ZyXEL VES-1616 User's Manual
Contents
1. 99 Create User Account 99 Supplicant Setup Windows XP 99 802 1x MD5 challenge setup 100 Classifier amp Policy rule setup on your Switch 102 Classifier Configuration 103 Policy Rule Configuration 104 Centralized Management 105 Introduction to SNMPc and NetAtlas 105 SNMPc Overview eere erro ee 106 EMS Overview eere ee eere nee n ee er TT 2 107 FAQ 114 What are the default IP parameter settings 114 What is the default login Name and Password to log into the Web Configurator 114 How to access my SWITCH through the console port 114 What is default login password for console telnet and FTP login2. VLAN Status J VLAN Port Setting Static VLAN The Number Of VLAN 5 Port Number A Index VID 2 E 6 8 10 12 14 16 18 Elapsed Time Status T 1 3 5 7 9 11 13 15 17 B 1 1 Sj jee E 0 00 03 Static Static MAC Forwarding u U U U U U U U uU i Filtering 5 5 T Spanning Tree Protocol e U z E T Broadcast Storm Control U a i e T Mirroring 3 40 T 0 00 02 Static Link amp agregation 7 T Port Authentication 4 50 lu T 0 00 02 Static MAC Limit U Access Control 5 100 T T T 0 00 02 Other Queuing Method Open Advanced Application VLAN Static VLAN to add a new VLAN Tick the Active box type VLAN Name 30 and VLAN ID 30 in the columns Change Port 1 and Port 17 to fixed and keep port 17 tx tagging All contents copyright 2008 ZyXEL Communications Corporation 72 ZyXEL VES 1616 24FA 5x Series Support Notes eee BENE E auus cca Name F VLAN Group ID 30 gt Port Control Tagging B u co NN NM O Normal Fixed O Forbidden TxTagging oe i NM 2 Norma Fired O Forbidden V TxTagging BEIGE T Le AR Normal O Fied O Forbidden M TxTagging Broadcast Storm Control ME Normal O Fixed O Forbidden TxTagging Mimoring 0 s 5o Normal Orxed O Forbidden V TxTagging Link Aggregation
3. Routing Protocol _ Firmware Upgrade amp Click Here ae Managenertnt __ _ Restore Configuration Glick Here se E mE Backup Configuration Glick Here sse Se eec Load Factory Default Aided 000 be Diagnostic fetid S lE Syslog MAC Table ARP Table Loop Diagnostic CFM Action 3 Click the Click Here link for Firmware Upgrade to display the following screen Maintenance Firmware Upgrade 4 To upgrade the internal switch firmware browse the location ofthe binary BIN file and click Apply s button s File Path n Maintenance Diagnostic Syslog MAC Table ARP Table Loop Diagnostic CFM Action 4 In the File Path field click Browse to locate the firmware file 5 Click Upgrade to start the firmware upgrade process Using the Console Port All contents copyright 2008 ZyXEL Communications Corporation 3 ZyXEL VES 1616 24FA 5x Series Support Notes 1 Download and unzipped the correct model firmware to your computer 2 Connect to the console port and launch a Terminal Emulation software 3 Restart the switch to enter the debug mode via the terminal 4 Enter ATUR 5 Use the X modem protocol to transfer Send File the firmware 6 Enter ATGO to restart the switch after the file transfer is complete and the firmware upgrade process is done Using FTP 1 2 8 Download and unzipped the correct model firmware to your computer Launch the
4. 114 How to change the password 114 How to access the Command Line Interface CLI 115 If have forgotten the password how to reset the password to the default Setting 115 How to configure the IP address 115 Is Online Help available on the Web Configurator 116 How to restart device from the Web Configurator 116 How to check the current running firmware version 116 Is the mini GBIC transceiver hot swappable 117 What is Dual Personality interface on a VDSL Switch 117 Can enable IGMP snooping on the Switch which is acting as an IGMP Router 2 117 Can enable MVR and IGMP snooping at the same time 117 All contents copyright 2008 ZyXEL Communications Corporation 2 ZyXEL VES 1616 24FA 5x Series Support Notes Switch Management and Maintenance Firmware Upgrade Using the Web Configurator 1 Download and unzipped the correct model firmware to your computer 2 Click Management gt Maintenance in the navigator panel to display the following screen
5. x IP Commander 5 S 6H BA A9D Ce d 192 168 1 99 lt ONL V4 Create Rule E Service Configu Administrator Ac General Rule Criteria High Water Marks Rule Options Network Views e Rules Templates Policies Access Control Management Static Addresse Lower limit Lhent Llasses Hardware Mapp Active IP Addre Ant RoamingD Default gate View Audits Statistics Lease time G DDNS amp TFTPI Created fim 2 Windows M Ww Doct Micro Rule Wizard for 192 168 1 99 Create the rule criteria Select rule criteria from the keywords list and link them using operators in the operators list Use parantheses to specity the order ol preterence Keywords DHCP Option x Rule criteria Operators zl OPTIONBINARY 82 1 0019000131323438 Last modified Bark Cannel Search Incognito Ma 2 2 Ethereal Click Next in the screen that displays All contents copyright 2008 ZyXEL Communications Corporation 19 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 File Edit vy Impe Ext Wiza H iXx 8 T Be G A Q E IP Commander 2 192 168 1 99 lt ONL 2 Service Configuration for 192 168 1 99 ONLINE Stand alone gt E Service Configu fieron o FAC IP Commander Administrator Configuration Utility Network Views Client revisiguad Bj k kiss Copyright c Rule Wizard for 192 168 1 99 f
6. Classifier s ME VLAN Static MAC Forwarding Filtering General Metering Spanning Tree Protocol panning VLAN ID 1 Bandwidth Kbps Broadcast Storm Control Mirroring EgressPort Te m Out of Profile Link Aggregation m DSCP Port Authentication Parameters Outgoing packet format for Egress port 9 Tag O Untag MAC Limit Priority 0 iv Access Control Queuing Method Classifier TOS 0 v Policy Rule Forwarding VLAN Stacking O No change Multicast a Discard the packet vl v nuce 9 Do not drop the matching frame previously marked for dropping Centralized Management Introduction to SNMPc and NetAtlas With the number of network device increasing the demand to detect and respond All contents copyright 2008 ZyXEL Communications Corporation 105 ZyXEL VES 1616 24FA 5x Series Support Notes to network failures or events in a short time post a great challenge to network administrators How to easily manage and monitor network devices across networks has become more and more important in network management Figure 1 presents the main elements of the system architecture As an Element Management System EMS NetAtlas provides a centralized remote management platform and acts as an SNMPc manager to perform network configuration system management event alarm management performance management and security for all ZyXEL s Ethernet switches SNMPc is a network management software produced by Castle Rock that constantly probes the
7. 1h a 3 Access Port Oo Link Aggregation uas Access Port v Po o s HS ol E Port Authentication 5 Access Port 1 Ov Port Security 6 Access Port 1 Ov Queuing Method MM Access Port v MA CMM om Classifier 8 Access Port 1 Ov Policy Rule g Access Port v 1 0 v NNNM E ul M Multicast Lo a p Access Port P EEEE EE ETEN EEEE EE EEE EON u a DHCP Relay 11 Access Port Ov DiffServ 12 Access Port 0 Tl x DN B opyright 1995 2004 by ZvXEL Communi 13 To enable VLAN stacking select Active Set ports 1 and 2 as the access port and enter the corresponding SPVIDs as shown in the figure above All contents copyright 2008 ZyXEL Communications Corporation 49 ZyXEL VES 1616 24FA 5x Series Support Notes m lL Mee DII 14 Set port 25 as the Tunnel Port and leave the SPVID field to the default setting 15 You have finished setting Switch B for VLAN stacking for this network example Configuring Switch C Using the Web Configurator 1 Use an RJ 45 Ethernet cable to connect your computer to the MGMT port on the switch 2 By default the IP address on the MGMT port is 192 168 0 1 24 3 Set your computer to use a static IP address in the same subnet for example 192 168 0 2 24 4 Open a web browser such as IE and enter http 192 168 0 1 as the URL 5 A login screen displays Enter admin the default as the username and 1234 the default as the password
8. hr m Configuring Switch D Using the Web Configurator 1 Use an RJ 45 Ethernet cable to connect your computer to the MGMT port on the switch 2 By default the IP address on the MGMT port is 192 168 0 1 24 3 Set your computer to use a static IP address in the same subnet for example 192 168 0 2 24 4 Open a web browser such as IE and enter http 192 168 0 1 as the URL 5 A login screen displays Enter admin the default as the username and 1234 the default as the password 6 After you have logged in successfully the main screen displays as shown All contents copyright 2008 ZyXEL Communications Corporation 52 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL MENU m Status Fl Logout Help System Up Time 29 10 27 Port Link State LACP TxPkts RxPkts Errors TXKB s RxKB s Up Ti ILL RII Us CS SNR PIN d IIIA c RR ORAL NER LN S DUM c ccs cii ea iMRI ORR SER RASEN L 0 00 0D Down STOP Disabled 0 0 00 8 00 NS RE AE i 0 0 0 0 0 00 0 0 00 0 00 0 0 0 0 0 00 0 0 0 0 0 00 FW CNRC US 0 0 0 0 00 0 DOW sss Bo canst IO 0 3 4 T SAC ee M M ERES OWN L rr S NER i 0 8 g 1 a ainan OE aars RAMA a yaya AEn TETTE P o MEME IS OM 0 M WM MEE C NCC NHAC OA epee Bc DOM sR SSC ROSES SUSAN ENSE NUR NONE E NN LL NEL E rai eso arcere P ME MEM NEM WM 12 Down STOP LU Coe s Sie Gre 1S Ch DO E ema E eea IE era 0 a EE l S A 5 RS E M i DON C ci
9. W ans Normal O Fired Forbidden TxTagging Port Authentication To Normal Feed oOo O Forbidden V TxTagging ubl NU E 8 Normal O Fined O Forbidden V TxTagging a 95 Normal OO Fined O Forbidden e TxTagging M VEMOS reee 10 Normal OO Fined Forbidden Iv TxTagging 11 9 Normal Fixed Q Forbidden Tx Tagaing PaliyRule 0000 me HE oo oe See b E E gesin o 1 oenmemnette errorem Jio cao ea de ricca nist E E s cu MENS NIU 3350 Normal O Fixed O Forbidden TxTagging MWR LAN Normal O Fired O Forbidden V TxTagging DHCP SV 15 Normal Fed oo O Forbidden Ml TxTagging DiffSew s 6 Normal Orxed O Forbidden V TxTagging CFM 17 Normal 9 Fixed Q Forbidden Tx Tagging Open Advanced Application VLAN Static VLAN to add a new VLAN Tick the Active box type VLAN Name 40 and VLAN ID 40 in the columns Change Port 2 and Port 17 to fixed and keep port 17 tx tagging EE Pe as Name 40 m VLAN Group ID 40 gt Port Control Tagging ies 1 9 Normal Q Fixed Q Forbidden Tx Tagging Static MAC Forwarding DETRCECNEPOUEENUE URN PI iion acu PRI a nis DRM decl et ure RR RR eme Te cn ARN EE 2 O Normal Fed O Forbidden L TxTagging Spanning Tree Protoc
10. 6 After you have logged in successfully the main screen displays as shown ZyXEL Status H Logout H Help C Status System Up Time 29 10 27 Port Link State LACP TxPkts RxPkts Errors TxKB s RxKB s Up Ti M nein OC Ls E d e 1 100M F FORWARDING Disabled 6199 2356 0 0 0 0 0 243 Ahna Nrt a A ure Nd X NAR ATAATA RAIN AATA RA RA 2 Down STOP Disabled D 0 0 0 0 0 0 00 3 Down STOP Disabled 0 0 D 0 0 0 0 0 00 4 Down STOP Disabled 0 D 0 0 0 0 0 0 00 5 Down STOP Disabled Oo 0 0 0 0 0 0 0 00 6 Down STOP Disabled 0 0 0 0 0 0 0 0 00 i Down STOP Disabled 0 0 0 0 0 0 0 0 00 8 Down STOP Disabled 0 D 0 0 0 0 0 0 00 g Down STOP Disabled 0 0 0 0 0 0 0 0 00 10 Down STOP Disabled 0 0 0 0 0 0 0 00 11 Down STOP Disabled 0 0 0 0 0 0 0 0 00 TE Down STOP Disabled 0 D 0 0 0 0 0 0 00 13 Down STOP Disabled 0 0 0 0 0 0 0 0 00 14 Down STOP Disabled 0 0 0 0 0 0 0 0 00 15 Down STOP Disabled 0 0 0 0 0 0 0 0 00 16 Down STOP Disabled 0 0 0 0 0 0 0 0 00 17 Down STOP Disabled 0 0 0 0 0 0 0 0 00 Poll Interval s 40 Stop pot ALL T First create VLAN groups for the ISP s network For this example VLAN 30 for company XX and VLAN 40 for company YY Click Advanced Application gt Switch Advance VLAN and click the Static VLAN link All contents copyright 2008 ZyXEL Communications Corporation 50 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL MENU Status El Logout H Help S VLAN Status J VLAN P
11. Epp te Hera e Spp xu ea p sI 26 LE e week e ea a hee ee esp m ee Be peak hytes 3Z2 hytezs 32 bytes 32 bytes 32 hytes 32 hytes 32 hytes 32 bytes 32 bytes 32 hytes 32 bytes 32 hytezs 32 hytezs 32 hytes 32 hytes 32 bytes 32 Average timesims time lt ims time lt ims time lt ims time lt ims timesims time lt ims time lt ims time lt ims time lt ime tines ims time lt ims time lt ims time lt ims time lt ime tines ims Ams TTL 128 ITL 128 ITL 128 ITL 128 TTL 128 TTL 128 ITL 128 ITL 128 ITL 128 ITL 128 TTL 128 ITL 128 ITL 128 ITL 128 ITL 128 TTL 128 43 ZyXEL VES 1616 24FA 5x Series Support Notes VLAN Stacking Overview VLAN stacking allows a carrier to offer multiple virtual LANs over a single circuit In essence the carrier creates an Ethernet VPN to tunnel customer VLANs across its WAN Thus it helps to avoid name conflicts among customers of multiple service providers who connect to the same carrier VLAN stacking works by assigning two VLAN IDs to each frame header One is a backbone VLAN ID used by the service provider the other up to 4 096 unique 802 1Q VLAN tags is used by the customers The following figure shows a network example Company XX branch Company YY branch Switch Company XX HQ Company YY HQ In this example company XX and company YY both subscribe to the same ISP for Internet service Both companies have an internal VLAN group with VID 1
12. The colors of the device indicate the status of the devices Green means the device is working properly and Red indicates no response from the device e System message Panel View the alarm and port status of the selected switch Figure 3 EMS Overview All contents copyright 2008 ZyXEL Communications Corporation 107 ZyXEL VES 1616 24FA 5x Series Support Notes Ca IyXEL NetAtlas Enterprise EMS p Tempi Stabe Performance Faut Manbenance Tool Hep M ct x EE Aw Menu Shortcut Bar Device List Panel Alarm Status Port Status a B d ALARM FAWN TEMP System Message Panel Adding a new device in SNMPc This section shows you how to add a new device in SNMPc and access the EMS screen 1 In the edit button bar shown in Figure 4 click the Insert Device icon to create a new device node Figure 4 Adding a new Device All contents copyright 2008 ZyXEL Communications Corporation 108 ZyXEL VES 1616 24FA 5x Series Support Notes 25 SNMPc Management Console Root Subne ah File Edit View Insert Manage Tools Config Window Help as 5 ase empopsp5 mer zi pusseswy a rn F Root Subnet H 192 168 1 192168 1 1 ES 2108 oo GS 4024 e e D a g i ZyXEL 2 A Map Object Properties screen displays Enter a descriptive name in the Label field Then enter the IP address of the device in the Address field For this example we enter 192 168 0 1 as the IP address of the swit
13. Using the Web Configurator T Using the Console Port 8 General Networking 8 DHCP Relay Option 82 Application 8 Setting up a DHCP Relay Option 82 Environment 9 Separating a physical network into multiple virtual networks 24 What is Virtual LAN 24 VLAN OvVverview eere eroe nn nn nena nnn 24 Port based VLAN 25 Port based VLAN across multiple switches 2f How to configure Port Based VLAN 28 What is IEEE 802 1Q Tag based VLAN 33 How 802 1Q VLAN works 34 Connecting Two Switches using VLAN 37 Setting up VLAN Trunking 40 VLAN Stacking Overview 44 Configuring Switch A E F
14. VLAN Switch 1 Hosts A and B is able to communicate with Hosts C and D through the non VLAN switch because port based VLAN cannot cross multiple switches To provide security between switches you must install another port based VLAN switch for the uplink Each port on the uplink switch also should be separated into different VLANs except for the port connection to the gateway So subscribers can only connect to the gateway for Internet access but not communicate with each other All contents copyright 2008 ZyXEL Communications Corporation 2f ZyXEL VES 1616 24FA 5x Series Support Notes Gateway Switch 1 FAL 1 2 3 4 Switch 3 3j 4 Switch 2 LI LI For Switch 1 ports 1 2 and 3 are allowed to communicate with uplink port 4 but not with other ports e Switch 1 VLAN 1 member port port 1 and port 4 e Switch 1 VLAN 2 member port port 2 and port 4 e Switch 1 VLAN 3 member port port 3 and port 4 How to configure Port Based VLAN Port based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port All contents copyright 2008 ZyXEL Communications Corporation 28 ZyXEL VES 1616 24FA 5x Series Support Notes PC A PC B PCC In this scenario Port Based VLAN is used to separate one physical switch into two smaller logical switches Ports 1 4 and 17 18 belong to the same VLAN group and ports 5 8 are in another group Port based VLA
15. m I Norma OO Fixed QO Forbidden lv TxTagging mE 10 Normal O Fixed Forbidden v TxTagging sss 11 Norma O Fixed O Forbidden v TxTagging NEN 12 Normal O Fixed O Forbidden MI TxTagging NEM 13 Normal Q Fixed Forbidden v TxTagging NAM 14 Norma O Fixed O Forbidden v TxTagging NM 15 Normal O Fixed O Forbidden v TxTagging NEN 16 Norma O Fixed Forbidden 1v TxTagging NEN 17 Norma Fixed O Forbidden V TxTagging 18 9 Normal Q Fixed Q Forbidden Tx Tagging Check the ACTIVE checkbox to enable and fill in the VLAN name IPTV and VLAN ID 3988 Configure port 1 and port 17 to Fixed and check the Tx Tagging checkbox All contents copyright 2008 ZyXEL Communications Corporation 81 VLAN Status IPTV VLAN Group ID 3988 Port Control A O Noma Fixed 2 Normal Forbidden lt Tagging MW TxTagaing Z Normal O Fed O Forbidden MA TxTagging bs 3 G Nomai O Fixed Forbidden Mi TxTagging ME 4 Normal Q Fixed O Forbidden M TxTagging NEN 5 Normal O Fixed O Forbidden lv TxTagging EN 8 Normal Fixed O Forbidden M TxTagging EN 7 Normal O Fixed QO Forbidden Y T
16. 0 0 0 0 0 EEUU d X 3 J LH EE EE IE EE IEEE LLL otis Spanning Tree Protecol Broadcast Storm Control Mirroring Link Aggregation Port Authentication MAC Limit MVLAN Name Start Address End Address Delete All Delete Group Access Control Queuing Method 3 300 aa O eee ee Classifier support 233 1 1 1 233 1 1 100 d Policy Rule VLAN Stacking Multicast Vas cra Configuration via CLI Step 1 On the VES 1616FA 54 in the configure mode create VLAN 100 VES 1616FA 54 config VES 1616FA 54 config vlan 100 Step 2 In the VLAN 100 set the port 17 to be fixed port VES 1616FA 5A config vlan fixed 17 Step 3 On the VES 1616FA 54 in the configure mode create VLAN 30 and set the port 1 to be fixed port VES 1616FA 54 config vlan 30 VES 1616FA 54 config vlan untagged 1 All contents copyright 2008 ZyXEL Communications Corporation 15 ZyXEL VES 1616 24FA 5x Series Support Notes VES 1616FA 54 config vlan fixed 1 Step 4 On the VES 1616FA 54 in the configure mode create VLAN 40 and set the port 2 to be fixed port VES 1616FA 54 config vlan 40 VES 1616FA 54 config vian untagged 2 VES 1616FA 54 config vian fixed 2 Step 5 On the VES 1616FA 54 in the configure mode create VLAN 50 and set the port 3 to be fixed port VES 1616FA 54 config vian 50 VES 1616FA 54 config vilan untagged 3 VES 1616FA 54 config vian fixed 3 Step 6 On the VES 1616FA 54 set the PVID of specific VLAN 30 VES 1616FA 54 c
17. 2 Egress port for port 4 port 1 port 5 Egress port for port 5 port 1 port 4 All contents copyright 2008 ZyXEL Communications Corporation 26 ZyXEL VES 1616 24FA 5x Series Support Notes Port based VLAN across multiple switches Port based VLAN is specific only to the switch on which it was created Thus port based VLAN cannot cross multiple switches The following figure shows an MTU network example For network security subscribers are isolated from each other except for the gateway There are two switches Switch 2 and Switch 3 that support port based VLAN and an uplink to a non port based VLAN switch Switch 1 Switch 1 Gateway Switch 2 Switch 3 For Switch 2 ports 1 2 and 3 are allowed to communicate with uplink port 4 but not with other ports e Switch 2 VLAN 1 member port port 1 and port 4 e Switch 2 VLAN 2 member port port 2 and port 4 e Switch 2 VLAN 3 member port port 3 and port 4 For Switch 3 ports 2 3 and 4 are allowed to communicate with uplink port 1 but not with other ports e Switch 3 VLAN 1 member port port 2 and port 1 e Switch 3 VLAN 2 member port port 3 and port 1 e Switch 2 VLAN 3 member port port 4 and port 1 Host A cannot communicate with Host B due to the port based VLAN implementation on Switch 2 Host C cannot communicate with Host D due to the port based VLAN implementation on Switch 3 However the uplink ports on both Switch 2 and Switch 3 connect to the non
18. A A A Kus ttp RR ETAT IETT Static MAC Forwarding EPE RAPEAN E N PREE E N E E ALEE AAE ETE y a p ASIA nL ERE PIER Pe THT ec IH NER ESSI Per ENRIQUE err A 2 In the MVR configuration page check the VDSL port 1 to receive port and port 17 to Source port and make sure the check Tx Tagging for port 1 and port 17 Port Name Type Source Port Receiver 2 Hone Tagging Ne 1 pat OSE o LL OL Tx Tagging m 2 Pome OSL LLL TxTagging NE 3 poms 7 VDSE LL L TxTagging m 4 poms OSL M L TxTagging mE 5 POMS MBSE OO LA TxTagging m E Potos OOOO DSD ai jaaa LL LA TxTagging bs 7o pato DSL OO H Tx Tagging 8 598008 OSE Oo OE TxTagging me 9 Pome VDSE oL EA TxTagging Los 10 potio OSL A IKTagging s 11 potii MDSESo UL L TxTagging 12 2 porta OSE L9 L TxTagging m 13 Pati OSE Oo Oo L IKTagging 14 potia OSL OO OO L Tx Tagging 15 Betis OSE LA TxTagging 18 port16 VDSL Q Tx Tagging M C ME o E E MEE alti ss c D c E E qa D Rei 3 Click the Group configuration link to configure the multicast group IP Fill in the name for MVR and the IP range start IP address is 224 1 100 20 and End Address is 224 1 100 200 All contents copyright 2008 ZyXEL Communications Corporation 78 ZyXEL VES 1616 24FA 5x Series Support Notes OX Configuration MVR eae Multicast VLAN ID 100 fa un A a un A ah HE VLAN Name Start Address End Address Static MAC Farwardin i E 9 0 0 0 0 0 0 0 0 Filtering APA n TT JEEP rr
19. C On 3600 seconds Link Aggregation eee ere Ua ree Te ee er Teer Tere eer eee Te er ere Tre Ee Teer Tee ere ee EY unn ET A ME Port Authentication ccc AME W esce On m EAEE EET asi some ci MAC Limit 7 o On a 3800 seconds Access Control g On Iv 3600 0000000 X M8 n o n E e 3 3 On vw 3600 seconds Ses ye Re eee eee eee ere eer eee eet ES mon ERES mg eeen eeen Policy Rule 10 On Iv 3600 seconds VLAN Stacking 11 Oo On 3600 seconds Multicast 49 F On m 3600 ooo C Losueeeesstaspesmiisieecenieasn a NE PO c osan aA E DHCP Ls L On v 3600 seconds DiffServ 14 on v 3600 seconds CFM 15 Oo On 3800 seconds All contents copyright 2008 ZyXEL Communications Corporation 98 ZyXEL VES 1616 24FA 5x Series Support Notes RADIUS Server Setup Click RADIUS gt RADIUS SERVER in the navigation panel to display the configuration screen as shown You can use the default values or change the settings in the Authentication port and Shared Secret fields Make sure you configure the same settings on the client ZyXEL ADVANCED RADIUS ROOT CA SERVER CERTIFICATE RADIUS SERVER Server Port USER ACCOUNT Authentication Port 1812 Accounting Port 1813 165535 MAINTENANCE 185535 MANAGEMENT Allowed Access Type LOGOUT Allow Any IP Address Shared Secret 12345678 max 20 characters O Allowed Specified IP Address Network Address Allowed IP Address imax 20 No IP
20. Click Here link for Load Factory Default 3 A dialog box pops up with the Are you sure you want to load factory defaults prompt All contents copyright 2008 ZyXEL Communications Corporation T ZyXEL VES 1616 24FA 5x Series Support Notes Microsoft Internet Explorer 9 m Are vou sure vou want bo load Factory default Cancel 4 Click OK 5 Click OK again to start the configuration reset process 6 Please note that the IP address of the switch is now 192 168 1 1 Using the Console Port 1 Connect to the console port and open the Terminal Emulation Software 2 Enter the administrator login password to log into the CLI Enter erase run to load the factory default configuration General Networking DHCP Relay Option 82 Application ISP may want to limit the number of IP address or provide some specific client IP addresses based on the switch ports VLAN ID and option 82 string They can easily achieve this with the DHCP Relay Option 82 feature and a DHCP server that supports Option 82 The following figure shows a network example All contents copyright 2008 ZyXEL Communications Corporation 8 ZyXEL VES 1616 24FA 5x Series Support Notes Network DHCP Server 192 168 1 99 DHCP Client Setting up a DHCP Relay Option 82 Environment In this example we will show you how to configure DHCP relay settings to allow a computer to obtain a specific IP address from a DHCP server based on the
21. E VLAN VLAN Port Setting Static VLAN The Number Of VLAN 7 c m n Port Number 2 Index VID 2 E 6 8 10 12 14 16 18 Elapsed Time Status o X 1 3 5 7 9 LEE S CTI z VLAN U U U U U U U U Uu 1 1 0 00 12 Static Static MAC Forwardina U U U U U U U U U Filtering U Spanning Tree Protocol s U U z 2 T Broadcast Storm Control u U z z z 3 t z l Mirroring 3 102 T s T 0 00 11 Static Link Aggregation Z U 7 E 7 A icati 4 103 0 00 11 Static Port Authentication U u 7 E _ T MAC Limit U U Access Control 104 U T 0 00 11 Static Queuing Method U U Classifier 6 105 0 00 11 Static i U U T Policy Rule VLAN Stacking Multicast Poll Interval s 40 Set Interval Previous Page Next Page DHCP Change Pages D g g Answer In switch A add port 17 in each VLAN VID 101 port 1 2 17 TAG VID 102 port 3 4 17 TAG VID 103 port 5 6 17 TAG VID 104 port 7 8 17 TAG VID 105 port 9 10 17 TAG VID 106 port 11 12 13 17 TAG VID 107 port 14 15 16 17 TAG In switch B add port 17 in each VLAN VID 101 port 1 2 3 17 TAG VID 102 port 4 5 6 17 TAG VID 103 port 7 8 9 17 TAG VID 104 port 10 11 12 17 TAG VID 105 port 13 14 15 16 17 TAG Clients in the same VLAN on both switches can communicate with each other PVID Set PVID on switch A Port 1 2 101 Port 3 4 102 Port 5 6 103 Port 7 8 104 Port 9 10 105 Port 11 12 13 106 Port 14 15 16 1
22. EE Port Name Type immed Leave Max Multicast Group Profile IGMP Querier Mode Port Authentication REEERE ee eeen SEEE ee e EREE EEEE A ESV rH I IH ner m ML E MAC Limit 1 porto 1 VDSL Enable 2 MOD x E dge Access Control 2 porto2 VDSL Enable 2 MOD Edge Classifier P iba vos 2 MM Policy Rule po DSL Enable 1 VLAN Stacking 5 port0S VDSL v Enable 2 Edge v Multicast 6 port06 VDSL Enable 2 E dis 7 port VDSL Enable 2 E DHCP p a nana vnal zl Tal reatin unn lael Configuration of IGMP and IGMP snooping by CLI 1 Enable IGMP function in GS 4024 In the configure mode GS 4024 config router igmp 2 Enable IGMP snooping in VDSL switch In the configure mode of CLI All contents copyright 2008 ZyXEL Communications Corporation 66 ZyXEL VES 1616 24FA 5x Series Support Notes VES 1616FA 54 config igmp snooping 3 Display the IGMP Status In the exec mode of CLI VES 1616FA 54 show multicast 4 Display the IGMP snooping Status In the exec mode of CLI VES 1616FA 54 show igmp snooping Note One thing needs to be mentioned is that in the IGMP router we do not need to enable IGMP snooping function Overview of MVR MVR refers to Multicast VLAN Registration that enables a media server to transmit multicast stream in a single multicast VLAN while clients receiving multicast VLAN stream can reside in different VLANs Clients in different VLANs intending to join or leave the multicast group simply send the IGMP Join
23. I M 1 OF OF UU LI Lam uw Oo 0D D Ll Lam u u NLENL Lg O0 0 0 0 MM Lam u u BERR U NEM u r1 D D Dag rnm ngyMNEMNEMN 7 oO 07 0o Lam mM NM 0 08 0 0 6a ee eee 7 I NJ eae i YW OO 0 DnDngMNNEEMENEM NM 7I 7 NLEELI Lig v M rn BD 0 Baa ee eee UI 1 0 NNI NN MM MEME v i 2 2 O 21 BRC iv Il iv uuu i v V n 2 2 2 lv I v 7 i WM v WM vi Wd v Wd v v v ed v v v ilv K O 9 Finally verify the settings If you have configured the VLAN settings properly PC A can ping PC B and PC Z but not PC C or PC D and vice versa 10 For example PC A 192 168 1 4 24 PC B 192 168 1 5 24 PC C 192 168 1 6 24 PC D 192 168 1 7 24 PC Z 192 168 1 99 24 11 PING PC B from PC A successful reply messages C gt gt ping 192 168 1 5 Pinging 172 168 1 5 with 32 bytes of data Reply fram 172 168 1 5 hutez 32 time i12ms TTL 254 Reply from 192 168 1 5 hytes 32 time 6bms ITTL 254 Reply from 192 168 1 5 bhytes 32 time Yms TIL 254 Reply from 192 168 1 5 bhytes 32 time 6ms TTL 254 Ping statistics for 192 168 1 5 Packets Sent 4 Receiwed 4 Lost Az loss Approximate round trip times in milli seconds Minimum 6ms Maximum i2ms Average Yms 12 PING PC Z from PC A successful reply messages All contents copyright 2008 ZyXEL Communications Corporation 31 ZyXEL VES 1616 24FA 5x Series Support Notes Seping 1972 168 1 99 inging 172 168 1 77 with 32 bytes
24. In order to prevent VLAN tagged packets between these two companies from transmitting to each other s network VLAN stacking is implemented in the ISP s network The ISP assigns a service provider VID for each company company XX is assigned an SP VID of 30 and company YY is assigned an SP VID of 40 The following shows the packet flow between Company XX HQ and its branch All contents copyright 2008 ZyXEL Communications Corporation 44 ZyXEL VES 1616 24FA 5x Series Support Notes office Company XX HQ gt Switch A gt Switch B gt Switch C gt Switch D gt Company XX Branch Office In this case VLAN Stacking is enabled on access ports 11 and 12 on Switch B An SP tag is appended for ingress traffic and the appended SP tagged is removed during egress VLAN Stacking is also enabled on the tunnel port on switches B port 10 C and D Static VLAN Tx tagging must be DISABLED for the port which is set as a Normal or Access Port Static VLAN Tx Tagging MUST be enabled on a port set as the Tunnel port The following shows the packet flow between Company YY HQ and its branch office Company YY HQ gt Switch F gt Switch G gt Switch C gt Switch B gt Switch H gt Company YY Branch Office VLAN Stacking is enabled on access port 10 on Switch G An SP tag is appended on the ingress traffic and the SP tag is removed during egress VLAN Stacking is enabled on a Tunnel port on switches G port 9 C and B From Switch A to Switch H
25. MER 12 9 Norma O Fixed QO Forbidden lv TxTagging NER 13 9 Normal QO Fixed O Forbidden lv TxTagging NER 14 Norma O Fixed QO Forbidden lv TxTagging MEN 15 9 Normal Q Fixed QO Forbidden lv TxTagging MER 16 Normal O Fixed O Forbidden lv TxTagging NER 17 Q Normal Fixed O Forbidden lv TxTagging 18 9 Normal Q Fixed Q Forbidden Tx Tagaing Check the ACTIVE checkbox to enable and fill in the VLAN name Data and VLAN ID 203 Configure port 1 and port 17 to Fixed and check the Tx Tagging checkbox All contents copyright 2008 ZyXEL Communications Corporation 80 ZyXEL VES 1616 24FA 5x Series Support Notes 4 VLAN VLAN Status ACTIVE essent t te Name Data VLAN Group ID Port Control Tagging NEN 1 Q Nemal 9Fied Q Forbidden lv TxTagging NEM 2 amp Normal O Fixed O Forbidden lv TxTagging NEN 3 Norma O Fixed QO Forbidden lv TxTagging sss 4 9 Norma Q Fixed QO Forbidden v TxTagging NEN 5 9 Normal O Fixed O Forbidden v TxTagging sss 8 0 Norma O Fixed O Forbidden lv TxTagging hates 7 Norma O Fixed O Forbidden v TxTagging MEM 8 Norma Q Fixed O Forbidden 1v TxTagging
26. Precedence l v Save Apply After finishing the process of creating the WAN interfaces and Queue click the oave Reboot button on the Queue Config page to save the above settings and reboot the device for the changes to take effect 3 Configuration the QoS classification to classify traffic flow Open Advanced Setup gt QoS Classification page to classify traffic flow Click ADD button to add a new classification rule in this document we need create classification rules to identify and classify the PPPoE IPoE and VolP traffic flows All contents copyright 2008 ZyXEL Communications Corporation 85 ZyXEL VES 1616 24FA 5x Series Support Notes Quality of Service Setup Device Info Advanced Setup Choose Add or Remove to configure network traffic classes WAN LAN If you disable WMM function in Wireless Page classification related to wireless will not take Security effects Quality of Service WAN INTERFACE MARK TRAFF __ eve Config EN IR GW DSCP Queue 802 1P VLAN Lan epp Source Source bens QoS Classificati Name E addr Mark ID Mark ID Port Addr Mask Port Routing DNS nas 0 8 35 203 9 0 203 Port Mapping Certificate pes nas O 8 35 203 9 Q 203 Wireless a Management IP inas O 8 35 3988 9 D 3988 IARP nas O 8 35 3988 9 0 3988 In the Add Network Traffic Class Rule page we can give each rule a name for easy identification for example PPPoE 1 PPPoE 2 IP ARP and VoIP Assign the order for each rule
27. Roaming D l Li 2 Time Offset im Gateways Value View Audits Statistics G DDNS amp TFTPI 4 Time Server 5 Name Server B Domain Server 8 Quotes Server 9 LPR Server 10 Impress Server 11 RLP Server 12 Hostname 13 Boot File Size 14 Merit Dump File 15 Domain Name 7 Log Server E Ww Doc1 Microsoft Word Inco enito Managemen You can choose to enable DDNS service on the DHCP server All contents copyright 2008 ZyXEL Communications Corporation 22 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 File Edit 1 Reports Help Xx 8 A E IP Commander 2 192 168 1 99 lt ONL Service Configuration for 192 168 1 99 ONLINE Stand alone gt E Service Configu Administrator Ac Network Views ago e Export Wiza IP Commander Administrator Configuration Utility i Client revisigiesf T k RUSS Copyright c Ba PR Eo B CO CP E158 E f Spot Incognito S Policies Access Control Management Static Addresse Gerver In order to enable automatic DNS Commander updates you must specify the IP Llient Llasses Gervice addiess uf the Dumain Name Server DNS Certara tnt Enabling Updates for Incognito s DNS Commander Hardware Mapp Active IP Addre Anti Roaming D View Audits Statistics G DDNS amp TFTPI E Fannel Ww Doc1 Microsoft Word Inco anito Managemen Click Finish to complete the rule creation A
28. Route Setup MAT Firewall Quality Of Service Management Passwords Reset to Default Save and Reboot Exit gt sh After that enter the below commands to configure the port based VLAN settings All contents copyright 2008 ZyXEL Communications Corporation 88 ZyXEL VES 1616 24FA 5x Series Support Notes ebtables I INPUT 1 i eth1 4 j mark set mark 0x80004 a Efx use File Propertiezs S5etting Back Space key sends Main Menu UDSL Link State LAN WAN DNS Server Route Setup HAT Firewall Quality Of Service Management Passwords Reset to Default Save and Reboot Exit sh Bus yBox vi HH 12067 H6 245 15 36 000 Built in shell msh Enter help for a list of built in commands ebtables I INPUT i i ethi 4 j mark set mark 680604 The second command is ebtables I FORWARD 1 i eth1 4 j mark set mark 0x80004 B x Main Menu UDSL Link State LAN WAN DNS Server Route Setup MAT Firewall Quality Of Service Management Passwords Reset to Default Save and Reboot Exit sh Bus yHoxw vi H 2HH7 BH6 25 15 36 HBHBHB Built in shell amp msh Enter help for a list of built in commands Ht ebtables I IMPUT 1 i ethi 4 j mark set mark Hx8HBHB4 H ebtables I FORWARD i i ethi 4 j mark set mark HxB8HHBH4 After issuing these two commands the settings are done Type exit to exit the CLI All contents copyright 2008 ZyXEL Communic
29. Then change the password by settings the password fields All contents copyright 2008 ZyXEL Communications Corporation 114 ZyXEL VES 1616 24FA 5x Series Support Notes MENU Basic Setting Logins Access Control Advanced Application in istrator Routing Protecel N Old Password Management NN New Password Retype to confirm haintenance Access Control Diagnostic Please record your new password whenever you change it The system will lock you nut Syslog if you have forgotten your password Cluster Management MAC Table ARP Table Edit Logins Login User Mame Password Retype to confirm s _____ NENNEN EENNMZMNMNrc eU 4 Apply Cancel How to access the Command Line Interface CLI There are two ways to access the Command Line Interface through the console port or Telnet If you want to access through the console port Refer to the How to access the Switch through the console port section for more information If have forgotten the password how to reset the password to the default setting If you have changed and forgotten the password you will need to reload the factory default configuration Note that all your previous configuration will be lost 1 Connect the console cable to your computer and launch a terminal emulation software 2 Restart the switch and press any key to enter the debug mode at the Press any key to enter Debug Mode within 3 seconds prompt 3 Enter atlc
30. VDSL port VLAN ID and the Option82 string In this network environment we will use a VES 1616FA 5x series with a computer connected to a CPE to the first VDSL port The Option82 string is set to VES 1616FA 54 The IP address of the DHCP server IP Commander at 192 168 1 99 and it is to assign client IP addresses of 192 168 1 201 and 192 168 1 203 for VLAN ID 1 with Option82 string of VES 1616FA 54 1 Switch settings In the web configurator click Advanced Application DHCP in the navigation panel to display the DHCP screen as shown Enable the DHCP relay feature and the Option 82 function Click Information to set VES 1616FA 54 as the Option 82 string All contents copyright 2008 ZyXEL Communications Corporation 9 ZyXEL VES 1616 24FA 5x Series Support Notes VLAN Client IP Pool Starting Address static MAC Forwarding Size of Client IP Pool Filtering ROLE MM MM HM ae M M TT Spanning Tree Protocol 22222 Se ee PUN Broadcast Storm Control Default Gateway Mirroring Primary ONS Server Sep nid Se Secondary DNS Server DD Port Authentication eL CODD E O meme TTT TTT Sr eer herent Terr CR SR ER tt reer rrr rt MAC Limit Access Control Queuing Method Classifier FOE Option 82 V Relay Agent Information VLAN Stackin accen cct dc enc RR pe rnc ccn coco ncc RB Amp op Erebi RE 2 Information VES 1616FA 54 Multicast IDE SSS Uem eT VEMM oad ie fa asad Se AN dela SEHE TI
31. VDSL Enable 2 MOD w Multicast port 6 VDSL Enable 2 MOD MVR 7 port07 VDSL Enable 2 MOD v NHCP 5 Open Advanced Application gt VLAN and click static VLAN link to create VLAN Check the ACTIVE checkbox to enable and fill in the VLAN name VoIP and VLAN ID 201 Configure port 1 and port 17 to Fixed and check the Tx Tagging checkbox All contents copyright 2008 ZyXEL Communications Corporation 19 ZyXEL VES 1616 24FA 5x Series Support Notes e Static VLAN aD san Sue ACTIVE Name VoIP VLAN Group ID E o Port Control Tagging EK 1 Norma Fixed QO Forbidden Iv Tx Tagging MER 2 9 Normal Fixed QO Forbidden V TxTagging NEN 3 Norma O Fixed Q Forbidden v TxTagging NEN 4 o Normal Fixed Forbidden v TxTagging NEN 5 9 Normal O Fixed O Forbidden v TxTagging NEN 8 0 Norma O Fixed O Forbidden v TxTagging NEN 7 9 Norma Fixed QO Forbidden v TxTagging MERE 8 Norma QO Fixed QO Forbidden lv TxTagging NEN 9 Norma Q Fixed QO Forbidden lv TxTagging MEN 10 Normal O Fixed QO Forbidden lv TxTagging NER 11 Normal O Fixed O Forbidden lv TxTagging
32. WAN LAN S it VLAN Mux 802 1P Con ID Service Interface Protocol Igmp NAT QoS State Remove Edit ecuri y Off Off 1 NMS nas 0 8 35 MER Disabled Disabled Enabled Enabled ARES Quality of Servi uality of Service Routing 203 D 2 br0 8 35203 nas 0 8 35 203 Bridge N A N A Enabled Enabled 7 RES DNS 3988 D 3 br 0 8 35 3988 nas 0 8 35 3988 Bridge N A N A Enabled Enabled iREH Port Mapping 4001 0 4 jbr 0 8 354001 nas 0 8 354001 Bridge N A N A Enabled Enabled 7 RES Certificate Wireless Management fare Sareea Open Advanced Setup gt WAN to Create new WAN Interface First click the add button to add a new interface Then check the VLAN Mux option to enable the IEEE 802 1Q VLAN on this Interface and fill in the VLAN ID Click the Enable Quality of Service option to enable QoS feature on P 870H 51 then click the next button to move to the next step EISE SRA EE axe WAN Configuration To configure the WAN interface enter the appropriate DSL WAN service ar use the check box to select WAN service over portii interface Mote before you select VAM service over porti interface you must erase all existing DSL WAN service configuration Also once vau select VAM service aver Pott vou cannot configure any other DSL VAM service until the WAN service aver Ethernet entry is deleted Enable WAN service on porti DSL WAN service VLAN Mux Enable Multiple Protocols Over a Single PC 802 10 VLAN ID 0 4095
33. and H create a VLAN with VID 1 which contains all the port members By default VLAN1 is already created for you The setting required is to make sure that port 17 is a member of VLAN 1 and that egress tagging is enabled on the port By default all the ports in VLAN 1 are untagged during Egress Configuring Switch B Using the Web Configurator 1 Use an RJ 45 Ethernet cable to connect your computer to the MGMT port on the switch 2 By default the IP address on the MGMT port is 192 168 0 1 24 3 Set your computer to use a static IP address in the same subnet for example 192 168 0 2 24 4 Open a web browser such as IE and enter http 192 168 0 1 as the URL 5 A login screen displays Enter admin the default as the username and 1234 the default as the password 6 After you have logged in successfully the main screen displays as shown All contents copyright 2008 ZyXEL Communications Corporation 46 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL MENU O m Status Fl Logout E Help System Up Time 29 10 27 Port Link State LACP TxPkts RxPkts Errors TXKB s RxKB s Up Ti BL RR Ue oS SNR dc i INI d RII ic RR NRI NER LN a DENM coc RRS RRO 1G Sa RR ik SRR OR ROT RON TROOP SANE 79 0 amp 0 0 00 Down STOP Disabled 0 0 00 8 00 Down i STOP Disabled EB S EH HU 0 0 00 3 000 00 3OUD0 0 00 DD 3OU0 0 00 0 0 O0 8 00 IU C NERONE US Oy sit 8 0 BBS 3 4 T C GU EE M oo MM EM ECHO I
34. and H Using the Web Configurator 46 Configuring Switch B Using the Web Configurator 46 Configuring Switch C Using the Web Configurator 50 Configuring Switch D Using the Web Configurator 52 Configuring Switch G Using the Web Configurator 55 Network ScenariO 59 Configuring Switches A E F and H Using the CLI 59 Configuring Switch B Using the CLI 60 Configuring Switch C via CLI 61 Configuring Switch D Using the CLI 62 IP Multicasting 64 Configuring IGMP snooping in your switch 64 Configuration of IGMP snooping by web 65 Configuration of IGMP and IGMP snooping by CLI 66 Overview of MVR 67 MVR Mode 68 All contents copyright 2008 ZyXEL Communications Corporation 1 ZyXEL
35. frame VID VID hd Tagged frame Untagged frame ui PVID RII After Ingress Process all frames have a 4 bytes tag and VID information and they are transitioned into Forwarding Process 2 Forwarding Process The Forwarding Process makes forwarding decisions on the received frames All contents copyright 2008 ZyXEL Communications Corporation 35 ZyXEL VES 1616 24FA 5x Series Support Notes based on the Filtering Database If you want to allow tagged frames to be forwarded to a certain port this port must be the egress port of this VID The egress port is an outgoing port for the specified VLAN that is frames with a specified VID tag can go through this port Filtering Database stores and organizes VLAN registration information useful for switching frames to and from switch ports It consists of static registration entries Static VLAN or SVLAN table and dynamic registration entries Dynamic VLAN or DVLAN table SVLAN table is manually added and maintained by the administrator DVLAN table is automatically learned via GVRP protocol and can t be created or updated by the administrator VLAN entries in Filtering Database have the following information 1 VID VLAN ID 2 Port The switch port number 3 Ad Control Registration administration control There are 3 types of ad control including forbidden registration fixed registration and normal registration e Forbidden registration This port is forbidden to be the egre
36. from the receiver port will not be transmitted to a multicast router Multicast router must be statically configured Operation Mode Join Operation A subscriber sends an IGMP report message to the switch to join the appropriate multicast It tests whether the IGMP report matches the switch configured multicast MAC address If matches the switch CPU modifies the hardware address table to include this receiver port and VLAN as a forwarding destination of the MVLAN e Leave Operation Subscriber sends an IGMP leave message to the switch to leave the multicast The switch CPU sends an IGMP group specific query through the receiver port VLAN If there is another subscriber in the VLAN subscriber must respond within the max response time If there is no subscriber the switch eliminates this receiver port e Immediate Leave Operation Subscriber sends an IGMP leave message to the switch to leave the multicast Subscribers do not need to wait for the switch CPU to send an IGMP group specific query through the receiver port VLAN The switch will immediately eliminate this receiver port scenario of MVR In the following section we will provide an example to illustrate how to configure MVR In this scenario the main job of media server is to transmit the media stream via port 10 to GS 4024 The multicast traffic flowing into the GS 4024 will be tagged with PVID 100 In the VES 1616F 3X we enable the MVR function to allocate the multicast traffi
37. leave message to a receiver port The receiver port belonging to one of the multicast groups can receive multicast stream from media server In the Figure 1 without support of MVR the Multicast stream from the media server and the subscriber must reside in the same VLAN For each VLAN A media server is required to transmit multicast stream once and totally media server transmits 6 times In the Figure 2 on the contrary with MVR a media server is required to transmit multicast traffic to clients in different VLANs at once All contents copyright 2008 ZyXEL Communications Corporation 67 ZyXEL VES 1616 24FA 5x Series Support Notes lt single multicast w wax CH1 VLANI CH1 VLAN2 CH1 VLAN3 CH1 VLAN4 CHI VLAN5 CHI VLAN6 89 4024 multicast aem VES 1 61 6F Ni CH1 VLANI CH1 VLAN2 CH1 VLAN3 CH1 VLAN4 CHI VLAN5 CHI VLAN6 NX Ai a Figure 2 MVR Mode e Dynamic Mode If we select the dynamic mode in MVR setting IGMP report message transmitted from the receiver port will be forwarded to a multicast router through its source O CO All contents copyright 2008 ZyXEL Communications Corporation ZyXEL VES 1616 24FA 5x Series Support Notes port Multicast router knows which multicast groups exist on which interface dynamically e Compatible mode If we select the dynamic mode in MVR setting IGMP report message transmitted
38. media the higher the cost oome of the path costs specified in the IEEE 802 1d specification are listed below All contents copyright 2008 ZyXEL Communications Corporation 93 ZyXEL VES 1616 24FA 5x Series Support Notes 4Mbps 100 to 1000 10Mbps 100 50 to 600 16Mbps 62 40 to 400 100Mbps 18 10 to 60 1Gbps 4 3 to 10 10Gbps 2 1to5 e 3 When multiple ports have the same path cost to root bridge the port with lowest port priority is selected as root port 3 Select a designated port on each segment For each LAN segment collision domain there is a designated port The designated port has the lowest cost to the root bridge Designated ports are normally in the forwarding state to forward and receive traffic to the segment If more than one port in the segment have the same path cost the port on which bridge has the lowest bridge ID is selected as a designated port How STP works After STP determines the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops STP aware devices exchange Bridge Protocol Data Units BPDUs periodically Whenever the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for Hello BPDUS Bridge Protocol Data Units transmitted from the root
39. network element NE and collects information from these NE for the EMS Running in the background to provide queries for the EMS is PostgreSQL an enterprise relational database system Figure 1 System Architecture a anum gems Pe aum n aor Ini g Bm m Graphical User Interface Database Server Postgre SQL SNMPc Overview The following figure shows the main screen elements of SNMPc Main Button Bar Button and controls to execute commands quickly Edit Button Bar Button to quickly insert map element Event Log Tool Button display filtered event log entries View Window Area Map View Mib Tables and Mib Graph windows are displayed here e View Window Area Map View Mib Tables and Mib Graph windows Figure 2 Main elements of SNMPc All contents copyright 2008 ZyXEL Communications Corporation 106 ZyXEL VES 1616 24FA 5x Series Support Notes be it Yer bet Hone Tn Gale Mat BeO amp s 5 ale a y e Pl 1 1 P P 9 2 AI FrusfafoEntry S S Ee Eg Root Subnet 2 38 local L 4 VES 1516F 35 m Hormal 11 10 2006 11 36 58 localhost User fidninistrator at 127 0 0 1 Login OK M Custom A Custom 7 Custom B For Help press F1 EMS Overview The following figure illustrates the main elements in the EMS e Menu Shortcut Bar The buttons execute common commands Device Panel This is a graphical device display Device List Panel View devices in a tree structure
40. of data eply From 192 168 1 99 bhytes 32 time 15ms TTL 254 eply from 192 168 1 99 bhytes 32 time 6ms TTL 254 eply From 192 168 1 99 bhytes 32 time 6ms TTL 254 eply from 1972 168 1 797 bytes 32 time ms ITL 254 ing statistics For 192 168 1 99 Packets Sent 4 Heceived 4 Lost B HH loss gt pproximate round trip times in milli seconds Minimum 6ms Maximum 15ms Average 8ms 13 PING PC C from PC A not successful with request timed out message gt ping 192 168 1 6 inging 192 168 1 6 with 32 bytes of data equest timed out equest timed out equest timed out equest timed out ing statistics for 192 168 1 6 Packets Sent 4 Received 4 18HBe loss gt Configuring the Switch Using the CLI 1 Connect the your computer to the console port on the switch 2 Open your Terminal program for example Hyper Terminal in Windows System 3 Make sure the console connection settings are configured as listed below Bps 9600 Data bits 8 Parity None Stop bits 1 Flow control None 4 After you can connect successfully enter the user name and password 5 Enter config to go into the configuration mode 6 Enter the following commands to configure Port Based VLAN on your Switch in this network example All contents copyright 2008 ZyXEL Communications Corporation 32 ZyXEL VES 1616 24FA 5x Series Support Notes UES IBIEFR 54 sali vlan type port based interface port channel egress ES
41. to the switch and renames it to config 7 Enter bye to log out from the switch All contents copyright 2008 ZyXEL Communications Corporation 5 ZyXEL VES 1616 24FA 5x Series Support Notes Backing Up a Configuration File Using the Web Configurator 1 Click Management gt Maintenance in the navigator panel to display the following screen Maintenance 3 Routing Protocol i_ Firmware Upgrade 4 lick Here Casse gt Management 0 1 Restore Configuration QClICKHeTe s ee Backup Configuration GClikHere jJ Load Factory Default lick Hi Maintenance ie rrr cene ESTEE eaeeLed aenpeeateearevhORt Diagnostic Reboot System syslog MAC Table ARP Table Loop Diagnostic CFM Action 2 Click the Click Here link for Backup Configuration to display the following screen Backup Configuration _ Maintenance This page allows you to back up the device s current binary configuration ta your workstation Now click m the Backup button c d E Maintenance Diagnastic Syslog WAC Table ARP Table Loop Diagnostic CFM Action 3 Click Backup to display the File Download dialog Then click Save to back up the configuration text file to a location you specify on your computer Using the Console Port 1 Connect to the console port and launch a Terminal Emulation software 2 Restart the switch to enter the debug mode via the terminal 3 Enter ATTD 4 Use X m
42. 004 by ZyXEL Communi To enable VLAN stacking select Active Set port 25 as the tunnel port and leave the SPVID field to the default settings 25 Tunnel For v o iM 9 You have finished setting Switch G for VLAN stacking for this network example All contents copyright 2008 ZyXEL Communications Corporation 58 ZyXEL VES 1616 24FA 5x Series Support Notes Network Scenario Company XX branch Company YY branch Switch a Ss Witch G Na Am Port 17 Switch adm xo Company XX HQ Company YY HQ Configuring Switches A E F and H Using the CLI On switches A E F and H create a VLAN with VID 1 which contains all the port members By default VLAN1 is already created for you The setting required is to make sure that port 17 is a member of VLAN 1 and that egress tagging is enabled on the port By default all the ports in VLAN 1 are untagged during Egress 1 On switches A E F and H create a VLAN with VID 1 which contains all the port members By default VLAN1 is already created for you The setting required is to make sure that port 17 is a member of VLAN 1 and that egress tagging is enabled on the port By default all the ports in VLAN 1 are untagged during Egress 2 Connect your computer to the console port on the switch 3 Open a Terminal program for example Hyper Terminal in Windows 4 Configure the console port settings as shown next Bps 9600 All contents c
43. 02 1p if 802 1q is enabled o 802 10 VLAN ID 0 4095 203 On this page there are two sets of the traffic parameters used to define the traffic In the section of SET 1 we can base on the layer 3 parameters and SET 2 is the protocol type In this case we will use protocol type to class PPPoE and IPoE IP and ARP There are two types of protocols for PPPoE 8863 and 8864 the Hex All contents copyright 2008 ZyXEL Communications Corporation 86 ZyXEL VES 1616 24FA 5x Series Support Notes code for IP is 0800 ARP is 0806 Click Save Apply button to save and finish the process of creating a new network traffic class rule SET 2 i 802 1p Priority v Protocol Type hex O600 FFFF B863 SavejApply Repeat the above steps to create the classification rule for PPPoE IPoE and VolP Device Info Advanced Setup Quality of Service Setup Choose Add or Remove to configure network traffic classes WAN LAN If you disable WMM function in Wireless Page classification related to wireless will not take Security effects Quality of Service WAN INTERFACE MARK TRAFF Meet Queue Config Class GW DSCP Queue 802 1P VLAN Lan Source Source ME QoS Classificati Name Interface addr Mark ID Mark ID Port 9C9 0 DSCP la ie Mask Port Routing DNS PPPOE nas 0 8 35 203 9 f 203 Port Mapping Certificate on nas 0 8 35 203 0 20 Wireless Management IF nas 0 8 39 39 2 ARP jinas_O 5 39 O In this case we wi
44. 07 port 25 PVID any Set PVID on switch B All contents copyright 2008 ZyXEL Communications Corporation 39 ZyXEL VES 1616 24FA 5x Series Support Notes Port 1 2 3 101 Port 4 5 6 102 Port 7 8 9 103 Port 10 11 12 104 Port 13 14 15 16 105 Port 25 PVID any Setting up VLAN Trunking With the benefit of deploying VLAN trunking you can connect two switches through a port that is configured as the VLAN trunking port VLAN tagged frames from PC1 connected to switch 1 can reach PC 2 connected to switch 2 through the VLAN trunking port In this example port 17 on VES 1 is configured as the VLAN Trunking port while on VES 2 port 17 is the VLAN Trunking port The following figure shows the network example The configuration screen for switch 1 is shown as follows All contents copyright 2008 ZyXEL Communications Corporation 40 ort Notes VES 1616 24FA 5x Series Su ZyXEL VLAN Status Port Isolation Ort settini j NUN GVRP Acceptable Frame Type GVRP Port Ingress Check PVID In A wt aaa 0000 G Bl GB Bl All 1 v oooooo 1 1 1 Lal BIBIB IBI BI BIB 6 7 B g 2 Nu wn if 13 SCR 15 16 17 18 The configuration screen for switch 2 is shown as follows 41 All contents copyright 2008 ZyXEL Communications Corporation ZyXEL VES 1616 24FA 5x Series Support Notes e NZL y Port Isolation VLAN Sta
45. 120 j 24 CEM eae B Address Prefix Classifier 2 Classifier g ee Active v a Name 2 beossessscosesesesssccodii Uo oec00000000200900000000000000000000000000000000000000000000008 acket Format All M gt 9 Any ME VLAN VLAN O Static MAC Forwarding PERSA EA NEN Wcguw ans vaCuaed ccueantdeeaushive s lt ouccedseeuseesaceescscodectsseeebateccscusadecvcesscecseuetcsesevaecencvacccedducaseeschurdececusdectssetecce ens Filtering Priority Any Spanning Tree Protocol Pra EE EE O 0 Iv per n Broadcast Storm Control Ethernet IP M Mirroring Layer2 Te Others OAA j yya Link Aggregation Any Port Authentication MAC Address ae Source Onc NE RR Access Control 22222 Port ee ee Port2 m Borges beach EEOSE cused dede dda EEEE PELTA AE PELE AEE PER EARNE E PEE N Queuing Method Any Destination MAC Address IL ooo Of MAN NN NE NN aS Classifier 3 All contents copyright 2008 ZyXEL Communications Corporation 103 ZyXEL VES 1616 24FA 5x Series Support Notes Advanced Application VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Broadcast Storm Control Mirroring Layer 2 Link Aggregation Port Authentication MAC Limit Access Control Queuing Method An Any ere Destination MAC Address O wc NN T mM a T a Policy Rule Configuration The following figures show the screen settings for each pol
46. 1616FA 54 config vlan type port based interface port channe l egress UES 1616FA 54 config vlan type port based interface port channel egress UES IBIBFR eal eal i VES 1616FA 54 config vlan type port based interface port channe l egress UES IBIBFR 54 config vlan type port based interface port channel egress UES 1516FA S4 config vlan type port based interface port channel egress UES IBIBFR 54 config vlan type port based interface port channel egress UES 1616FA S4 config vlan type port based interface port channel egress t ES IBIBFR 54 config it exit UES 151BFR 544t write memory f After entering the commands use the write memory command under the enable mode to save your configuration What is IEEE 802 1Q Tag based VLAN Tag based VLAN Overview In the IEEE 802 1Q standard Tag based VLAN uses an extra tag in the MAC header to identify the VLAN membership of a frame across bridges This tag is used for VLAN and QoS Quality of Service priority identification The VLANs can be created statically by an administrator or dynamically through GVRP The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID Tag Protocol Identifier residing within the type length field of the Ethernet frame and two bytes of
47. 1B o Normal O Fixed Forbidden Ml TxTagging CFM 17 Q Normal 9 Fixed Q Forbidden Tx Taagina Open Advanced Application VLAN VLAN Port Setting to change PVID for the ports 1 2 and 3 MENU o o OMELET J Port Isolation WLAN Status aa ae ced M oun HI p H 2 Port Ingress Check PVID GVRP Acceptable Frame Type VLAN Trunking i F vn 7 ee ee D ssl ZENTREN D sus Static MAC Forwarding 2 E 1 Filtering 3 Ali v O Spanning Tree Protocol 4 Fj All m 1 Broadcast opm Compro oeeeee mmm ERERRERERERRRERRRESeeeeeeeeeeeeenme e IRE cmn CU NE E Mirrorina 5 C All bul L Link Agaregation 6 F All Port Authentication 7 All C MAC Limit ERIS cape UE DEDIT E ciate aie EIER SUCI LLL ACT ADEICIDILILIDTDEIZLICE OR RTENOIDEDICHUIEIEIEIDIONORGH D ars E DESC T DHT DELL ats oie EET TE LDDIECIETCIEITIERCILICELIEITICIEIELETICIEREECIGI a E IEEE DAD OL ON ELLE AAT EE Access Control Queuing Methad 3 Classifier 10 1 Al v 1 VLAN Sta cki n g IMDB CIKKEIJUDUOULEEEEEXGDUUUEEPEERIRCTERRERECENIID III LI UU T EEXEEEERENIUDUDULUEKIUDULIXIIERIG EEEE TOTTE I EENT E EATI T E TTT 2 7 Multicast 1 1 m Al ill d F MVR 13 Dien 1 z Mo E CFM a e REETETESEEETETETETEETERET eee eese innen nennen seee rerrerrereeereerrerrrrs eene nennen enne 5 Before we start to use the MVR it is fundamental to enable the IGMP Snooping first In the VES 1616FA 54 Menu cli
48. 203 802 1P Priority 0 7 lo Auto VLan Tagging Tag vlan id according to classification rules Enable Quality Of Service Enabling packet level Gas far a PYG improves performance for selected classes af applications Use Advanced Setup Quality of Service to assign priorities far the applications Fnahle Giialitw Of Service Fl In the connection type configuration page select Bridging mode and click the next button to move to the next configuration step All contents copyright 2008 ZyXEL Communications Corporation 83 ZyXEL VES 1616 24FA 5x Series Support Notes HERRAN Ese IERI RZE Connection Type Selectthe type of network protocol over DSL YVAN service that your ISF has instructed you to use PPP over Ethernet PPPOE MAC Encapsulation Routing MER 9 Bridging The next step is to modify the WAN interface name Then click the next button to move to the next configuration step page PEERS HELE RS XE Unselect the check box below to disable this WAN service Enable Bridge Service Service Mame be 0 8 35208 The last is the confirmation page click the save button to save and finish the process of creating the WAN interface Repeat the above steps to create the other three interfaces with the VLAN ID 201 3988 and 4001 2 Create a Queue for the WAN Interface via WEB GUI Open Advance Setup Queue Config and click the Add button to open the QoS Queue configuration page All contents cop
49. 4 When the starting XMODEM upload message displays start XMODEM upload of the default configuration rom file to the switch 5 After the file upload process is complete enter atgo to exit from the debug mode 6 The system will automatically restart Wait until the system has restarted before you log in again The default IP address is 192 168 1 1 and the default password is 1234 How to configure the IP address All contents copyright 2008 ZyXEL Communications Corporation 115 ZyXEL VES 1616 24FA 5x Series Support Notes Using the Web Configurator Click Basic Setting gt IP Setup in the navigation panel to display the configuration screen z FE Setti 1g 4 lai 1 47 2 Advanced Application i PATENTEEN Domain Name Server 7722352 Routing Frotoco r S Default Management in band C Outof band Mara gement System Info in band fManagerment IP C DHCP Client General Setup Mdidress Static IP Address pete IP Address 182 168 1 1 P Setup EUM IP Subnet Mask 255 265 255 0 Por Setup YOSL Profle Setup Default Gateway 192 168 1 254 VDSL Alarm Profile Setup VID NH 1 CQuit of band Managemen IP IP Address 218801 IP Subnet Mask 552552550 Default Gateway n 0 0 0 Apply Cancel Is Online Help available on the Web Configurator Yes You can click on the Help link in any web configurator screen to display the help content for that screen How to restart device from the Web Configur
50. 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 ONLINE Stand alone gt File Edit Service w Import Expo Help mt Werle Tools Reports Iis S oo IP Commander B 192 168 1 99 lt ONL amp B a9 Create Rule E Service Configu Administrator Ac General Rule Criteria High Water Marks Rule Options Network Views Rules e Templates Policies Access Control Management Static Addresse Lhent Llasses Hardware Mapp Active IP Addre Anti Roaming D A View Audits Statistics G DDNS amp TFTPI Created d Rule Wizard for 192 168 1 99 Create the rule criteria Select rule criteria from the keywords list and link them using operators in the operators list Use parantheses to specity the order ol preterence Keywords Operators Option number Sub option optional Data type Enter the data the client must match 82 E Binary Data pot 90001 31323438 82 Relay Agent Information Cancel lt Rark Len Cannel Last modified Search cu Doc Micro Incognito Ma 2 2 Ethereal After setting the fields you should see the following screen All contents copyright 2008 ZyXEL Communications Corporation 18 ZyXEL VES 1616 24FA 5x Series Support Notes File Edit Import Incognito Management Console configuring I Te NEM zT Wirands Tools Reports P Commander on 192 168 1 99 ONLINE Stand alone gt
51. ANs where the packet forwarding decision is based on the destination MAC address and its associated port You must define outgoing ports allowed for each port when using port based VLANs Note that VLAN only governs the outgoing traffic In the other word it is unidirectional Therefore if you wish to allow two subscriber ports to talk to each other e g between conference rooms in a hotel you must define the egress outgoing port for both ports An egress port is an outgoing port that is a port through which a data packet leaves In the following figure five hosts A B C D and E are connected to a 5 port layer 2 switch which supported port based VLAN Case 1 Hosts A and B can communicate with each other because they are in the same VLAN group But Hosts A and B cannot communicate with Hosts C D and E All contents copyright 2008 ZyXEL Communications Corporation 20 ZyXEL VES 1616 24FA 5x Series Support Notes Port based VLAN definition Egress port for port 1 port 2 e Egress port for port 2 port 1 Case 2 In this network example there are three VLAN groups in the physical network Hosts A and B can communicate with each other since they are in the same VLAN group VLAN 1 Hosts B and C are in VLAN group 2 Hosts A D and E are in VLAN group 3 Layer 2 Switch Port based VLAN definition Egress port for port 1 port 2 port 4 port 5 Egress port for port 2 port 1 port 3 Egress port for port 3 port
52. Address Shared Secret Create User Account Click RADIUS gt USER ACCOUNT in the navigation panel to display the configuration screen as shown You can use the existing user accounts or create a new one by clicking the Add New User button Note that the client site MUST use the account in the RADIUS server ZyXEL ADVANCED RADIUS ROOT CA SERVER CERTIFICATE RADIUS SERWER USER ACCOUNT Add Kew Jsar Select All MAINTENANCE Select All J MANAGEMENT a sn T 1 abyss abyss 00000 Change Password LOGOUT 2 zyxel Change Password Fest Supplicant Setup Windows XP You can use any supplicant software such as MeetingHouse Aegis client Funk Odyssey client and Microsoft 802 1x client For this example we will show you how to configure the Microsoft 802 1x client All contents copyright 2008 ZyXEL Communications Corporation 99 ZyXEL VES 1616 24FA 5x Series Support Notes 802 1x MD5 challenge setup Open the Local Area connection Properties screen and click the Authentication tab Select the Enable IEEE 802 1x authentication for this network option and select MD5 challenge in the EAP type field The following figure shows an example l Local Area Connection Properties E x General Authentication Advanced Select this option to provide authenticated network access For Ethernet networks W Enable IEEE 02 1 authentication for this network EAF type MD5 Challenge Properties REREESSRREEEESAR
53. FTP client on your computer to log into switch From the command prompt type ftp Switch IP gt Press ENTER when prompted for a user name Enter the administrator login password to access the switch and display FTP prompt Enter bin to set the transfer mode to binary Use put to transfer the firmware from the computer to the switch for example put firmware bin ras 0 transfers the firmware on your computer firmware bin to the switch and renames it to ras 0 Use put to transfer the firmware from the computer to the switch for example put firmware bin ras 1 transfers the firmware on your computer firmware bin to the switch and renames it to ras 1 Enter bye to log out from the switch Restore a Configuration File Using the Web Configurator 1 m LI H a kK a TI x un aD Click Management Maintenance in the navigator panel to display the following screen ARuEnnIn NN A4mmwareUpgrale Glid Here 5 0 REN Restore Configuration ClickHere ssl TE Backup Configuration amp GHEKHeTe sss Load Factory Default P Maintenance M MMMM e I n nn rI Nec Diagnostic Reboot System Syslog WAC Table ARP Table Loop Diagnostic CFM Action All contents copyright 2008 ZyXEL Communications Corporation 4 ZyXEL VES 1616 24FA 5x Series Sup
54. IRIRRRRRRRARRRRRRARRRRRRARRRRRRARRRRRRARRERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRARRRHRERRRRRRRRRRRRRARRRRRERRRRRRSERRRRRAEERE v Authenticate as computer when computer information is mwalable et Authenticate as quest when user ar computer information is unavailable Close Lancel When 802 1x authentication process starts you are prompted to enter the user name and password The following figure shows the prompt All contents copyright 2008 ZyXEL Communications Corporation 100 ZyXEL VES 1616 24FA 5x Series Support Notes GIF j elearning EN 2002297839 IWDOCHITIED CS ACEIVETEOrLES IT computer Advanced Help File Edit view Favorites Tools B wi ja Search j Folders ini Request timed out Request timed out ul wp Request timed out Request timed out MyiNetwork NG transmit failed plates transmit failed transmit gt transmit transmit transmit transmit gt transmit gt transmit z transmit gt transmit gt transmit transmit gt transmit transmit gt transmit gt transmit gt transmit transmit transmit a2 Lg 7j E Control Panel My Network Places My Documents Ad Aware SE jj My Computer Personal Details Shortcut to putty Local Area Connection I ae High Creed Internat g Start m 3 xs Jic Network Connections E Document1 Mic
55. Ns are specific only to the switch on which they were created Configuring the Switch Using the Web Configurator 1 Use an RJ 45 Ethernet cable to connect a computer to the management port on the switch 2 By default the management IP address of the switch is 192 168 0 1 24 3 Set the IP settings on your computer to 192 168 0 2 24 4 Open a web browser such as IE and enter http 192 168 0 1 as the URL 5 When prompted enter admin as the username and 1234 as the password 6 After you have logged in successfully the main web configurator screen displays All contents copyright 2008 ZyXEL Communications Corporation 29 ZyXEL VES 1616 24FA 5x Series Support Notes ED VDSL Summa System Up Time 26 47 51 Port Net Data Rate State Tx KB s Rx KB s Up Time Retrain 10 23740 238M Showtime 25 41 24 IT 5 oo DM oO a 3 e H T 0 0 0 0 00 00 Retrain 8 0 0 0 00 00 Retrain Pall Interval s 40 Pot ALL w Clear Counter 7 First set the switch to use port based VLAN Click Basic Setting gt Switch Setup in the navigation panel and select Port Based in the VLAN Type field Click Apply to save your changes 602 10 VLAN Type O DP nnn il rrr PotBased O O o MAC Address Learning Aging Time 300 seconds LINEN eee nmm rrr mnm 5 Join Timer 200 milliseconds Un 0000 MMM ai rrr a E System Info GARP Timer Leave Timer 600 eee General Setup i ESEA pre UP SAGE Sen acer C CE E E E Hess wine R
56. S Danis nf meets MVR aa Relay Remote ID uu Mw RemotellD O DHCP Remote ID Infarmation VES l Next connect a computer to the Ethernet port of the CPE to the 1 VDSL port Refer to the previous application for more information 2 IP Commander setup Launch IP Commander and right click IP Commander and click Connect New Server All contents copyright 2008 ZyXEL Communications Corporation 10 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console File Edit Service View Import Help S 5 A e ao IP Come sadar Connect New Service P Commander IP Commander Administrator Configuration Utility Client Revision 4 2 11 1 Copyright c 1998 2004 Incognito Software Inc ay Docl Microsoft Word Incognito Managemen q E4I T 03 38 Enter the IP address or domain name for the DHCP server and click OK For this example we enter 192 168 1 99 for the IP address All contents copyright 2008 ZyXEL Communications Corporation 11 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console Import Export WJ Reports Helr Ixzxie es5mizus5 ao IP Commander gt IP Commander IP Commander Administrator Configuration Utility Client Revision 4 2 11 1 Copyright c 1998 2004 Incognito Software Inc Select Server Please enter the name of the server with the IP Commander service you would like to manage Cancel Incognito Managemen ial zzi Microsoft
57. Spot Incognito S Policies Access Control Management Static Addresse Gerver Lhent Llasses Service Hardware Mapp Active IP Addre Rule is disabled Anti Roaming D View Audits M Ping before allocation Statistics G DDNS amp TFTPI Require legal hostname RFC 1123 Service Ina Rule options Yau may specify the rule antinns fnr Rule is reserved every rule that you create Do not send Host Domain Shuffle IP addresses allocated from this rule E Cancel Ww Doc1 Microsoft Word Incognito Managemen Optionally you can create a new DHCP template with information such as gateway DNS server etc All contents copyright 2008 ZyXEL Communications Corporation 20 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 File Edit i W Reports Help acgo e Export Wiza Xx 8 E 2 192 158 1 98 lt ONL Service Configuration for 192 168 1 99 ONLINE Stand alone gt E Service Configu Administrator Ac IP Commander Administrator Configuration Utility E Client revisiqiss i k Pues Copyright cB d DR AE cry 98 PAS L0 CUL IP Commander Network Views f Sinpietit Incognito S Policies Access Control Management Static Addresse Server Lhent Llasses Service Hardware Mapp Active IP Addre Anti Roaming D View Audits Statistics G DDNS amp TFTPI Create a new template C Link an existing template to the rule Se
58. Subnet S Ele Elit View Insert Manage Tools Config Window Help A Ei e a 11 Er Root Subnet Discovered Objects a 102 16 1 192 1681 ES8 2108 i5 Major 12 27 2885 13 53 44 192 168 1 54 No Response to Device Poll Major 12 27 2005 13 53 44 192 168 1 1 No Response to Device Poll Major 42 27 2005 13 S8 hh 192_ 168 1_66 No Response to Denice Poll 8 Ascreen displays as shown Click Switch Manager to display the main EMS screen as shown in Figure 11 Figure 11 Device Selection S ZvXEL Ne titles Element Management System Window Admm Help m Ig switch Manager 9 The device list panel on the left displays a logical hierarchy of the devices You can also see the devices added under the Rootmap in this list Figure 12 shows an example All contents copyright 2008 ZyXEL Communications Corporation 112 ZyXEL VES 1616 24FA 5x Series Support Notes Figure 12 Rootmap Ge ZyXEL Net tlas Enterprise EMS Map View Template Provisioning Performance Fault Maintenance Tool Help S xenia Device IPAddre ss Descriptions spes a E EN Toot 172 23 15 115 172 23 3 11 Alarm Status Port Status 10 Click on a switch icon to display the device panel and status screen as shown in Figure 13 Figure 13 Device mapping Oe ZyXEL NetAtlas Enterprise EMS View Template Provisionnme Performance Fault Maimtenance Tool Help C X AES WIE f Device IPAddr
59. Switch A Enabled VLAN VLAN1 and egress tagging on Port 17 Port 1 is connected to another access switch in a building Port 17 is connected to port 11 on Switch B Switch B Enabled VLAN Stacking and STP Port 1 is connected to port 17 on Switch A Port 2 is connected to port 17 on Switch H Port 25 is connected to port 25 Switch C Switch C Enabled VLAN Stacking and STP Port 27 is connected to port 25 on Switch G Port 26 is connected to port 25 on Switch D Port 25 is connected to port 25 on Switch B Switch D Enabled VLAN Stacking Port 1 is connected to port 17 on Switch E Port 25 is connected to port 26 on Switch C Switch E Enabled VLAN VLAN1 and egress tagging on Port 17 Port 1 is connected to another access switch in the building Port 17 is connected to port 1 on Switch D Switch F Enabled VLAN VLAN 1 and egress tagging on Port 17 Port 1 is connected to another access switch in the building Port 17 is connected to port 1 on Switch G Switch G All contents copyright 2008 ZyXEL Communications Corporation 45 ZyXEL VES 1616 24FA 5x Series Support Notes Enabled VLAN Stacking Port 1 is connected to port 17 on Switch F Port 25 is connected to port 27 on Switch C Switch H Enabled VLAN VLAN1 and egress tagging on Port 17 Port 1 is connected to another access switch in the building Port 17 is connected to port 2 on Switch B Configuring Switch A E F and H Using the Web Configurator On switches A E F
60. TCI Tag Control Information starts after the source address field of the Ethernet frame All contents copyright 2008 ZyXEL Communications Corporation 33 ZyXEL VES 1616 24FA 5x Series Support Notes 6 bytes 6 bytes 2 bytes variable Standard frame L T Tagged frame 2 bytes OO 3 hits lbt 12 bits e TPID TPID has a defined value of 8100 in hex When a frame has the EtherType equal to 8100 this frame carries the IEEE 802 1Q 802 1P tag e Priority The first three bits of the TCI define user priority giving eight 2 3 priority levels IEEE 802 1P defines the operation for these 3 user priority bits e CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches CFI is used for compatibility reason between Ethernet type network and Token Ring type network If a frame received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port e VID VLAN ID is the identification of the VLAN which is used by the standard 802 1Q It is 12 bits long and allows the identification of 4096 2 12 VLANs Of the 4096 possible VIDs a VID of 0 is used to identify priority frames and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4 094 e Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significa
61. Tx Tagging v Tx Tagging v Tx Tagging Tx Tagging 9 Create another VLAN with a VID of 40 Select Fixed and un select Tx Tagging for port 2 10 For port 12 select both Fixed and Tx Tagging The VLAN Status screen should display as shown All contents copyright 2008 ZyXEL Communications Corporation 48 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL MENU Status Logout E Help OME oC VLAN Port Setting Static VLAN The Number Of VLAN 3 Port Number 12 14 8 18 20 22 24 28 Elapsed Time 14 1413 5 5 1 17 19 21 23 27 VLAN U U J U U U WU Static MAC Forwarding U U J U U U Uu Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Fort Authentication Part Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Pail Intervalcs 40 Set Interval DHCP Relay DiffServ Change Pages Next Page 11 To configure VLAN Stacking click Advanced Application VLAN Stacking in the navigation panel to display the configuration screen ZyXEL MENU 1 seul rne h chee A wet endete de Ail MEME Active di v Status O Logout Help 08100 v SP TPID VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Access Por v _ Bandwidth Control E AccessPot v Broadcast Storm Control 8
62. VES 1616 24FA 5x Series VDSL Switch Support Notes Version1 0 Apr 2008 YA Networking Power ZyXEL VES 1616 24FA 5x Series Support Notes Switch Management and Maintenance 3 Firmware Upgrade 3 Using the Web Configurator 3 Using the Console Port 3 Using F TP 4 Restore a Configuration File 4 Using the Web Configurator 4 Using the Console Port 5 Using F TP 5 Backing Up a Configuration File 6 Using the Web Configurator 6 Using the Console Port 6 Using F TP T Load Factory Defaults T
63. VES 1616 24FA 5x Series Support Notes Operation Mode 69 scenario of MVR 69 Triple play Application Tf Configure VES 1616FA 54 T Configure P 870H 51 02 Ringing a network by building redundant links and connections between Switch 91 What is Spanning Tree Protocol 91 Spanning Tree Overview 91 How STP Works 92 How STP wo orkS 94 Switching security 96 MAC Limit 96 Setting up 802 1x Radius Authentication 98 Port Authentication RADIUS Setup 98 RADIUS Server Setup
64. Word SLs wy JQ Q FF 03 28 Enter the user name and password The default user name is administrator and password is incognito All contents copyright 2008 ZyXEL Communications Corporation 12 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console Import Export W Reports Help Ixzxie d e5mius ao IP Commander gt IP Commander IP Commander Administrator Configuration Utility Client Revision 4 2 11 1 Copyright c 1338 2004 Incognito Software Inc IP Commander You must login using an IP Commander service administrator account on 192 168 1 99 not a Winnt or Unix user account Login name Password IV Save Password Cancel Ww Doc1 Microsoft Word Incognito Managemen 4 LT 3 je p P 03 38 A screen displays Make sure that the status of your DHCP is online On the top menu click Wizard Rule Wizard All contents copyright 2008 ZyXEL Communications Corporation 13 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 File Edit Service View Import Export Tools Reports Help Y x E B 9 A t Global Settings Wizard Subnet Configuration Wizard P Comare Se Metall _99 ONLINE Stand alone gt 2 ACSEE b Service Configu e Administrator Ac Network Views Rules Templates Policies Access Control Management Static Addresse Lhent Llasses Hardware Mapp Active IP Addre Anti Roaming D View Audi
65. ZyXEL Communications Corporation 47 ZyXEL VES 1616 24FA 5x Series Support Notes 8 Create a VLAN with a VID of 30 Select Fixed and un select Tx Tagging for port 1 For port 25 select both Fixed and Tx Tagging ZyXEL Status Fl Logout EH Help ED Static V AN g ACTIVE M VLAN Status Management a Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast DHCF Relay DiffServ oO m Oo Name VLAN Group ID Normal Normal 9 Normal Noma Normal Normal 9 Normal 9 Nurrrial Normal Normal 9 Normal Noma Normal Normal 9 Normal Control Fixed Fixed O Fired O Fired Fixed O red O Fixed Fixed Fixed O Fired Fixed O Fixed rxwed Fixed Fixed VLAN30 Forbidden Forbidden Forbidden Forbidden Forbidden Forbidden Forbidden Furbidderi Forbidden Forbidden Forbidden Forbidden Forbidden Forbidden Forbidden Tagging C Tx Tagging v Tx Tagging V Tagging v T Tagging Tx Tagging Le Tx Tagging Y Tx Tagging S Tx Taggirig v Tx Tagging Tx Tagging Tx Tagging E
66. a 5 2 3 D E E 3 Spanning Tree Protocol 2 40 Uu B 1 E 3 s 4 B 2 E T 2 0 00 09 Sta Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Poll intervals 40 DHCP Relay l Copyright 1995 2004 by ZyXEL Communia 8 To configure VLAN Stacking click Advanced Application gt VLAN Stacking in the navigation panel to display the configuration screen All contents copyright 2008 ZyXEL Communications Corporation 57 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL MEN m Status Fl Logout Help VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirrorind Port Role SPVID Priority H A l MUI Access Port Link Aggregation Access PotM u nena Port Authentication Access Port Port Security Port Inm Access Port J Access Control Queuing Method Access Port TIIT E cos oe 1p OPE P4 Kb Classifier Access Port v LING ow Policy Rule Access Port A n a VLAN Stacking SERE gos HA gas i EEEEEEEEEEEEES ERE CES EE Tenet aoe eL caen ies bc e bende eee Ls Multicast in Access Pon w Lo Bs DHCP Relay 11 Access Port DiffServ 12 Access Port v on m Mi Copyright 1995 2
67. and check the Enable option to make sure this rule is enabled We need to define that this kind of traffic will be sent through a specific WAN interface in other words that it would be added the VLAN ID when sent through this WAN Interface and that is why we enable the VLAN Mux For example the PPPoE 1 and PPPoE 2 need to be added the VLAN ID 203 we select the WAN interface which will add the VLAN ID 203 for these two rules Scroll down the page to configure the other parameters Add Network Traffic Class Rule The screen creates a traffic class rule to classify the upstream traffic assign queue which defines the precedence and the interface and optionally overwrite the IP header DSCP byte A rule consists of a class name and at least one condition below All of the specified conditions in this classification rule must be satistied for the rule to take effect Click Save Apply to save and activate the rule Traffic Class Mame Rule Order Rule Status Enable l WAN interface WAN Interface br Q 8 35303 as 0 8 35303 Assign ATM Priority and or DSCP Mark for the class If non blank value is selected for Assign Differentiated Services Code Point DSCP Mark the correcponding DSCP byte in the IP header of the upstream packet is overwritten by the selected value Assign Classification Queue DSL amp Prece 1 amp Quene 9 DSL amp Pecl amp Qume9 v Assign Differentiated Services Code Point DSCP Mark v Mark 8
68. ations Corporation 61 ZyXEL VES 1616 24FA 5x Series Support Notes vlan 30 name vi Amsu normal 1 24 28 fixed 25 27 Forbidden untagged exit wlan 40 name vi Anna I normal 1 24 28 fixed 25 27 Forbidden untadgged exit Interface port channel 25 vlan stacking role tunnel ex dt interface port channel 26 vlan stacking rale tunnel exit interface port channel 27 vlan stacking rale tunnel ex dt vlan stacking 7 After entering the commands use the write memory command in the enable mode to save your configuration Configuring Switch D Using the CLI 1 Connect your computer to the console port on the switch 2 Open a Terminal program for example Hyper Terminal in Windows 3 Configure the console port settings as shown next Bps 9600 Data bits 8 Parity None Stop bits 1 Flow control None 4 After you are connected successfully the login prompt displays Enter the administrator login username admin and password 1234 is the default 5 Enter config to go into the configuration mode 6 Enter the commands as shown in the screen to configure VLAN Stacking on switch D for this network scenario All contents copyright 2008 ZyXEL Communications Corporation 62 ZyXEL VES 1616 24FA 5x Series Support Notes wlan 40 name vi ANA O normal 2 24 26 28 fixed 1 25 Forbidden untadgged 1 Exit interface port channel 1 vlan stacking SPVID 40 ex dt Interface port c
69. ations Corporation 89 ZyXEL VES 1616 24FA 5x Series Support Notes mode cx Telnet 192 168 1 1 UDSL Link State LAN WAN DHS Server Route Setup MAT Firewall Quality Of Service Management Passwords Reset to Default Save and Reboot Exit gt sh BusyBox vi HH 2HH7 BH6 25 15 364 HBBB Built in shell msh gt Enter help for a list of built in commands ehtahles I INPUT 1 i ethi 4 j mark set mark HxB8BHHH4 ehtahles I FORWARD 1 i ethi 4 j mark set mark BHxS8HBH4 H exit Hit lt enter gt to continue We finished all the settings to use P 870H 51 to classify the service flows Let s review what we done we classified the traffic for VoIP PPPoE for Internet Access and IPoE for VoD With these settings P 8 0H 51 can work as a home gateway to help service provider to provide VoIP service to customer at the Ethernet port 4 and Internet access and IPTV service on the remaining ports All contents copyright 2008 ZyXEL Communications Corporation 90 ZyXEL VES 1616 24FA 5x Series Support Notes Ringing a network by building redundant links and connections between Switch What is Spanning Tree Protocol Spanning Tree Overview Spanning Tree Protocol STP is a Layer 2 protocol designed to run on the bridges and the switches The specification for STP is defined in IEEE 802 1d The main purpose of STP is to ensure that you do not run into a loop situation when you have redundant paths in
70. ator 1 Click Management gt Maintenance in the navigation panel to display the screen as shown Basic Setting Maintenance Advanced Application Hernote Dewice Upgrade Click Hara VD5SL Chip Reset Click Here Remote Device Reset Click Here Access Control Firmware Upgrade Click Here Diagnostic i Restore Configuration Click Here ystog Backup Configuration Click Here Cluster Management e WAC Tabla Load Factory Default Click Here ARP Table Reboot System Click Here 2 Click Click Here button next to Reboot System will restart the switch How to check the current running firmware version All contents copyright 2008 ZyXEL Communications Corporation 116 ZyXEL VES 1616 24FA 5x Series Support Notes Access the console and enter the show system information command This will display the firmware version the switch is currently using Is the mini GBIC transceiver hot swappable Yes it is hot swappable You can change transceivers while the switch is operating What is Dual Personality interface on a VDSL Switch Dual Personality GbE interface means that one 1000Base T Copper port and one SFP port shares the same physical interface Only one of them can be used at a time Dual Personality interface is also Known as a Combo Port Can enable IGMP snooping on the Switch which is acting as an IGMP Router No You do not need to enable IGMP Snooping on an IGMP Router IGMP Snooping shou
71. bridge If a bridge does not get a Hello BPDU after a predefined interval Max Age the bridge assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology For example All contents copyright 2008 ZyXEL Communications Corporation 94 ZyXEL VES 1616 24FA 5x Series Support Notes Switch A Switch B Switch C MAC MAC 00A0C5111111 IMAC 00A0C5222222 00A0C5333333 Priority 32768 Priority 32 68 Priority 1 Pot Pot2 Pot Pot2 Poti Cost 19 100 Cost 19 100 Cost 19 Priority 128 128 Prrity128 128 Priority 128 segment B 1O0Base T Switch A Switch B segment A 10Base T 1 Switch A bridge ID 8000 00A0 C511 1111 Switch B bridge ID 8000 00A0 C522 2222 Switch C bridge ID 0001 00A0 C533 3333 Switch C has the lowest bridge ID so Switch C is the root bridge All ports of the root bridge are designated ports so Port 1 is designated port 2 For non root bridge Switch A Port 1 path cost to root bridge is 19 Port 2 path cost is 119 100 Switch A Port 2 19 Switch B Port 1 For Switch B Port 1 path cost is 19 Port 2 path cost is 119 Root port Port 1 of Switch A and Switch B because it has the lowest path cost to the root bridge Switch C 3 On Segment A both Port 2 of Switch A and Switch B have the same path cost to root bridge Since Switch A has lower b
72. c from GS 4024 to separate VLAN hosts All contents copyright 2008 ZyXEL Communications Corporation 69 ZyXEL VES 1616 24FA 5x Series Support Notes Media Server Port 10 GS 4024 um Port 17 VLAN 100 VES 1616F Port1 Port2 Port 3 VLAN30 vLAN 40 VLAN 50 Configuration via Web 1 We need to create a VLAN for multicast traffic in GS 4024 In GS 4024 click the Advanced Application and then select the VLAN In the VLAN Configuration create a new VLAN 100 Figure 4 VLAN Configuration D VLAN Status VLAN Port Sening Static VLAN The Humber Of VLAN Furl Murr Her Index VILI z a B 10 12 4 J amp 8 3 32 234 35 3S2 Elarsed Time Statue 1 3 i H 11 13 1789 Vf 15 1 As MJ mM LI IJ LI LI LI LI LI LI LI LI LI LI LI 1 1 Df Statir LI LI LI LI LI LI LI LI J LI LI LI 2 100 C 004574 Static 2 In the GS 4024 click the Advanced Application and then select the VLAN In the VLAN port Setting set the PVID of the port 10 to 100 as the multicast traffic that flows from media server to port 10 must be tagged with PVID 100 to communicate with the port in MVR VLAN 100 in VES 1616F 3X All contents copyright 2008 ZyXEL Communications Corporation 70 ZyXEL VES 1616 24FA 5x Series Support Notes NJENL VLAN Status GVRP Part isolation C Port Ingress Check PVID GVRP Acceptable Frame Type VLAN Trunking 4 4 Je 4 J 3 We need to create separate VLANs for different clients In VES 1616FA 54 in the A
73. cations Corporation 16 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 Xx 8 oH m5 ao9 IP Commander ra 2 192 168 1 39 lt ONL 2 Service Configuration for 192 168 1 99 ONLINE Stand alone gt E Service Configu Administrator Ac IP Commander Administrator Configuration Utility Network Views Client revisigies Rules i Rule Wizard for 192 168 1 99 Templates Policies Access Control Create the rule criteria Management Static Addresse Select rule criteria from the keywords list and link them using operators Lhent Llasses i in the operators list Use parantheses to specity the order ot preterence Hardware Mapp i Active IP Addre i Keywords Operators Anti Roaming D DHCP Option gt uon view Audits amp f DDNS amp TFTPI IP Limit Exception Lease RelayA amp gentCircuit lt Bark Newt Cannel BS amp temp wi Doel Microsoft Word en lt An Add DHCP Option Rule screen displays Select Option 82 Relay Agent Information set sub option 1and use binary data For port 1 VLAN 1 with option82 string of VES 1616FA 54 enter 0019000147532d33303132 as the key value and click OK Note that the first two bytes define the port number the second two bytes is the VLAN ID and the rest of the bytes are the Option 82 string All contents copyright 2008 ZyXEL Communications Corporation 17 ZyXEL VES 1616 24FA
74. ch Figure 5 Map Object Properties Hap Obi ect Properties E X General Attributes Dependencies VES 1616F 35 Tope Devss Address fisriesot leon ewoo Group 000 Unknown o Descr 3 Click the Access tab to a SNMP settings Change the value for Read Access Mode to SNMP V2c Figure 6 Read Access mode All contents copyright 2008 ZyXEL Communications Corporation 109 ZyXEL VES 1616 24FA 5x Series Support Notes General Acces Attributes Dependencies Nome Read Write Access Mode Value SNMP We s Attnb Name ee i Rent Access Mode SNMP Y2c iL BE Access Mode SNMP 2e Commananitvy publie Read Write Community publ Trap Community publ Y 3 Engmeil anto Y 3 Context Name not set Y3 No Auth Securty Name not set Ya Auth Priv Security Name not sets Y3 Auth Passed not set Y3 Priv Passed 4 Change the value for Read Write Access Mode to SNMP V2c Screen settings should be similar to the one shown Figure 7 Read Write Access Mode General Access ao Dependencies Name Read Write Access Mode Valua uu Vac j Attnb Y3 No Auth Secunty Mame not set Y3 Auth Prw Security Hame awot sets Y3 Auth Passed not set i nat set m em 5 Change the value for Read Community to public Figure 8 Read Community All contents
75. ck the Multicast go to the Multicast All contents copyright 2008 ZyXEL Communications Corporation 74 ZyXEL VES 1616 24FA 5x Series Support Notes Setting and activate the IGMP Snooping IGMP Filtering Profile IGMP Snooping VLAN Multicast Status Active IGMP Snoopin 4 H 802 1p Priority No Change 2 IGMP Filtering Active o gt IGMP Proxy Active HE VLAN Unknown Multicast Frame O Forwarding 9 Drop Static MAC Forwarding Reserved Multicast Group 9 Forwarding Drop Ld IGMP Host Timeout 260 Seconds Spanning Tree Protocol Broadcast Storm Control IGMP Leave Timeout 2 Seconds Mirroring Link Agaregation s 9 Port Name Type Immed Leave Max Multicast Group Profile IGMP Querier Mode Port Authentication MAC Limit 1 port01 VDSL Enable 2 MOD i Access Control 2 porto2 VDSL Enable 2 MOD Queuing Method 3 port03 VDSL Enable 2 MOD p Classifier gee i 7 In the VES 1616FA 54 go to Advanced Application gt MVR and then to the Group configuration Set 233 1 1 1 233 1 1 100 as the range of multicast address so that only the clients belonging to that range of multicast group will receive the multicast traffic MENU OTe MVR Multicast VLAN ID 100 e FH JGOTPEPUTTPTTITETITTTCETG TTTTTVTFTTTTTNETTCTTETETTPTTTCETTETTFTETTUETETTTUETETTYTTTTTPTRTTCRETTTTTT ETT ET a f en H kaa Ti ra VLAN mE TW Totregt Hame Start Address End Address static MAC Forwardin NENNEN a V 0 0 0
76. copyright 2008 ZyXEL Communications Corporation 110 ZyXEL VES 1616 24FA 5x Series Support Notes E ap Obest Properties x General Acces Attributes Dependencies Name TN public Attrib Value uy Access Mode SNMP V32c Read Wrte Access Mode SBMP Ve HE publ emi Woe Community publ Trap Commasty publ 3 Engmeil anto Y 3 Context Name not set Y3 No Auth Secunty Name enol set F3 AuthPay Security Name aot sets T3 Auth Passed not set Y3 Priv Passwd not set m Ra 6 Change the value for Read Write Community to public Click OK to save the settings and close this screen Figure 9 Read write Community Map Object Properties General Access Attributes Dependencies Name Read Write Comunity Value Attrib Read Access Mode SNMP Vc Read Write Access Mode SNMP ac Read Scones public Reads Write murat public Trap Sommunicr public Y3 Engmeid salto gt Y 5 Context Name snot set gt Y3 No Auth Security Name snot sete Y3 Auth Priv Security Name snot set Y 3 Auth Pasewd sat set Ya Priv Pasewd snot set BUR a 7 In the Selection tool menu click the name of the switch you have just created to manage the device All contents copyright 2008 ZyXEL Communications Corporation 111 ZyXEL VES 1616 24FA 5x Series Support Notes Figure 10 Device Selection E SNMPc Management Console Root
77. d learn the MAC address of the host on Port 2 e Switch A has not yet learned the MAC address of Router So Switch A will flood a copy of the received frame to Segment B e When the copy of the frame from Switch A arrives at Switch B Switch B will remove the first entry Host MAC address on Port 2 in Filtering Database and add a new mapping of Host MAC address on Port 1 Switch B incorrectly learn Host MAC address on Port 1 e Switch B can t forward the frames properly because the instability of mapping MAC address to Port segment B Switch A Switch B segment Host Router How STP Works opanning Tree provides a loop free network When a switch supporting STP recognizes a loop in the network topology it blocks one or more redundant ports All contents copyright 2008 ZyXEL Communications Corporation 92 ZyXEL VES 1616 24FA 5x Series Support Notes Spanning Tree Protocol continually explores the network so when the network topology changes STP automatically reconfigures the switch ports in order to avoid the failure by blocking certain port Spanning tree algorithm aware switches bridges exchange configuration messages periodically The configuration message is a multicast frame called BPDU Bridge Protocol Data Unit or Hello message According to BPDU these STP aware switches bridges will construct a loop free network with a tree architecture STP operation is described below 1 Select a root bridge Only
78. dvanced Applications MVR configure the MVR VLAN 100 Define port 1 port 2 and port 3 as the receiver ports for forwarding the multicast stream to the clients in different VLANs set port 17 as a source port to receive traffic from the media server Also select mode as dynamic mode The switch sends IGMP report message to multicast router through its source port Group Configuration X GG Ne 0 10M 0606696 m un test Wisi Case ese hc ta etd A aes mam aa E ICE UCET ORO I LEZEAIGLEXDUIHIUINIGDEEDECIRIUDVAUAETUGCESICEAIULDEMGCIEIULRT ANON ONT LORD TOLL CEU IE E 100 EE AEN ezILiieirnrcesngeshdtacepuietiait Es x i LA i J Mm Eme oM rtc E E EEEE A A E A A emma es AEEA am VLAN i Made Dynamic Compatible Static MAGC Forwarding a Ae Seat TIT NONU ERES RETRO ERES SR y EE dee rahe O IPSINS p Ne a NUNT RE ERRARE ONTE O A NR EN Filtering Spanning Tree Protocol Broadcast Storm Control Port Name Type Source Port Receiver Port None Tagging n EERE ERER RA RAEE FARAR OU HED RER ERARAS ARREA To 1 porto VDSL O C Tx Tagging Link Aggregation Ense FEE TIT EET 02 siicems days ys ape aqu we V DSL TEE UT M CEN Irie ETT MT TL IT DUE E T E O Sis wave LTAT AT pat yung e RE Fl tet Pope EE Part Authentication IMEEM itas prit Gon uas p Ha cies seite ates tier essen Faena diS ATA ee pe a eae sento iis uitio E teea aerae aena x on DEM MAC Limit fed oui p sess WAL ne MO unman e LiTmTaggig _ Access C
79. ess Descriptions GRII MAJ Mnt ir 2 49 Rootmap S Switch 4406 1722345415 313 ISI IO ESTE Rootmap Port Status Part View Por Status Pot LinkSpeed State LACP 1 0 Mbps STOP Disahled NIA 2 0 Mbps STOP Disabled NIA 3 100 Mbps FORWARDING Disabled NIA 4 D Mbns STOP Disahled NA All contents copyright 2008 ZyXEL Communications Corporation 113 ZyXEL VES 1616 24FA 5x Series Support Notes FAQ What are the default IP parameter settings IP address 192 168 1 1 Subnet 255 255 255 0 What is the default login Name and Password to log into the Web Configurator ID admin Password 1234 How to access my SWITCH through the console port Connect the male 9 pin end of the console cable to the console port of the switch Connect the female end to a serial port COM1 COM2 or other COM port of your computer Launch a terminal emulation software configured to the follow settings Terminal emulation VT100 Baud rate 115200 bps Data bits 8 Parity none Stop bit 1 Flow control none What is default login password for console telnet and FTP login Password 1234 How to change the password You can only change the administrator login password in the web configurator After you log in for the first time it is recommended you change the default administrator password In the Web Configurator Click Management gt Access Control gt Logins to display the configuration screen as shown
80. etd Index VID 10 12 14 16 18 20 22 24 26 28 ElapsedTime Stal 9 48 13 18 37 18 21 23 25 2 JU f a ee y E E g E a E a a y JB J AE AE E VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Poll Interval s 40 Set Interval DHCP Relay DiffServ Change Pages Next Page Ci Ci C Cu c c eqo Cc Cc pho 0 00 20 Sta om Lum amp Copyright 1995 2004 by ZYXEL Communia All contents copyright 2008 ZyXEL Communications Corporation 56 ZyXEL VES 1616 24FA 5x Series Support Notes Follow the steps in the previous section to configure VLAN 40 of which ports 1 and 12 are members Since port 12 is a TunnelPort select the Tx Tagging field For the Access Port port 1 un select the Tx Tagging field After the configuration the VLAN Status screen should look similar to the figure as shown ZyXEL Status Fl Logout E Help AuUENVEICUIEENED VLAN Port Setting Static VLAN The Number Of VLAN 2 pee bey et meni pl Port Number edad lea Lolli df este nar UR Index VID 2 4 6 8 10 12 14 16 18 20 22 24 26 28 Elapsed Time Stat gfe ees ak e es E OR se Se ee ge Re E II MZ VLAN eh S Eo E ee Le SE EREA 1 1 0 00 10 Sta Static MAC Forwarding UT U U U U Uu U U U U U U Uu U Filtering 2 z z M
81. ging field After the configuration the VLAN Status screen should look similar to the figure as shown ZyXEL Status O Logout Help m OME oD VLAN Port Setting Static VLAN The Number Of VLAN 2 Eu Rettore oae d ETA D aE Bem AMA NI AA AA AAA Port Number Biches dla be khhA DRE nacre Index VID 10 12 14 16 18 20 22 24 26 28 ElapsedTime Stal 8 1t 13 35 1 38 21 23 28 2 M 3 3X 3 3X 3X u AP MESSER SENSE SESE SE JHE VLAN Static MAC Forwarding 0 00 06 Sta C cias C Ct R t IC pee C T ESO fong C Filtering m m fe m m E i Spanning Tree Protocol 3 30 CR m ea eai RT NE DINE RESI PRU N n Dm 0 00 06 Sta Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Poll Interval s 40 Set Interval DHCP Relay i Copyright 1995 2004 by ZyXEL Communi 8 To configure VLAN Stacking click Advanced Application VLAN Stacking in the navigation panel to display the configuration screen All contents copyright 2008 ZyXEL Communications Corporation 54 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL VLAN Static MAC Forwarding Filtering Active SP TPID 0x8100 v Hex Status OM Logout Help f Spanning Tree Protocol Acce
82. hannel 25 vlan stacking role tunnel ex1t vlan stacking 6 After entering the commands use the write memory command in the enable mode to save your configuration All contents copyright 2008 ZyXEL Communications Corporation 63 ZyXEL VES 1616 24FA 5x Series Support Notes IP Multicasting Configuring IGMP snooping in your switch Multicast Traffic Video server Receiver Receiver Receiver Not a Receiver IGMP snooping is designed for scenarios with multicast traffic It operates on the underlying IGMP mechanism where a layer two switch passively listens to the IGMP Query Report and Leave IGMP version 2 packets transmitted between the IGMP router and clients and collects passing IGMP messages After that the switch records the message s group registration information and configures the multicasting information accordingly If the multicast group information is unknown not recorded on the switch the switch discards that multicast traffic Only the registered clients that join the group will receive multicast stream from the IGMP router Thus this significantly reduces the multicast traffic forwarded down to the clients Another advantage of IGMP snooping is to allow the intermediate switch to learn All contents copyright 2008 ZyXEL Communications Corporation 64 ZyXEL VES 1616 24FA 5x Series Support Notes multicast group information without manually configuring switches Configuration of IGMP snooping b
83. icy rule 1 Policy rule on Classifier 1 AID Active v Name n 2 3 Classifier s Static MAC Forwarding Filtering General Metering Spanning Tree Protocol VLAN ID 1 Bandwidth Broadcast Storm Control Kops Mirroring EgressPort Port 17 iv Out of Profile C Link Aggregation DSCP Port Authentication Parameters Outgoing packet format for Egress port 9 Tag Untag MAC Limit Priority Access Control Queuing Method Classifier TOS 0 Policy Rule Forwarding VLAN Stacking O No change Multicast Mu Discard the packet DHCP 9 Do not drop the matching frame previously marked for dropping DiffServ Priority Pra a hi channan 2 Policy rule on classifier 2 All contents copyright 2008 ZyXEL Communications Corporation 104 ZyXEL VES 1616 24FA 5x Series Support Notes DINCD Active m Name r2 a 3 Classifier s ME VLAN Static MAC Forwardina Filtering General Metering Spanning Tree Protocol VLAN ID 1 Bandwidth Kbps Broadcast Storm Control Mirroring EgressPort Port 17 v Out of Profile Link Aggregation E DSCP Port Authentication Parameters Outgoing packet format for Egress port 9 Tag O Untag MAC Limit Priority 0 iv Access Control pias Queuing Method Classifier TOS 0 v Policy Rule Forwarding VLAN Stacking No change Multicast 9 Discard the packet vl v DHCP Do not drop the matching frame previously marked for dropping 3 Policy rule on classifier 3 Active p Name r3 Ri
84. imiwiatn RieCa A COMES O0 ii eee mcdia OT esl cisco milliseconds etek IP Setup Priority Queue Assignment level Queue 7 v Port Setup level6 Queue 6 m VD SL Alarm Profile Setu T7 a P level4 Queue 4 Rate Limit Profile Setup level3 Queue 3 v level2 Queue 2 v level Queue 1 Iv level Queue v Apply Cancel 8 Next create logical partitions on the switch Click Advanced Application gt VLAN in the navigation panel and select the ports to belong to the VLAN For this example select ports 1 4 and 17 18 to belong to a VLAN so they can communicate with each other Although ports 5 8 are in another group both groups cannot communicate with each other Here we also defined ports 17 and 18 as the uplink ports Therefore All contents copyright 2008 ZyXEL Communications Corporation 30 ZyXEL VES 1616 24FA 5x Series Support Notes both groups can pass data to ports 17 and 18 In another word these two ports belong to both VLAN groups at the same time The configuration screen should look similar to the screen as shown Incoming u a a 1 7 O U ee eee Tr I DU UJ MM v amr 0 0 0gEMMNNEMN NNNM 7 UU 7 MOM mic uar nogn amp EMNMNMNNM I 7 0 NOME ajaja D00 Da ee eee 7 7 7 0 KEE Oo oO OQ u a 1 O OF 0 NINE NEM NM Oo 0 0 my umm 1 O 0 0 mum NN NN NM Oo D D DEMNM sr 0 0 07 aR EM NM M v M D D DD gm NMN Oo D 0 70 Baa ee NM M 3 Lam 8 uNEMEM Ll Lr Lam wu MI I 0 0 Bee Outgoing 0 ML IM
85. king click Advanced Application gt VLAN Stacking All contents copyright 2008 ZyXEL Communications Corporation 51 ZyXEL VES 1616 24FA 5x Series Support Notes in the navigation panel to display the configuration screen ZyXEL MENU O m Status Fl Logout E Help beard eene t ordenes iem Active v RRouung FTOTOCO 0x8100 v SP TPID zi Hex pe sala scndtedur AEEA e ecu V AUS TAA US ATA ARS MOM AN RAM Q Others VLAN Static MAC Forwarding MU Port Role SPVID Priority Filtering aab Spanning Tree Protocol 1 Access Port en 0 Bandwidth Control 2 Access Port 1 0 vi SFOH URS Storm Control 3 Access Po rt v 4 nt vi Mirroring EerreeIETEEETHNIE pease kem pum Link Aggregation Access Port ij t 0 8 Port Authentication 5 Access Port 1 EA Port Security B Access Port v i ov Access Control z EIU pum Queuing Method j occas oe 0 S Figseiher 2 Access Port i 1 Uu Bhalla Sele 9 Access Port 1 v VLAN Stacking A momar stoma rrr Multicast i GENRES LO DHCP Relay 11 Access Port 1 o MI Offer 12 Access Port A o 6 4 m I CRE 5 uml Copyright 1995 2004 by ZyXEL Communi Set ports 25 26 and 2 as the Tunnel Ports and leave the SPVID fields to the default settings Tunnel Fot 9 You have finished setting Switch C for VLAN stacking for this network example
86. ld be enabled on the access layer device which is normally a L2 switch Can enable MVR and IGMP snooping at the same time Yes All contents copyright 2008 ZyXEL Communications Corporation 117
87. link to display RADIUS configuration screen as shown Set the RADIUS server IP address UDP port and shared Secret Make sure the information you have entered is the same as the RADIUS server Then click Apply to make the settings take effect MENU o n OL aD Port Authentication Authentication Server IP Address 192 168 1 3 n UDP Port 1812 T shared Secret 123456789 BE VLAN static MAC Forwarding Filtering SERIY Spanning Tree Protocol Click the 802 1 x link to display the 802 1x configuration screen Select the Active check box to enable and then select the Active for a port to enable 802 1x authentications on that port You can leave the other settings to the default values Click Apply to save your changes G 5021x Port Authentication Active a H am gt Port Active Reauthentication Reauthentication Timer wi V A i i FE rag VLAN 1 On 3600 seconds Static MAC Forwarding iioc a gau af EE j Min M EN NN rj sf Evi ufa FERE Red E uS US ye qd En RE erp uva YR ET On s RRR E O ec Oca DEI TREES zem DEW GWW ee EE ee eC EIS Fieri 0000 ss t teal BE sss d mome n Spanning Tree Protocol 0 I s Eos Broadcast Storm Control 4 On Iv 3600 seconds Mirrarin eee ee Cee eee ee ee ee ce ee eee eee ee eee ee eee ee eer eee ee ee ee ee cee ee cee ee ee ee RR G3 33 3 25 LURE eee er re errr i WwasnsuasnutsasusLrissssuylHa uuasusuesussumuiesmuiususs 3 d ee 5
88. ll contents copyright 2008 ZyXEL Communications Corporation 23 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 IiS S 6H BEB A0 IP Commander 2 192 168 1 99 lt ONL 3 Service Configuration for 192 168 1 99 ONLINE Stand alone gt Service Configu Administrator Ac IP Commander Administrator Configuration Utility Network Views Client eVision Rules Copyright cin PR e Ea A Bc Templates Policies e Access Control Tree View amp Management OP Static Addresse Ei Rules diee The rule d has all nf the re ard Ca Llent Llasses i i a orien guber bled kae petias You are finished Bad Hardware Mapp Global Access Control List ial ies WIE Ue n oe Py Active IP Addre Global Template ef Anti Roaming D Incognito 0 0 0 0 A View Audits nt Eene Template for Incognito W 2 Statistics it s properties amp f DDNS amp TFTPI Select a component in the tree to view or modify nce the rule is created it will immediately Components are linked together become active in the rules container Caneel BAGS amp temp wi Doel Microsoft Word en Rj we 3 EI ae FP 0345 After the DHCP server configuration your computer should be able to get an IP address of 192 168 1 201 when a DHCP request is sent Separating a physical network into multiple virtual networks What is Virtual LAN VLAN Overview A VLAN Virtual Local A
89. ll fix the VolP service at the Ethernet port 4 and remaining ports for other services Therefore we will need use CLI command to configure the port based VLAN setting which will combine all traffic from the Ethernet port 4 of P 870H 51 with the VLAN ID 201 To make sure the CLI command works properly we need to make sure the order of rule for the VLAN 201 is 1 This should help us to make sure the CLI command can map to the correct WAN interface with correct VLAN ID Click the Save Apply button at the QoS classification page to save and finish all the settings related to WEB GUI since we will use CLI commands to finish all the other settings 4 Configure the port based VLAN through Telnet or Console port Connect the CLI mode of P 870H 51 through Telnet session or console Ul In this case we will use Telnet session to show how to configure the CLI command All contents copyright 2008 ZyXEL Communications Corporation 87 ZyXEL VES 1616 24FA 5x Series Support Notes BCM96358 ADSL Router After logging in the CLI of P 8 0H 51 we can see the picture below showing the list of the commands and other information Type sh command to enter the CLI mode 5 BGE Note If you have problem with Backspape key please make sure you configure mm im terminal emulator settings For instance from HyperTerminal you would need to use File gt Properties gt Setting gt Back Space key sends Main Menu UDSL Link State LAH WAH DNS Server
90. me the rule Enter a description of the rule optional Demo Fannel Created Last modified Lint Add Delete Search f 2 Windows M Ww Docl Micro Incognito Ma 2 Ethereal e MAIEUNFIL RY IRFS er 3 EI RA FF 04 22 opecify one or a range of IP addresses for this rule In this example we configure an IP pool from 192 168 1 201 to 192 168 1 203 All contents copyright 2008 ZyXEL Communications Corporation 15 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 ONLINE Stand alone gt File Edit Sei View Import Export Wizards Tools Reports Help XIS 8 980D Q9 IP Commander 2 192 168 1 99 lt ONL V4 Create Rule E Service Configu Administrator c General Rule Criteria High Water Marks Rule Options Network Views ge Rules Rule Wizard for 192 168 1 99 Templates Policies x Access Control Address Range Limits Management Static Addresse Lower limit Now you must specify the upper and lower limits Lhent Llasses ot the IP addresses tor the rule Hardware Mapp Active IP Addre AntiRoamingD Default gat Enter the lower limit View Audits Statistics Lease time amp f DDNS amp TFTPI Enter the upper limit I92 168 1 203 lt Bark Cannel Created Last modified Search ii Doel Micro Incognita Ma 2 Ethereal Next select DHCP Option in the Keywords field All contents copyright 2008 ZyXEL Communi
91. n and password 1234 is the default 5 Enter config to go into the configuration mode 6 Enter the commands as shown in the screen to configure VLAN Stacking on All contents copyright 2008 ZyXEL Communications Corporation 60 ZyXEL VES 1616 24FA 5x Series Support Notes switch B for this network scenario wlan 30 name vi Anu normal 2 24 26 28 Ter cq 25 Forbidden untagged 1 exit wlan 40 name VLAN O normal 1 3 24 26 28 fixed 2 25 forbidden untagged 2 exit interface port channel 1 vlan stacking SPVID 30 exit Interface port channel 2 vlan stacking SPVID 40 ex dt interface port channel 25 vlan stacking rale tunnel Exit vlan stacking 7 After entering the commands use the write memory command in the enable mode to save your configuration Configuring Switch C via CLI 1 Connect your computer to the console port on the switch 2 Open a Terminal program for example Hyper Terminal in Windows 3 Configure the console port settings as shown next Bps 9600 Data bits 8 Parity None Stop bits 1 Flow control None 4 After you are connected successfully the login prompt displays Enter the administrator login username admin and password 1234 is the default 5 Enter config to go into the configuration mode 6 Enter the commands as shown in the screen to configure VLAN Stacking on switch C for this network scenario All contents copyright 2008 ZyXEL Communic
92. nt and the default VID of the ingress port is given as the VID of the frame How 802 1Q VLAN works Based on the VID information in the tag the switch forwards and filters frames on the ports Ports with the same VID can communicate with each other IEEE 802 1Q VLAN function defines three tasks Ingress Process Forwarding Process and Egress Process All contents copyright 2008 ZyXEL Communications Corporation 34 ZyXEL VES 1616 24FA 5x Series Support Notes 1 Ingress Process Each port is capable of passing tagged or untagged frames Ingress Process identifies if the incoming frames contain a tag and classifies the incoming frames belonging to a VLAN Each port has its own Ingress rule If an Ingress rule accepts tagged frames only the switch will drop all incoming non tagged frames on the port If an Ingress rule accepts all frame types the switch allow both incoming tagged and untagged frames on the port When a tagged frame is received on a port it carries a tag header that has an explicit VID Ingress Process directly passes the tagged frame to Forwarding Process An untagged frame does not carry any VID to which it belongs When an untagged frame is received Ingress Process inserts a tag contained the PVID into the untagged frame Each physical port has a default VID called PVID Port VID PVID is assigned to untagged frames or priority tagged frames frames with null 0 VID received on this port Tagged frame Tagged
93. odem protocol to transfer Receive File the configuration file with a rom file extension All contents copyright 2008 ZyXEL Communications Corporation 6 ZyXEL VES 1616 24FA 5x Series Support Notes 5 Enter ATGO to restart the switch after file transfer and the configuration backup processes are complete Using FTP 1 Download and unzipped the correct model firmware to your computer 2 Launch the FTP client on your PC to log into the switch From the command prompt type ftp Switch IP 3 Press ENTER when prompted for a user name 4 Enter the administrator login password to access the switch and display FTP prompt 5 Enter bin to set the transfer mode to binary 6 Use get to transfer the configuration file from the switch to your computer for example get config config rom transfers the configuration file on the switch config to your computer and renames it config rom 7 Enter bye to log out from the switch Load Factory Defaults Using the Web Configurator 1 Click Management gt Maintenance in the navigation panel to display the following screen MENU c RUD 4 a Firmware Upgrade ClikHere sse 3 Restore Configuration ClickHere 2 Backup Configuration CliekHere 0 a Load Factory Default Diagnostic Reboot System Syslog MAC Table ARP Table Loop Diagnostic CFM Action 2 Click
94. ol i NE Normal O Fired O Forbidden M Tx Tagging Broadcast Storm Control 4 Normal Orxed O Forbidden I Tx Tagging Mirroring 5 Normal OFxed O Forbidden Tx Tagging Link Aggregation a 5 Normal O Fined O Forbidden Tx Tagging iudocsol E on Normal OO Fixed Forbidden e TxTagging REIN 8 9 Normal Q Fixed Q Forbidden Tx Tagging o o 2 9 nNoma OFbed O Forbidden A TkTagging a e m Nous Norma O Fried O Forbidden e TxTagging PARR m S S 1s Norma O Fixed Forbidden M TxTagging VLAN Stacking 120 Normal OFkxed O Forbidden Tx Tagging Multicast 0 LV 135 Normal OFkxed O Forbidden TxTagging MR S eee M Normal O Fined O Forbidden TxTagging BEC M eee 15 o Normal O Fined O Forbidden TxTagging EN UU eec om o 1B Normal O Fixed Forbidden TxTagging CFM 17 Normal 9 Fixed Forbidden Tx Tagging Open Advanced Application gt VLAN gt Static VLAN to add a new VLAN Tick All contents copyright 2008 ZyXEL Communications Corporation 73 ZyXEL VES 1616 24FA 5x Series Support Notes the Active bo
95. one switch bridge can be selected as the root bridge in a given network All other decisions in the network such as which port is blocked and which port is put in forwarding mode are made regarding this root bridge The root bridge is the root of the constructed tree e One of the important fields included in the BPDU is the bridge ID Each bridge has unique bridge ID The root bridge is the bridge with the lowest bridge ID in the spanning tree network e The bridge ID includes two parts bridge priority 2 bytes and bridge MAC address 6 bytes The 802 1d default bridge priority is 32768 E g fora switch with default priority 32768 8000 hex MAC address is 00 A0 C5 12 34 56 its bridge ID is 8000 00A0 C512 3456 e On the root bridge all its ports are designated ports Designated ports are always in the forwarding state While in forwarding state port can receive and send traffic 2 Select a root port for the non root bridge For the non root switch bridge there will be one root port The root port is the port through which this non root switch bridge communicates with the root bridge the leaf side of the tree The root port is the port on the non root bridge with the lowest path cost to the root bridge The root port is normally in forwarding state e Path cost is the total cost of transmitting a frame on to a LAN through that port to bridge root It is assigned according to the bandwidth of the link The slower the
96. onfig interface port channel 1 VES 1616FA 54 config interface pvid 30 VES 1616FA 54 config interface exit Step 7 On the VES 1616FA 54 set the PVID of specific VLAN 40 VES 1616FA 54 config interface port channel 2 VES 1616FA 54 config interface pvid 40 VES 1616FA 54 config interface exit Step 8 On the VES 1616FA 54 set the PVID of specific VLAN 50 VES 1616FA 54 config interface port channel 3 VES 1616FA 54 config interface pvid 50 VES 1616FA 54 config interface exit Step 9 On the VES 1616FA 54 in the configure mode enable IGMP snooping VES 1616FA 54 config igmpsnooping Step 10 On the VES 1616F 3X in the configure mode create MVR VES 1616FA 54 config mvr 100 Step 11 Define the Dynamic mode VES 1616FA 54 config mvr mode dynamic Step 12 on the VES 1616FA 54 in the MVR 100 set up the multicast group address VES 1616FA 54 config mvr group test start address 233 1 1 1 end address 233 1 1 100 Step 13 In the MVR 100 specify receiver ports on port 1 3 as untagged ports VES 1616FA 54 config mvr receiver port 1 3 VES 1616FA 54 config mvr untagged 1 3 Step 14 Then specify the source port 17 and assign it to be tagged ports VES 1616FA 54 config mvr source port 17 VES 1616FA 54 config mvr tagged 17 All contents copyright 2008 ZyXEL Communications Corporation 16 ZyXEL VES 1616 24FA 5x Series Support Notes Triple play Application The triple play application is more and more popular recentl
97. ontrol 4 port 4 VDSL O iO CI Tx Tagging All contents copyright 2008 ZyXEL Communications Corporation 71 ZyXEL VES 1616 24FA 5x Series Support Notes Port Name Type Source Port Receiver Port None Tagging ML VDSL Oe Oo EP Tx Tagging M 2520002 MOBLOG Oo ET Tx Tagging me 3 2 2003 VDSL a cs A Tx Tagging lt lt ee port VDSL Ons EO TxTagaing Saan POROS O VDSL Oaa O C Tx Tagging ae 6 ponos vps 0 o o o LlmTeggno Spanning Tree Protocol 7 xmi porta fur geeechceeend y DSL er rm E TET DRE L Tx Tagging sd Broadcast Storm Control ELA por s est oe e o o L Tx Tagging Mirroring a a omes necis RR MEE POEN AE O a C TxTagging _ Link Aggregation 10 part1 VDSL O e Tx Tagging p E cm aa a M otroesea ME 2S B aa A i nsus s E M Bs a m ee o i me om o Ec a uem s zi pam mA Queuing a n cu eau contio go e Bs uS m E ss dee oo ee eee a em E 5B one m Policy Rule CA Biz S ov o SU E EE M P o uu coment e eren ecran tine civis A E RICO QU Multicast atte LE potir sts Pme scenes ess ae e Tx Tagging MWR LS portig Ethemet e ouunu e unm amp Ll XTagging DHCP 4 In VES 1616FA 54 after the MVR configuration click the Advanced Application VLAN Status and check whether there is the new VLAN 100 added in the VLAN list We also create three separate VLANs 30 40 50 and assign their PVID as 30 40 and 50 respectively MENU
98. opyright 2008 ZyXEL Communications Corporation 59 ZyXEL VES 1616 24FA 5x Series Support Notes Data bits 8 Parity None Stop bits 1 Flow control None 5 After you are connected successfully the login prompt displays Enter the administrator login username admin and password 1234 is the default 6 Enter config to go into the configuration mode 7 Enter the commands as shown in the screen to configure VLAN 1 on switches A E F and H for this network scenario Port 17 will be tagged during Egress Username admin Password Copyright c 1994 2887 ZyXEL Communications Corp VES 1616FA S4 confi VES 1616FA S4 config vlan Warning please don t dE vlan for normal operation VYES 1616FA By config vlan name VES 1616FA 54 config vlan fixed 1 18 VYES 1616FA 54 config vlan untagged 1 16 VES 1616FA 5S4 config vlan exit UES 1BIBFR B4 config it exit YES 1616FA S4 write memory 8 After entering the commands use the write memory command in the enable mode to save your configuration Configuring Switch B Using the CLI 1 Connect your computer to the console port on the switch 2 Open a Terminal program for example Hyper Terminal in Windows 3 Configure the console port settings as shown next Bps 9600 Data bits 8 Parity None otop bits 1 Flow control None 4 After you are connected successfully the login prompt displays Enter the administrator login username admi
99. ort Setting Static VLAN The Number Of VLAN 1 A T O ATE B aA A AEE Port Number eedem deleted Index VID 2 4 B 8 10 12 14 16 18 20 22 24 26 28 Elapsed Time Stal 1 a Bios Ii ceal Wis a SA Vike m We a E gS Ue EEA E VLAN 1 1 Wo jae d I 43 ei ei ei ei al 0 00 20 ta Static MAC Forwarding i px AISEIXEIqEIXEISEIdEIdEIdE SXE S Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Poll Interval s 40 Set Interval DHCP Relay DiffServ Change Pages Next Page Follow the steps in the previous section to configure VLANs 30 and 40 of which ports 9 10 and 11 are members After the configuration the VLAN Status screen should look similar to the figure as shown ZyXEL LITE o gt Status O Logout H Help VLAN Status J VLAN Port Setting Static VLAN The Number Of VLAN 3 Part Number 14 16 18 20 28 Elapsed Time 13 15 17 19 27 Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Part Authentic ation Part Security Access Control Queuing Method Classifier Palicy Rule VLAN Stacking Multicast Pollinterval s 40 Set interval DHCP Relay DiffServ Change Pages Next Paga Copyright 199 11 To configure VLAN Stac
100. own All contents copyright 2008 ZyXEL Communications Corporation 55 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL MENU m Status Fl Logout Help System Up Time 29 10 27 Port Link State LACP TxPkts RxPkts Errors TXKB s RxKB s Up Ti ILL RII Us CS SNR PIN d IIIA c RR ORAL NER LN S DUM c ccs cii ea iMRI ORR SER RASEN L 0 00 0D Down STOP Disabled 0 0 00 8 00 NS RE AE i 0 0 0 0 0 00 0 0 00 0 00 0 0 0 0 0 00 0 0 0 0 0 00 FW CNRC US 0 0 0 0 00 0 DOW sss Bo canst IO 0 3 4 T SAC ee M M ERES OWN L rr S NER i 0 8 g 1 a ainan OE aars RAMA a yaya AEn TETTE P o MEME IS OM 0 M WM MEE C NCC NHAC OA epee Bc DOM sR SSC ROSES SUSAN ENSE NUR NONE E NN LL NEL E rai eso arcere P ME MEM NEM WM 12 Down STOP LU Coe s Sie Gre 1S Ch DO E ema E eea IE era 0 a EE l S A 5 RS E M i DON C ciscus ONAR causa eae 0 Down STOP Disabled Disabled sO J m 3 1 a 4 o 70 e ce e e o a ce ce m Copyright 1995 2004 by ZyXEL Communi T First create VLAN groups for the ISP s network For this example VLAN 30 for company XX and VLAN 40 for company YY Click Advanced Application Switch Advances VLAN and click the Static VLAN link ZyXEL Status O Logout H Help Static VLAN _Basic Setting S VLAN Status J VLAN Port Setting The Number Of VLAN 1 Elab ndere kadit ae hie ERRORI Port Number defendet ed elei
101. port Notes 2 Click the Click Here link for Restore Configuration to display the following screen Maintenance To restore the device s configuration from a binary file browse the location of the configuration file and dick Restore button spn 5 File Path E HE Maintenance Diagnostic Syslog MAC Table ARP Table Loop Diagnostic CFM Action 3 In the File Path field click Browse to locate the firmware file 4 Click Restore to start restoring configuration Using the Console Port 1 Connect to the console port and launch a Terminal Emulation software 2 Restart the switch to enter the debug mode via the terminal 3 Enter ATLC 4 Use X modem protocol to transfer Send File the configuration file with a rom file extension 5 Enter ATGO to restart the switch after file transfer and the configuration restore processes are complete Using FTP 1 Download and unzipped the correct model firmware to your computer 2 Launch the FTP client on your computer to log into the switch From the command prompt type ftp Switch IP gt 3 Press ENTER when prompted for a user name 4 Enter the administrator login password to access the switch and display FTP prompt 5 Enter bin to set the transfer mode to binary 6 Use put to transfer the configuration file from the computer to the switch for example put comfig rom config transfers the configuration file on your computer config rom
102. r EE E EE E rc PAR spanning Tree Protocol Broadcast Storm Contral Mirroring Link Aggregation Port Authentication MAC Limit Access Control Queuing Method 100 P Classifier support 233 1 1 1 233 1 1 100 Policy Rule 4001 d VLAN Stacking MOD 224 1 100 20 224 1 100 200 Multicast M Q on MVR MVLAN Name Start Address End Address Delete All Delete Group 4 Open Advanced Application gt Multicast to enable the IGMP snooping feature at the Multicast configuration page To avoid the unknown multicast frames flooding to all VDSL ports check the Drop to make sure the unknown multicast frames will be dropped Click Apply button to save the settings e IUD IGMP Filtering Profile IGMP Snooping VLAN Multicast Status Active S IGMP Snoopin PUN h Sialic 802 1p Priority v A IGMP Filtering Active u IGMP Proxy Active O rag VLAN Unknown Multicast Frame O Forwarding 9 Drop Static MAC Forwarding Reserved Multicast Group 9 Forwarding Drop IGMP Host Timeout 260 Seconds Spanning Tree Protocol Broadcast Storm Control IGMP Leave Timeout 2 Seconds Mirroring Link Aggregation 3 z aia ez Port Name Type Immed Leave Max Multicast Group Profile IGMP Querier Mode Port Authentication T RR MAC Limit 1 porto1 VDSL Enable 2 MOD iv Access Control 2 porto2 VDSL Enable 2 MOD Queuing Method 3 pot03 VDSL Enable 2 MOD v Classifier a c ucc V v g V le Policy Rule porto v Enable D m VLAN Stacking 5 portos
103. r you enabled MAC limit on the port 6 using the CLI command the switch automatically disables MAC address learning on that port Display the Port Security screen to verify this All contents copyright 2008 ZyXEL Communications Corporation 96 ZyXEL VES 1616 24FA 5x Series Support Notes PP eer foe a n Wet ee ne rere eee FO Security Mode Port security JA ooo ME R E a a a ISDOREHELEEEDECBURSRE GL M EEEDEEEDEEQEEECUEREHEEEUEEUECEPE COD OO A AE E COEECD Tl in UT Port Active Address Learning Limited Number of Learned MAC Address Js zs static MAC Forwarding m I M Q REIR e Filtering o ee C Spanning Tree Protocol 3 54 aan je E TRUE I Eccl M sm Mirraring IERRSQROUOSUTLIIM E oo DIIFNVIFEVEFLITETUFZTENZEXCZK SRI TNT ICD Link Aggregation Port Authentication 8 MAC Limit 7 Access Control a Queuing occu MEM LUE oLIMTIIEDIETIEDDEIEICIX Ee aaa M LR cance smc EEEN Classifier 8 Policy Rule 10 VLAN Stacking 11 Multicast 12 7 7 RRR EIDE Pe Pe ee ere a re MM ee DHCP n 38 8 M d rr DiffServ 14 CFM 45 Il Iv 84 All contents copyright 2008 ZyXEL Communications Corporation 97 ZyXEL VES 1616 24FA 5x Series Support Notes Setting up 802 1x Radius Authentication Port Authentication RADIUS Setup Click Advanced Application gt Port Authentication in the navigation panel to display the port Authentication page and click RADIUS
104. re connected using the Ethernet port There are five VLANs on the first switch and seven VLANs on the second switch The Ethernet port is port 17 on both switches VLANs are configured on the switches but how to configure port 17 as the trunk port on both switches The following figure shows this network example All contents copyright 2008 ZyXEL Communications Corporation 37 ZyXEL VES 1616 24FA 5x Series Support Notes The VLAN configurations on the two switches are as follows VLAN 101 102 103 104 105 106 107 on switch A VLAN 101 102 103 104 105 on switch B 1 VLAN Configuration on switch A m AuyENECUENEP VLAN Port Setting Static VLAN The Number Of VLAN 9 Port Number Index VID 2 4 6 8 10 12 14 16 18 Elapsed Time Status 1 3 5 T g 11 13 15 17 LI Li LI LI LI LI LI LI LI 1 1 0 00 13 Static LI Li LI LI LI LI LI Li LI LI 2 5 g s z 2 101 0 00 18 Static LI T 5 LI r m z H A l 3 102 0 00 18 Static U T 2 e LI 5 2 l 4 103 0 00 18 static LI T E B LI 2 E l 5 104 0 00 18 static LI T gt 2 a LI gt l 6 105 0 00 18 static LI T e 5 LI l ri 106 0 00 18 static LI LI T LI LI l 8 107 0 00 18 Static LI T 2 VLAN Configuration on switch B All contents copyright 2008 ZyXEL Communications Corporation ZyXEL VES 1616 24FA 5x Series Support Notes
105. rea Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to a group All contents copyright 2008 ZyXEL Communications Corporation 24 ZyXEL VES 1616 24FA 5x Series Support Notes known as the VLAN Group A station can belong to more than one group Stations in the same VLAN group can communicate with each other With VLAN a station cannot directly communicate with stations that are not in the same VLAN group s the traffic must first go through a router In GePON applications VLAN is vital in providing isolation and security among subscribers When properly configured VLAN prevents one subscriber from accessing the network resources of another on the same LAN Thus a user will not see the printers and hard disks of another user in the same building VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain A VLAN group is a broadcast domain In traditional Layer 2 switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain There are two VLAN implementations Port based VLAN and IEEE 802 1q Tagged VLAN VES 1616F 3X supports both VLAN implementations The major difference between both VLAN implementations is that Tagged VLAN can cross Layer 2 switches but Port based VLAN cannot Port based VLAN Port based VLANs are VL
106. ridge ID than Switch B the designated port is selected on Switch A So Port 2 of Switch A is designated port Blocking Port 2 of Switch B the non designated port on the segment Forwarding All designated ports and root ports All contents copyright 2008 ZyXEL Communications Corporation 95 ZyXEL VES 1616 24FA 5x Series Support Notes Switching security MAC Limit As an added protection against network intrusion attacks ZyXEL has implemented the MAC limit feature on VES 1616FA 54 Security has been the main focus of our switch design With the MAC limit feature enabled dynamic MAC addresses on specified ports are stored in the static MAC address table At the same time MAC address learning is disabled on these ports thus denying network access for computers within unknown MAC addresses Without the MAC limit function any computer can access the network through a switch port The port automatically learns the computer s MAC address and stores it to the MAC address table Activate the MAC limit function on a port by entering the port security port number command in the CLI The following figure shows an example where the MAC limit feature is enabled on port 6 And port 6 only can dynamic learn 64 MAC addresses UES 1616FA S 4 UES 1616FA S 4 UES TBTBFR 84 UES TBTBFR 84 port security 6 port security B address limit port security B address limit 64 UES TBTBFR 84 UES TBTBFR 84 UES TBTBFR 84 H H HHHH Afte
107. rosoft ES CO WINDOWSlsystem32 failed failed failed failed failed failed failed failed failed failed failed failed failed failed failed failed failed failed sabled zl i Local Area Connection Click here to enter your user name and password For the network ED M du sizoPm Click on the message window and a login screen displays as shown Enter your account user name and password in the fields provided After you click OK and the authentication server has verified your account you can log into the system successfully This indicates that you have configured the client for 802 1x authentication correctly All contents copyright 2008 ZyXEL Communications Corporation 101 ZyXEL VES 1616 24FA 5x Series Support Notes Local Area Connection User name feyra Eazzwnrr oo Logon dam ain Cancel After the configuration the port is authenticated and the computer connected to this port is allowed to access the network Otherwise the computer cannot access the network Classifier amp Policy rule setup on your Switch This section shows you how to allow traffic from certain IP addresses and deny others This can be done easily using classifier and policy rules First you need to create a classifier rule to group traffic into data flows based on information such as the source address destination address port number and packet forma
108. rr ae i 0 8 E PM cama EN caeca yA SERRE B cima E NH EMEN OON l i 0 S a IHR Boss DOM cett AN ON SDS SAI Oz GAZ SUNS 44 Down STOP Disabled 0 adieu BENTL sess STOP Disdbled Eo i M NEM NENNEN WC MMEMNMENM I OMM N a DSL a usu SIE uL Bea 0 B MEER ILE LL Disabled SG Grey UO LOS men R eea UC SC LEDR Ch C LCHUCR yc co c o 3 e o va e Pal ena Copyright 1995 2004 by ZyXEL Communi T First create VLAN groups for the ISP s network For this example VLAN 30 for company XX and VLAN 40 for company YY Click Advanced Application Switch Advance VLAN and click the Static VLAN link ZyXEL MENU Status FE Logout H Help S VLAN Status J VLAN Port Setting Static VLAN The Number Of VLAN 1 p a Port Number Eanan Dax dude ARX A MS MN MM Ro Rv Te RR Index VID 1 1 2 1 4 1 B 1 8 20 22 24 25 28 Elapsed Time Stal B 3T 3 35 13 138 LE S EET M X 3 3 EE DAE E a EE cs c cs VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Pollinterval s 40 Set Interval DHCP Relay Change Pages Next Page 0 00 20 Sta Cca cC Icriexpse Cicer m ad S E jm emi cS DiffServ Copyright 1995 2004 by ZyXEL Communi All contents copyright 2008
109. rvice Infq 9Pecifying a Template for the rule If a mile dnes nnt have a template it is still funetinnal Requesting clients may still he allocated IP addresses and receive DHCP option data inherited from a parent rule or from the global template You may use an existing template or you may create a new template C Leave the rule without a template E Fannel Ww Doc1 Microsoft Word Inco anito Managemen Here enter 192 168 1 1 as gateway IP address for DHCP clients All contents copyright 2008 ZyXEL Communications Corporation 21 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 File i Export Wiza Reports 1mpo I1 EAA EA OO ECO IP Commander E 2 192 158 1 98 lt ONL Service Configuration for 192 168 1 99 ONLINE Stand alone gt E Service Configu Administrator Ac IP Commander Administrator Configuration Utility Network Views Client revisiqnie i k Hais Copyright c Ba REC E COS CS tee E f Sinpietit Incognito S Policies Access Control Samica Ini Selecting DHCP Options for the Template Management When a client satisfies a rule it will receive it s IP address along with the DHCP options Static Addresse Server k s in the linked template nr in the glahal template Lhent Llasses Service i Y Hardware Mapp Active IP Addre Available Options Selected ptions 1 Subnet Mask 3 3 Gateways Anti
110. scus ONAR causa eae 0 Down STOP Disabled Disabled sO J m 3 1 a 4 o 70 e ce e e o a ce ce m Copyright 1995 2004 by ZyXEL Communi T First create VLAN groups for the ISP s network For this example VLAN 30 for company XX and VLAN 40 for company YY Click Advanced Application Switch Advances VLAN and click the Static VLAN link ZyXEL Status O Logout H Help Static VLAN _Basic Setting S VLAN Status J VLAN Port Setting The Number Of VLAN 1 Elab ndere kadit ae hie ERRORI Port Number defendet ed elei etd Index VID 10 12 14 16 18 20 22 24 26 28 ElapsedTime Stal 9 48 13 18 37 18 21 23 25 2 JU f a ee y E E g E a E a a y JB J AE AE E VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Bandwidth Control Broadcast Storm Control Mirroring Link Aggregation Port Authentication Port Security Access Control Queuing Method Classifier Policy Rule VLAN Stacking Multicast Poll Interval s 40 Set Interval DHCP Relay DiffServ Change Pages Next Page Ci Ci C Cu c c eqo Cc Cc pho 0 00 20 Sta om Lum amp Copyright 1995 2004 by ZYXEL Communia All contents copyright 2008 ZyXEL Communications Corporation 53 ZyXEL VES 1616 24FA 5x Series Support Notes Follow the steps in the previous section to configure VLAN 30 of which ports 1 and 12 are members Since port 1 is an Access Port un select the Tx Tag
111. ss Port iv BEA Bandwidth Control 2 Access Port 1 ov Sennen Storm Control 3 Access Port al 1 ur cce nm Mirra nna CIIINIIIITSETTITTTTTUUPTTU S00 EIIDIDIIIDIUIITPPIUITIIT Ein Link Aggregation 4 Access Port M vem uu Port Authentication 5 Access Port v 1 0 Port Security B Access Port al a 0 Access Control CEU E Queuing Method i Access Part 1 UN Classifier 8 Access Port v LN Ov Encre g Access Port v 1 0 VLAN Stacking Multicast K pees ae A D DHCP Relay 11 Access Port D oss Ji MI aaay 12 Access Port E rana oy 1 i AM a m amp Copyright 1995 2004 by ZyXEL Communid To enable VLAN stacking select Active Set port 25 as the tunnel port and leave the SPVID field to the default settings 25 Tunnel Fort v 9 You have finished setting Switch D for VLAN stacking for this network example Configuring Switch G Using the Web Configurator 1 Use an RJ 45 Ethernet cable to connect your computer to the MGMT port on the switch 2 By default the IP address on the MGMT port is 192 168 0 1 24 3 Set your computer to use a static IP address in the same subnet for example 192 168 0 2 24 4 Open a web browser such as IE and enter http 192 168 0 1 as the URL 5 A login screen displays Enter admin the default as the username and 1234 the default as the password 6 After you have logged in successfully the main screen displays as sh
112. ss port of the specified VID e Fixed registration While ad control is fixed registration it means this is a static registration entry This port is the egress port of the specified VID a member port of the specified VLAN Frames with the specified VID tag can go through this port e Normal registration While ad control is normal registration it means this is a dynamic registration entry The forwarding decision is depended on the Dynamic VLAN table 4 Egress tag Control This information is used for Egress Process The value may be tagged or untagged If the value is tagged outgoing frames on the egress port is tagged If the value is untagged the tag will be removed before a frame leaves the egress port All contents copyright 2008 ZyXEL Communications Corporation 36 ZyXEL VES 1616 24FA 5x Series Support Notes 1 Forbidden Tag 10 2 Fixed Tag 3 10 Normal UnTag 20 Fixed Tag Fixed UnTag Filtering Database Dynamic VLAN DVLAN table 3 Egress Process The Egress Process decides if the outgoing frames are to be sent tagged or untagged The Egress Process refers to the egress tag control information in Filtering Database If the value is tagged outgoing frames on the egress port is tagged If the value is untagged the tag will be removed before a frame leaves the egress port Connecting Two Switches using VLAN This example shows you how to configure VLAN settings on two VES 1616FA 54 switches which a
113. t In this example we group traffic based on the packet format and set the VES 1616F 3X to apply its policy rules The following lists the three classifier rules that we will define in this example 1 Packet with a source IP address of 192 168 1 20 2 Packets on port 2 3 ARP traffic for testing Once packet classification settings are done we create policy rules to specify the actions on the matched packets so they get the deserved treatment in the network Here we also define three policy rules 1 Forward traffic from 192 168 1 20 only on the first classifier 2 Discard all the traffic from port 2 on the second classifier 3 Forward ARP packets on the third classifier All contents copyright 2008 ZyXEL Communications Corporation 102 ZyXEL VES 1616 24FA 5x Series Support Notes The following figures show the screen settings for each classifier rule Classifier Configuration Classifier 1 VLAN Static MAC Forwarding Filtering Spanning Tree Protocol Broadcast Storm Control Mirroring Layer2 Type Others 1 Hex Link Aggregation Any Port MAC Address bns imei DE mE NE MAC Limit Access Control Port PS VAStLST S3sA Queuing Method Any Destination MAC Address Classifier O mac B NE A aa ee aa eee SS ee ee eS SS itt VLAN Stacking DSCP O Multicast MVR All f E Establish only IP Protocol DHCP ME Oomes lDe s DiffServ IP Address 192168
114. ts DDNS amp TFTPI All contents copyright 2008 ZyXEL Communications Corporation IP Commander Administrator Configuration Utility Client revision 4 2 11 1 Copyright c 1998 2004 Incognito Software Inc Service Information Server Service Service revision Serial number of users in license Current of users Subscription expiry date Copy type Product number Service category Product key Operating system C501 Incognito IP Commander for NT 4 2 16 3 1000 255 0 End of Apr 2005 Demo 7101 1002 D4x IPC100 8F44 78D 2 3BS3C 5CAS Windows XP Service Pack 1 Gl Docl Microsoft Word Incognito Managemen Enter a name and description for the new rule 14 ZyXEL VES 1616 24FA 5x Series Support Notes Incognito Management Console configuring IP Commander on 192 168 1 99 ONLINE Stand alone gt Import Export W Reports Help IXxG6 B H6Gm5 a99 IP Commander 2 192 168 1 99 lt ONL V4 Create Rule E Service Configu Administrator c General Rule Criteria High Water Marks Rule Options Network Views mp purs Rule Wizard for 192 168 1 99 e Templates Policies mu Access Control Creating a rule Management Static Addresse rule consists of an address range and a set of criteria Lhent Llasses DHLP options are speciltied in a template which ts linked Hardware Mapp to the rule Active IP Addre Anti Roaming D View Audits Statistics Lease lime G DDNS amp TFTPI m Na
115. tus GVRP sss cms e ttt Port Ingress Check PVID GVRP Acceptable Frame Type VLAN Trunking 1 1 All M O Eos zw WB RM eg mem pa eee Um mem CURT qm UU Ugo qo Rm PUUUUYApUU qm mem PUUUU UPMU B Weg me UA UU qm EM M CM ee NNNM Ta MM MM ME e a aca MM iii NM MM Br pr a i nT i me Bo t Ree RR m so ee ge epee pe EU WpUU qm m s I up nT hn gt a NEN gU UU UT gw ws 7 NE CE asian ME MM uM ANM M In the VES 1 we set port 1 as VLAN 2 untag In the VES 2 we set port 2 as VLAN 2 untag The switch 1 IP address 192 168 1 31 The switch 2 IP address 192 168 1 21 After the configuration you can see that PC 1 connected to port 2 on switch 1 can still ping PC 2 connected to port 6 on switch 2 All contents copyright 2008 ZyXEL Communications Corporation 42 ZyXEL VES 1616 24FA 5x Series Support Notes EX C WINDO WSS ystem32 cmd exe ping 192 168 1 21 t Approximate round trip times in milli seconds Minimum Contral C at CoNsping 192 168 1 21 t Pinging 192 168 1 21 with 32 bytes of data from From From From from from from from from from from From From from from From 172 192 192 192 192 172 192 192 192 192 172 192 192 192 192 172 All contents copyright 2008 ZyXEL Communications Corporation Ame 168 168 168 168 168 168 168 168 168 168 168 168 168 i68 168 168 Maximum Bms zu eru Er pear DISP eu ea He
116. x type VLAN Name 50 and VLAN ID 50 in the columns Change Port 3 and Port 17 to fixed and keep port 17 tx tagging MENU LO rr ACTWE CO A Name F VLAN Group ID os D Port Control Tagging EE VLAN 1 Normal Fixed Forbidden Tx Tagging ene ene 2 Normal O Fixed O Forbidden MA Tx Tagging a z E Loue 3 O Normal Fixed Forbidden I txTagging UPC o 4 uuu Normal O Fixed O Forbidden TxTagging Mirroring vee 5 Normal O Fined O Forbidden Ml TxTagging Link Aggregation B 9 Normal O Fined O Forbidden TxTagging Port Authentication PS Normal OFkxed O Forbidden TxTagging MAC Limit su 8 Normal OFkxed O Forbidden TxTagging ducc re NES Normal OFkxed Forbidden Ml TxTagging pile MEN eedem 10 Normal OrFrbed Forbidden IV TxTagging eee 11 9 Normal Fixed Forbidden Tx Tagging Poe 0 ees A Te S TM ee S Ce E e VLAN Stadang UU iu 2 O Normal Fined Forbidden FiTxTaggng Cc MEN 13 Normal O Fixed O Forbidden Tx Tagging MVR ss M 9 Normal OFrxed Forbidden Ml TxTagging DHCP e 185 9 Normal O Fined O Forbidden Ml TxTagging DifSew 224
117. xTagging NEN 8 Norma O Fixed O Forbidden lv TxTagging NEN 9 Normal O Fixed O Forbidden lv T Taggng MK 10 Normal O Fixed O Forbidden lv T Tagging m 11 Normal O Fixed O Forbidden lv T Tagging NER 12 Normal Q Fixed O Forbidden lv TxTagging sss 13 Normal O Fixed QO Forbidden lv Tx Tagging NN 14 9 Normal O Fixed Q Forbidden lv TxTagging EN 15 9 Norma QO Fixed QO Forbidden MI TxTagging bl 16 Normal O Fixed O Forbidden lv TxTagging 17 Normal Fixed Forbidden v Tx Tagging 18 QGNoma Orbed Configure P 870H 51 According to the figure shown above we need to create different WAN interfaces in the VDSL modem for different traffic flows and also we need to create classification rule to identify these different traffic flows In this document we will use P 870H 51 for the configuration example The management IP address of P 870H 51 is 192 168 1 1 After logging in the first step is to create WAN Interface 1 Create WAN Interface via WEB GUI Forbidden All contents copyright 2008 ZyXEL Communications Corporation H Tx Tagging 82 ZyXEL VES 1616 24FA 5x Series Support Notes Device Info ERREP RAIS BE Advanced Setup Wide Area Network WAN Setup
118. y there are many methods to achieve the triple play application and this is an example to show how to configure the VDSL modem to achieve triple play application The network topology is shown on the figure below There are three kinds of service traffic flows with different VLAN ID The VLAN ID 201 is assigned for VoIP service VLAN ID 203 is for PPPoE traffic and VLAN 3988 is for VoD and other IP over Ethernet traffic and VLAN 4001 is multicast traffic for MoD Internet VID 201 VID 3988 amp 4001 Street Curb vVDSL Switch VDSL CPE Configure VES 1616FA 54 To apply triple play we need to enable IGMP feature in the CO side and create the VLANs to make sure all traffic flows are go through VES 1616FA 54 with correct VLAN ID 1 Open Advanced Application gt MVR to configure the MVR In the MVR configuration page check the Active checkbox to enable the MVR feature and fill in the Name and Multicast VLAN ID All contents copyright 2008 ZyXEL Communications Corporation T ZyXEL VES 1616 24FA 5x Series Support Notes Group Configuration lt lt 1 0 2AES SQQ I MISI LII eee a t m un IMVR ensign tpn RORR CUR UAR NUR RA hms eases SIR pS mma Mea a AENDE hr macnn eR ASG IURI NA AAAA A A EEEE EAEE RIE TRUE RAAE RIRAIRUR SIE TRUETE TR RAN WAR NAERED RRRRUGA SE NMR IMRIR MMA E AA ASN IRATE AL SUR eU d ical B vm VLAN Waar oad taceransss enne petes deed aa EEATT k e T B 5 MEE o a MEER DCN HIR 0b Brn PETER
119. y web In this example we enable the IGMP function on the GS 4024 an IGMP router to connect to a multimedia server Also we enable IGMP snooping function on the VES 1616F 3X the multimedia clients are connect to Media Stream Server 233 4 4 4 e GS 4024 SS CPE 233 4 4 4 Not a member Group member 1 In GS 4024 click the IP Application select IGMP where IGMP function can be enabled and we can select either IGMP v1 or IGMP v2 All contents copyright 2008 ZyXEL Communications Corporation 65 ZyXEL VES 1616 24FA 5x Series Support Notes ZyXEL Status O Logout El Help Bleacher e ee e derer er SII a Active iv Index Network Version 1o 18216847124 Nowe sw GME Apply Cancel IP Multicast DiffServ DHCP Le VRRP 2 In the VDSL Switch click Advanced Application gt Multicast gt Multicast Setting and then IGMP Snooping where we can enable IGMP snooping function with WEB GUI m OYE aD IGMP Filtering Profile IGMP Snooping VLAN Multicast Status Active IGMP Snoopin EA t h aip 8024p Priority No Change a D IGMP Filtering Active g gt _ IGMP Proxy Active HE VLAN Unknown Multicast Frame Forwarding 9 Drop Static MAC Forwarding Reserved Multicast Group Forwarding O Drop ERN IGMP Host Timeout Seconds Spanning Tree Protocol TE IEIIIIITIETIETEE Broadcast Storm Control MPleaveTimeout 2 Seconds Mirroring Link amp agregation p
120. your network STP detects disables network loops and provides backup links between switches or bridges It allows the device to interact with other STP compliant devices in your network to ensure that only one path exists between any two stations on the network The redundant topology without STP will cause the following problem 1 Broadcast storm Without Spanning Tree loop avoidance mechanism each switch will endlessly flood broadcast packets to all ports This situation is called broadcast storm e When Host sends a broadcast frame like an ARP request to Router the frame will be received by Switch A e Switch A identifies the destination MAC address field broadcast FF FF FF FF FF FF in the frame and determine to flood it onto Segment B When the broadcast frame arrives at Switch B the switch will repeat above process flood it to Segment A e The broadcast frame will endlessly travel around the loop network even id the router has already received this frame All contents copyright 2008 ZyXEL Communications Corporation 91 ZyXEL VES 1616 24FA 5x Series Support Notes segment B switch B 2 Filtering Database Instability When multiple copies of a frame arrive at different ports of a switch the MAC entry instability in Filtering Database will occur e Host sends a unicast frame to a router source MAC address is host s MAC destination MAC address is Router s MAC Both Switch A and Switch B will receive this frame an
121. yright 2008 ZyXEL Communications Corporation 84 ZyXEL VES 1616 24FA 5x Series Support Notes Device Info QoS Queue Configuration A maximum 24 entries can be configured Advanced Gabi If you disable WMM function in Wireless Page queues related to wireless will not take P effects WAN LAN Interfacename Description Precedence Queue Key Enable Remove Security wireless WMM Voice Priority 1 1 Guay ar Save wireless WMM Voice Priority 2 2 UM Queue Config QoS Classificati wireless WMM Video Priority Routing wireless WMM Video Priority 4 4 DNS E PorEMpplisg wireless WWMM Best Effort 2 5 Certificate wireless WMM Background 6 6 Wireless wireless WMM Background 7 Management wireless WMM Best Effort DSL 1 F Save Reboot In the QoS Queue Configuration page create a new Queue like on the figure below and click the Save Apply button to finish and save the settings QoS Queue Configuration The screen allows vou to configure a QoS queue entry and assign it to a specific DSL WAN service DSL WAN service with QoS enabled could be allocated maximum four queues Each queue can be configured for a specific precedence The queue entry configured here will be used by the classifier to place ingress packets appropriatelv Note Lower integer values for precedence imply higher priority for this queue relative to others Click Save Apply to save and activate the filter Queue Configuration Status Enable Queue DSL v Queue
Download Pdf Manuals
Related Search