service Access Control The following table describes t he fields in this screen. 39.10 Remote Management Click Management > Access Control [...]

  • Page 387

    Chapter 39 Access Control MGS3700-12C User’s Guide 387 Y ou can specify a group of one or more “trusted computers” from which an administr ator may use a service to manage the Sw itch. Click Access Control to return to the Access Control screen. Figure 203 Management > Access Contro l > Remote Management The following table describes t [...]

  • Page 388

    Chapter 39 Access Control MGS3700-12C User’s Guide 388[...]

  • Page 389

    MGS3700-12C User’s Guide 389 C HA PT ER 40 Diagnostic This chapter explains the Diagnostic screen. 40.1 Diagnostic Click Management > Diagnostic in the naviga tion panel to open thi s screen. Us e this screen to check sys tem logs, ping IP addresses or perf orm port tests. Figure 204 Manageme nt > Diagnostic[...]

  • Page 390

    Chapter 40 Diagnostic MGS3700-12C User’s Guide 390 The following table describes t he labels in this screen. T able 136 Management > Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of ev ents in the multi-line text box. Click Cl ear to empty the text box and reset the syslog entry . IP Ping T ype the IP address of a devi[...]

  • Page 391

    MGS3700-12C User’s Guide 391 C HA PT ER 41 Syslog This chapter explains the syslog screens. 41.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to sy slog server s that colle ct the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server . Sy[...]

  • Page 392

    Chapter 41 Sy slog MGS3700-12C User’s Guide 392 41.2 Syslog Setup Click Management > Syslog in the navigation panel to displa y this screen. The syslog feature sends logs to an external sy slog serv er . Use this screen to configure the device’ s system logging set tings. Figure 205 Manageme nt > Syslog The following table describes t he [...]

  • Page 393

    Chapter 41 Syslog MGS3700-12C User’s Guide 393 41.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to vie w the screen as shown next. Use this screen to configure a list of external sysl og servers. Figure 206 Management > Syslog > Syslog Server Setup The following table describes t he labels in this screen. T abl[...]

  • Page 394

    Chapter 41 Sy slog MGS3700-12C User’s Guide 394[...]

  • Page 395

    MGS3700-12C User’s Guide 395 C HA PT ER 42 Cluster Management This chapter introduces cluster management. 42.1 Cluster Management S t atus Overview Cluster Management allows you to manage switc hes through one Switch, call ed the cluster manager . The switches must be directly connected and be in the same VLAN group so as to be able to communicat[...]

  • Page 396

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 396 In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are clust er members. Figure 207 Clustering App lication Example 42.2 Cluster Management S t atus Click Management > Clus ter Management in the naviga[...]

  • Page 397

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 397 The following table describes t he labels in this screen. 42.2.1 Cluster Member Switch Management Go to the Clustering Management St atus screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web conf[...]

  • Page 398

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 398 configurator home page and the home pa ge that you'd see if y ou accessed it directly are different. Figure 209 Cluster Management: Clu ster Mem ber Web Configurator Screen 42.2.1.1 Uploading Firmware to a Cluster Member Switch Y ou can use F TP to upload firmware to a cluster mem[...]

  • Page 399

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 399 The following table explains some of the FTP paramet ers. T able 142 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter “admin” . Password The web configurator password default is 12 34. ls Enter this command to list the nam e of cluster member switch’s fir[...]

  • Page 400

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 400 42.3 Clustering Management Configuration Use this screen to configure clustering management. Click Management > Cluster Management > Configuration to display the next screen. Figure 21 1 Management > Cluster Managemen t > Configuration The following table describes t he lab[...]

  • Page 401

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 401 VID This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All switches must be directly connected and in the same VLAN group to belong to the same cluster . Switches that are not in the same VLAN group are not visible in the Clustering Cand idates list. This f[...]

  • Page 402

    Chapter 42 Clust er Managem en t MGS3700-12C User’s Guide 402[...]

  • Page 403

    MGS3700-12C User’s Guide 403 C HA PT ER 43 MAC Table This chapter introduces the MAC Table sc reen. 43.1 MAC T able Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered ac ross the Switch’ s ports. It shows what device MAC address, belonging to what VL AN group (if any) is [...]

  • Page 404

    Chapter 43 M AC Ta b le MGS3700-12C User’s Guide 404 • If the Switch has already learned the port for this MAC address , but the destination port is the same as the port it came in on, then it filters the fr ame. Figure 212 MAC T able Flowchart 43.2 V iewing the MAC T able Click Management > MAC Table in the navigation panel to dis play the [...]

  • Page 405

    Chapter 43 MAC Table MGS3700-12C User’s Guide 405 The following table describes t he labels in this screen. T able 144 Management > MAC Table LABEL DESCRIPTION Condition Select one of the buttons and click Search to only displa y the data which matches the criteria you specified. Select All to display any entry in the MAC table of the Switch. [...]

  • Page 406

    Chapter 43 M AC Ta b le MGS3700-12C User’s Guide 406[...]

  • Page 407

    MGS3700-12C User’s Guide 407 C HA PT ER 44 ARP Table This chapter introduces ARP T able. 44.1 ARP T able Overview Address Resolution Protocol (ARP) is a pr otocol for mapping an Internet Protocol address (IP address) to a physi cal machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) a[...]

  • Page 408

    Chapter 44 ARP Tab le MGS3700-12C User’s Guide 408 44.2 V iewing the ARP T able Click Management > ARP Table in t he navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s). Figure 214 Management > ARP T able The following table describes t he labels in this screen. T able 145 Management > AR[...]

  • Page 409

    MGS3700-12C User’s Guide 409 C HA PT ER 45 Configure Clone This chapter shows you how y ou can copy the settings of one port onto other ports. 45.1 Configure Clone Cloning allows yo u to copy the basic and adv anced settings from a source port to a destination port or ports. Click Manage ment > Configure Clone to open the following screen. Fig[...]

  • Page 410

    Chapter 45 Con fig ur e Clo ne MGS3700-12C User’s Guide 410 The following table describes t he labels in this screen. T able 146 Management > Configure Clone LABEL DESCRIPTION Source/ Destination Po r t Enter the source port under the Sourc e label. This port’s attributes are copied. Enter the destination port or ports under the Destination [...]

  • Page 411

    Chapter 45 Configure Clone MGS3700-12C User’s Guide 41 1[...]

  • Page 412

    Chapter 45 Con fig ur e Clo ne MGS3700-12C User’s Guide 412[...]

  • Page 413

    413 P ART VI T roubleshooting & Product S p ecifications T roubleshooting (415) Product Specifications (419)[...]

  • Page 414

    414[...]

  • Page 415

    MGS3700-12C User’s Guide 415 C HA PT ER 46 Troubleshooting This chapter offers some suggesti ons to solve problems you mi ght encounter . The potential problems are divided into the following categories . • P ower , Hardware Connections, and LEDs • Switch Access and L ogin • Switch Configur ation 46.1 Power , Hardware Connections, and LEDs [...]

  • Page 416

    Chapter 46 Tro u blesh oo tin g MGS3700-12C User’s Guide 416 1 Make sure you understand the n ormal behavior of the LED. See Section 3.3 on page 43 . 2 Check the hardware connections. See the Quick Start Guide and Section 46. 1 on page 415 . 3 Inspect your cables for damage. Cont act the vendor to replace any damaged cables. 4 Disconnect and re-c[...]

  • Page 417

    Chapter 46 Troubleshooting MGS3700-12C User’s Guide 417 • The default IP address is 192.168.1.1 . • If you changed t he IP addre ss, use the new IP address. • If you c hanged the IP address and have f orgotten it, see the troubleshooti ng suggestions for I forgot the IP address for the Swit ch. 2 Check the hardware connections, and ma k e s[...]

  • Page 418

    Chapter 46 Tro u blesh oo tin g MGS3700-12C User’s Guide 418 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator yo u need to allow: • W eb browser pop-up wind ows from your device. • Jav aScripts (enabled by defaul t). • Jav a permissions (enabled by default). I cannot see some of Advanced Application subm[...]

  • Page 419

    MGS3700-12C User’s Guide 419 C HA PT ER 47 Product Specifications The following tables summarize the Swit ch’ s hardware and firmw are feat ures. T able 147 Hardware Specifications SPECIFICATION DESCRIPTION Dimensions Standard 19” rack mountable 438 mm (W) x 225 mm (D) x 44.2 mm (H) W eight 3.6 Kg P ower Specification One Backup Power Supply [...]

  • Page 420

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 420 Storage Environment T emperature: -20ºC ~ 70ºC (-4ºF ~ 158ºF) Humidity: 5 ~ 90% (non-condensing) Ground Wire Gauge 18 A WG or larger P ower Wire Gauge 18 AWG or larger Fuse Specification 250 VAC, T2A External Signal Jack Supports input from fo ur external alarms or oth er devices [...]

  • Page 421

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 421 Classifier and Policy Y ou can create a policy to define actions to be performed on a traffic flow grouped by a classifier according to specific criteria such as the IP address, port number or protocol type, etc. Queuing Queuing is used to help solv e performance degr adation when the[...]

  • Page 422

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 422 Link Aggregation Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. Y ou may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly , single-port link. P [...]

  • Page 423

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 423 T able 149 Feature Specifications Layer 2 Fea t ur e s Bridging 16K MAC addresses Static MAC address filtering by source/destination Broadcast storm control Static MAC address forwarding Switching Switching fabric: 24 Gbps, non-blocking Max. Fr ame size: 13 K bytes Forw arding frame: [...]

  • Page 424

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 424 Layer 3 Fea t ur e s IP Capability IPV4/IPv6 support 64 IPV4/IPV6 Management IPs Wire speed IP forwarding Ro ut i n g protocols Static Routing IP services DHCP/DHCPv6 client DHCP/DHCPv6 re lay VLAN-based DHCP relay DHCP snooping Multicast IGMP snooping (IGMP v1 /v2/v3, 16 VLAN maximum[...]

  • Page 425

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 425 The following list, which is not exhaust ive , illust rates the standards supported in the Switch. Security Static MAC address filtering Static MAC address forwarding MAC Freeze IEEE 802.1x port-based authentication Limiting number of dynamic MAC addresses per port SSH v 1/v 2 SSL Int[...]

  • Page 426

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 426 RFC 2139 RADIUS Accounting RFC 2236 Internet Group Management Protocol, V ersion 2. RFC 2460 IPv6 Specification RFC 2461 Neighbor Discovery for IPv6 RFC 2462 IPv6 Stateless Address Autoconfiguration RFC 2463 ICMPv6 (ICMP for IPv 6) RFC 2698 T wo Rate Three Color Marker (trT CM) RFC 28[...]

  • Page 427

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 427 47.1 Fan Module Removal and Inst allation This section describes how to chan ge a fan module on the Switch. The hot-sw appable fan module is at the le ft on the S witch’ s front panel. Perform the following procedure to remove the fan mo dule in ord er to change a fan fuse or the fa[...]

  • Page 428

    Chapter 47 Product Specifications MGS3700-12C User’s Guide 428[...]

  • Page 429

    429 P ART VII Appendices and Index Common Services (431) Legal Information (435) Index (417)[...]

  • Page 430

    430[...]

  • Page 431

    MGS3700-12C User’s Guide 431 A PPENDIX A Common Services The following table lists some commonl y-used services and their associated protocols and port numbers. F or a comprehe ns ive list of port numbers, ICMP type/ code numbers and services , visit the IANA (Internet Assigned Number Authority) web site. • Name : This is a short, descrip tive [...]

  • Page 432

    Appendix A Com mon Servic es MGS3700-12C User’s Guide 432 ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. FINGER TCP 79 Finge r is a UNIX or Internet related command that can be used to find out if a user is logged on. FTP TCP TCP 20 21 File T ransfer Program, a progr am to [...]

  • Page 433

    Appendix A Common Services MGS3700-12C User’s Guide 433 PPTP_TUNNEL (GRE) User-Defined 47 PPTP (P oint-to-P oint T unneling Protocol) enables secure transfer of data ov er public networks. This is the data channel. RCMD TCP 512 Remote Command Service. REAL_AUDIO TCP 7070 A strea ming audio service that enables real time sound over the web . REXEC[...]

  • Page 434

    Appendix A Com mon Servic es MGS3700-12C User’s Guide 434[...]

  • Page 435

    MGS3700-12C User’s Guide 435 A PPENDIX B 1 1/2012 Legal Information Copyright Copyright © 2011 by Z yXEL Communications Corpor ation. The contents of this publication ma y not be reproduced in any p art or as a whole, transcrib ed, stored in a retriev al syst em, tr anslated into an y language , or transmitted in an y form or by any me ans, elec[...]

  • Page 436

    Appendix B Leg al In fo rm at ion MGS3700-12C User’s Guide 436 • This device may not cause harmful interference. • This dev ice must acc ept any inte rference received, including interference that may cause undesired operations. FCC W arning This device has been tested and found to comply with the limits for a Clas s A digital switch, pursuan[...]

  • Page 437

    Appendix B Legal Information MGS3700-12C User’s Guide 437 Viewing Certifications 1 Go to http://www . zyxel.com . 2 Select your prod uct on the Z yXEL home page to go to that product's page. 3 Select the certification y ou wish to view from this page. ZyXEL Limited W arranty Z yXEL warr ants to the original end user (p urchaser) that this pr[...]

  • Page 438

    Appendix B Leg al In fo rm at ion MGS3700-12C User’s Guide 438[...]

  • Page 439

    Index MGS3700-12C User’s Guide 439 Index Numbers 802.1P priority 11 3 A AAA 255 AAA (Authent ication, Authorization and Accounting) 255 AC power status 101 AC prefer 100 AC prefer trap 371 access control limitations 367 login account 378 remote management 386 service port 385 SNMP 368 accounting 255 setup 261 address learning, MAC 127 , 130 Addre[...]

  • Page 440

    Index MGS3700-12C User’s Guide 440 viewing 437 CFI (Canonical Format Indicator) 11 7 changing the password 52 CIR (Committed Information R ate) 169 Cisco Discovery Protocol, see CDP CIST 152 Class of Service (CoS) 341 classifier 21 1 , 214 and QoS 21 1 editing 214 example 216 overview 21 1 setup 21 1 , 214 viewing 214 cloning a port See port clon[...]

  • Page 441

    Index MGS3700-12C User’s Guide 441 DSCP (DiffServ Code Point) 341 dynamic link aggregation 185 E egress port 135 egress rate, and bandwidth control 171 Error Disable 78 error disable recovery configuration 315 overview 31 1 Ethernet broadcast address 407 Ethernet port test 390 external authentication server 256 F fan speed 101 FCC interference st[...]

  • Page 442

    Index MGS3700-12C User’s Guide 442 profiles 241 IGMP leave timeout fast 243 mormal 242 IGMP snooping 240 and VLANs 24 0 MVR 247 setup 244 IGMP throttling 243 ingress port 135 ingress rate, and bandwidth control 170 installation desktop 31 precautions 32 rack -mounting 32 transceivers 38 installation scenarios 31 introduction 25 IP capability 424 [...]

  • Page 443

    Index MGS3700-12C User’s Guide 443 maximum number per port 207 , 208 MAC address learning 107 , 127 , 130 , 137 , 207 specify limit 207 MAC authentication 195 aging time 203 example 196 setup 202 MAC filter and ARP inspection 272 MAC freeze 20 6 MAC table 403 display criteria 405 how it works 403 sorting criteria 405 transfer type 405 viewing 404[...]

  • Page 444

    Index MGS3700-12C User’s Guide 444 P PAG P 306 password 52 administrator 378 Peak Information Rate (PIR) 169 PHB (Per-Hop Beha vior) 342 ping, test connection 390 PIR (Peak Information R ate) 169 policy 221 , 224 and classifier 221 and DiffServ 219 configuration 221 example 224 overview 219 rules 219 , 220 viewing 223 policy configuration 224 Po [...]

  • Page 445

    Index MGS3700-12C User’s Guide 445 Q QoS 423 and classifier 21 1 Queue weight 230 queue weight 228 queuing 227 SPQ 228 WRR 228 Queuing algorithm 230 Queuing method 230 queuing method 227 R rack -mounting 32 RADIUS 255 , 256 advantages 256 and port authentication 256 and tunnel protocol attribute 265 Network example 256 server 256 settings 257 set[...]

  • Page 446

    Index MGS3700-12C User’s Guide 446 static MAC address 137 static MAC forwarding 127 , 130 , 137 static multicast address 141 static multicast forwarding 141 static route overview 337 static routes 339 static trunking example 192 Static VLAN 122 static VLAN control 124 tagging 124 status 48 , 94 link aggregation 187 MSTP 166 port 94 port details 9[...]

  • Page 447

    Index MGS3700-12C User’s Guide 447 trunking 185 , 42 3 example 192 trusted ports ARP inspection 273 DHCP snooping 270 PPPoE IA 319 tunnel protocol attribute, and RADIUS 265 tutorials 63 DHCP relay 67 DHCP snooping 63 Error Disable 78 PPPoE IA 72 T wo Rate Three Color Marker (TR T CM) 343 Ty p e o f S e r v i c e ( To S ) 341 U UDLD 306 UniDirecti[...]

  • Page 448

    Index MGS3700-12C User’s Guide 448 home 48 login 47 logout 55 navigation panel 49 weight, queuing 228 W eighted R ound R obin Scheduling (WRR) 228 WRR (W eighted R ound Robin Scheduling) 228 Z Z yNOS (Z yXEL Network Operating Sys te m) 364[...]