User Guide
Page 12
...Optic Port 45 3.2 Rear Panel ...46 3.2.1 Power Connections ...46 3.3 LEDs ...47 Part II: Basic Configuration 49 Chapter 4 The Web Configurator ...51 4.1 Introduction ...51 4.2 System Login ...51 4.3 The Status Screen ...52 4.3.1 Change Your Password 56 4.4 Saving Your Configuration 57 4.5 Switch Lockout ...57 4.6 Resetting the Switch ...58 4.6.1 Reload the Factory-default ... Status Overview ...65 6.1.1 Status: Port Details 66 Chapter 7 Basic Setting ...71 7.1 Overview ...71 7.2 System Information ...71 7.3 General Setup ...73 7.4 Introduction to VLANs ...75 12 ES-2108 Series User's Guide
...Optic Port 45 3.2 Rear Panel ...46 3.2.1 Power Connections ...46 3.3 LEDs ...47 Part II: Basic Configuration 49 Chapter 4 The Web Configurator ...51 4.1 Introduction ...51 4.2 System Login ...51 4.3 The Status Screen ...52 4.3.1 Change Your Password 56 4.4 Saving Your Configuration 57 4.5 Switch Lockout ...57 4.6 Resetting the Switch ...58 4.6.1 Reload the Factory-default ... Status Overview ...65 6.1.1 Status: Port Details 66 Chapter 7 Basic Setting ...71 7.1 Overview ...71 7.2 System Information ...71 7.3 General Setup ...73 7.4 Introduction to VLANs ...75 12 ES-2108 Series User's Guide
User Guide
Page 17
... 205 27.3.2 Supported MIBs 205 27.3.3 SNMP Traps ...205 27.3.4 Configuring SNMP 208 27.3.5 Configuring SNMP Trap Group 210 27.4 Setting Up Login Accounts 211 27.5 SSH Overview ...213 27.6 How SSH works ...213 27.7 SSH Implementation on the Switch 214 27.7.1 Requirements for Using ...SSH 214 27.7.2 SSH Login Example 215 27.8 Introduction to HTTPS ...215 27.9 HTTPS Example ...216 27.9.1 Internet Explorer Warning Messages 216 27.9.2 Netscape Navigator Warning Messages 217...
... 205 27.3.2 Supported MIBs 205 27.3.3 SNMP Traps ...205 27.3.4 Configuring SNMP 208 27.3.5 Configuring SNMP Trap Group 210 27.4 Setting Up Login Accounts 211 27.5 SSH Overview ...213 27.6 How SSH works ...213 27.7 SSH Implementation on the Switch 214 27.7.1 Requirements for Using ...SSH 214 27.7.2 SSH Login Example 215 27.8 Introduction to HTTPS ...215 27.9 HTTPS Example ...216 27.9.1 Internet Explorer Warning Messages 216 27.9.2 Netscape Navigator Warning Messages 217...
User Guide
Page 21
...Rack 39 Figure 9 Wall-mounting Example ...40 Figure 10 Front Panel: ES-2108 ...41 Figure 11 Front Panel: ES-2108-F ...41 Figure 12 Front Panel: ES-2108-G/ES-2108PWR 42 Figure 13 Front Panel: ES-2108-LC ...42 Figure 14 Transceiver Installation Example 45 Figure 15 Installed ...Logins 57 Figure 23 Resetting the Switch: Via the Console Port (ES-2108-G 59 Figure 24 Web Configurator: Logout Screen 59 Figure 25 Initial Setup Network Example: VLAN 61 Figure 26 Initial Setup Network Example: Port VID 63 Figure 27 Initial Setup Example: Management IP Address 64 Figure 28 Status (ES-2108PWR...
...Rack 39 Figure 9 Wall-mounting Example ...40 Figure 10 Front Panel: ES-2108 ...41 Figure 11 Front Panel: ES-2108-F ...41 Figure 12 Front Panel: ES-2108-G/ES-2108PWR 42 Figure 13 Front Panel: ES-2108-LC ...42 Figure 14 Transceiver Installation Example 45 Figure 15 Installed ...Logins 57 Figure 23 Resetting the Switch: Via the Console Port (ES-2108-G 59 Figure 24 Web Configurator: Logout Screen 59 Figure 25 Initial Setup Network Example: VLAN 61 Figure 26 Initial Setup Network Example: Port VID 63 Figure 27 Initial Setup Example: Management IP Address 64 Figure 28 Status (ES-2108PWR...
User Guide
Page 27
... > SNMP 209 Table 85 Management > Access Control > SNMP > Trap Group 211 Table 86 Management > Access Control > Logins 212 Table 87 Management > Access Control > Service Access Control 219 Table 88 Management > Access Control > Remote Management 220 ...Levels ...223 Table 91 Management > Syslog ...224 Table 92 Management > Syslog > Server Setup 225 Table 93 ZyXEL Clustering Management Specifications 227 Table 94 Management > Cluster Management: Status 229 Table 95 FTP Upload to Cluster Member Example...Table 117 16-bit Network Number Subnet Planning 263 ES-2108 Series User's Guide 27
... > SNMP 209 Table 85 Management > Access Control > SNMP > Trap Group 211 Table 86 Management > Access Control > Logins 212 Table 87 Management > Access Control > Service Access Control 219 Table 88 Management > Access Control > Remote Management 220 ...Levels ...223 Table 91 Management > Syslog ...224 Table 92 Management > Syslog > Server Setup 225 Table 93 ZyXEL Clustering Management Specifications 227 Table 94 Management > Cluster Management: Status 229 Table 95 FTP Upload to Cluster Member Example...Table 117 16-bit Network Number Subnet Planning 263 ES-2108 Series User's Guide 27
User Guide
Page 51
... the Location or Address field. Web pop-up windows from your web browser. 2 Type "http://" and the IP address of the web configurator. ES-2108 Series User's Guide 51 The date and time display as an example. Not all fields are available on all models. 4.1 Introduction The web ...configurator is 1234. This guide primarily uses the ES-2108G screen shots as shown if you need to allow: • Web browser pop-up blocking is 1024 by default). 4.2 System Login 1 Start your device. In order to use the web configurator you have not configured...
... the Location or Address field. Web pop-up windows from your web browser. 2 Type "http://" and the IP address of the web configurator. ES-2108 Series User's Guide 51 The date and time display as an example. Not all fields are available on all models. 4.1 Introduction The web ...configurator is 1234. This guide primarily uses the ES-2108G screen shots as shown if you need to allow: • Web browser pop-up blocking is 1024 by default). 4.2 System Login 1 Start your device. In order to use the web configurator you have not configured...
User Guide
Page 52
B, C, D, E - Click this link to go to the status page of the Switch. 52 ES-2108 Series User's Guide The following figure shows the navigating components of your configuration into the Switch's nonvolatile memory. These are quick links which ...Nonvolatile memory is the configuration of a web configurator screen. Figure 21 Web Configurator Home Screen (Status) BC D E A A - Chapter 4 The Web Configurator Figure 20 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that stays the same even if...
B, C, D, E - Click this link to go to the status page of the Switch. 52 ES-2108 Series User's Guide The following figure shows the navigating components of your configuration into the Switch's nonvolatile memory. These are quick links which ...Nonvolatile memory is the configuration of a web configurator screen. Figure 21 Web Configurator Home Screen (Status) BC D E A A - Chapter 4 The Web Configurator Figure 20 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that stays the same even if...
User Guide
Page 54
... Setting DHCP DHCP Status Global VLAN Maintenance Firmware Upgrade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System Access Control SNMP Trap Group Logins Service Access Control Remote Management Diagnostic Syslog Syslog Setup Syslog Server Setup Cluster Management Status Configuration MAC Table ARP Table Configure Clone 54...
... Setting DHCP DHCP Status Global VLAN Maintenance Firmware Upgrade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System Access Control SNMP Trap Group Logins Service Access Control Remote Management Diagnostic Syslog Syslog Setup Syslog Server Setup Cluster Management Status Configuration MAC Table ARP Table Configure Clone 54...
User Guide
Page 56
... you to a screen where you can perform firmware and configuration file maintenance as well as reboot the system. Click Management > Access Control > Logins to a screen where you can enable DiffServ and set DSCP-toIEEE802.1p mappings. A static route defines how the Switch should forward traffic by configuring...takes you to other port(s). 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the system login password and configure SNMP and remote management. MAC Table This link takes you to a screen where you can clone port attributes of devices ...
... you to a screen where you can perform firmware and configuration file maintenance as well as reboot the system. Click Management > Access Control > Logins to a screen where you can enable DiffServ and set DSCP-toIEEE802.1p mappings. A static route defines how the Switch should forward traffic by configuring...takes you to other port(s). 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the system login password and configure SNMP and remote management. MAC Table This link takes you to a screen where you can clone port attributes of devices ...
User Guide
Page 57
Figure 22 Management > Access Control > Logins Chapter 4 The Web Configurator 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the ... web configurator if you are lost when the Switch's power is the management port of the following: 1 Deleting the management VLAN (default is turned off . ES-2108 Series User's Guide 57
Figure 22 Management > Access Control > Logins Chapter 4 The Web Configurator 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the ... web configurator if you are lost when the Switch's power is the management port of the following: 1 Deleting the management VLAN (default is turned off . ES-2108 Series User's Guide 57
User Guide
Page 127
When the client provides the login credentials, the Switch sends an authentication request to a IEEE 802.1x authentication enabled port goes through a validation process. The Switch prompts the client for port ... to install 802.1x client software. If your operating system documentation. The Switch supports IEEE 802.1x for login information in the form of writing, IEEE 802.1x is not supported by the user. ES-2108 Series User's Guide 127 IEEE 802.1x uses the RADIUS (Remote Authentication Dial In User Service...
When the client provides the login credentials, the Switch sends an authentication request to a IEEE 802.1x authentication enabled port goes through a validation process. The Switch prompts the client for port ... to install 802.1x client software. If your operating system documentation. The Switch supports IEEE 802.1x for login information in the form of writing, IEEE 802.1x is not supported by the user. ES-2108 Series User's Guide 127 IEEE 802.1x uses the RADIUS (Remote Authentication Dial In User Service...
User Guide
Page 128
... 16.2.1 Activate IEEE 802.1x Security Use this screen to display the screen as shown. 128 ES-2108 Series User's Guide Chapter 16 Port Authentication Figure 67 IEEE 802.1x Authentication Process 1 New Connection 2 Login Info Request 3 Login Credentials 4 Authentication Request 5 Authentication Reply Session Granted/Denied 16.2 Port Authentication Configuration To enable port...
... 16.2.1 Activate IEEE 802.1x Security Use this screen to display the screen as shown. 128 ES-2108 Series User's Guide Chapter 16 Port Authentication Figure 67 IEEE 802.1x Authentication Process 1 New Connection 2 Login Info Request 3 Login Credentials 4 Authentication Request 5 Authentication Reply Session Granted/Denied 16.2 Port Authentication Configuration To enable port...
User Guide
Page 151
... Switch can authenticate users who a user is and validating access to the Switch. Different user accounts may have the right to create new login accounts on the Switch but user B cannot. Accounting can also use an external server to authorize a large number of determining what a ... functions are known as AAA servers. The Switch can also record system related actions such as external authentication, authorization and accounting servers. ES-2108 Series User's Guide 151 The Switch can authorize users based on user accounts configured on the Switch itself . The Switch can use...
... Switch can authenticate users who a user is and validating access to the Switch. Different user accounts may have the right to create new login accounts on the Switch but user B cannot. Accounting can also use an external server to authorize a large number of determining what a ... functions are known as AAA servers. The Switch can also record system related actions such as external authentication, authorization and accounting servers. ES-2108 Series User's Guide 151 The Switch can authorize users based on user accounts configured on the Switch itself . The Switch can use...
User Guide
Page 158
...types of events to be sent to send information when commands of specified privilege level and higher are executed on the Switch. 158 ES-2108 Series User's Guide Configure the Switch to the accounting server(s): • System - to have the Switch check the administrator ... specified event types. This is only configurable for recording Commands type of event. You must configure the settings in the Access Control > Logins screen. to have the Switch send information to have the Switch send information to configure accounting settings on the Switch. Chapter 20 Authentication...
...types of events to be sent to send information when commands of specified privilege level and higher are executed on the Switch. 158 ES-2108 Series User's Guide Configure the Switch to the accounting server(s): • System - to have the Switch check the administrator ... specified event types. This is only configurable for recording Commands type of event. You must configure the settings in the Access Control > Logins screen. to have the Switch send information to have the Switch send information to configure accounting settings on the Switch. Chapter 20 Authentication...
User Guide
Page 160
... "shell:priv-lvl=N" or Vendor-ID = 9 (CISCO) Vendor-Type = 1 (CISCO-AVPAIR) Vendor-Data = "shell:priv-lvl=N" where N is specified. 160 ES-2108 Series User's Guide Table 53 Supported Tunnel Protocol Attribute FUNCTION ATTRIBUTE VLAN Assignment Tunnel-Type = VLAN(13) Tunnel-Medium-Type = 802(6) Tunnel-Private-Group... authentication. The following table describes the values you set the port's VID. This will also set the privilege level of a login account differently on the RADIUS server(s) and the Switch, the user is stored on the Switch. 20.3 Supported RADIUS Attributes Remote...
... "shell:priv-lvl=N" or Vendor-ID = 9 (CISCO) Vendor-Type = 1 (CISCO-AVPAIR) Vendor-Data = "shell:priv-lvl=N" where N is specified. 160 ES-2108 Series User's Guide Table 53 Supported Tunnel Protocol Attribute FUNCTION ATTRIBUTE VLAN Assignment Tunnel-Type = VLAN(13) Tunnel-Medium-Type = 802(6) Tunnel-Private-Group... authentication. The following table describes the values you set the port's VID. This will also set the privilege level of a login account differently on the RADIUS server(s) and the Switch, the user is stored on the Switch. 20.3 Supported RADIUS Attributes Remote...
User Guide
Page 161
... 20.3.2.1 Attributes Used for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time ES-2108 Series User's Guide 161 This value is date+time+8-digit sequential number, for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type...-MTU EAP-Message State Message-Authenticator 20.3.2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 20.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-...
... 20.3.2.1 Attributes Used for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time ES-2108 Series User's Guide 161 This value is date+time+8-digit sequential number, for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type...-MTU EAP-Message State Message-Authenticator 20.3.2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 20.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-...
User Guide
Page 202
and password is automatically supplied to login. Anonymous logins will not work only if your computer and renames it does not match, the Switch will disallow the session. 202 ES-2108 Series User's Guide The server requires a unique User ID and Password to the server for anonymous access. ...clients. If it to exit the ftp prompt. 26.8.3 GUI-based FTP Clients The following table describes some of the host server. Login Type Anonymous. Chapter 26 Maintenance Switch to your ISP or service administrator has enabled this option. Configuration and firmware files should be ...
and password is automatically supplied to login. Anonymous logins will not work only if your computer and renames it does not match, the Switch will disallow the session. 202 ES-2108 Series User's Guide The server requires a unique User ID and Password to the server for anonymous access. ...clients. If it to exit the ftp prompt. 26.8.3 GUI-based FTP Clients The following table describes some of the host server. Login Type Anonymous. Chapter 26 Maintenance Switch to your ISP or service administrator has enabled this option. Configuration and firmware files should be ...
User Guide
Page 203
... Web SNMP One session Share up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed. ES-2108 Series User's Guide 203 CHAPTER 27 Access Control This chapter describes how to control access to the Switch. 27.1 Access Control Overview A...One session Up to five accounts No limit A console port access control session and Telnet access control session cannot coexist when multi-login is disabled. Figure 121 Access Control Use these links to configure remote management options and create user accounts on disabling multi...
... Web SNMP One session Share up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed. ES-2108 Series User's Guide 203 CHAPTER 27 Access Control This chapter describes how to control access to the Switch. 27.1 Access Control Overview A...One session Up to five accounts No limit A console port access control session and Telnet access control session cannot coexist when multi-login is disabled. Figure 121 Access Control Use these links to configure remote management options and create user accounts on disabling multi...
User Guide
Page 210
...). to the Get, Set and Trap Community in this section to each SNMP manager. 210 ES-2108 Series User's Guide SHA authentication is a read-only number identifying a login account on the Switch. AES applies a 128-bit key to the SNMP manager. Data Encryption Standard is equivalent to implement...done configuring. Username Enter the username to be set at the same security level or higher than MD5, but breakable) method of the login accounts you want to the SNMP manager along with managers using SNMP v3. Security Level Select whether you specify in SNMP v2c. Authentication ...
...). to the Get, Set and Trap Community in this section to each SNMP manager. 210 ES-2108 Series User's Guide SHA authentication is a read-only number identifying a login account on the Switch. AES applies a 128-bit key to the SNMP manager. Data Encryption Standard is equivalent to implement...done configuring. Username Enter the username to be set at the same security level or higher than MD5, but breakable) method of the login accounts you want to the SNMP manager along with managers using SNMP v3. Security Level Select whether you specify in SNMP v2c. Authentication ...
User Guide
Page 211
.... The Switch loses these changes if it is always admin. You must first configure a trap destination IP address in this screen afresh. 27.4 Setting Up Login Accounts Up to the SNMP manager. Use the rest of the category's trap check boxes (the Switch only sends traps from selected categories). Clear the... traps that you are grouped by category. The username for individual traps that the Switch is someone who can both view and configure Switch changes. ES-2108 Series User's Guide 211
.... The Switch loses these changes if it is always admin. You must first configure a trap destination IP address in this screen afresh. 27.4 Setting Up Login Accounts Up to the SNMP manager. Use the rest of the category's trap check boxes (the Switch only sends traps from selected categories). Clear the... traps that you are grouped by category. The username for individual traps that the Switch is someone who can both view and configure Switch changes. ES-2108 Series User's Guide 211
User Guide
Page 212
...new system password. Only the administrator has read -only access. Click Access Control from the navigation panel and then click Logins from this screen. Table 86 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default password when shipped). New Password Enter your new system password. User Name Set a... " It is highly recommended that you change the default administrator user name. Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for confirmation ES-2108 Series User's Guide
...new system password. Only the administrator has read -only access. Click Access Control from the navigation panel and then click Logins from this screen. Table 86 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default password when shipped). New Password Enter your new system password. User Name Set a... " It is highly recommended that you change the default administrator user name. Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for confirmation ES-2108 Series User's Guide