User Guide
Page 15
... 22.1.2 RADIUS and TACACS 174 22.2 AAA Screens ...174 22.2.1 RADIUS Server Setup 175 22.2.2 TACACS+ Server Setup 177 22.2.3 AAA Setup ...179 22.2.4 Vendor Specific Attribute 182 22.3 Supported RADIUS Attributes 183 ES-2024 Series User's Guide 15
... 22.1.2 RADIUS and TACACS 174 22.2 AAA Screens ...174 22.2.1 RADIUS Server Setup 175 22.2.2 TACACS+ Server Setup 177 22.2.3 AAA Setup ...179 22.2.4 Vendor Specific Attribute 182 22.3 Supported RADIUS Attributes 183 ES-2024 Series User's Guide 15
User Guide
Page 18
... Works ...273 34.2 Viewing the ARP Table 274 Chapter 35 Configure Clone ...275 35.1 Configure Clone ...275 Part VI: Appendices and Index 277 Appendix A Product Specifications 279 18 ES-2024 Series User's Guide
... Works ...273 34.2 Viewing the ARP Table 274 Chapter 35 Configure Clone ...275 35.1 Configure Clone ...275 Part VI: Appendices and Index 277 Appendix A Product Specifications 279 18 ES-2024 Series User's Guide
User Guide
Page 35
... port and the corresponding Gigabit port are connected at the same time, the Gigabit port will be disabled. See the SFF committee's INF8074i specification Rev 1.0 for mini-GBIC (Gigabit Interface Converter) transceivers. There are two pairs of fiber-optic connectors. • Type: SFP connection ...transceiver (SFP module). The Switch does not come with transceivers. This means that comply with the SFP Transceiver MultiSource Agreement (MSA). ES-2024 Series User's Guide 35 The mini-GBIC ports have priority over the Gigabit ports. Chapter 3 Hardware Overview An auto-crossover ...
... port and the corresponding Gigabit port are connected at the same time, the Gigabit port will be disabled. See the SFF committee's INF8074i specification Rev 1.0 for mini-GBIC (Gigabit Interface Converter) transceivers. There are two pairs of fiber-optic connectors. • Type: SFP connection ...transceiver (SFP module). The Switch does not come with transceivers. This means that comply with the SFP Transceiver MultiSource Agreement (MSA). ES-2024 Series User's Guide 35 The mini-GBIC ports have priority over the Gigabit ports. Chapter 3 Hardware Overview An auto-crossover ...
User Guide
Page 43
Click this link to go to the status page of the web configurator. Click this link to a specific configuration file. E - The help pages. ES-2024 Series User's Guide 43 Figure 17 Web Configurator Home Screen (Status) B C DE A A - Click the menu items to open the screen in . B, C, D, E - Click this link ...
Click this link to go to the status page of the web configurator. Click this link to a specific configuration file. E - The help pages. ES-2024 Series User's Guide 43 Figure 17 Web Configurator Home Screen (Status) B C DE A A - Click the menu items to open the screen in . B, C, D, E - Click this link ...
User Guide
Page 59
...DHCP Relay Scenario ES-2024 Series User's Guide 59 The DHCP server can then assign a specific IP address based on the information in the DHCP requests. 6.1.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address ...172.16.1.18) to DHCP client A based on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server. CHAPTER 6 Tutorials This chapter provides an example of using the web configurator to set up and use the Switch. 6.1 How to...
...DHCP Relay Scenario ES-2024 Series User's Guide 59 The DHCP server can then assign a specific IP address based on the information in the DHCP requests. 6.1.1 DHCP Relay Tutorial Introduction In this example, you have configured your DHCP server (192.168.2.3) and want to have it assign a specific IP address ...172.16.1.18) to DHCP client A based on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server. CHAPTER 6 Tutorials This chapter provides an example of using the web configurator to set up and use the Switch. 6.1 How to...
User Guide
Page 63
Chapter 6 Tutorials 5 Click Apply to save your changes back to save your settings take effect. ES-2024 Series User's Guide 63 Figure 29 Tutorial: Set DHCP Server and Relay Information 6 Click the Save link in VLAN 102. 2 You configured the correct ... the DHCP server and the Switch. 3 You clicked the Save link on the Switch to have your configuration permanently. 7 The DHCP server can then assign a specific IP address based on the DHCP request. 6.1.4 Troubleshooting Check the client A's IP address. If it did not receive the IP address 172.16.1.18, make...
Chapter 6 Tutorials 5 Click Apply to save your changes back to save your settings take effect. ES-2024 Series User's Guide 63 Figure 29 Tutorial: Set DHCP Server and Relay Information 6 Click the Save link in VLAN 102. 2 You configured the correct ... the DHCP server and the Switch. 3 You clicked the Save link on the Switch to have your configuration permanently. 7 The DHCP server can then assign a specific IP address based on the DHCP request. 6.1.4 Troubleshooting Check the client A's IP address. If it did not receive the IP address 172.16.1.18, make...
User Guide
Page 76
...24 hour format. local time. In Germany for information on the first Sunday of GMT or UTC (GMT+1). the traffic must first go to a specific broadcast domain. See Chapter 9 on page 91 for instance, you would select 2:00 because Germany's time zone is vital in the United States ...on port-based and 802.1Q tagged VLANs. 76 ES-2024 Series User's Guide In traditional switched environments, all broadcasts are done configuring. Here are not in the European Union you would select Last...
...24 hour format. local time. In Germany for information on the first Sunday of GMT or UTC (GMT+1). the traffic must first go to a specific broadcast domain. See Chapter 9 on page 91 for instance, you would select 2:00 because Germany's time zone is vital in the United States ...on port-based and 802.1Q tagged VLANs. 76 ES-2024 Series User's Guide In traditional switched environments, all broadcasts are done configuring. Here are not in the European Union you would select Last...
User Guide
Page 91
... that switches need to process the frame across bridges - To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware ES-2024 Series User's Guide 91 This chapter shows you selected in the MAC header to identify the VLAN membership of a frame across the network. The... given as it is to an untagged port. If a frame received at an Ethernet port has a CFI set to zero for Ethernet switches. A frame with a specific VLAN and provides the information that user priority and VLAN ID are 4,094. Of the 4096 possible VIDs, a VID of 0 is used to identify priority...
... that switches need to process the frame across bridges - To forward a frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware ES-2024 Series User's Guide 91 This chapter shows you selected in the MAC header to identify the VLAN membership of a frame across the network. The... given as it is to an untagged port. If a frame received at an Ethernet port has a CFI set to zero for Ethernet switches. A frame with a specific VLAN and provides the information that user priority and VLAN ID are 4,094. Of the 4096 possible VIDs, a VID of 0 is used to identify priority...
User Guide
Page 92
...confining the broadcast to automatically register VLAN membership across the network. The default PVID is made by a GVRP registration/ deregistration process. 92 ES-2024 Series User's Guide A declaration is VLAN 1 for example, GVRP. 9.2.1.1 GARP Timers Switches join VLANs by issuing a Leave ...off the VLAN tag. GARP is a VLAN configured by issuing a Join message using GARP. Declarations are the protocols used to a specific domain. 9.2 Automatic VLAN Registration GARP and GVRP are withdrawn by making a declaration. Chapter 9 VLAN switch, the Switch first decides ...
...confining the broadcast to automatically register VLAN membership across the network. The default PVID is made by a GVRP registration/ deregistration process. 92 ES-2024 Series User's Guide A declaration is VLAN 1 for example, GVRP. 9.2.1.1 GARP Timers Switches join VLANs by issuing a Leave ...off the VLAN tag. GARP is a VLAN configured by issuing a Join message using GARP. Declarations are the protocols used to a specific domain. 9.2 Automatic VLAN Registration GARP and GVRP are withdrawn by making a declaration. Chapter 9 VLAN switch, the Switch first decides ...
User Guide
Page 100
..., a port through which they were created. The CPU management port forms a VLAN with all Ethernet ports. 100 ES-2024 Series User's Guide Note: In screens (such as the VID. Port-based VLANs are specific only to each port. Therefore, if you activate port-based VLAN, the Switch uses a default VLAN ID of...
..., a port through which they were created. The CPU management port forms a VLAN with all Ethernet ports. 100 ES-2024 Series User's Guide Note: In screens (such as the VID. Port-based VLANs are specific only to each port. Therefore, if you activate port-based VLAN, the Switch uses a default VLAN ID of...
User Guide
Page 110
Figure 49 No Static Multicast Forwarding Figure 50 Static Mutlicast Forwarding to A Single Port Figure 51 Static Mutlicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to port 3. Chapter 11 Static Multicast Forwarding being forwarded to ports 2 and 3 within VLAN group 4. Figure 51 shows frames being forwarded to devices connected to specific port(s). 110 ES-2024 Series User's Guide
Figure 49 No Static Multicast Forwarding Figure 50 Static Mutlicast Forwarding to A Single Port Figure 51 Static Mutlicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to port 3. Chapter 11 Static Multicast Forwarding being forwarded to ports 2 and 3 within VLAN group 4. Figure 51 shows frames being forwarded to devices connected to specific port(s). 110 ES-2024 Series User's Guide
User Guide
Page 111
... is for ports 3, 4, and 5. For example, enter "3-5" for identification only. The Switch loses this rule if it by (no space) comma (,) or hyphen (-). ES-2024 Series User's Guide 111 You may temporarily deactivate a rule without deleting it is 03 in hexadecimal, so 01:00:5e:00:00:0A and... to 32 printable ASCII characters) for this screen afresh. Name Type a descriptive name (up to the non-volatile memory when you don't have a specific target VLAN, enter 1. For example, the first octet pair 00000001 is 01 and 00000011 is turned off or loses power, so use the Save link...
... is for ports 3, 4, and 5. For example, enter "3-5" for identification only. The Switch loses this rule if it by (no space) comma (,) or hyphen (-). ES-2024 Series User's Guide 111 You may temporarily deactivate a rule without deleting it is 03 in hexadecimal, so 01:00:5e:00:00:0A and... to 32 printable ASCII characters) for this screen afresh. Name Type a descriptive name (up to the non-volatile memory when you don't have a specific target VLAN, enter 1. For example, the first octet pair 00000001 is 01 and 00000011 is turned off or loses power, so use the Save link...
User Guide
Page 117
... submitted to forwarding state so as one single bridge on the two switches. All information frames are configured on the network. • A VLAN can be ES-2024 Series User's Guide 117 Table 24 STP Port States PORT STATE DESCRIPTION Disabled STP is backward compatible with STP/ RSTP and addresses the limitations... possible as traffic from blocking state to the learning process but not forwarded. Learning Forwarding Note: The listening state does not exist in networks to a specific Multiple Spanning Tree Instance (MSTI).
... submitted to forwarding state so as one single bridge on the two switches. All information frames are configured on the network. • A VLAN can be ES-2024 Series User's Guide 117 Table 24 STP Port States PORT STATE DESCRIPTION Disabled STP is backward compatible with STP/ RSTP and addresses the limitations... possible as traffic from blocking state to the learning process but not forwarded. Learning Forwarding Note: The listening state does not exist in networks to a specific Multiple Spanning Tree Instance (MSTI).
User Guide
Page 119
.... The following parameters: • Name of the MST region • Revision level as an MST ID) known internally to run on a specific MSTI. Any VLANs that runs between MST regions ES-2024 Series User's Guide 119 In an MSTP-enabled network, there is equivalent to a spanning tree in Different Regions 13.1.4.4 Common...
.... The following parameters: • Name of the MST region • Revision level as an MST ID) known internally to run on a specific MSTI. Any VLANs that runs between MST regions ES-2024 Series User's Guide 119 In an MSTP-enabled network, there is equivalent to a spanning tree in Different Regions 13.1.4.4 Common...
User Guide
Page 126
...following table describes the labels in this check box to activate MSTP on the Switch. The allowed range is 4 to listen for the specific spanning tree instance. In addition, each port needs time to 30 seconds. The Switch supports instance numbers 0-16. Active Select this screen.... you are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 and 61440). 126 ES-2024 Series User's Guide Devices must receive information about topology changes before changing states. The lower the number, the more likely the Switch will wait...
...following table describes the labels in this check box to activate MSTP on the Switch. The allowed range is 4 to listen for the specific spanning tree instance. In addition, each port needs time to 30 seconds. The Switch supports instance numbers 0-16. Active Select this screen.... you are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344 and 61440). 126 ES-2024 Series User's Guide Devices must receive information about topology changes before changing states. The lower the number, the more likely the Switch will wait...
User Guide
Page 157
...reports on IGMP versions 1, 2 and 3 respectively. 21.1.1 IP Multicast Addresses In IPv4, a multicast address allows a device to send packets to a specific group of either two ways - IP addresses in the Class D range (224.0.0.0 to 239.255.255.255) are transmitted in one of hosts (...multicast group) in a multicast group - You can join. ES-2024 Series User's Guide 157 A multicast IP address represents a traffic receiving group, not individual receiving devices. CHAPTER 21 Multicast This chapter shows you...
...reports on IGMP versions 1, 2 and 3 respectively. 21.1.1 IP Multicast Addresses In IPv4, a multicast address allows a device to send packets to a specific group of either two ways - IP addresses in the Class D range (224.0.0.0 to 239.255.255.255) are transmitted in one of hosts (...multicast group) in a multicast group - You can join. ES-2024 Series User's Guide 157 A multicast IP address represents a traffic receiving group, not individual receiving devices. CHAPTER 21 Multicast This chapter shows you...
User Guide
Page 181
...have the Switch send accounting information to all configured accounting servers at the level you want to use RADIUS or TACACS+ for authorization of specific types of a session. • Commands - This is only configurable for IEEE 802.1x authorization. Configure the Switch to send information ...the Switch sends an update to the accounting server. Configure the Switch to the accounting server only when a user ends a session. ES-2024 Series User's Guide 181 Click Apply to save your changes to the Switch's run-time memory. Click Cancel to configure accounting settings...
...have the Switch send accounting information to all configured accounting servers at the level you want to use RADIUS or TACACS+ for authorization of specific types of a session. • Commands - This is only configurable for IEEE 802.1x authorization. Configure the Switch to send information ...the Switch sends an update to the accounting server. Configure the Switch to the accounting server only when a user ends a session. ES-2024 Series User's Guide 181 Click Apply to save your changes to the Switch's run-time memory. Click Cancel to configure accounting settings...
User Guide
Page 182
... on the Switch. Chapter 22 AAA 22.2.4 Vendor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device... An identification number assigned to the company by the IANA (Internet Assigned Numbers Authority). ZyXEL's vendor ID is 890. • Vendor-Type: A vendor specified attribute, identifying the... user connects to configure VSAs for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to the setting. Table 53 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment...
... on the Switch. Chapter 22 AAA 22.2.4 Vendor Specific Attribute RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device... An identification number assigned to the company by the IANA (Internet Assigned Numbers Authority). ZyXEL's vendor ID is 890. • Vendor-Type: A vendor specified attribute, identifying the... user connects to configure VSAs for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to the setting. Table 53 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment...
User Guide
Page 183
... also set the privilege level of a login account differently on the RADIUS server(s) and the Switch, the user is assigned a privilege level from 0 to define specific authentication, and accounting elements in a user profile, which is a privilege level (from the database (RADIUS or local) the Switch uses first for user authentication. 22... a VLAN with the specified VID on the Switch. 22.3 Supported RADIUS Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are data used to 14). ES-2024 Series User's Guide 183
... also set the privilege level of a login account differently on the RADIUS server(s) and the Switch, the user is assigned a privilege level from 0 to define specific authentication, and accounting elements in a user profile, which is a privilege level (from the database (RADIUS or local) the Switch uses first for user authentication. 22... a VLAN with the specified VID on the Switch. 22.3 Supported RADIUS Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are data used to 14). ES-2024 Series User's Guide 183
User Guide
Page 184
...the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - In cases where the attribute has a specific format associated with it, the format is the privilege level (1-14) User-Password NAS-Identifier NAS-IP-Address 22.3.1.2 Attributes Used to Login...Address 22.3.1.3 Attributes Used by authentication and accounting functions on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 184 ES-2024 Series User's Guide Refer to RFC 2865 for more information about RADIUS attributes used for authentication. This value is set to ...
...the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - In cases where the attribute has a specific format associated with it, the format is the privilege level (1-14) User-Password NAS-Identifier NAS-IP-Address 22.3.1.2 Attributes Used to Login...Address 22.3.1.3 Attributes Used by authentication and accounting functions on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator 184 ES-2024 Series User's Guide Refer to RFC 2865 for more information about RADIUS attributes used for authentication. This value is set to ...