Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
www.zyxel.com
GS1500-24PWeb Managed GbE Switch
Copyright © 2009 ZyXEL Communications Corporation
Firmware Version 1.00Edition 1, 8/2009
Default Login DetailsIP Address http://192.168.1.1
User Name admin
Password 1234
About This User's Guide
GS1500-24P User’s Guide 3
About This User's Guide
Intended Audience
This manual is intended for people who want to configure the Switch using the web configurator.
Related Documentation
• Support Disc
Refer to the included CD for support documents.
Documentation Feedback
Send your comments, questions or suggestions to: [email protected]
Thank you!
The Technical Writing Team, ZyXEL Communications Corp.,6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan.
Need More Help?
More help is available at www.zyxel.com.
• Download Library
Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the User Guide and Quick Start Guide in order to better understand how to use your product.
• Knowledge Base
If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products.
About This User's Guide
GS1500-24P User’s Guide4
• Forum
This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well.
Customer Support
Should problems arise that cannot be solved by the methods listed above, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device.
See http://www.zyxel.com/web/contact_us.php for contact information. Please have the following information ready when you contact an office.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Document Conventions
GS1500-24P User’s Guide 5
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
Warnings tell you about things that could harm you or your device.
Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Syntax Conventions
• The GS1500-24P may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide.
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.
• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.
Document Conventions
GS1500-24P User’s Guide6
Icons Used in Figures
Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device.
Switch Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
Safety Warnings
GS1500-24P User’s Guide 7
Safety Warnings
• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.• Do NOT store things on the device.• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk
of electric shock from lightning.• Do not obstruct the device ventillation slots as insufficient airflow may harm your device.• Connect ONLY suitable accessories to the device.• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.• Place connecting cables carefully so that no one will step on them or stumble over them.• Always disconnect all cables from this device before servicing or disassembling.• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right
supply voltage (for example, 110V AC in North America or 230V AC in Europe).• Use ONLY power wires of the appropriate wire gauge (see Chapter 24 on page 161 for
details) for your device. Connect it to a power supply of the correct voltage (see Chapter 24 on page 161 for details).
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
• If the power adaptor or cord is damaged, remove it from the device and the power source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
• Fuse Warning! Replace a fuse only with a fuse of the same type and rating.• The length of exposed (bare) power wire should not exceed 7 mm.• For pluggable equipment (equipment that doesn’t have a fixed power connection), the
socket-outlet shall be installed near the equipment and shall be easily accessible (install the device within reach of a power outlet and keep the area free of obstructions).
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately.
Safety Warnings
GS1500-24P User’s Guide8
Contents Overview
GS1500-24P User’s Guide 9
Contents Overview
Introduction and Hardware ................................................................................................... 19
Getting to Know Your Switch ..................................................................................................... 21
Hardware Installation and Connection ....................................................................................... 27
Hardware Panels ....................................................................................................................... 31
Basic Configuration ............................................................................................................... 37
The Web Configurator ............................................................................................................... 39
Initial Setup Example ................................................................................................................. 47
System ...................................................................................................................................... 51
Configuration ......................................................................................................................... 57
Link Aggregation ........................................................................................................................ 59
VLAN ......................................................................................................................................... 67
Spanning Tree Protocol ............................................................................................................. 73
QoS ........................................................................................................................................... 79
Mirroring .................................................................................................................................... 91
SNMP ........................................................................................................................................ 95
Rate Limit ................................................................................................................................ 107
Bandwidth Control and Jumbo Frame ......................................................................................111
Power Over Ethernet ................................................................................................................115
Security ................................................................................................................................. 119
MAC Address ......................................................................................................................... 121
802.1x ...................................................................................................................................... 127
Dynamic ARP .......................................................................................................................... 131
Storm Control ........................................................................................................................... 137
Defence Engine ....................................................................................................................... 139
Monitoring and Tools ........................................................................................................... 141
Monitoring ................................................................................................................................ 143
Tools ........................................................................................................................................ 149
Troubleshooting & Product Specifications ....................................................................... 155
Troubleshooting ....................................................................................................................... 157
Product Specifications ............................................................................................................. 161
Appendices and Index ......................................................................................................... 167
Contents Overview
GS1500-24P User’s Guide10
Table of Contents
GS1500-24P User’s Guide 11
Table of Contents
About This User's Guide ..........................................................................................................3
Document Conventions............................................................................................................5
Safety Warnings........................................................................................................................7
Contents Overview ...................................................................................................................9
Table of Contents.................................................................................................................... 11
Part I: Introduction and Hardware ........................................................ 19
Chapter 1Getting to Know Your Switch................................................................................................. 21
1.1 Introduction .......................................................................................................................... 21
1.1.1 Backbone Application ................................................................................................. 21
1.1.2 Bridging Example ....................................................................................................... 22
1.1.3 High Performance Switching Example ....................................................................... 23
1.1.4 IEEE 802.1Q VLAN Application Examples ................................................................ 23
1.2 Ways to Manage the Switch ................................................................................................ 24
1.3 Good Habits for Managing the Switch ................................................................................. 24
Chapter 2Hardware Installation and Connection ................................................................................. 27
2.1 Installation Scenarios .......................................................................................................... 27
2.2 Desktop Installation Procedure ........................................................................................... 27
2.3 Mounting the Switch on a Rack .......................................................................................... 27
2.3.1 Rack-mounted Installation Requirements .................................................................. 28
2.3.2 Attaching the Mounting Brackets to the Switch .......................................................... 28
2.3.3 Mounting the Switch on a Rack .................................................................................. 29
Chapter 3Hardware Panels ..................................................................................................................... 31
3.1 Overview .............................................................................................................................. 31
3.2 Front Panel ......................................................................................................................... 31
3.2.1 Gigabit Ethernet Ports ............................................................................................... 32
3.2.2 Mini-GBIC Slots .......................................................................................................... 33
3.2.3 The RESET Button ..................................................................................................... 35
Table of Contents
GS1500-24P User’s Guide12
3.3 Rear Panel .......................................................................................................................... 35
3.3.1 Power Connector ....................................................................................................... 35
3.4 LEDs .................................................................................................................................. 35
Part II: Basic Configuration................................................................... 37
Chapter 4The Web Configurator ............................................................................................................ 39
4.1 Overview .............................................................................................................................. 39
4.2 System Login .................................................................................................................... 39
4.3 The Status Screen .......................................................................................................... 40
4.3.1 Change Your Password .......................................................................................... 44
4.4 Saving Your Configuration ................................................................................................... 44
4.5 Switch Lockout .................................................................................................................. 44
4.6 Resetting the Switch ......................................................................................................... 45
4.7 Logging Out of the Web Configurator ................................................................................. 45
Chapter 5Initial Setup Example.............................................................................................................. 47
5.1 Overview .............................................................................................................................. 47
5.1.1 Creating a VLAN ........................................................................................................ 47
5.1.2 Setting Port VID ......................................................................................................... 48
5.2 Configuring Switch Management IP Address ...................................................................... 49
Chapter 6System .................................................................................................................................... 51
6.1 Overview .............................................................................................................................. 51
6.2 What You Can Do ................................................................................................................ 51
6.3 Information ........................................................................................................................ 52
6.4 Time Setting ....................................................................................................................... 53
6.5 IP Setting Screen ............................................................................................................... 53
6.6 User Account ...................................................................................................................... 54
6.7 Port Setting ......................................................................................................................... 55
Part III: Configuration ............................................................................ 57
Chapter 7Link Aggregation .................................................................................................................... 59
7.1 Overview ............................................................................................................................. 59
7.2 What You Can Do ................................................................................................................ 59
Table of Contents
GS1500-24P User’s Guide 13
7.3 What You Need to Know ...................................................................................................... 59
7.3.1 Dynamic Link Aggregation ........................................................................................ 60
7.4 Trunk Group Setting ............................................................................................................ 60
7.5 Trunk Distribution Algorithm ............................................................................................... 62
7.6 LACP Setting ...................................................................................................................... 63
7.7 Technical Reference ............................................................................................................ 64
7.7.1 Static Trunking Example ............................................................................................. 64
Chapter 8VLAN ........................................................................................................................................ 67
8.1 Overview .............................................................................................................................. 67
8.2 What You Can Do ................................................................................................................ 67
8.3 What You Need to Know .................................................................................................... 67
8.3.1 IEEE 802.1Q Tagged VLANs ..................................................................................... 67
8.3.2 Forwarding Tagged and Untagged Frames ................................................................ 68
8.3.3 Common IEEE 802.1Q VLAN terminology ................................................................. 68
8.3.4 Static VLAN ................................................................................................................ 69
8.4 Static VLAN ........................................................................................................................ 70
8.5 Port-based VLAN ............................................................................................................. 71
Chapter 9Spanning Tree Protocol.......................................................................................................... 73
9.1 Overview .............................................................................................................................. 73
9.2 What You Can Do ................................................................................................................ 73
9.3 What You Need to Know ...................................................................................................... 73
9.3.1 STP Terminology ....................................................................................................... 74
9.3.2 How STP Works ........................................................................................................ 74
9.3.3 STP Port States ......................................................................................................... 74
9.4 STP Global Setting .............................................................................................................. 75
9.5 STP Port Setting .................................................................................................................. 77
Chapter 10QoS........................................................................................................................................... 79
10.1 Overview ........................................................................................................................... 79
10.2 What You Can Do .............................................................................................................. 79
10.3 What You Need to Know .................................................................................................... 80
10.3.1 DiffServ .................................................................................................................... 80
10.3.2 DSCP and Per-Hop Behavior .................................................................................. 80
10.3.3 DiffServ Network Example ...................................................................................... 81
10.4 Port-based Priority ............................................................................................................. 81
10.5 DSCP-to-IEEE 802.1p Priority Settings ............................................................................. 82
10.5.1 DSCP-based Priority ................................................................................................ 83
10.6 Policy-based Priority .......................................................................................................... 83
Table of Contents
GS1500-24P User’s Guide14
10.6.1 Policy-based Priority - Add/Modify ........................................................................... 85
10.7 Priority to Queue Mapping ................................................................................................. 86
10.8 Packet Scheduling ............................................................................................................. 87
10.8.1 Strictly Priority Queuing ............................................................................................ 87
10.8.2 Weighted Fair Queuing ............................................................................................ 88
10.8.3 Weighted Round Robin Scheduling (WRR) ............................................................. 88
Chapter 11Mirroring .................................................................................................................................. 91
11.1 Overview ........................................................................................................................... 91
11.2 What You Can Do .............................................................................................................. 91
11.3 Port-based Mirroring .......................................................................................................... 92
11.4 Policy-based Mirroring ....................................................................................................... 93
11.4.1 Policy-based Mirroring - Add/Modify ........................................................................ 93
Chapter 12SNMP........................................................................................................................................ 95
12.1 Overview .......................................................................................................................... 95
12.2 What You Can Do .............................................................................................................. 95
12.3 What You Need to Know .................................................................................................... 95
12.3.1 About SNMP ........................................................................................................... 95
12.4 SNMP Setting .................................................................................................................... 97
12.5 SNMPv3 Setting ................................................................................................................ 99
12.6 Technical Reference ........................................................................................................ 103
Chapter 13Rate Limit............................................................................................................................... 107
13.1 Rate Limit Overview ....................................................................................................... 107
13.2 What You Can Do ............................................................................................................ 107
13.3 Rate Limit Summary ........................................................................................................ 107
13.3.1 Rate Limit Add/Modify ........................................................................................... 108
Chapter 14Bandwidth Control and Jumbo Frame................................................................................ 111
14.1 Bandwidth Control and Jumbo Frame Overview .............................................................111
14.2 What You Can Do .............................................................................................................111
14.3 Bandwidth Control ............................................................................................................112
14.4 Jumbo Frame Setting .......................................................................................................113
Chapter 15Power Over Ethernet ............................................................................................................ 115
15.1 Power Over Ethernet Overview .......................................................................................115
15.2 What You Can Do .............................................................................................................115
Table of Contents
GS1500-24P User’s Guide 15
15.3 Power Over Ethernet ........................................................................................................116
Part IV: Security ....................................................................................119
Chapter 16 MAC Address ....................................................................................................................... 121
16.1 Overview .......................................................................................................................... 121
16.2 What You Can Do ............................................................................................................ 121
16.2.1 MAC Forwarding Table ........................................................................................... 122
16.2.2 Static MAC Address Forwarding ............................................................................ 122
16.3 MAC Forwarding Table .................................................................................................... 123
16.4 Static MAC ....................................................................................................................... 123
16.5 MAC Filtering ................................................................................................................... 124
Chapter 17802.1x..................................................................................................................................... 127
17.1 Overview ......................................................................................................................... 127
17.2 What You Can Do ............................................................................................................ 127
17.3 What You Need to Know .................................................................................................. 128
17.3.1 IEEE 802.1x Authentication ................................................................................... 128
17.4 Port Authentication Configuration .................................................................................... 128
17.5 802.1x Setting .............................................................................................................. 129
17.6 802.1x Port Setting ...................................................................................................... 130
Chapter 18Dynamic ARP ........................................................................................................................ 131
18.1 ARP Table Overview ........................................................................................................ 131
18.2 What You Can Do ............................................................................................................ 131
18.3 What You Need to Know .................................................................................................. 131
18.3.1 ARP Table Entries .................................................................................................. 132
18.3.2 How Dynamic ARP Works ..................................................................................... 132
18.3.3 ARP Inspection Overview ...................................................................................... 132
18.3.4 MAC-IP Binding ...................................................................................................... 133
18.4 Dynamic ARP Setting ...................................................................................................... 133
18.5 Dynamic ARP VLAN Setting ............................................................................................ 134
18.6 MAC-IP Binding Config .................................................................................................... 135
Chapter 19Storm Control........................................................................................................................ 137
19.1 Overview ......................................................................................................................... 137
19.2 What You Can Do ............................................................................................................ 137
Table of Contents
GS1500-24P User’s Guide16
19.3 Storm Control Setting ...................................................................................................... 138
Chapter 20Defence Engine..................................................................................................................... 139
20.1 Overview ......................................................................................................................... 139
20.2 What You Can Do ............................................................................................................ 139
20.3 Activating Defence Engine .............................................................................................. 139
Part V: Monitoring and Tools .............................................................. 141
Chapter 21Monitoring ............................................................................................................................. 143
21.1 Overview .......................................................................................................................... 143
21.2 What You Can Do ............................................................................................................ 143
21.3 Logging Setting ............................................................................................................... 143
21.4 Logging Viewing .............................................................................................................. 145
21.5 Port Statistics ................................................................................................................... 147
Chapter 22Tools....................................................................................................................................... 149
22.1 Overview .......................................................................................................................... 149
22.2 What You Can Do ............................................................................................................ 149
22.3 TFTP ................................................................................................................................ 149
22.4 Reset ............................................................................................................................... 151
22.5 Reboot ............................................................................................................................. 151
Part VI: Troubleshooting & Product Specifications.......................... 155
Chapter 23Troubleshooting.................................................................................................................... 157
23.1 Power, Hardware Connections, and LEDs ...................................................................... 157
23.2 Switch Access and Login ................................................................................................. 158
Chapter 24Product Specifications .........................................................................................................161
Part VII: Appendices and Index .......................................................... 167
Appendix A Changing a Fuse .............................................................................................. 169
Table of Contents
GS1500-24P User’s Guide 17
Appendix B Common Services............................................................................................. 171
Appendix C Legal Information .............................................................................................. 175
Index....................................................................................................................................... 179
Table of Contents
GS1500-24P User’s Guide18
19
PART IIntroduction and
Hardware
Getting to Know Your Switch (21)
Hardware Installation and Connection (27)
Hardware Panels (31)
20
GS1500-24P User’s Guide 21
CHAPTER 1 Getting to Know Your Switch
1.1 Introduction
This chapter introduces the main features and applications of the Switch.
The Switch is a web managed switch with Layer 2 functions. The Switch has twenty-four 10/100/1000 Mbps Ethernet ports each with Power-Over-Ethernet (PoE) function. It also has four GbE dual personality interfaces with each interface comprising one mini-GBIC slot and one 100/1000 Mbps RJ-45 port, with either port or slot active at a time.
With its built-in web configurator, managing and configuring the Switch is easy. In addition, the Switch can also be managed via Telnet, or third-party SNMP management.
See Chapter 24 on page 161 for a full list of software features available on the Switch.
This section shows a few examples of using the Switch in various network environments.
1.1.1 Backbone Application
The Switch is an ideal solution for small networks where rapid growth can be expected in the near future. The Switch can be used standalone for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch.
Chapter 1 Getting to Know Your Switch
GS1500-24P User’s Guide22
In this example, all computers can share high-speed applications on the server. To expand the network, simply add more networking devices such as switches, routers, computers, print servers etc.
Figure 1 Backbone Application
1.1.2 Bridging Example
In this example, the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch.
Moreover, the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location.
Figure 2 Bridging Application
Chapter 1 Getting to Know Your Switch
GS1500-24P User’s Guide 23
1.1.3 High Performance Switching Example
The Switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks.
Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance. The Switch can provide the same bandwidth as ATM at much lower cost while still being able to use existing adapters and switches. Moreover, the current LAN structure can be retained as all ports can freely communicate with each other.
Figure 3 High Performance Switched Workgroup Application
1.1.4 IEEE 802.1Q VLAN Application Examples
A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group. A station can belong to more than one group. With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s) unless such traffic first goes through a router.
For more information on VLANs, refer to Chapter 8 on page 67.
1.1.4.1 Tag-based VLAN Example
Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic. VLAN groups can be modified at any time by adding, moving or changing ports without any re-cabling.
Chapter 1 Getting to Know Your Switch
GS1500-24P User’s Guide24
Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too.
Figure 4 Shared Server Using VLAN Example
1.2 Ways to Manage the Switch
Use any of the following methods to manage the Switch.
• Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page 39.
• TFTP. Use TFTP for firmware upgrades and configuration backup/restore. See Chapter 22 on page 149.
• SNMP. The Switch can be monitored by an SNMP manager. See Chapter 12 on page 95.
1.3 Good Habits for Managing the Switch
Do the following things regularly to make the Switch more secure and to manage the Switch more effectively.
• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
• Write down the password and put it in a safe place.
Chapter 1 Getting to Know Your Switch
GS1500-24P User’s Guide 25
• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration.
Chapter 1 Getting to Know Your Switch
GS1500-24P User’s Guide26
GS1500-24P User’s Guide 27
CHAPTER 2 Hardware Installation and
Connection
2.1 Installation Scenarios
This chapter shows you how to install and connect the Switch.
The Switch can be placed on a desktop or rack-mounted on a standard EIA rack. Use the rubber feet in a desktop installation and the brackets in a rack-mounted installation.
Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations.
2.2 Desktop Installation Procedure
1 Make sure the Switch is clean and dry.
2 Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and the connected cables. Make sure there is a power outlet nearby.
3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord.
2.3 Mounting the Switch on a Rack
The Switch can be mounted on an EIA standard size, 19-inch rack or in a wiring closet with other equipment. Follow the steps below to mount your Switch on a standard EIA rack using a rack-mounting kit.
Chapter 2 Hardware Installation and Connection
GS1500-24P User’s Guide28
2.3.1 Rack-mounted Installation Requirements
• Two mounting brackets.
• Eight M3 flat head screws and a #2 Philips screwdriver.
• Four M5 flat head screws and a #2 Philips screwdriver.
Failure to use the proper screws may damage the unit.
2.3.1.1 Precautions • Make sure the rack will safely support the combined weight of all the equipment
it contains.
• Make sure the position of the Switch does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit.
2.3.2 Attaching the Mounting Brackets to the Switch
1 Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket with the screw holes on the side of the Switch.
Figure 5 Attaching the Mounting Brackets
2 Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes into the Switch.
3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch.
4 You may now mount the Switch on a rack. Proceed to the next section.
Chapter 2 Hardware Installation and Connection
GS1500-24P User’s Guide 29
2.3.3 Mounting the Switch on a Rack
1 Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack.
Figure 6 Mounting the Switch on a Rack
2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack.
3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack.
Chapter 2 Hardware Installation and Connection
GS1500-24P User’s Guide30
GS1500-24P User’s Guide 31
CHAPTER 3 Hardware Panels
3.1 Overview
This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections.
3.2 Front Panel
The following figure shows the front panel of the Switch.
Figure 7 Front Panel
The following table describes the port labels on the front panel.
Ethernet Ports Dual Personality Interfaces
LEDs
Table 1 Front Panel Connections
LABEL DESCRIPTION
24 10/100/1000 RJ-45 Ethernet Ports
Connect these ports to a computer, a hub, an Ethernet switch or router.
Chapter 3 Hardware Panels
GS1500-24P User’s Guide32
3.2.1 Gigabit Ethernet Ports
The Switch has 1000Base-T auto-negotiating, auto-crossover Ethernet ports. In 10/100/1000 Mbps Gigabit, the speed can be 10 Mbps, 100 Mbps or 1000 Mbps and the duplex mode can be half duplex or full duplex.
An auto-negotiating port can detect and adjust to the optimum Ethernet speed (10/100/1000 Mbps) and duplex mode (full duplex or half duplex) of the connected device.
An auto-crossover (auto-MDI/MDI-X) port automatically works with a straight-through or crossover Ethernet cable.
Four 1000Base-T Ethernet ports are paired with a mini-GBIC slot to create a dual personality interface. The Switch uses up to one connection for each mini-GBIC and 1000Base-T Ethernet pair. The mini-GBIC slots have priority over the Gigabit ports. This means that if a mini-GBIC slot and the corresponding GbE port are connected at the same time, the GbE port will be disabled.
When auto-negotiation is turned on, an Ethernet port negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer Ethernet port does not support auto-negotiation or turns off this feature, the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the Switch’s auto-negotiation is turned off, an Ethernet port uses the pre-configured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect.
3.2.1.1 Default Ethernet Negotiation Settings
The factory default negotiation settings for the Gigabit ports on the Switch are:
• Speed: Auto
• Duplex: Auto
Four Dual Personality Interfaces
Each interface has one 1000BASE-T RJ-45 port and one Small Form-Factor Pluggable (SFP) slot (also called a mini-GBIC slot), with one port or transceiver active at a time.
• Four 100/1000 Mbps RJ-45 Ports:Connect these ports to high-bandwidth backbone network Ethernet switches using 1000BASE-T compatible Category 5/5e/6 copper cables.
• Four Mini-GBIC Slots:Use mini-GBIC transceivers in these slots for connections to backbone Ethernet switches.
Table 1 Front Panel Connections (continued)
LABEL DESCRIPTION
Chapter 3 Hardware Panels
GS1500-24P User’s Guide 33
• Flow control: Off
• Link Aggregation: Disabled
3.2.1.2 Auto-crossover
All ports are auto-crossover, that is auto-MDIX ports (Media Dependent Interface Crossover), so you may use either a straight-through Ethernet cable or crossover Ethernet cable for all Gigabit port connections. Auto-crossover ports automatically sense whether they need to function as crossover or straight ports, so crossover cables can connect both computers and switches/hubs.
3.2.2 Mini-GBIC Slots
These are slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The Switch does not come with transceivers. You must use transceivers that comply with the Small Form-factor Pluggable (SFP) Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details.
You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors.
To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors.
• Type: SFP connection interface
• Connection speed: 1 Gigabit per second (Gbps)
3.2.2.1 Transceiver Installation
Use the following steps to install a mini-GBIC transceiver (SFP module).
1 Insert the transceiver into the slot with the exposed section of PCB board facing down.
2 Press the transceiver firmly until it clicks into place.
3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly.
4 Close the transceiver’s latch (latch styles vary).
Chapter 3 Hardware Panels
GS1500-24P User’s Guide34
5 Connect the fiber optic cables to the transceiver.
Figure 8 Transceiver Installation Example
Figure 9 Connecting the Fiber Optic Cables
3.2.2.2 Transceiver Removal
Use the following steps to remove a mini-GBIC transceiver (SFP module).
1 Remove the fiber optic cables from the transceiver.
2 Open the transceiver’s latch (latch styles vary).
3 Pull the transceiver out of the slot.
Figure 10 Removing the Fiber Optic Cables
Figure 11 Opening the Transceiver’s Latch Example
Figure 12 Transceiver Removal Example
Chapter 3 Hardware Panels
GS1500-24P User’s Guide 35
3.2.3 The RESET Button
Reset the Switch to its factory default configuration via the RESET button. Press the RESET button for one second and release. The Switch automatically reboots and reloads its factory default configuration file. The RESET button is on the front panel of the Switch.
3.3 Rear Panel
The following figure shows the rear panel of the Switch.
Figure 13 Rear Panel
3.3.1 Power Connector
Note: Make sure you are using the correct power source as shown on the panel.
To connect power to the Switch, insert the female end of the power cord to the AC power receptacle on the rear panel. Connect the other end of the supplied power cord to a power outlet. Make sure that no objects obstruct the airflow of the unit.
See Chapter 24 on page 161 for information on the Switch’s power supply requirements.
3.4 LEDs
After you connect the power to the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting.
Table 2 LED Descriptions
LED COLOR STATUS DESCRIPTION
PWR Green On The system is turned on.
Off The system is off or has failed.
Chapter 3 Hardware Panels
GS1500-24P User’s Guide36
SYS Green On The system is on and functioning properly.
Blinking The system is rebooting and performing self-diagnostic tests.
Off The power is off or the system is not ready/malfunctioning.
Ethernet Ports
LNK/ACT Green Blinking The system is transmitting/receiving to/from a 10 Mbps or a 1000 Mbps Ethernet network.
On The link to a 10 Mbps or a 1000 Mbps Ethernet network is up.
Amber Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network.
On The link to a 100 Mbps Ethernet network is up.
Off The link to an Ethernet network is down.
PoE Amber On The port is feeding power.
Off The port is not feeding power.
FDX Amber On The port is in full-duplex mode.
Off The port is in half-duplex mode.
Mini-GBIC Slots
LNK Green On The link to this port is up.
Off The link to this port is not connected.
ACT Green Blinking This port is receiving or transmitting data.
Table 2 LED Descriptions (continued)
LED COLOR STATUS DESCRIPTION
37
PART IIBasic Configuration
The Web Configurator (39)
Initial Setup Example (47)
System (51)
38
GS1500-24P User’s Guide 39
CHAPTER 4 The Web Configurator
4.1 Overview
This section introduces the configuration and functions of the web configurator.
The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
4.2 System Login
1 Start your web browser.
2 Type “http://” and the IP address of the Switch (for example, the default management IP address is 192.168.1.1) in the Location or Address field. Press [ENTER].
Chapter 4 The Web Configurator
GS1500-24P User’s Guide40
3 The login screen appears. The default username is admin and associated default password is 1234.
Figure 14 Web Configurator: Login
4 Click OK to view the first web configurator screen.
4.3 The Status Screen
The Status screen is the first screen that displays when you access the web configurator.
The following figure shows the navigating components of a web configurator screen.
Figure 15 Web Configurator Home Screen (Status)
A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. There is also a logout link.
B - The device graphic displays information regarding current port usage.
A
B
C
Chapter 4 The Web Configurator
GS1500-24P User’s Guide 41
C - Displays system information such as MAC address and firmware version.
In the navigation panel, click a main link to reveal a list of submenu links.
The following table describes the links in the navigation panel.
Table 3 Navigation Panel Sub-links Overview
SYSTEM CONFIGURATION SECURITY MONITORING TOOLS
Table 4 Navigation Panel Links
LINK DESCRIPTION
SYSTEM
Information This link takes you to a screen that displays general system information.
Time Setting This link takes you to a screen where you can configure the Switch’s time settings.
IP Setting This link takes you to a screen where you can configure the IP address, subnet mask and gateway settings.
User Account This link takes you to a screen where you can change the web configurator login account.
Port Setting This link takes you to a screen where you can configure settings for individual Switch ports.
Chapter 4 The Web Configurator
GS1500-24P User’s Guide42
CONFIGURATION
Link Aggregation
This sub-menu takes you to screens where you can logically aggregate physical links to form one logical, higher-bandwidth link.
Trunk Group Setting
This link takes you to a screen where you can assign ports to be part of a trunk group.
Trunk Distribution Algorithim
This link takes you to a screen where you can configure the trunk distribution algorithm for the trunk groups.
LACP Setting
This link takes you to a screen where you can enable Link Aggregation Control Protocol (LACP)
VLAN This sub-menu takes you to screens where you can configure a port-based VLAN.
Static VLAN This link takes you to a screen where you can configure the static VLAN (IEEE 802.1Q) settings on a port.
Port-based VLAN
This link takes you to a screen where you can configure the port VLAN ID (PVID) for a port.
Spanning Tree This sub-menu takes you to screens where you can configure the RSTP to prevent network loops.
STP Global Setting
This link takes you to a screen where you can configure the global spanning tree settings for the Switch.
STP Port Setting
This link takes you to a screen where you can configure individual port spanning tree settings.
QoS This sub-menu takes you to screens where you can configure the Switch’s quality of service (QoS) parameters.
Port-based priority
This link takes you to a screen where you can assign a IEEE 802.1p priority to packets based on the ingress (incoming) port of the packet.
DSCP-based priority
This link takes you to a screen where you can assign priority to packets based on their Differentiated Services Code Points (DSCPs).
Policy-based priority
This link takes you to a screen where you can classify and prioritize certain traffic flows.
Priority to Queue Mapping Setting
This link takes you to a screen where you can configure the priority level-to-physical queue mapping.
Packet Scheduling
This link takes you to a screen where you can set priorities for the Switch queues.
Mirroring This sub-menu takes you to screens where you can copy traffic from one port or ports to another port in order that you can examine the traffic from the first port without interference.
Port-based Mirroring
This link takes you to a screen where you can configure port-based mirroring.
Policy-based Mirroring
This link takes you to a screen where you can classify an ingress traffic flow for mirroring.
Table 4 Navigation Panel Links (continued)
LINK DESCRIPTION
Chapter 4 The Web Configurator
GS1500-24P User’s Guide 43
SNMP This sub-menu takes you to screens where you can configure the Simple Network Management Protocol (SNMP) settings.
SNMP Setting
This link takes you to a screen where you can configure your SNMP settings.
SNMPv3 Setting
This link takes you to a screen where you can configure your SNMP v3 settings.
Rate Limit This link takes you to a screen where you can configure rate limits for traffic flows.
Bandwidth Control
This link takes you to a screen where you can configure bandwidth limits on the Switch.
Jumbo Frame This link takes you to a screen where you can configure the Jumbo Frame size.
Power Over Ethernet
This link takes you to a screen where you can configure the Power Over Ethernet settings (PoE).
SECURITY
MAC Address This sub-menu takes you to screens where you can configure MAC address options.
MAC Forwarding Table
This link takes you to a screen that displays static and dynamic MAC forwarding entries.
Static MAC This link takes you to a screen where you can assign static MAC addresses for a port.
MAC Filtering
This link takes you to a screen where you can create filtering rules for traffic going through the Switch.
802.1x This sub-menu takes you to screens where you can configure IEEE 802.1x port authentication for clients communicating via the Switch.
802.1x Setting
This link takes you to a screen where you can activate IEEE 802.1x security and configure the RADIUS server settings.
802.1x Port Setting
This link takes you to a screen where you can configure IEEE 802.1x port authentication settings.
Dynamic ARP This sub-menu takes you to screens where you can activate dynamic Address Resolution Protocol (ARP) learning and enter static ARP table entries.
Dynamic ARP Setting
This link takes you to a screen where you can specify whether ports are trusted or untrusted ports for ARP inspection.
Dynamic ARP VLAN Setting
This link takes you to a screen where you can enable ARP inspection on each VLAN.
MAC-IP Binding
This link takes you to a screen where you can manage static MAC-IP bindings for DHCP snooping and ARP inspection.
Storm Control This link takes you to a screen where you can limit the number of broadcast, multicast and unknown unicast and multicast packets the Switch receives per second on the ports.
Defence Engine
This link takes you to a screen where you can enable the Defence Engine to prevent the CPU from being flooded with unknown unicast/multicast packets.
Table 4 Navigation Panel Links (continued)
LINK DESCRIPTION
Chapter 4 The Web Configurator
GS1500-24P User’s Guide44
4.3.1 Change Your Password
After you log in for the first time, it is recommended you change the default administrator password. Click System > User Account to display the next screen.
Figure 16 Change Administrator Login Password
4.4 Saving Your Configuration
When you are done modifying the settings in a screen, click the Apply button to save your changes to the Switch.
4.5 Switch Lockout
You could block yourself (and all others) from managing the Switch if you do one of the following:
MONITORING
Logging This sub-menu takes you to screens where you can view and setup system logs.
Logging Setting
This link takes you to a screen where you can configure log settings.
Logging Viewing
This link takes you to a screen where you can view system logs.
Port Statistics This link takes you to a screen where you can view port statistics.
TOOLS
TFTP This link takes you to a screen where you can perform firmware and configuration file maintenance.
Reset This link takes you to a screen where you can reset the switch to factory default settings.
Reboot This link takes you to a screen where you can reboot the switch.
Table 4 Navigation Panel Links (continued)
LINK DESCRIPTION
Chapter 4 The Web Configurator
GS1500-24P User’s Guide 45
1 Disable all ports.
2 Forget the password and/or IP address.
3 Prevent all services from accessing the Switch.
Note: Be careful not to lock yourself and others out of the Switch.
4.6 Resetting the Switch
If you lock yourself (and others) from the Switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the Switch back to the factory defaults.
4.7 Logging Out of the Web Configurator
Click Logout in the navigation panel to exit the web configurator. You have to log in with your password again after you log out. This is recommended after you finish a management session for security reasons.
Figure 17 Web Configurator: Logout
Chapter 4 The Web Configurator
GS1500-24P User’s Guide46
GS1500-24P User’s Guide 47
CHAPTER 5 Initial Setup Example
5.1 Overview
This chapter shows how to set up the Switch for an example network.
The following lists the configuration steps for the initial setup:
• Create a VLAN
• Set port VLAN ID
• Configure the Switch IP management address
5.1.1 Creating a VLAN
VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members.
In this example, you want to configure port 1 as a member of VLAN 2.
Figure 18 Initial Setup Network Example: VLAN
Chapter 5 Initial Setup Example
GS1500-24P User’s Guide48
1 Click Configuration > VLAN > Static VLAN in the navigation panel and the following screen will display.
2 In the Static VLAN screen, enter 2 in the VLAN ID field and enter a descriptive name in the VLAN Name field for the VLAN group.
3 Since the VLAN2 network is connected to port 1 on the Switch, select Untagged on port 1 to make it a permanent member of the VLAN2 group only.
4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, make sure Untagged is selected as above so the Switch removes VLAN tags before sending.
5 Click Add / Modify to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.
5.1.2 Setting Port VID
Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines.
Chapter 5 Initial Setup Example
GS1500-24P User’s Guide 49
In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2.
Figure 19 Initial Setup Network Example: Port VID
1 Click Configuration > VLAN > Port-based VLAN in the navigation panel.
2 Enter 2 in the PVID field for port 1 and click Apply to save your changes.
5.2 Configuring Switch Management IP Address
The default management IP address of the Switch is 192.168.1.1. You can change it by following the example below.
1 Connect your computer to any Ethernet port on the Switch. Make sure your computer is in the same subnet as the Switch.
Chapter 5 Initial Setup Example
GS1500-24P User’s Guide50
2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator. See Section 4.2 on page 39 for more information.
3 Click System> IP Setting in the navigation panel.
4 Configure the IP fields and click Apply to save your changes to the switch.
GS1500-24P User’s Guide 51
CHAPTER 6 System
6.1 Overview
This chapter describes how to configure the Information, Time Setting, IP Setting, User Account and Port Setting screens.
The Information screen displays general Switch information (such as firmware version number). The Time Setting screen allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch. The real time is then displayed in the Switch logs. The IP Setting screen allows you to configure a Switch IP address for management purposes. The User Account screen allows you to configure a login account for the web configurator. The Port Setting screen allows you to configure Switch port settings.
6.2 What You Can Do• Use the Information screen (Section 6.3 on page 52) to check the firmware
version number.
• Use the Time Setting screen (Section 6.4 on page 53) to configure the system time.
• Use the IP Setting screen (Section 6.5 on page 53) to configure the Switch IP address and default gateway.
• Use the User Account screen (Section 6.6 on page 54) to configure a login account for the web configurator.
• Use the Port Setting screen (Section 6.7 on page 55) to configure Switch port settings.
Chapter 6 System
GS1500-24P User’s Guide52
6.3 Information
In the navigation panel, click System > Information to display the screen as shown.
Figure 20 System > Information
The following table describes the labels in this screen.
Table 5 System > Information
LABEL DESCRIPTION
Device Type This field displays the descriptive name of the Switch for identification purposes.
MAC Address This field refers to the Ethernet MAC (Media Access Control) address of the Switch.
IP Address This field displays the IP address of the Switch.
Netmask This field displays the IP subnet mask of the IP address.
Gateway This field displays the IP address of the gateway.
Firmware Version
This field displays the version number of the Switch 's current firmware.
Firmware Date
This field displays the date the Switch 's current firmware was created.
Chapter 6 System
GS1500-24P User’s Guide 53
6.4 Time Setting
Use this screen to configure the time settings of the Switch. Click System > Time Setting in the navigation panel to display the screen as shown.
Figure 21 System > Time Setting
The following table describes the labels in this screen.
6.5 IP Setting Screen
Use the IP Setting screen to configure the Switch IP address and the default gateway device. The gateway field specifies the IP address of the gateway (next hop) for outgoing traffic.
The Switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0.
Table 6 System > Time Setting
LABEL DESCRIPTION
SNTP Select Enable to use Simple Network Time Protocol (SNTP) or Disable to set the time manually.
Time Server IP Address
If SNTP is enabled, enter the IP address of the time server you will use. Click Apply to save your changes to the Switch and to update the time.
Time (hh:mm:ss)
Enter the new time in hour, minute and second format.
Date (yyyy-mm-dd)
Enter the new date in year, month and day format.
Time Zone Select the time difference between UTC (Universal Time Coordinated, formerly known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box.
Apply Click Apply to save your changes to the Switch.
Chapter 6 System
GS1500-24P User’s Guide54
Click System > IP Setting in the navigation panel to display the screen as shown.
Figure 22 System > IP Setting
The following table describes the labels in this screen.
6.6 User Account
Use the User Account screen to configure the web configurator login details. Click System > User Account in the navigation panel to display the screen as shown.
Note: It is highly recommended that you change the default password (1234).
Figure 23 System > User Account
Table 7 System > IP Setting
LABEL DESCRIPTION
Mode Select Static IP from the drop-down box if you don’t have a DHCP server or if you wish to assign static IP address information to the Switch. You need to fill in the following fields when you select this option.
Select DHCP option if you have a DHCP server that can assign the Switch an IP address, subnet mask and a gateway IP address automatically.
IP Address Enter the IP address of your Switch in dotted decimal notation for example 192.168.1.1.
Subnet Mask Enter the IP subnet mask of your Switch in dotted decimal notation for example 255.255.255.0.
Gateway Enter the IP address of the gateway in dotted decimal notation.
Apply Click Apply to save your changes to the Switch.
Chapter 6 System
GS1500-24P User’s Guide 55
The following table describes the labels in this screen.
6.7 Port Setting
Use this screen to configure Switch port settings. Click System > Port Setting in the navigation panel to display the screen as shown.
Figure 24 System > Port Setting
The following table describes the labels in this screen.
Table 8 System > User Account
LABEL DESCRIPTION
New Username Enter your new username.
New Password Enter your new system password.
Retype Password Retype your new system password for confirmation.
Apply Click Apply to save your changes to the switch.
Table 9 System > Port Setting
LABEL DESCRIPTION
Port Select the port(s) from the list box that you will change the port settings for. Hold down [Shift] or [CTRL] to highlight more than one port from the list box.
State Select Enable from the drop-down box to enable a port. The factory default for all ports is enabled. A port must be enabled for data transmission to occur. Select Disable to not use a port.
Chapter 6 System
GS1500-24P User’s Guide56
Speed/Duplex
Select the speed and the duplex mode of the Ethernet connection on this port. Choices are Auto, 10M/Half, 10M/Full, 100M/Half, 100M/Full and 1000M/Full (Gigabit connections only).
Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the Switch’s auto-negotiation is turned off, a port uses the pre-configured speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer port are the same in order to connect.
Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port.
The Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode.
IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill.
Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later. Select Flow Control to enable it.
Apply Click Apply to save your changes to the Switch.
Port The Port column displays the port number.
State The State column indicates if the port is Enabled or Disabled.
Speed/Duplex
Config The Config column displays the port’s Speed/Duplex configuration.
Actual The Actual column displays the port’s current Speed/Duplex status.
Flow Control
Config The Config column displays if Flow Control has been configured to be turned On or Off for the port.
Actual The Actual column displays the port’s current Flow Control status.
Table 9 System > Port Setting (continued)
LABEL DESCRIPTION
57
PART IIIConfiguration
Link Aggregation (59)
VLAN (67)
Spanning Tree Protocol (73)
QoS (79)
Mirroring (91)
SNMP (95)
Rate Limit (107)
Bandwidth Control and Jumbo Frame (111)
Power Over Ethernet (115)
58
GS1500-24P User’s Guide 59
CHAPTER 7 Link Aggregation
7.1 Overview
This chapter shows you how to logically aggregate physical links to form one logical, higher-bandwidth link.
Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link. However, the more ports you aggregate then the fewer available ports you have. A trunk group is one logical link containing multiple ports.
The beginning port of each trunk group must be physically connected to form a trunk group.
7.2 What You Can Do• Use the Trunk Group Setting screen (Section 7.4 on page 60) to assign ports
to be part of a trunk group.
• Use the Trunk Distribution Algorithm screen (Section 7.5 on page 62) to configure the trunk distribution algorithm for the trunk groups.
• Use the LACP Setting screen (Section 7.6 on page 63) to enable Link Aggregation Control Protocol (LACP).
7.3 What You Need to Know
The Switch supports both static and dynamic link aggregation.
Note: In a properly planned network, it is recommended to implement static link aggregation only. This ensures increased network stability and control over the trunk groups on your Switch.
See Section 7.7.1 on page 64 for a static port trunking example.
Chapter 7 Link Aggregation
GS1500-24P User’s Guide60
7.3.1 Dynamic Link Aggregation
The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port trunking.
The IEEE 802.3ad standard describes the Link Aggregation Control Protocol (LACP) for dynamically creating and managing trunk groups.
When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that is, if an operational port fails, then one of the “standby” ports become operational without user intervention. Please note that:
• You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking.
• LACP only works on full-duplex links.
• All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings.
Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops.
7.4 Trunk Group Setting
Click Configuration > Link Aggregation > Trunk Group Setting in the navigation panel to view the screen as shown.
Figure 25 Configuration > Link Aggregation > Trunk Group Setting
Chapter 7 Link Aggregation
GS1500-24P User’s Guide 61
The following table describes the labels in this screen.
Table 10 Configuration > Link Aggregation > Trunk Group Setting
LABEL DESCRIPTION
Group ID Select the group ID This field displays the group ID to identify a trunk group, that is, one logical link containing multiple ports.
Type Select Static if the ports are to be configured as static members of a trunk group.
Select LACP if the ports are to be configured to join a trunk group via LACP.
Ports Select the ports to be added to the trunk group.
LACP Active Select the LACP active ports to be added to the trunk group. This field is active when LACP is selected as the Type.
Add / Modify Click Add / Modify to save your changes to the Switch.
Group ID This field displays the group ID to identify a trunk group, that is, one logical link containing multiple ports.
Type This field displays Static if the ports are configured as static members of the trunk group.
This field displays LACP if the ports are configured to be part of the trunk group via LACP.
Ports This field displays the ports that are part of the trunk group.
LACP Active/Passive
The first number in this field displays the number of ports that have LACP activated. The second number displays the number of ports that do not have LACP activated.
Select Select the check box for a trunk group setting and click Delete to remove all settings from the selected trunk group.
Delete Click Delete to remove any selected trunk groups.
Select All Click Select All to select all trunk group settings.
Chapter 7 Link Aggregation
GS1500-24P User’s Guide62
7.5 Trunk Distribution Algorithm
Click Configuration > Link Aggregation > Trunk Distribution Algorithm to display the screen shown next. See Section 7.1 on page 59 for more information on link aggregation.
Figure 26 Configuration > Link Aggregation > Trunk Distribution Algorithm Setting
The following table describes the labels in this screen.
Table 11 Configuration > Link Aggregation > Trunk Distribution Algorithm Setting
LABEL DESCRIPTION
Group ID Select the link aggregation group for which the Distribution Algorithm Parameters will be changed.
Distribution Algorithm Parameters
Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the Source MAC distribution type. If the Switch is behind a router, the packet’s destination or source MAC address will be changed. In this case, set the Switch to distribute traffic based on its IP address to make sure port trunking can work properly.
Select Source Port to distribute traffic based on the packet’s source port.
Select Source MAC to distribute traffic based on the packet’s source MAC address.
Select Destination MAC to distribute traffic based on the packet’s destination MAC address.
Select Source IP to distribute traffic based on the packet’s source IP address.
Select Destination IP to distribute traffic based on the packet’s destination IP address.
Apply Click Apply to save your changes to the Switch.
Chapter 7 Link Aggregation
GS1500-24P User’s Guide 63
7.6 LACP Setting
Click Configuration > Link Aggregation > LACP Setting to display the screen shown next. See Section 7.3.1 on page 60 for more information on dynamic link aggregation.
Figure 27 Configuration > Link Aggregation > LACP Setting
The following table describes the labels in this screen.
Group ID This field displays all the trunk groups.
Distribution Algorithm Parameters
This field displays which Distribution Algorithm Parameters are active for each trunk group.
SPA represents Source Port.SMAC represents Source MAC.DMAC represents Destination MAC.SIP represents Source IP.DIP represents Destination IP.
Table 11 Configuration > Link Aggregation > Trunk Distribution Algorithm Setting
LABEL DESCRIPTION
Table 12 Configuration > Link Aggregation > LACP Setting
LABEL DESCRIPTION
Link Aggregation Control Protocol
Note: Do not configure this screen unless you want to enable dynamic link aggregation.
LACP Status Select Enable from the drop down box to enable Link Aggregation Control Protocol (LACP). Select Disable to not use LACP.
Chapter 7 Link Aggregation
GS1500-24P User’s Guide64
7.7 Technical Reference
This section provides technical background information on the topics discussed in this chapter.
7.7.1 Static Trunking Example
This example shows you how to create a static port trunk group for ports 2-5.
1 Make your physical connections - make sure that the ports that you want to belong to the trunk group are connected to the same destination. The following figure shows ports 2-5 on switch A connected to switch B.
Figure 28 Trunking Example - Physical Connections
System Priority
LACP system priority is a number between 1 and 65,535. The switch with the lowest system priority (and lowest port number if system priority is the same) becomes the LACP “server”. The LACP “server” controls the operation of LACP setup. Enter a number to set the priority of an active port using Link Aggregation Control Protocol (LACP). The smaller the number, the higher the priority level.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
LACP This field displays if the port has LACP enabled.
Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports.
Table 12 Configuration > Link Aggregation > LACP Setting (continued)
LABEL DESCRIPTION
Chapter 7 Link Aggregation
GS1500-24P User’s Guide 65
2 Adding ports to the trunk group - Click Configuration > Link Aggregation > Trunk Group Setting. In this screen select trunk Group ID Trunk1, select the type Static and then highlight ports 2 to 5. To highlight multiple ports hold down [CTRL] while clicking on the ports. Click Add / Modify when you are done.
Figure 29 Trunking Example - Configuration Screen
3 Configuring trunk distribution algorithm - Click Configuration > Link Aggregation > Trunk Distribution Algorithm Setting. In this screen select trunk Group ID Trunk1 and then select the traffic distribution algorithm used by this group. Click Apply when you are done
Figure 30 Trunking Example - Configuration Screen 2
Your trunk group 1 (T1) configuration is now complete.
Chapter 7 Link Aggregation
GS1500-24P User’s Guide66
GS1500-24P User’s Guide 67
CHAPTER 8 VLAN
8.1 Overview
This chapter shows you how to configure static, port-based VLANs.
8.2 What You Can Do• Use the Static VLAN screen (Section 8.4 on page 70) to configure the static
VLAN settings on a port.
• Use the Port-Based VLAN screen (Section 8.5 on page 71) to configure the port VLAN ID (PVID) for a port.
8.3 What You Need to Know
Read this section to know more about VLAN and how to configure the screens.
8.3.1 IEEE 802.1Q Tagged VLANs
A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag Control Information, starts after the source address field of the Ethernet frame).
The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum number of 4,096 VLANs. Note that user priority and VLAN ID are independent of each other. A
Chapter 8 VLAN
GS1500-24P User’s Guide68
frame with VID (VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094.
8.3.2 Forwarding Tagged and Untagged Frames
Each port on the Switch is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware switch, the Switch first decides where to forward the frame and then strips off the VLAN tag. To forward a frame from an 802.1Q VLAN-unaware switch to an 802.1Q VLAN-aware switch, the Switch first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.
A broadcast frame (or a multicast frame for a multicast group that is known by the system) is duplicated only on ports that are members of the VID (except the ingress port itself), thus confining the broadcast to a specific domain.
8.3.3 Common IEEE 802.1Q VLAN terminology
Please refer to the following table.
TPID
2 Bytes
User Priority
3 Bits
CFI
1 Bit
VLAN ID
12 bits
Table 13 IEEE 802.1Q VLAN Terminology
VLAN PARAMETER TERM DESCRIPTION
VLAN Type Permanent VLAN This is a static VLAN created manually.
Dynamic VLAN This is a VLAN configured by a GVRP registration/deregistration process.
VLAN Administrative Control
Registration Fixed Fixed registration ports are permanent VLAN members.
Registration Forbidden
Ports with registration forbidden are forbidden to join the specified VLAN.
Normal Registration
Ports dynamically join a VLAN using GVRP.
VLAN Tag Control Tagged Ports belonging to the specified VLAN tag all outgoing frames transmitted.
Untagged Ports belonging to the specified VLAN don't tag all outgoing frames transmitted.
Chapter 8 VLAN
GS1500-24P User’s Guide 69
8.3.4 Static VLAN
Use a static VLAN to decide whether an incoming frame on a port should be
• sent to a VLAN group as normal depending on its VLAN tag.
• sent to a group whether it has a VLAN tag or not.
• blocked from a VLAN group regardless of its VLAN tag.
You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID.
VLAN Port Port VID This is the VLAN ID assigned to untagged frames that this port received.
Acceptable Frame Type
You may choose to accept both tagged and untagged incoming frames, just tagged incoming frames or just untagged incoming frames on a port.
Ingress filtering If set, the Switch discards incoming frames for VLANs that do not have this port as a member
Table 13 IEEE 802.1Q VLAN Terminology (continued)
VLAN PARAMETER TERM DESCRIPTION
Chapter 8 VLAN
GS1500-24P User’s Guide70
8.4 Static VLAN
Use this screen to configure and view static VLAN parameters for the Switch. To access this screen click Configuration > VLAN > Static VLAN.
Figure 31 Configuration > VLAN > Static VLAN
The following table describes the related labels in this screen.
Table 14 Configuration > VLAN > Static VLAN
LABEL DESCRIPTION
VLAN ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094.
VLAN Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 16 printable characters.
Port The port number identifies the port you are configuring.
Select All Use this only if you want to make a row have the same settings for all ports.
Untagged Select Untagged to make the port a permanent member of this VLAN group. All outgoing frames will be transmitted without a VLAN Group ID tag.
Tagged Select Tagged to make the port a permanent member of this VLAN group. All outgoing frames will be transmitted with the VLAN Group ID tag.
Not Member Select Not Member to prohibit the port from joining the VLAN group.
Add / Modify Click Add / Modify to save your changes to the Switch.
VLAN ID This field displays the ID number of the VLAN group. Click the number to edit the VLAN settings.
Name This field displays the descriptive name for this VLAN group.
Member Ports This field displays the ports that are a member of the VLAN group.
Chapter 8 VLAN
GS1500-24P User’s Guide 71
8.5 Port-based VLAN
Use the Port-based VLAN screen to configure the port VLAN ID (PVID). To access this screen click Configuration > VLAN > Port-based VLAN.
A PVID (Port VLAN ID) is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines.
Figure 32 Configuration > VLAN > Port-based VLAN
The following table describes the labels in this screen.
Tagged Ports This field displays all the ports that will transmit outgoing frames with a VLAN group ID tag.
Untagged Ports
This field displays all the ports that will transmit outgoing frames without a VLAN group ID tag.
Delete Select the check box and click Delete to remove the VLAN group.
Delete Click Delete to remove the selected entry from the summary table.
Table 14 Configuration > VLAN > Static VLAN (continued)
LABEL DESCRIPTION
Table 15 Configuration > VLAN > Port-based VLAN
LABEL DESCRIPTION
Port Select the ports to change the PVID for.
PVID Enter a number between 1 and 4094 as the port VLAN ID (PVID).
Port This field displays the port number.
Apply Click Apply to save your changes to the Switch.
Chapter 8 VLAN
GS1500-24P User’s Guide72
Port This field displays the port number.
PVID This field displays the port’s port VLAN ID (PVID).
Table 15 Configuration > VLAN > Port-based VLAN (continued)
LABEL DESCRIPTION
GS1500-24P User’s Guide 73
CHAPTER 9 Spanning Tree Protocol
9.1 Overview
The Switch supports Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) as defined in the following standards.
• IEEE 802.1D Spanning Tree Protocol
• IEEE 802.1w Rapid Spanning Tree Protocol
9.2 What You Can Do• Use the STP Global Setting screen (Section 9.4 on page 75) to configure global
spanning tree settings for the switch.
• Use the STP Port Setting screen (Section 9.5 on page 77) to configure individual port spanning tree settings.
9.3 What You Need to Know
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network.
The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster convergence of the spanning tree than STP (while also being backwards compatible with STP-only aware bridges). In RSTP, topology change information is directly propagated throughout the network from the device that generates the topology change. In STP, a longer delay is required as the device that causes a topology change first notifies the root bridge that then notifies the network. Both RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding.
Note: In this user’s guide, “STP” refers to both STP and RSTP.
Chapter 9 Spanning Tree Protocol
GS1500-24P User’s Guide74
9.3.1 STP Terminology
The root bridge is the base of the spanning tree.
Path cost is the cost of transmitting a frame onto a LAN through that port. The recommended cost is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost.
On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network.
For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN.
9.3.2 How STP Works
After a bridge determines the lowest cost-spanning tree with STP, it enables the root port and the ports that are the designated ports for connected LANs, and disables all other ports that participate in STP. Network packets are therefore only forwarded between enabled ports, eliminating any possible network loops.
STP-aware switches exchange Bridge Protocol Data Units (BPDUs) periodically. When the bridged LAN topology changes, a new spanning tree is constructed.
Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology.
9.3.3 STP Port States
STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops.
Table 16 STP Port States
PORT STATE DESCRIPTION
Disabled STP is disabled (default).
Blocking Only configuration and management BPDUs are received and processed.
Chapter 9 Spanning Tree Protocol
GS1500-24P User’s Guide 75
9.4 STP Global Setting
Use the SPT Global Setting screen to activate one of the STP modes on the Switch. Click Configuration > Spanning Tree > STP Global Setting.
Figure 33 Configuration > Spanning Tree > STP Global Setting
The following table describes the labels in this screen.
Listening All BPDUs are received and processed.
Note: The listening state does not exist in RSTP.
Learning All BPDUs are received and processed. Information frames are submitted to the learning process but not forwarded.
Forwarding All BPDUs are received and processed. All information frames are received and forwarded.
Table 16 STP Port States
PORT STATE DESCRIPTION
Table 17 Configuration > Spanning Tree > STP Global Setting
LABEL DESCRIPTION
Spanning Tree Status
Select Enabled to use Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol (RSTP).
Select Disable to not use STP or RSTP.
Force Version Select to use either Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol (RSTP). See Section 9.1 on page 73 for background information on STP.
Chapter 9 Spanning Tree Protocol
GS1500-24P User’s Guide76
Priority Priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch. Select a value from 0~61440 from the drop-down list box.
The lower the numeric value you assign, the higher the priority for this bridge.
Priority determines the root bridge, which in turn determines the Root Hello Time, Root Maximum Age and Root Forwarding Delay.
Maximum Age This is the maximum time (in seconds) the Switch can wait without receiving a BPDU before attempting to reconfigure. All Switch ports (except for designated ports) should receive BPDUs at regular intervals. Any port that ages out STP information (provided in the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the Switch ports attached to the network. The allowed range is 6 to 40 seconds.
Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds.
Forwarding Delay
This is the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result. The allowed range is 4 to 30 seconds.
As a general rule:
Note: 2 * (Forward Delay - 1) >= Max Age >= 2 * (Hello Time + 1)
Root priority Root refers to the base of the spanning tree (the root bridge). This field displays the root bridge’s priority. This Switch may also be the root bridge.
Root MAC Address
This is the MAC address of the root bridge.
Root Path Cost This is the path cost from the root port on this Switch to the root switch.
Root Port This is the number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree.
Root Maximum Age
This is the maximum time (in seconds) the Switch can wait without receiving a configuration message before attempting to reconfigure.
Root Hello Time This is the time interval (in seconds) at which the root switch transmits a configuration message. The root bridge determines Hello Time, Max Age and Forwarding Delay.
Root Forward Delay
This is the time (in seconds) the root switch will wait before changing states.
Topology Changes
This is the number of times the spanning tree has been reconfigured.
Table 17 Configuration > Spanning Tree > STP Global Setting (continued)
LABEL DESCRIPTION
Chapter 9 Spanning Tree Protocol
GS1500-24P User’s Guide 77
9.5 STP Port Setting
Click Configuration > Spanning Tree Protocol > STP Port Setting to access the screen as shown.
Figure 34 Configuration > Spanning Tree Protocol > STP Port Setting
The following table describes the labels in this screen.
Last Topology Change Time
This is the time since the spanning tree was last reconfigured.
Apply Click Apply to save your changes to the Switch.
Table 17 Configuration > Spanning Tree > STP Global Setting (continued)
LABEL DESCRIPTION
Table 18 Configuration > Spanning Tree Protocol > STP Port Setting
LABEL DESCRIPTION
Port Select the port(s) to change spanning tree protocol settings for.
Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost.
Type a number from 0 to 200000000. Entering 0 means the Switch will automatically assign a value.
Priority Configure the priority for the port here.
Priority decides which port should be disabled when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 240 and the default value is 128.
Chapter 9 Spanning Tree Protocol
GS1500-24P User’s Guide78
P2P Select True when the port is connected to one bridge as a Point-to-Point link type.
Select False when the port is connected to multiple bridges as a Shared Medium link type.
Select Auto to have the Switch automatically determine the link type.
Edge Select True when the port is connected to an end node (a computer network card for example).
Select False when the port is connected to a bridge node.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
State This field displays the port states. See Section 9.3.3 on page 74.
Role This field displays the role of the port in the network topology.
Path Cost Config displays the Path Cost setting you have configured for the port.
Actual displays the Path Cost setting currently in use.
Priority This field displays the port’s priority.
P2P Config displays the P2P setting you have configured for the port.
Actual displays the P2P setting currently in use.
Edge Config displays the Edge setting you have configured for the port.
Actual displays the Edge setting currently in use.
Table 18 Configuration > Spanning Tree Protocol > STP Port Setting (continued)
LABEL DESCRIPTION
GS1500-24P User’s Guide 79
CHAPTER 10 QoS
This chapter introduces the quality of service (QoS) parameters you can configure on the Switch.
10.1 Overview
Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-on-demand.
It can be used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority.
You can configure the Switch to prioritize traffic even if the incoming packets are not marked with IEEE 802.1p priority tags or change the existing priority tags based on the criteria you select.
It also uses queuing algorithms to allow switches to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth.
10.2 What You Can Do
Use the Port-based Priority screen (Section 10.4 on page 81) to assign a IEEE 802.1p priority to packets based on the ingress (incoming) port of the packet.
Use the DSCP-based Priority screen (Section 10.5 on page 82) to assign priority to packets based on their Differentiated Services Code Points (DSCPs).
Use the Policy-based Priority screens (Section 10.6 on page 83) to classify and prioritize certain traffic flows.
Chapter 10 QoS
GS1500-24P User’s Guide80
Use the Priority to Queue Mapping screen (Section 10.7 on page 86) to configure the priority level-to-physical queue mapping.
Use the Packet Scheduling screen (Section 10.8 on page 87) to set priorities for the Switch queues. This can help distribute bandwidth across the different traffic queues.
10.3 What You Need to Know
Read on for concepts on QoS that can help you configure the screens in this chapter.
10.3.1 DiffServ
DiffServ is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.
10.3.2 DSCP and Per-Hop Behavior
DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (ToS) field in the IP header. The DS field contains a 6-bit DSCP field which can define up to 64 service levels and the remaining 2 bits are defined as currently unused (CU). The following figure illustrates the DS field.
Figure 35 DiffServ: Differentiated Service Field
DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping.
The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded across the DiffServ network. Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.
DSCP (6 bits) CU (2 bits)
Chapter 10 QoS
GS1500-24P User’s Guide 81
10.3.3 DiffServ Network Example
The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ-compliant network devices. The boundary node (A in Figure 36) in a DiffServ network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules. A network administrator can then apply various traffic policies to the traffic flows. An example traffic policy, is to give higher drop precedence to one traffic flow over others. In our example, packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network.
Figure 36 DiffServ Network
10.4 Port-based Priority
You can configure the Switch to assign a IEEE 802.1p priority to packets based on the ingress (incoming) port of the packet.
Chapter 10 QoS
GS1500-24P User’s Guide82
Click Configuration > QoS > Port-based Priority in the navigation panel to display the screen as shown.
Figure 37 Configuration > QoS > Port-based Priority
The following table describes the labels in this screen.
10.5 DSCP-to-IEEE 802.1p Priority Settings
You can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE 802.1p mapping table.
The following table shows the default DSCP-to-IEEE802.1p mapping.
Table 19 Configuration > QoS > Port-based Priority
LABEL DESCRIPTION
Port Select the number of the port for which you want to assign IEEE 802.1p priority to incoming frames.
Priority Select the IEEE 802.1p priority you want to assign to the packets coming into the Switch on the ports specified in the Port field.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
Priority This field indicates what IEEE 802.1p priority is assigned to the incoming packets from the port.
Table 20 Default DSCP-IEEE 802.1p MappingDSCP VALUE 0 – 7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63
IEEE 802.1p 0 1 2 3 4 5 6 7
Chapter 10 QoS
GS1500-24P User’s Guide 83
10.5.1 DSCP-based Priority
You can configure the Switch to assign a IEEE 802.1p priority to packets coming into the Switch with DSCPs assigned to them. Click Configuration > QoS > DSCP-based Priority to display the screen as shown next.
Figure 38 Configuration > QoS > DSCP-based Priority
The following table describes the labels in this screen.
10.6 Policy-based Priority
Use these screens to classify and prioritize application traffic flows to fine-tune network performance.
A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming port number. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow.
Table 21 Configuration > QoS > DSCP-based Priority
LABEL DESCRIPTION
DSCP Select the DSCP classification identification number(s).
Priority To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box.
Apply Click Apply to save your changes to the Switch.
DSCP This field displays the DSCP classification identification numbers.
Priority This field displays the DSCP classification identification number’s IEEE 802.1p priority.
Chapter 10 QoS
GS1500-24P User’s Guide84
Click Configuration > QoS > Policy-based Priority to display the screen as shown next.
Note: Policy-based priority has a higher priority over both port-based and DSCP-based priority.
Note: When two policy-based rules conflict with each other, a higher layer rule has priority over lower layer rule.
Figure 39 Configuration > QoS > Policy-based Priority
The following table describes the labels in this screen.
Table 22 Configuration > QoS > Policy-based Priority
LABEL DESCRIPTION
No. This field displays the index number of the policy.
Name This field displays the descriptive name for the policy. This is for identification purpose only.
Modify Click the Modify button to edit the policy.
Delete Select the checkbox for the policy you want to delete.
Add Click Add to configure a new policy-based priority rule.
Select All
Click Select All to select all the entries in the table.
Delete Click Delete to remove any selected entries from the table.
Chapter 10 QoS
GS1500-24P User’s Guide 85
10.6.1 Policy-based Priority - Add/Modify
Click Configuration > QoS > Policy-based Priority > Add or Modify to display the screen as shown next.
Figure 40 Configuration > QoS > Policy-based Priority - Add/Modify
The following table describes the labels in this screen.
Table 23 Configuration > QoS > Policy-based Priority
LABEL DESCRIPTION
Name Type a descriptive name for the policy. This is for identification purpose only.
Destination MAC Address
To specify a destination, type a MAC address in valid MAC address format (six hexadecimal character pairs).
Mask Enter the mask of the Destination MAC Address.
Source MAC Address
To specify a source, type a MAC address in valid MAC address format (six hexadecimal character pairs).
Mask Enter the mask of the Source MAC Address.
Destination IP Address
Enter a destination IP address in dotted decimal notation.
Mask Enter the subnet mask of the Destination IP Address.
Source IP Address
Enter a source IP address in dotted decimal notation.
Mask Enter the subnet mask of the Source IP Address.
VLAN ID Type the VLAN ID for which this rule will apply. Specify 0 to ignore this field.
TCP/UDP Destination Port
Type the destination port number to which the rule should be applied. Type 0 to ignore this field. See Appendix B on page 171 for a list of common services.
TCP/UDP Source Port
Type the source port number to which the rule should be applied. Type 0 to ignore this field. See Appendix B on page 171 for a list of common services.
Ether Type Specify an Ethernet type in hexadecimal value.
Chapter 10 QoS
GS1500-24P User’s Guide86
10.7 Priority to Queue Mapping
IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. Frames without an explicit priority tag are given the default priority of the ingress port. Use the next screen to configure the priority level-to-physical queue mapping.
The Switch has eight physical queues that you can map to the 8 priority levels. On the Switch, traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested.
Click Configuration > QoS > Priority to Queue Mapping to display the screen as shown next.
Figure 41 Configuration > QoS > Priority to Queue Mapping
The following table describes the labels in this screen.
Source Port Specify a source port, if any.
Priority Specify a priority for this traffic flow.
Add Click Add to save the policy-based priority rule to the Switch.
Table 23 Configuration > QoS > Policy-based Priority (continued)
LABEL DESCRIPTION
Table 24 Configuration > QoS > Priority to Queue Mapping
LABEL DESCRIPTION
Priority Priority Level (The following descriptions are based on the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p).
0 Typically used for best-effort traffic.
Chapter 10 QoS
GS1500-24P User’s Guide 87
10.8 Packet Scheduling
Packet Scheduling is used to help solve performance degradation when there is network congestion. Use this screen to configure queuing algorithms for outgoing traffic. See also Priority to Queue Mapping (Chapter 10 on page 86) for related information.
10.8.1 Strictly Priority Queuing
Strictly Priority Queuing (SPQ) services queues based on priority only. As traffic comes into the Switch, traffic on the highest priority queue, Q7 is transmitted first. When that queue empties, traffic on the next highest-priority queue, Q6 is transmitted until Q6 empties, and then traffic is transmitted on Q5 and so on. If higher priority queues never empty, then traffic on lower priority queues never gets sent. SP does not automatically adapt to changing network requirements.
10.8.2 Weighted Fair Queuing
Weighted Fair Queuing is used to guarantee each queue's minimum bandwidth based on its bandwidth weight (portion) (the number you configure in the Weight field) when there is traffic congestion. WFQ is activated only when a port has more
1 This is typically used for non-critical “background” traffic such as bulk transfers that are allowed but that should not affect other applications and users.
2 This is for “spare bandwidth”.
3 Typically used for “excellent effort” or better than best effort and would include important business traffic that can tolerate some delay.
4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems Network Architecture) transactions.
5 Typically used for video that consumes high bandwidth and is sensitive to jitter.
6 Typically used for voice traffic that is especially sensitive to jitter (jitter is the variations in delay).
7 Typically used for network control traffic such as router configuration messages.
Queue ID Select the Queue ID for which the Priority should be applied.
Apply Click Apply to save your changes to the Switch.
Priority This field displays the priority for each Queue ID.
Queue ID This field displays the Queue ID.
Table 24 Configuration > QoS > Priority to Queue Mapping (continued)
LABEL DESCRIPTION
Chapter 10 QoS
GS1500-24P User’s Guide88
traffic than it can handle. Queues with larger weights get more guaranteed bandwidth than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues. By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3, and so on. Guaranteed quantum is calculated as Queue Weight x 2048 bytes.
10.8.3 Weighted Round Robin Scheduling (WRR)
Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port. This queue then moves to the back of the list. The next queue is given an equal amount of bandwidth, and then moves to the end of the list; and so on, depending on the number of queues being used. This works in a looping fashion until a queue is empty.
Weighted Round Robin Scheduling (WRR) uses the same algorithm as round robin scheduling, but services queues based on their priority and queue weight (the number you configure in the queue Weight field) rather than a fixed amount of bandwidth. WRR is activated only when a port has more traffic than it can handle. Queues with larger weights get more service than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied.
Click Configuration > QoS > Packet Scheduling to display the screen as shown next.
Figure 42 Configuration > QoS > Packet Scheduling
Chapter 10 QoS
GS1500-24P User’s Guide 89
The following table describes the labels in this screen.
Table 25 Configuration > QoS > Packet Scheduling
LABEL DESCRIPTION
Scheduling Algorithm
Select Weight-fair-queue (Weighted Fair Queuing) or Weight-round-robin (Weighted Round Robin).
Weighted Fair Queuing is used to guarantee each queue's minimum bandwidth based on their bandwidth portion (weight) (the number you configure in the Weight field). Queues with larger weights get more guaranteed bandwidth than queues with smaller weights.
Weighted Round Robin Scheduling services queues on a rotating basis based on their queue weight (the number you configure in the queue Weight field). Queues with larger weights get more service than queues with smaller weights.
Apply Click Apply to save your changes to the Switch.
Queue ID Select the Queue ID to change the weight for.
Weight Select Strict Priority or a weight of between 1 to 15. Bandwidth is divided across the different traffic queues according to their weights.
Strictly Priority Queuing services queues based on priority only. When the highest priority queue empties, traffic on the next highest-priority queue begins. Q7 has the highest priority and Q0 the lowest.
Apply Click Apply to save your changes to the Switch.
Queue ID This field displays the Queue ID.
Scheduling Algorithm
This field displays the scheduling algorithm for the queue.
Weight This field displays the weight of the queue.
Chapter 10 QoS
GS1500-24P User’s Guide90
GS1500-24P User’s Guide 91
CHAPTER 11 Mirroring
11.1 Overview
This chapter discusses port-based and policy-based mirroring setup screens.
Port-based mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference.
Policy-based mirroring allows you to copy a specfic ingress traffic flow to a monitor port.
11.2 What You Can Do
Use the Port-based Mirroring screen (Section 11.3 on page 92) to select a monitor port and specify the traffic flow to be copied to the monitor port.
Use the Policy-based Mirroring screens (Section 11.4 on page 93) to classify an ingress traffic flow for mirroring.
Chapter 11 Mirroring
GS1500-24P User’s Guide92
11.3 Port-based Mirroring
Click Configuration > Mirroring > Port-based Mirroring in the navigation panel to display the following screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port.
Figure 43 Configuration > Mirroring > Port-based MIrroring
The following table describes the labels in this screen.
Table 26 Configuration > Mirroring > Port-based Mirroring
LABEL DESCRIPTION
Mirror Set Index
Specify the Mirror Set Index number from 1 or 2. The Switch can have two mirroring ports set up at the same time.
Mirror Direction
Specify the direction of the traffic to mirror by selecting from the drop-down list box. Choices are TX (egress - outgoing) or RX (ingress - incoming).
Mirroring Port
The mirroring port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port(s). Enter the port number of the mirroring port.
Mirrored Port List
Select the ports or trunks to be monitored by the mirroring port.
Apply Click Apply to save your changes to the Switch.
Mirror Set Index
This field displays the Mirror Set Index number.
Mirror Direction
This field displays the direction of the traffic that is being monitored. This will be either Tx (egress - outgoing) or Rx (ingress - incoming).
Mirroring Port
This field displays the mirroring port. The mirroring port is the port the Switch copies the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port(s).
Mirrored Port List
This field displays the ports or trunks that are being monitored by the mirroring port.
Chapter 11 Mirroring
GS1500-24P User’s Guide 93
11.4 Policy-based Mirroring
Click Configuration > Mirroring > Policy-based Mirroring in the navigation panel to display the following screen. Use this screen to see a summary of all the policy-based mirroring entries.
Figure 44 Configuration > Mirroring > Policy-based MIrroring
The following table describes the labels in this screen.
11.4.1 Policy-based Mirroring - Add/Modify
Click Configuration > Mirroring > Policy-based Mirroring > Add or Modify in the navigation panel to display the following screen. Use this screen to classify a traffic flow and configure that flow for monitoring.
Select Select the checkbox for the Mirror Set Index you want to remove the settings for.
Delete Click Delete to remove the settings from any selected Mirror Set Index.
Table 26 Configuration > Mirroring > Port-based Mirroring (continued)
LABEL DESCRIPTION
Table 27 Configuration > Mirroring > Policy-based Mirroring
LABEL DESCRIPTION
No. This field displays the index number of the policy-based mirroring entries.
Name This field displays the descriptive name for the policy.
Modify Click the Modify button to edit the policy.
Delete Select the policy you want to delete.
Add Click Add to create a new policy.
Select All Click Select All to select all policies in the table.
Delete Click Delete to remove any selected policies.
Chapter 11 Mirroring
GS1500-24P User’s Guide94
Note: Before configuring a policy-based mirroring rule, you must first assign one of the mirror sets to a mirroring port on the port-based mirroring screen. See Section 11.3 on page 92 for more details.
Figure 45 Configuration > Mirroring > Policy-based MIrroring > Add/Modify
The following table describes the related labels in this screen.
Table 28 Configuration > Mirroring > Policy-based MIrroring > Add/Modify
LABEL DESCRIPTION
Name Enter a descriptive name for the policy.
Destination IP Address
Enter a destination IP address in dotted decimal notation.
Mask Enter the subnet mask of the Destination IP Address.
Source IP Address
Enter a source IP address in dotted decimal notation.
Mask Enter the subnet mask of the Source IP Address.
TCP/UDP Destination Port
Type the source port number to which the policy should be applied. Type 0 to ignore this field. See Appendix B on page 171 for a list of common services.
TCP/UDP Source Port
Type the destination port number to which the rule should be applied. Type 0 to ignore this field. See Appendix B on page 171 for a list of common services.
Mirror Set Select the mirror set index number 1 or 2. This is used in conjunction with the port-based mirroring screen. For example, if mirror set 1 is using port 5 as a mirroring port then port 5 will be the mirroring port for this policy if mirror set 1 is selected on this screen.
You cannot use this field if you have not assigned a mirroring port to a mirror set index on the port-based mirroring screen.
Add Click Add to save the policy to the Switch.
GS1500-24P User’s Guide 95
CHAPTER 12 SNMP
12.1 Overview
This chapter describes how to configure the SNMP options of the Switch.
Simple Network Management Protocol (SNMP) is an application layer protocol used to manage and monitor TCP/IP-based devices.
SNMP v3 enhances security for SNMP management. SNMP managers can be required to authenticate with agents before conducting SNMP management sessions.
12.2 What You Can Do• Use the SNMP Setting screen (Section 12.4 on page 97) to configure your
SNMP settings.
• Use the SNMPv3 screen (Section 12.5 on page 99) to configure your SNMPv3 settings.
12.3 What You Need to Know
12.3.1 About SNMP
Simple Network Management Protocol (SNMP) is an application layer protocol used to manage and monitor TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the Switch through the network via SNMP version one (SNMPv1), SNMP version 2c or SNMP
Chapter 12 SNMP
GS1500-24P User’s Guide96
version 3. The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured.
Figure 46 SNMP Management Model
An SNMP managed network consists of two main components: agents and a manager.
An agent is a management software module that resides in a managed switch (the Switch). An agent translates the local management information from the managed switch into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be collected about a switch. Examples of variables include number of packets received, node port status and so on. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:
Table 29 SNMP Commands
COMMAND DESCRIPTION
Get Allows the manager to retrieve an object variable from the agent.
GetNext Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Set Allows the manager to set values for object variables within an agent.
Trap Used by the agent to inform the manager of some events.
Chapter 12 SNMP
GS1500-24P User’s Guide 97
SNMP v3 and Security
SNMP v3 enhances security for SNMP management. SNMP managers can be required to authenticate with agents before conducting SNMP management sessions.
Security can be further enhanced by encrypting the SNMP messages sent from the managers. Encryption protects the contents of the SNMP messages. When the contents of the SNMP messages are encrypted, only the intended recipients can read them.
12.4 SNMP Setting
Use this screen to configure your SNMP settings.
Click Configuration > SNMP > SNMP Setting in the navigation panel to display the main screen as shown.
Chapter 12 SNMP
GS1500-24P User’s Guide98
Note: A total of 8 community strings can be set.
Figure 47 Configuration > SNMP > SNMP Setting
The following table describes the labels in this screen.
Table 30 Configuration > SNMP > SNMP Setting
LABEL DESCRIPTION
SNMP Setting
SNMP Status Select Enabled to activate SNMP on the Switch.
Select Disabled to not use SNMP on the Switch.
System Name Type a System Name for the Switch.
System Location
Type a System Location for the Switch.
System Contact Type a System Contact for the Switch.
Chapter 12 SNMP
GS1500-24P User’s Guide 99
12.5 SNMPv3 Setting
SNMP v3 adds the concept of groups and users to enhance security for SNMP management. A user is an SNMP manager. A group is a group of SNMP managers that are assigned common access rights to MIBs. For example, one group of managers may only have access to agents with MIB II - System Group MIBs while another may have access to agents with the Ether-like MIB. Use this screen to configure your SNMPv3 settings.
Engine ID The SNMP Engine ID is a unique identifier that identifies agents to the managers.
The default SNMP Engine ID is the MAC address of the agent.
The format is limited to hexadecimal characters (0~9 and a~f).
Apply Click Apply to save any changes to the Switch.
Community Strings Setting
String Enter a Community string, this will act as a password for requests from the management station.
Type Select read-only to allow the SNMP manager using this string to collect information from the Switch.
Select read-write to allow the SNMP manager using this string to create or edit MIBs (configure settings on the Switch).
Apply Click Apply to save any changes to the Switch.
String This field displays the community strings.
Type This field displays the community string’s type. This will either be read-only or read-write.
Select Select the checkbox for the string you want to delete.
Delete Click Delete to remove any selected community strings.
Trap Receivers Setting
IP Address Enter the IP addresses of up to four managers to send your SNMP traps to.
Community String
Enter a Community string, which is the password sent with each trap to the SNMP manager.
Apply Click Apply to save any changes to the Switch.
IP Address This field displays the IP address where the traps from the Switch are sent.
Community String
This field displays the password which is sent with each trap to the SNMP manager.
Select Select the checkbox for the trap receiver entry you want to delete.
Delete Click Delete to remove any selected trap receiver entries.
Table 30 Configuration > SNMP > SNMP Setting (continued)
LABEL DESCRIPTION
Chapter 12 SNMP
GS1500-24P User’s Guide100
Note: SNMP v3 is enabled when you create SNMP groups and users. Once SNMP v3 is enabled, you must configure unique SNMP communities for SNMP v1 and/or SNMP v2c access.
Chapter 12 SNMP
GS1500-24P User’s Guide 101
Click Configuration > SNMP > SNMPv3 Setting in the navigation panel to display the main screen as shown.
Figure 48 Configuration > SNMP > SNMPv3 Setting
Chapter 12 SNMP
GS1500-24P User’s Guide102
The following table describes the labels in this screen.
Table 31 Configuration > SNMP > SNMPv3 Setting
LABEL DESCRIPTION
Group Setting
Group Name Type the name of the SNMP group. This will be used in the Access Control section.
Security Name Type the Security Name. This will refer to a username specified in the User-based Security Model (USM) section.
Apply Click Apply to save your changes to the Switch.
Group Name This field displays the group name.
Security Name This field displays the security name.
Select Select the checkbox for the row you want to delete.
Delete Click Delete to remove any rows.
View Setting Before Access control settings can be configured a view must be set up that controls which sections in the MIB subtree a group can access.
View Name Enter the name for the view. This name will be used again in the Access Setting section.
Type Select Included to allow a group access to the object IDs (OIDs) specified in the Sub Tree section. Select Excluded to disallow access.
Sub Tree Enter the OIDs. For example, “1.3.6.1.2.1”.
Apply Click Apply to save your changes to the Switch.
View Name This field displays the name of the view.
Type This field displays the type of view Included or Excluded.
Sub Tree This field displays the OIDs that a group will or will not have access to.
Select Select the checkbox for the view you want to delete.
Delete Click Delete to remove any selected views.
Access Setting
Group Name Enter the Group Name you want to set access control rights for.
Security Level Select whether you want to implement authentication and/or encryption for SNMP communication from this group. Choose:
• noauth - to use the username as the password string to send to the SNMP manager. This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest security level.
• auth - to implement an authentication algorithm for SNMP messages sent by a user in this group.
• priv - to implement authentication and encryption for SNMP messages sent by a user from this group. This is the highest security level.
The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch.
Read View Name
Type the name of the read view that you configured for this group.
Write View Name
Type the name of the write view that you configured for this group.
Chapter 12 SNMP
GS1500-24P User’s Guide 103
12.6 Technical Reference
This section provides technical background information on the topics discussed in this chapter.
Notify View Name
Type the name of the notify view that you configured for this group.
Apply Click Apply to save your changes to the Switch.
Group Name This field displays the name of the group.
Security Level This field displays the level of security for this group.
Read View Name
This field displays the name of the read view configured for this group.
Write View Name
This field displays the name of the write view configured for this group.
Notify View Name
This field displays the name of the notify view configured for this group.
Select Select the access settings you want to delete.
Delete Click Delete to remove any selected access settings.
USM (User-based Security Model) Users
User Name Specify the name for this SNMP user. You can use up to 33 printable characters. Spaces are allowed.
Authentication Select to use an authentication algorithm or not. MD5 (Message Digest 5) is a hash algorithm used to authenticate SNMP data. If MD5 is selected you will need to fill in the next two fields.
Password Type the authentication password for this user.
Retype Retype the authentication password to ensure it is correct.
Privacy Specify if this user will use the DES encryption method for SNMP communication. If DES is selected you will need to fill in the next two fields.
DES - Data Encryption Standard is a widely used (but breakable) method of data encryption. It applies a 56-bit key to each 64-bit block of data.
Password Type the encryption password for this user.
Retype Retype the encryption password to ensure it is correct.
Apply Click Apply to save your changes to the Switch.
User Name This field displays the username of the SNMP user.
Authentication This field displays the authentication algorithm used, if any.
Privacy This field displays the encryption method used, if any.
Select Select the checkbox for the user you want to delete.
Delete Click Delete to remove any selected users.
Table 31 Configuration > SNMP > SNMPv3 Setting (continued)
LABEL DESCRIPTION
Chapter 12 SNMP
GS1500-24P User’s Guide104
Supported MIBs
MIBs let administrators collect statistics and monitor status and performance.
The Switch supports the following MIBs:
• SNMP MIB II (RFC 1213)
• RFC 1157 SNMP v1
• RFC 1643 Ethernet MIBs
• RFC 1155 SMI
• RFC 1441 SNMPv2 Simple Network Management Protocol version 2
• RFC 1901 SNMPv2c Simple Network Management Protocol version 2c
• RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMP v3)
• SNMPv3
SNMP Traps
The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the SNMP traps by category.
An OID (Object ID) that begins with “1.3.6.1.4.1.890.1.5.8” is defined in private MIBs. Otherwise, it is a standard MIB OID.
Table 32 SNMP System Traps
OPTION OBJECT LABEL OBJECT ID DESCRIPTION
coldstart coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent when the Switch is turned on.
warmstart warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent when the Switch restarts.
Table 33 SNMP InterfaceTraps
OPTION OBJECT LABEL OBJECT ID DESCRIPTION
linkup linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is up.
LinkDownEventClear : 1.3.6.1.4.1.890.1.5.8.55.25.2.2
This trap is sent when the Ethernet link is up.
Chapter 12 SNMP
GS1500-24P User’s Guide 105
linkdown linkDown 1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down.
LinkDownEventOn : 1.3.6.1.4.1.890.1.5.8.55.25.2.1
This trap is sent when the Ethernet link is down.
Table 33 SNMP InterfaceTraps (continued)
OPTION OBJECT LABEL OBJECT ID DESCRIPTION
Chapter 12 SNMP
GS1500-24P User’s Guide106
GS1500-24P User’s Guide 107
CHAPTER 13 Rate Limit
13.1 Rate Limit Overview
This chapter shows you how to configure rate limits for traffic flows.
Rate limit control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port.
Before configuring the rate limit you will need to classify the traffic flow. A classifier distinguishes traffic into flows based on a configured criteria. You can then change the rate limit for that particular flow of traffic.
13.2 What You Can Do• Use the Rate Limit summary screen (Section 13.3 on page 107) to view a
summary of the current Rate Limit policies.
• Use the Rate Limit Add/Modify screen (Section 13.3.1 on page 108) to add or modify a rate limit policy.
13.3 Rate Limit Summary
Click Configuration > Rate Limit in the navigation panel to display the screen as shown.
Figure 49 Configuration > Rate Limit
Chapter 13 Rate Limit
GS1500-24P User’s Guide108
The following table describes the labels in this screen.
13.3.1 Rate Limit Add/Modify
Click Configuration > Rate Limit Add/Modify in the navigation panel to display the screen as shown.
Figure 50 Configuration > Rate Limit Add/Modify
The following table describes the labels in this screen.
Table 34 Configuration > Rate Limit
LABEL DESCRIPTION
No. This field displays the index number of the rate limit policy.
Name This field displays the descriptive name for the policy. This is for identification purpose only.
Modify Click the Modify button to edit the rate limit policy.
Delete Select the checkbox for the rate limit policy you want to delete.
Add Click Add to configure a new rate limit policy.
Select All Click Select All to select all the entries in the table.
Delete Click Delete to remove any selected entries from the table.
Table 35 Configuration > Rate Limit Add/Modify
LABEL DESCRIPTION
Name Type a descriptive name for the rate limit policy. This is for identification purposes only.
Destination MAC Address
To specify a destination, type a MAC address in valid MAC address format (six hexadecimal character pairs).
Mask Enter the mask of the Destination MAC Address.
Source MAC Address
To specify a source, type a MAC address in valid MAC address format (six hexadecimal character pairs).
Chapter 13 Rate Limit
GS1500-24P User’s Guide 109
Mask Enter the mask of the Source MAC Address.
Destination IP Address
Enter a destination IP address in dotted decimal notation.
Mask Enter the subnet mask of the Destination IP Address.
Source IP Address
Enter a source IP address in dotted decimal notation.
Mask Enter the subnet mask of the Source IP Address.
VLAN ID Type the VLAN ID for which this rule will apply. Specify 0 to ignore this field.
TCP/UDP Destination Port
Type the destination port number to which the rule should be applied. Type 0 to ignore this field. See Appendix B on page 171 for a list of common services.
TCP/UDP Source Port
Type the source port number to which the rule should be applied. Type 0 to ignore this field. See Appendix B on page 171 for a list of common services.
Ether Type Specify an Ethernet type in hexadecimal value.
Source Port Specify a source port, if any.
Rate Limit Configure the desired bandwidth available to the traffic flow. Traffic that exceeds the maximum bandwidth allocated (in cases where the network is congested) is dropped.
Specify the bandwidth in kilobit per second (Kbps). Enter a number between 0 and 1048560. The number must be a multiple of 16.
Add Click Add to save the rate limit policy to the Switch.
Table 35 Configuration > Rate Limit Add/Modify (continued)
LABEL DESCRIPTION
Chapter 13 Rate Limit
GS1500-24P User’s Guide110
GS1500-24P User’s Guide 111
CHAPTER 14 Bandwidth Control and Jumbo
Frame
14.1 Bandwidth Control and Jumbo Frame Overview
This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen.
Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port.
14.2 What You Can Do
Use the Bandwidth Control screen (Section 14.3 on page 112) to limit the bandwidth for traffic going through the Switch.
Use the Jumbo Frame screen (Section 14.4 on page 113) to configure the maximum size of Jumbo Frames.
Chapter 14 Bandwidth Control and Jumbo Frame
GS1500-24P User’s Guide112
14.3 Bandwidth Control
Click Configuration > Bandwidth Control in the navigation panel to bring up the screen as shown next.
Figure 51 Configuration > Bandwidth Control
The following table describes the related labels in this screen.
Table 36 Configuration > Bandwidth Control
LABEL DESCRIPTION
Port Select the ports to enable bandwidth control on.
Type Select the type of traffic to control, Ingress (incoming) or Egress (outgoing).
State Select Enable to activate bandwidth control on the selected ports.
Select Disable to turn off bandwidth control on the selected ports.
Rate (Kbit/sec)
Configure the desired bandwidth available to the port’s traffic flow. Traffic that exceeds the maximum bandwidth allocated (in cases where the network is congested) is dropped.
Specify the bandwidth in kilobit per second (Kbps). Enter a number between 0 and 1048544. The number must be a multiple of 16.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
Ingress Rate (Kbit/sec)
This field displays the maximum bandwidth allowed for incoming traffic on the port in kilobits per second (Kbps). The default setting is Unlimited.
Egress Rate (Kbit/sec)
This field displays the maximum bandwidth allowed for outgoing traffic on the port in kilobits per second (Kbps). The default setting is Unlimited.
Chapter 14 Bandwidth Control and Jumbo Frame
GS1500-24P User’s Guide 113
14.4 Jumbo Frame Setting
Click Configuration > Jumbo Frame in the navigation panel to bring up the screen as shown next.
Figure 52 Configuration > Jumbo Frame
The following table describes the related labels in this screen.
Table 37 Configuration > Jumbo Frame
LABEL DESCRIPTION
Jumbo Frame (Bytes)
Specify the maximum Jumbo Frame size in bytes from 1522, 1536, 1552 or 9216.
Apply Click Apply to save any changes to the Switch.
Chapter 14 Bandwidth Control and Jumbo Frame
GS1500-24P User’s Guide114
GS1500-24P User’s Guide 115
CHAPTER 15 Power Over Ethernet
15.1 Power Over Ethernet Overview
This chapter shows you how you can configure the Power Over Ethernet features.
Your Switch supports IEEE 802.3af Power over Ethernet (PoE).
A powered device (PD) is a device such as an access point or a switch, that supports PoE (Power over Ethernet) so that it can receive power from another device through a 10/100Mbps Ethernet port.
In the figure below, the IP camera and IP phone get their power directly from the Switch. Aside from minimizing the need for cables and wires, PoE removes the hassle of trying to find a nearby electric outlet to power up devices.
Figure 53 Powered Device Examples
You can also set priorities so that the Switch is able to reserve and allocate power to certain PDs.
15.2 What You Can Do
Use the Power Over Ethernet screen (Section 15.3 on page 116) to view and configure the amount of power that PDs are receiving from the Switch.
Chapter 15 Power Over Ethernet
GS1500-24P User’s Guide116
15.3 Power Over Ethernet
To view and configure the amount of power that PDs are receiving from the Switch, click Configuration > PowerOverEthernet.
Figure 54 Configuration > PowerOverEthernet
Chapter 15 Power Over Ethernet
GS1500-24P User’s Guide 117
The following table describes the related labels in this screen.
Table 38 Configuration > PowerOverEthernet
LABEL DESCRIPTION
PoE Mode Select the power management mode you want the Switch to use.
• classification - Select this if you want the Switch to reserve the Max Power (mW) to each PD according to the priority level. If the total power supply runs out, PDs with lower priority do not get power to function.
• consumption - Select this if you want the Switch to manage the total power supply so that each connected PD gets a resource. However, the power allocated by the Switch may be less than the Max Power (mW) of the PD. PDs with higher priority also get more power than those with lower priority levels.
Apply Click Apply to save any changes made to the PoE mode to the Switch.
Port Select the ports you want to change the PD and Priority values for.
PD Select On to provide power to a PD connected to the port.
If turned Off, the PD connected to the port cannot receive power from the Switch.
Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch, you can set the PD priority to allow the Switch to provide power to ports with higher priority.
Select Critical to give the highest PD priority on the port.
Select High to set the Switch to assign the remaining power to the port after all critical priority ports are served.
Select Low to set the Switch to assign the remaining power to the port after all critical and high priority ports are served.
Apply Click Apply to save any changes to the Switch.
Mode This field displays the power management mode used by the Switch, Classification or Consumption mode.
Total Power This field displays the total power the Switch can provide to the connected PoE-enabled devices on the PoE ports.
Consuming Power
This field displays the amount of power the Switch is currently supplying to the connected PoE-enabled devices.
Allocated Power
This field displays the total amount of power the Switch has reserved for PoE after negotiating with the connected PoE device(s).
Consuming Power can be less than or equal but not more than the Allocated Power.
Remaining Power
This field displays the amount of power the Switch can still provide for PoE.
Note: The Switch must have at least 16 W of remaining power in order to supply power to a PoE device, even if the PoE device needs less than 16W.
Port This is the port index number.
PD This field shows which ports can receive power from the Switch.
• Off - The PD connected to this port cannot get power supply. • On - The PD connected to this port can receive power.
Chapter 15 Power Over Ethernet
GS1500-24P User’s Guide118
Status This field displays if a PD is currently being fed power.
Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch, you can set the PD priority to allow the Switch to provide power to ports with higher priority first.
• Critical has the highest priority. • High has the Switch assign power to the port after all critical priority
ports are served. • Low has the Switch assign power to the port after all critical and high
priority ports are served.
Class This shows the IEEE 802.3af power classification of the PD.
This is a number from 0 to 4, where each value represents a range of power (W) and power current (mA) that the PD requires to function. The ranges are as follows.
• Class 0 - Default, 0.44 to 12.94• Class 1 - Optional, 0.44 to 3.84• Class 2 - Optional , 3.84 to 6.49• Class 3 - Optional, 6.49 to 12.95• Class 4 - Reserved (PSEs classify as Class 0)
Consumption Power (W)
This field displays the current amount of power consumed by the PD from the Switch on this port.
Table 38 Configuration > PowerOverEthernet (continued)
LABEL DESCRIPTION
119
PART IVSecurity
MAC Address (121)
802.1x (127)
Dynamic ARP (131)
Storm Control (137)
Defence Engine (139)
120
GS1500-24P User’s Guide 121
CHAPTER 16 MAC Address
16.1 Overview
This chapter shows you how to configure the MAC address options on the Switch.
The MAC Forwarding Table screen shows how frames are forwarded across the Switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC screen).
The Static MAC screen is used to assign forwarding rules based on MAC addresses of devices on your network.
The MAC Filtering screen allows you to configure the Switch to sift traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID).
16.2 What You Can Do
Use the MAC Forwarding Table screen (Section 16.3 on page 123) to display
static and dynamic MAC forwarding entries.
Use the Static MAC screen (Section 16.4 on page 123) to assign static MAC addresses for a port.
Use the MAC Filtering screen (Section 16.5 on page 124) to create rules for traffic going through the Switch.
Chapter 16 MAC Address
GS1500-24P User’s Guide122
16.2.1 MAC Forwarding Table
The Switch uses the MAC Forwarding Table to determine how to forward frames. See the following figure.
Figure 55 MAC Forwarding Table Flowchart
1 The Switch examines a received frame and learns the port on which this source MAC address came.
2 The Switch checks to see if the frame's destination MAC address matches a source MAC address already learned in the MAC table.
• If the Switch has already learned the port for this MAC address, then it forwards the frame to that port.
• If the Switch has not already learned the port for this MAC address, then the frame is flooded to all ports. Too much port flooding leads to network congestion.
• If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame.
16.2.2 Static MAC Address Forwarding
A static MAC address is an address that has been manually entered in the MAC address table. When you set up static MAC address rules, you are setting static MAC addresses for a port. This may reduce the need for broadcasting.
Chapter 16 MAC Address
GS1500-24P User’s Guide 123
16.3 MAC Forwarding Table
Click Security > MAC Address > MAC Forwarding Table in the navigation panel to display the screen as shown.
Figure 56 Security > MAC Address > MAC Forwarding Table
The following table describes the fields in the screen.
16.4 Static MAC
Click Security > MAC Address > Static MAC in the navigation panel to display the screen as shown.
Figure 57 Security > MAC Address > Static MAC
Table 39 Security > MAC Address > MAC Forwarding Table
LABEL DESCRIPTION
No. This is the index number for the MAC address forwarding entries.
MAC Address This field displays the MAC address that will be forwarded.
VLAN ID This is the VLAN group to which the MAC address belongs.
Type This shows whether the MAC address is Dynamic (learned by the Switch) or Static Unicast (manually entered in the Static MAC Forwarding screen).
Port This field displays the port where the MAC address will be forwarded.
Clear Dynamic Entries
Click this button to remove any dynamically learned MAC address forwarding entries.
Chapter 16 MAC Address
GS1500-24P User’s Guide124
The following table describes the fields in the screen.
16.5 MAC Filtering
Use this screen to create rules for traffic going through the Switch. Click Security > MAC Address > MAC Filtering in the navigation panel to display the screen as shown.
Figure 58 Security > MAC Address > MAC Filtering
The following table describes the fields in the screen.
Table 40 Security > MAC Address > Static MAC
LABEL DESCRIPTION
MAC Address Enter the MAC address in valid MAC address format, that is, six hexadecimal character pairs.
Static MAC addresses do not age out.
VLAN ID Enter the VLAN identification number the MAC address belongs to.
Port Enter the port where the MAC address entered will be automatically forwarded.
Add Click Add to save your changes to the Switch.
No. This is the index number for the MAC address forwarding entries.
MAC Address This field displays the MAC address that will be forwarded.
VLAN ID This is the VLAN group to which the MAC address belongs.
Port This field displays the port where the MAC address will be forwarded.
Select Click on the checkbox for the MAC address forwarding entry you want to delete.
Delete Click this to delete any selected MAC address entries.
Table 41 Security > MAC Address > MAC Filtering
LABEL DESCRIPTION
MAC Address Type a MAC address in valid MAC address format, that is, six hexadecimal character pairs.
VLAN ID Type the VLAN identification number the MAC address belongs to.
Chapter 16 MAC Address
GS1500-24P User’s Guide 125
Filter Select Source MAC to drop the frames from the source MAC address (specified in the MAC Address field). The Switch can still send frames to the MAC address.
Select Destination MAC to drop the frames to the destination MAC address (specified in the MAC Address field). The Switch can still receive frames originating from the MAC address.
Select Both to block traffic to/from the MAC address specified in the MAC Address field.
Name Type a descriptive name (up to 32 printable ASCII characters) for this filtering rule. This is for identification only.
Add Click Add to save your changes to the Switch.
No. This is the index number for the MAC filtering rules.
MAC Address This field displays the MAC address that will be filtered.
VLAN ID This is the VLAN group to which the MAC address belongs.
Filter This field displays the action of the filter.
Name This field displays the descriptive name for this rule. This is for identification purpose only.
Select Click on the checkbox for the MAC filtering rule you want to delete.
Delete Click this to delete any selected MAC filtering rules.
Table 41 Security > MAC Address > MAC Filtering (continued)
LABEL DESCRIPTION
Chapter 16 MAC Address
GS1500-24P User’s Guide126
GS1500-24P User’s Guide 127
CHAPTER 17 802.1x
17.1 Overview
This chapter describes the IEEE 802.1x authentication method.
Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following method for port authentication:
• IEEE 802.1x - An authentication server validates access to a port based on a username and password provided by the user.
The external servers that perform authentication and authorization functions are known as AAA servers. This Switch supports RADIUS (Remote Authentication Dial-In User Service).
Figure 59 RADIUS Server
17.2 What You Can Do• Use the 802.1x Setting screen (Section 17.5 on page 129) to activate IEEE
802.1x security and configure the RADIUS server settings.
• Use the 802.1x Port Setting screen (Section 17.6 on page 130) to configure IEEE 802.1x port authentication settings.
Chapter 17 802.1x
GS1500-24P User’s Guide128
17.3 What You Need to Know
IEEE 802.1x authentication uses the RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) protocol to validate users.
17.3.1 IEEE 802.1x Authentication
The following figure illustrates how a client connecting to a IEEE 802.1x authentication enabled port goes through a validation process. The Switch prompts the client for login information in the form of a user name and password. When the client provides the login credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port.
Figure 60 IEEE 802.1x Authentication Process
17.4 Port Authentication Configuration
To enable port authentication, first activate the port authentication method (both on the Switch and the port(s)) then configure the RADIUS server settings.
New Connection
Authentication Request
Authentication Reply
1
4
5
Login Credentials
Login Info Request
3
2
Session Granted/Denied
Chapter 17 802.1x
GS1500-24P User’s Guide 129
17.5 802.1x Setting
Use this screen to activate IEEE 802.1x security and configure RADIUS server settings. Click Security > 802.1x > 802.1x Setting to display the configuration screen as shown.
Figure 61 Security > 802.1x > 802.1x Setting
The following table describes the labels in this screen.
Table 42 Advanced Application > Port Authentication > 802.1x
LABEL DESCRIPTION
802.1X Select Enabled from the drop-down list box to activate IEEE 802.1x port authentication.
Radius Server IP
Enter the IP address of an external RADIUS server in dotted decimal notation.
Server Port (1024-65535)
The default port of a RADIUS server for authentication is 1812. You need not change this value unless your network administrator instructs you to do so.
Shared Key (max. 30 characters)
Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the Switch.
Retype Shared Key
Retype the key specified above to ensure it has been entered correctly.
ReauthEnabled Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to the port.
Reauth Period (30-65535 sec)
Specify how often a client has to re-enter his or her username and password to stay connected to the port.
Apply Click Apply to save your changes to the Switch.
Chapter 17 802.1x
GS1500-24P User’s Guide130
17.6 802.1x Port Setting
Click Security > 802.1x > 802.1x Port Setting to display the configuration screen as shown.
Figure 62 Security > 802.1x > 802.1x Port Setting
The following table describes the labels in this screen.
Table 43 Security > 802.1x > 802.1x Port Setting
LABEL DESCRIPTION
Port Specify the ports to activate IEEE 802.1x port authentication on.
Mode Select Force Unauthorized to always force this port to be unauthorized.
Select Force Authorized to always force this port to be authorized.
Select Authorization to enable 802.1x port authentication.
Select No Authorization to disable 802.1x port authentication.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
Mode This field displays the port’s current 802.1x setting.
State This field displays the current stage of the 802.1x port authentication procedure.
GS1500-24P User’s Guide 131
CHAPTER 18 Dynamic ARP
This chapter describes how to activate dynamic Address Resolution Protocol (ARP) learning and how to enter static ARP table entries.
18.1 ARP Table Overview
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP table maintains an association between each MAC address and its corresponding IP address.
18.2 What You Can Do• Use the Dynamic ARP Setting screen (Section 18.4 on page 133) to specify
whether ports are trusted or untrusted ports for ARP inspection.
• Use the Dynamic ARP VLAN Setting screen (Section 18.5 on page 134) to enable ARP inspection on each VLAN.
• Use the MAC IP Binding screen (Section 18.6 on page 135) to manage static MAC-IP bindings for DHCP snooping and ARP inspection.
18.3 What You Need to Know
Read on for concepts on Dynamic ARP that can help you configure the screens in this chapter.
Chapter 18 Dynamic ARP
GS1500-24P User’s Guide132
18.3.1 ARP Table Entries
The ARP table is populated with MAC and corresponding IP address mappings in two different ways.
• DHCP Snooping - The Switch listens to traffic from a DHCP server on a trusted port and learns IP-to-MAC address bindings by parsing DHCP ACK packets.
• Static Entries - The Switch administrator can enter static IP-to-MAC address mappings via the web configurator.
18.3.2 How Dynamic ARP Works
When an incoming ARP packet destined for a host device on a local area network arrives at the Switch, the Switch's ARP program looks in the ARP table and, if it finds the address, sends it to the device.
If no entry is found for the IP address, dynamic ARP discards the ARP packet.
18.3.3 ARP Inspection Overview
Use ARP inspection to filter unauthorized ARP packets on the network. This can prevent many kinds of man-in-the-middle attacks, such as the one in the following example.
Figure 63 Example: Man-in-the-middle Attack
In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things:
• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.
As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them.
Chapter 18 Dynamic ARP
GS1500-24P User’s Guide 133
18.3.4 MAC-IP Binding
The Switch uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes:
• MAC address
• VLAN ID
• IP address
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID and IP address in the binding table. If there is a binding, the Switch forwards the packet. If there is not a binding, the Switch discards the packet.
18.4 Dynamic ARP Setting
Click Security > Dynamic ARP > Dynamic ARP Setting in the navigation panel. The screen will display as shown below.
Figure 64 Security > Dynamic ARP > Dynamic ARP Setting
The following table describes the labels in this screen.
Table 44 Security > Dynamic ARP > Dynamic ARP Setting
LABEL DESCRIPTION
State Select Enable to activate Dynamic ARP on the Switch.
Select Disable to deactivate Dynamic ARP on the Switch.
Note: You must activate dynamic ARP first if you want to add static ARP table entries.
Apply Click Apply to save your changes to the Switch.
Chapter 18 Dynamic ARP
GS1500-24P User’s Guide134
18.5 Dynamic ARP VLAN Setting
Click Security > Dynamic ARP > Dynamic ARP VLAN Setting in the navigation panel. The screen will display as shown below.
Figure 65 Security > Dynamic ARP > Dynamic ARP VLAN Setting
Aging Time Specify how long (between 0-3600 minutes) the Switch remembers the learned ARP table entries.
Specify “0” to have the Switch remember the ARP table entries for an unlimited time period.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
Trusted Packets arriving on trusted ports bypass all Dynamic ARP validation checks, and those arriving on untrusted ports undergo the validation process.
Default state of all ports is untrusted.
Select the trusted ports for this Dynamic ARP configuration.
Apply Click Apply to save your changes to the Switch.
Table 44 Security > Dynamic ARP > Dynamic ARP Setting (continued)
LABEL DESCRIPTION
Chapter 18 Dynamic ARP
GS1500-24P User’s Guide 135
The following table describes the labels in this screen.
18.6 MAC-IP Binding Config
Click Security > Dynamic ARP > MAC-IP Binding Config in the navigation panel. The screen will display as shown below.
Figure 66 Security > Dynamic ARP > MAC-IP Binding Config
The following table describes the labels in this screen.
Table 45 Security > Dynamic ARP > Dynamic ARP VLAN Setting
LABEL DESCRIPTION
VLAN (1-4094) Select the range of VLANs you want to perform or bypass validation checks based on the ARP entries in the ARP table.
State Select Enable to perform validation checks based on the ARP entries in the ARP table on the selected range of VLANs.
Select Disable to bypass validation checks based on the ARP entries in the ARP table on the selected range of VLANs.
Note: The default setting for all VLANs is Disabled.
Apply Click Apply to save your changes to the Switch.
Current enabled VLAN
This field shows the VLANs for which Dynamic ARP validation is enabled.
Table 46 Security > Dynamic ARP > MAC-IP Binding Config
LABEL DESCRIPTION
MAC Address Enter the MAC address in 6 pair hexadecimal format of the network device you want to be allowed to communicate via the Switch. An example entry of a MAC address is “0a-b1-c2-d3-e4-f5”.
IP Address Enter the corresponding IP address (in dotted decimal notation, ex 192.168.1.5) of the network device you want to be allowed to communicate via the Switch.
Chapter 18 Dynamic ARP
GS1500-24P User’s Guide136
VLAN (1-4094) Type the VLAN ID for this ARP entry.
Add Click Add to save your changes to the Switch.
NO. This field displays the index number for the MAC-IP binding entries.
MAC Address This field displays the MAC address that corresponds to the MAC-IP binding entry.
IP Address This field displays the IP address that corresponds to the MAC-IP binding entry.
VLAN ID This field displays the VLAN ID address that corresponds to the MAC-IP binding entry.
Type This field displays the type of the MAC-IP binding entry. This will be Static or Dynamic.
Select Select the checkbox for the MAC-IP binding entry you want to delete.
Delete Click the Delete button to remove any selected MAC-IP binding entries.
Table 46 Security > Dynamic ARP > MAC-IP Binding Config (continued)
LABEL DESCRIPTION
GS1500-24P User’s Guide 137
CHAPTER 19 Storm Control
19.1 Overview
This chapter introduces and shows you how to configure the broadcast storm control feature.
Broadcast storm control limits the number of broadcast, multicast and unknown unicast and multicast packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or unknown packets is reached per second, the subsequent packets are discarded. Enable this feature to reduce broadcast, multicast and/or unknown packets in your network. You can specify limits for each packet type on each port.
19.2 What You Can Do
Use the Storm Control screen (Section 19.3 on page 138) to limit the number of broadcast, multicast and unknown unicast and multicast packets the Switch receives per second on the ports.
Chapter 19 Storm Control
GS1500-24P User’s Guide138
19.3 Storm Control Setting
Click Security > Storm Control in the navigation panel to display the screen as shown next.
Figure 67 Security > Storm Control
The following table describes the labels in this screen.
Table 47 Security > Storm Control
LABEL DESCRIPTION
Storm Type Select the type of packets to be limited with the Storm Control feature. The types are Broadcast, Multicast, Unknown Unicast or Unknown Multicast.
Port Select the port(s) which will use storm control.
State Select On to enable traffic storm control on the Switch. Select Off to disable this feature.
Rate (pps) Type a packets per second (pps) rate of between 0 to 1000000. This is the maximum amount of packets of the type selected previously that are allowed to be transferred to the Switch per second. Any subsequent packets are discarded.
Apply Click Apply to save your changes to the Switch.
Port This field displays the port number.
Broadcast (pps)
This field displays how many broadcast packets the port can receive per second.
Multicast (pps) This field displays how many multicast packets the port can receive per second.
Unknown Unicast (pps)
This field displays how many unknown unicast packets the port can receive per second.
Unknown Multicast (pps)
This field displays how many unknown multicast packets the port can receive per second.
GS1500-24P User’s Guide 139
CHAPTER 20 Defence Engine
20.1 Overview
Use this chapter for information on the Defence Engine.
The Defence engine is an advanced feature that can be used to stop the CPU from being flooded with traffic. It can stop unknown multicast, unicast and broadcast packets while also helping to prevent malicious virus and worm attacks.
20.2 What You Can Do
Use the Defence Engine screen (Section 20.3 on page 139) to activate the Defence Engine.
20.3 Activating Defence Engine
Click Security > Defence Engine in the navigation panel to display the screen as shown.
Figure 68 Security > Defence Engine
Chapter 20 Defence Engine
GS1500-24P User’s Guide140
The following table describes the labels in this screen.
Table 48 Security > Defence Engine
LABEL DESCRIPTION
Defence Engine
Select Enabled to turn the Defence Engine on.
Select Disabled to turn the Defence Engine off.
Apply Click Apply to save your changes to the Switch.
141
PART VMonitoring and
Tools
Monitoring (143)
Tools (149)
142
GS1500-24P User’s Guide 143
CHAPTER 21 Monitoring
21.1 Overview
This chapter explains the logging and port statistics screens.
You can configure the Switch to save specific events in different log targets:
RAM - This log is saved into the Switch’s volatile memory. The logs are cleared when the Switch is rebooted.
Flash - This log is saved into the switch’s non-volatile memory. You can view the logs even after the switch is rebooted. Due to the space limitations on the switch the oldest log entries are overwritten as new events are recorded.
Server - You can configure syslog servers to store system events from the Switch. The Switch uses UDP protocol to send log messages to the remote servers. The syslog servers must be Berkeley Software Distribution (BSD) syslog protocol compliant.
21.2 What You Can Do• Use the Logging Setting screen (Section 21.3 on page 143) to configure the
system logging settings.
• Use the Logging Viewing screen (Section 21.4 on page 145) to view the system logs.
• Use the Port Statistics screen (Section 21.5 on page 147) to view port statistic information.
21.3 Logging Setting
Use this screen to configure the device’s logging settings.
Chapter 21 Monitoring
GS1500-24P User’s Guide144
Click Monitoring > Logging > Logging Setting in the navigation panel to display this screen. This screen can enable you to sends logs to the RAM, Flash memory or an external syslog server.
Figure 69 Monitoring > Logging > Logging Setting
The following table describes the labels in this screen.
Table 49 Monitoring > Logging > Logging Setting
LABEL DESCRIPTION
Logging Target Use the columns on the right to select the types of system events each logging target should record. Select:
• Error - to record system failures, such as events which will cause the Switch to malfunction and events such as invalid user input in the web configurator.
• Warning - to record non critical errors on the Switch. The Switch will continue to function when warnings are recorded.
• Info - to record regular system events, such as configuration changes or logins.
• Debug - to record events which can be helpful for engineering debugging of the Switch’s function. This field is not recommended to track as it creates many messages not helpful to typical users.
Delete RAM and Flash: Click CLEAR to purge all logs in memory.
Delete: Click DELETE to remove the syslog server.
Apply Click Apply to save your changes to the Switch.
Server IP Enter the IP address in dotted decimal notation of the syslog server you want to add.
Port Specify the UDP port for sending log messages to this server. Typically port 514 is used with syslog.
Add Click Add to save the syslog server entry to the Switch.
Chapter 21 Monitoring
GS1500-24P User’s Guide 145
21.4 Logging Viewing
Use this screen to display the Switch logs. Click Monitoring > Logging > Logging Viewing to view the screen as shown next.
Figure 70 Monitoring > Logging > Logging Viewing
Chapter 21 Monitoring
GS1500-24P User’s Guide146
The following table describes the labels in this screen.
Table 50 Monitoring > Logging > Logging Viewing
LABEL DESCRIPTION
Target Select RAM to display only the logs stored in the RAM.
Select Flash to display only the logs stored in the Flash memory.
Level Select the severity level(s) of the log entries you want to display. The possible severity levels are:
• Error - to record system failures, such as events which will cause the Switch to malfunction and events such as invalid user input in the web configurator.
• Warning - to record non critical errors on the Switch. The Switch will continue to function when warnings are recorded.
• Info - to record regular system events, such as configuration changes or logins.
• Debug - to record events which can be helpful for engineering debugging of the Switch’s function. This field is not recommended to track as it creates many messages not helpful to typical users.
Category Select the category of the log entry you want to display. The categories are based on software and hardware features of the Switch. For example the category MIRROR records events which deal with the Port Mirroring features you set up and the category SYSTEM records events which deal with the overall operation of the Switch.
View Click the View button to display the logs according the criteria specified in the fields above.
Number This is the index number for the log entry.
Level This field displays the severity level of the log entry.
Category This field displays what category the log entry fits into.
Time This field specifies the time when the Switch recorded the log event. The Switch resets its internal clock when it is restarted.
Message This field displays an explanation for the log entry.
Chapter 21 Monitoring
GS1500-24P User’s Guide 147
21.5 Port Statistics
Use this screen to display the Switch port statistics. Click Monitoring > Port Statistics to view the screen as shown next.
Figure 71 Monitoring > Port Statistics
The following table describes the labels in this screen.
Table 51 Monitoring > Port Statistics
LABEL DESCRIPTION
Port This identifies the Ethernet port.
State This field displays if the port is enabled or not.
Link Status This field displays Link Up if the port is currently in use. Otherwise it displays Link Down.
TxGoodPkt This field shows the number of frames transmitted successfully on this port.
TxBadPkt This field shows the number of frames unsuccessfully transmitted on this port.
RxGoodPkt This field shows the number of frames received successfully on this port.
Chapter 21 Monitoring
GS1500-24P User’s Guide148
RxBadPkt This field shows the number of frames received unsuccessfully on this port.
Clear Click the Clear button to reset the port statistics.
Table 51 Monitoring > Port Statistics (continued)
LABEL DESCRIPTION
GS1500-24P User’s Guide 149
CHAPTER 22 Tools
22.1 Overview
This chapter explains how to configure the screens that let you maintain the firmware and configuration files.
22.2 What You Can Do• Use the TFTP (Trivial File Transfer Protocol) screen (Section 22.3 on page
149) to backup and restore the Switch configuration and to upgrade the firmware.
• Use the Reset screen (Section 22.4 on page 151) to reset the Switch to factory default settings.
• Use the Reboot screen (Section 22.5 on page 151) to restart the Switch.
22.3 TFTP
Use this screen to backup/restore the Switch configuration using the built-in Trivial File Transfer Protocol. You can also upgrade the Switch’s firmware. Click Tools > TFTP in the navigation panel to open the following screen.
Chapter 22 Tools
GS1500-24P User’s Guide150
Note: You must set up a TFTP server in the same subnet of the Switch to use the TFTP features.
Figure 72 Tools > TFTP
The following table describes the labels in this screen.
Table 52 Tools > TFTP
LABEL DESCRIPTION
TFTP Backup Configuration
TFTP Server IP Address
Type the IP address of the TFTP server where you want to backup the current Switch configuration.
Configuration File Name
Type a file name you want to save the Switch configuration as. This cannot be a path.
Backup Click Backup to save the configuration file to the TFTP server specified.
TFTP Restore Configuration
TFTP Server IP Address
Type the IP address of the TFTP server which has the Switch configuration you want to restore.
Configuration File Name
Type the file name of the configuration you want to restore. This cannot be a path. The file must be in the root directory of the TFTP server.
Restore Click Restore to change the Switch’s configuration file to the one on the TFTP server specified.
TFTP Download Image
TFTP Server IP Address
Type the IP address of the TFTP server which has the Switch firmware file you want to upgrade/downgrade to.
Image File Name
Type the file name of the firmware file to install. This cannot be a path. The file must be in the root directory of the TFTP server.
Download Image
Click Download to download the file specified above and install the new firmware.
Chapter 22 Tools
GS1500-24P User’s Guide 151
22.4 Reset
Follow the steps below to reset the Switch back to the factory defaults.
1 In the Tools > Reset screen, click the Reset button to clear all Switch configuration information you configured and return to the factory defaults.
Figure 73 Tools > Reset
2 Click OK to reset all Switch configurations to the factory defaults.
Figure 74 Load Factory Default: Start
3 The Switch will reboot.
22.5 Reboot
Reboot allows you to restart the Switch without physically turning the power off. Follow the steps below to reboot the Switch.
1 In the Tools > Reboot screen, click the Reboot button. The following screen displays.
Figure 75 Tools > Reboot
Chapter 22 Tools
GS1500-24P User’s Guide152
2 Click OK again and then wait for the Switch to restart. This takes up to two minutes. This does not affect the Switch’s configuration.
Figure 76 Reboot System: Confirmation
Chapter 22 Tools
GS1500-24P User’s Guide 153
Chapter 22 Tools
GS1500-24P User’s Guide154
155
PART VITroubleshooting &
Product Specifications
Troubleshooting (157)
Product Specifications (161)
156
GS1500-24P User’s Guide 157
CHAPTER 23 Troubleshooting
This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories.
• Power, Hardware Connections, and LEDs
• Switch Access and Login
23.1 Power, Hardware Connections, and LEDs
The Switch does not turn on. None of the LEDs turn on.
1 Make sure you are using the power adaptor or cord included with the Switch.
2 Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source. Make sure the power source is turned on.
3 Disconnect and re-connect the power adaptor or cord to the Switch.
4 If the problem continues, contact the vendor.
One of the LEDs does not behave as expected.
1 Make sure you understand the normal behavior of the LED. See Section 3.4 on page 35.
2 Check the hardware connections. See Section 23.1 on page 157.
3 Inspect your cables for damage. Contact the vendor to replace any damaged cables.
4 Disconnect and re-connect the power adaptor or cord to the Switch.
Chapter 23 Troubleshooting
GS1500-24P User’s Guide158
5 If the problem continues, contact the vendor.
23.2 Switch Access and Login
I forgot the IP address for the Switch.
1 The default IP address is 192.168.1.1.
2 If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page 45.
I forgot the username and/or password.
1 The default username is admin and the default password is 1234.
2 If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page 45.
I cannot see or access the Login screen in the web configurator.
1 Make sure you are using the correct IP address.
• The default IP address is 192.168.1.1.
• If you changed the IP address, use the new IP address.
• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the Switch.
2 Check the hardware connections, and make sure the LEDs are behaving as expected. See Section 3.4 on page 35.
3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled.
4 Make sure your computer is in the same subnet as the Switch. (If you know that there are routers between your computer and the Switch, skip this step.)
Chapter 23 Troubleshooting
GS1500-24P User’s Guide 159
5 Reset the device to its factory defaults, and try to access the Switch with the default IP address. See Section 4.6 on page 45.
6 If the problem continues, contact the vendor, or try one of the advanced suggestions.
Advanced Suggestions
• Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HTTP.
I can see the Login screen, but I cannot log in to the Switch.
1 Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are case-sensitive, so make sure [Caps Lock] is not on.
2 You may have exceeded the maximum number of concurrent Telnet sessions. Close other Telnet session(s) or try connecting again later.
Check that you have enabled logins for HTTP or Telnet. If you have configured a secured client IP address, your computer’s IP address must match it. Refer to the chapter on access control for details.
3 Disconnect and re-connect the cord to the Switch.
4 If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page 45.
Pop-up Windows, JavaScripts and Java Permissions
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
I cannot see some of submenus at the bottom of the navigation panel.
Chapter 23 Troubleshooting
GS1500-24P User’s Guide160
The recommended screen resolution is 1024 by 768 pixels. Adjust the value in your computer and then you should see the rest of the submenus at the bottom of the navigation panel.
GS1500-24P User’s Guide 161
CHAPTER 24 Product Specifications
The following tables summarize the Switch’s hardware and firmware features.
Table 53 Hardware Specifications
SPECIFICATION DESCRIPTION
Dimensions Standard 19” rack mountable
440 mm (W) x 310 mm (D) x 43 mm (H)
Weight 4472g
Power Specification 100-240 VAC, 50/60HZ 3.0 A Max.
Power Consumption 213.8W (maximum)
Interfaces 24 10/100/1000 Base-Tx ports
4 GbE Dual Personality interfaces (Each interface has one 1000Base-T RJ-45 port and one Small Form-Factor Pluggable (SFP) slot, with one port active at a time.)
Auto-negotiation
Auto-MDIX
Compliant with IEEE 802.3/3u/3ab
Back pressure flow control for half duplex
Flow control for full duplex (IEEE 802.3x)
Power over Ethernet to 24 PoE ports (max. 15.4 Watt/port, 185 Watt PoE maximum power budget)
Power budget management
Reset to default button
LEDs Per switch: PWR, SYS, ALM
Per GE Ethernet RJ-45 10/100/1000 port: LNK/ACT, PoE
Per mini-GBIC slot: LNK, ACT
Per 1000BASE-T RJ-45 port (in dual personality interface): LNK/ACT, FDX
Operating Environment
Temperature: 0º C ~ 50º C (32º F ~ 122º F)
Humidity: 10 ~ 95% (non-condensing)
Storage Environment Temperature: -40º C ~ 70º C (-40º F ~ 158º F)
Humidity: 10 ~ 95% (non-condensing)
Chapter 24 Product Specifications
GS1500-24P User’s Guide162
Ground Wire Gauge 18 AWG or larger
Power Wire Gauge 18 AWG or larger
Fuse Specification 250 VAC, T2A
Table 54 Firmware Specifications
FEATURE DESCRIPTION
Default IP Address 192.168.1.1
Default Subnet Mask 255.255.255.0 (24 bits)
Administrator User Name
admin
Default Password 1234
Number of Login Accounts Configurable on the Switch
1 management account configured on the Switch.
Maximum Frame Size 9 K (9216 bytes)
VLAN A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s); the traffic must first go through a router.
MAC Address Filter Filter traffic based on the source and/or destination MAC address and VLAN group (ID).
Differentiated Services (DiffServ)
With DiffServ, the Switch marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Queuing Queuing is used to help solve performance degradation when there is network congestion. The following scheduling services are supported: Strict Priority Queuing (SPQ) Weighted Round Robin (WRR), and Weighted Fair Queuing (WFQ). This allows the Switch to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth.
Bandwidth Control Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port.
Broadcast Storm Control Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports.
Port Mirroring Port mirroring allows you to copy traffic going from one port to another port in order that you can examine the traffic from the mirror port (the port you copy the traffic to) without interference.
Table 53 Hardware Specifications
Chapter 24 Product Specifications
GS1500-24P User’s Guide 163
STP (Spanning Tree Protocol) / RSTP (Rapid STP)
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a Switch to interact with other (R)STP-compliant switches in your network to ensure that only one path exists between any two stations on the network.
Defence Engine Use the defence engine feature to protect the CPU from overwhelming by flooding traffic.
Dynamic ARP Dynamic ARP allows you to filter incoming traffic based on the MAC to IP address mapping. The Switch can be configured to only allow trusted devices to communicate via its ports.
Link Aggregation Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
Port Authentication and Security
For security, the Switch allows authentication using IEEE 802.1x with an external RADIUS server and port security that allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch.
Authentication and Authorization
The Switch supports authentication and authorization services via RADIUS AAA servers.
Device Management Use the web configurator or commands to easily configure the rich range of features on the Switch.
Syslog The Switch can generate syslog messages and send it to a syslog server.
Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator and TFTP tool to put it on the Switch.
Note: Only upload firmware for your specific model!
Configuration Backup & Restoration
Make a copy of the Switch’s configuration and put it back on the Switch later if you decide you want to revert back to an earlier configuration.
Table 54 Firmware Specifications
FEATURE DESCRIPTION
Chapter 24 Product Specifications
GS1500-24P User’s Guide164
Table 55 Feature Specifications Layer 2 Features
L2 Bridging 16K MAC addresses (4-way associative hashed)
Static MAC address filtering by source/destination
Broadcast storm control in 1 second interval, 1 pps entering
Static MAC address forwarding (port lock)
Switching Switching fabric: 56 Gbps, non-blocking
Max. Frame size: 9 K bytes
Forwarding frame: IEEE 802.3, IEEE 802.1q, Ethernet II, PPPoE
Prevent the forwarding of corrupted packets
14881 pps at 10 Mbps/ 148810 pps at 100 Mbps / 1488100 pps at 1 Gbps with 64 bytes packets
Jumbo Frame Up to 9K (9216 bytes)
STP IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)
IEEE 802.1d Spanning Tree Protocol
QoS IEEE 802.1p with 8 CoS per port
802.3x flow control
SPQ, WFQ, or WRR combination capable
Policy-based Rate-limiting
Policy-based prioritization
DiffServ (DSCP)
VLAN Port-based VLAN
number of VLAN: 4K, 256 static maximum
Link Aggregation
IEEE 802.3ad static and dynamic by LACP
Six groups (up to eight ports/group randomly selected)
Port mirroring
Port-based mirroring
Support port mirroring per IP/TCP/UDP
Bandwidth control
Supports rate limiting at 16 Kb increments
Broadcast Storm Control
Broadcast, Multicast, Unknown Unicast Storm Control 1 pps stepping
Rate Limiting Support rate limiting per IP/TCP/UDP port
Chapter 24 Product Specifications
GS1500-24P User’s Guide 165
The following list, which is not exhaustive, illustrates the standards supported in the Switch.
Radius Support RADIUS
Security Static MAC address filtering
Static MAC address forwarding
IEEE 802.1x port-based authentication
Dynamic ARP
Table 55 Feature Specifications (continued)
Table 56 Standards Supported
STANDARD DESCRIPTION
RFC 826 Address Resolution Protocol (ARP)
RFC 894 Ethernet II Encapsulation
RFC 1155 SMI
RFC 1157 SNMPv1: Simple Network Management Protocol version 1
RFC 1213 SNMP MIB II (System and Interface Group)
RFC 2030 Simple Network Time Protocol (SNTP v4)
RFC 1441 SNMPv2 Simple Network Management Protocol version 2
RFC 1643 Ethernet MIBs
RFC 2819 RMON
RFC 1901 SNMPv2c Simple Network Management Protocol version 2c
SNMPv3
RFC 2138 RADIUS (Remote Authentication Dial In User Service)
RFC 3164 Syslog
RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMP v3)
IEEE 802.1x Port Based Network Access Control
IEEE 802.1D MAC Bridges
IEEE 802.1p Traffic Types - Packet Priority
IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)
IEEE 802.3 Packet Format
IEEE 802.3ad Link Aggregation
IEEE 802.3af Power over Ethernet
IEEE 802.3x Flow Control
Safety EN 60950-1
EMC FCC Part 15 (Class A)
CE EMC (Class A)
Chapter 24 Product Specifications
GS1500-24P User’s Guide166
167
PART VIIAppendices and
Index
Changing a Fuse (169)
Common Services (171)
Legal Information (175)
Index (179)
168
GS1500-24P User’s Guide 169
APPENDIX A Changing a Fuse
This appendix shows you how to remove and install fuses for the Switch.
If you use a fuse other than an included fuse, make sure it matches the fuse specifications in the chapter on product specifications.
Removing a Fuse
Disconnect all power from the Switch before you begin this procedure.
1 Remove the power cord from the Switch.
2 See the product specifications for the location of the fuse. Use a small flat-head screwdriver to carefully pry out the fuse housing.
3 A burnt-out fuse is blackened, darkened or cloudy inside its glass casing. A working fuse has a completely clear glass casing. Pull gently, but firmly, to remove the burnt out fuse from the fuse housing. Dispose of the burnt-out fuse properly.
Installing a Fuse
1 The Switch is shipped from the factory with one spare fuse included in a box-like section of the fuse housing. Push the middle part of the box-like section to access the spare fuse. Put another spare fuse in its place in order to always have one on hand.
2 Push the replacement fuse into the fuse housing until you hear a click.
3 Push the fuse housing back into the Switch until you hear a click.
4 Plug the power cord back into the unit.
Appendix A Changing a Fuse
GS1500-24P User’s Guide170
GS1500-24P User’s Guide 171
APPENDIX B Common Services
The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site.
• Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
• Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP protocol number, not the port number.
• Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information about port numbers.
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
• If the Protocol is USER, this is the IP protocol number.
• Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.
Table 57 Commonly Used Services
NAME PROTOCOL PORT(S) DESCRIPTION
AH (IPSEC_TUNNEL)
User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.
AIM/New-ICQ TCP 5190 AOL’s Internet Messenger service. It is also used as a listening port by ICQ.
AUTH TCP 113 Authentication protocol used by some servers.
BGP TCP 179 Border Gateway Protocol.
BOOTP_CLIENT UDP 68 DHCP Client.
BOOTP_SERVER UDP 67 DHCP Server.
CU-SEEME TCP
UDP
7648
24032
A popular videoconferencing solution from White Pines Software.
DNS TCP/UDP 53 Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers.
Appendix B Common Services
GS1500-24P User’s Guide172
ESP (IPSEC_TUNNEL)
User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.
FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.
FTP TCP
TCP
20
21
File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.
H.323 TCP 1720 NetMeeting uses this protocol.
HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.
HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.
ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes.
ICQ UDP 4000 This is a popular Internet chat program.
IGMP (MULTICAST)
User-Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.
IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.
IRC TCP/UDP 6667 This is another popular Internet chat program.
MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol.
NEW-ICQ TCP 5190 An Internet chat program.
NEWS TCP 144 A protocol for news groups.
NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.
NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
PING User-Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
Table 57 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix B Common Services
GS1500-24P User’s Guide 173
POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).
PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.
PPTP_TUNNEL (GRE)
User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.
RCMD TCP 512 Remote Command Service.
REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.
REXEC TCP 514 Remote Execution Daemon.
RLOGIN TCP 513 Remote Login.
RTELNET TCP 107 Remote Telnet.
RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
SFTP TCP 115 Simple File Transfer Protocol.
SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
SNMP TCP/UDP 161 Simple Network Management Program.
SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).
SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.
SSH TCP/UDP 22 Secure Shell Remote Login Program.
STRM WORKS UDP 1558 Stream Works Protocol.
SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.
TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).
Table 57 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix B Common Services
GS1500-24P User’s Guide174
TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.
TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
VDOLIVE TCP 7000 Another videoconferencing solution.
Table 57 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
GS1500-24P User’s Guide 175
APPENDIX C Legal Information
Copyright
Copyright © 2009 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operations.
Appendix C Legal Information
GS1500-24P User’s Guide176
FCC Warning
This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this device in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
CE Mark Warning:
This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.
Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning:
Notices
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
This Class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
CLASS 1 LASER PRODUCT
APPAREIL A LASER DE CLASS 1
PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11.
PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11.
Viewing Certifications
1 Go to http://www.zyxel.com.
2 Select your product on the ZyXEL home page to go to that product's page.
Appendix C Legal Information
GS1500-24P User’s Guide 177
3 Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Appendix C Legal Information
GS1500-24P User’s Guide178
Index
GS1500-24P User’s Guide 179
Index
A
access controlSNMP 95
applicationsbackbone 21
bridging 22
IEEE 802.1Q VLAN 23
switched workgroup 23
ARP inspection 132
auto-crossover 33
B
bandwidth control 111, 164
setup 112
BPDUs (Bridge Protocol Data Units) 74
Bridge Protocol Data Units (BPDUs) 74
bridging 164
broadcast storm control 137
C
certifications 175
notices 176
viewing 176
CFI (Canonical Format Indicator) 67
changing the password 44
Class of Service (CoS) 80
Click 147
configuration, saving 44
copyright 175
D
default Ethernet settings 32
Defence Engine 139
DiffServDS field 80
DSCP 80
network example 81
PHB 80
dimensions 161
disclaimer 175
DS (Differentiated Services) 80
DSCPservice level 80
what it does 80
DSCP (DiffServ Code Point) 80
dynamic link aggregation 60
F
FCC interference statement 175
firmware 52
flow controlback pressure 56
IEEE802.3x 56
front panel 31
fuse 169
replacement 169
G
general features 164
general setup 53
Gigabit ports 32
GMT (Greenwich Mean Time) 53
H
hardware installation 27
Index
GS1500-24P User’s Guide180
hardware overview 31
humidity 161
I
IEEE 68
IEEE 802.1p, priority 86
IEEE 802.1xactivate 129, 130
reauthentication 129
information 52
installfuse 169
installationdesktop 27
precautions 28
rack-mounting 27
transceivers 33
installation scenarios 27
J
Jumbo Frame 113
L
LACP 60, 63
system priority 64
layer 2 features 164
LEDs 35
link aggregation 59
dynamic 60
status 61
traffic distribution type 62
trunk group 59
Link Aggregation Control Protocol (LACP) 60
Link Aggregation Control Protocol, see LACP 60
lockout 44
login 39
password 44
M
MAC (Media Access Control) 52
MAC address 52
MAC forwarding tablehow it works 122
maintenance 149
Management Information Base (MIB) 96
managing the devicegood habits 24
MDIX (Media Dependent Interface Crossover) 33
MIBand SNMP 96
supported MIBs 104
MIB (Management Information Base) 96
mirroring ports 91
monitor port 92, 93
mounting brackets 28
N
network applications 21
network management system (NMS) 95
P
password 44
PHB (Per-Hop Behavior) 80
PoE 115
policy 108
and classifier 108
configuration 108
viewing 108
Policy-based Priority 83
Port 71
port authentication 127
IEEE802.1x 129, 130
port mirroring 91, 164
direction 92
egress 92
ingress 92
port redundancy 60
Index
GS1500-24P User’s Guide 181
port setup 55
Port-based Priority 81
portsmirroring 91
standby 60
power connector 35
power consumption 161
Power Over Ethernet 115
power specification 161
priority level 87
product registration 177
PVID 68
PVID (Priority Frame) 68
Q
QoS 79, 164
queue weight 88
queuing 87
SPQ 88
WRR 88
R
rack-mounting 27
RADIUSNetwork example 127
Rapid Spanning Tree Protocol, See RSTP. 73
Rate Limit 107
rear panel 35
rear panel connections 35
reboot system 151
registrationproduct 177
related documentation 3
removing fuses 169
resetting 45, 151
to factory default settings 151
restoring configuration 45
Round Robin Scheduling 88
RSTP 73
S
safety certifications 165
safety warnings 7
save configuration 44
Simple Network Management Protocol, see SNMP
Small Form-factor Pluggable (SFP) 33
SNMP 95
agent 96
and MIB 96
and security 95, 97
management model 96
manager 96
MIB 104
network components 96
object variables 96
protocol operations 96
version 3 95, 97
versions supported 95
SNMP traps 104
Spanning Tree Protocol, See STP. 73
SPQ (Strict Priority Queuing) 88
standby ports 60
static link aggregation example 64
static MAC address 122
static trunking example 64
Static VLAN 70
status 40
link aggregation 61
STP 73, 164
bridge priority 76
designated bridge 74
forwarding delay 76
Hello BPDU 74
Hello Time 76
how it works 74
Max Age 76
path cost 74
port state 74
root port 74
terminology 74
switch lockout 44
switch reset 45
switch setup 53
switching 164
Index
GS1500-24P User’s Guide182
syntax conventions 5
syslog 143
server setup 145
settings 143
setup 143
system reboot 151
system settings 51
T
tagged VLAN 67
temperature 161
TFTP 24
trademarks 175
transceiver MultiSource Agreement (MSA) 33
transceivers 33
installation 33
removal 34
Trunk Distribution Algorithm 62
trunk group 59
trunking 59, 164
example 64
Type of Service (ToS) 80
V
ventilation 27
VIDnumber of possible VIDs 68
priority frame 68
VID (VLAN Identifier) 68
VLAN 164
ID 67
introduction 67
port settings 71
static VLAN 70
tagged 67
W
warranty 177
note 177
web configurator 39
home 40
login 39
logout 45
navigation panel 41
weight, queuing 88
Weighted Round Robin Scheduling (WRR) 88
When 132
WRR (Weighted Round Robin Scheduling) 88