User Guide
Page 1
ES-3124 Series Intelligent Layer 2+ Switch User's Guide Version 3.80 8/2007 Edition 1 DEFAULT LOGIN In-band IP Address http://192.168.1.1 Out-of-band IP Address http://192.168.0.1 User Name admin Password 1234 www.zyxel.com
ES-3124 Series Intelligent Layer 2+ Switch User's Guide Version 3.80 8/2007 Edition 1 DEFAULT LOGIN In-band IP Address http://192.168.1.1 Out-of-band IP Address http://192.168.0.1 User Name admin Password 1234 www.zyxel.com
User Guide
Page 12
... 42 3.4 LEDs ...42 Part III: Web Configurator 45 Chapter 4 The Web Configurator ...47 4.1 Introduction ...47 4.2 System Login ...47 4.3 The Status Screen ...48 4.3.1 Change Your Password 53 4.4 Saving Your Configuration 53 4.5 Switch Lockout ...54 4.6 Resetting the Switch ...54 4.6.1 Reload the Configuration File 54 4.7 Logging Out of the Web Configurator 55 4.8 Help...Status and Port Statistics 61 6.1 Overview ...61 6.2 Port Status Summary ...61 6.2.1 Status: Port Details 62 Chapter 7 Basic Setting ...67 7.1 Overview ...67 7.2 System Information ...67 12 ES-3124 Series User's Guide
... 42 3.4 LEDs ...42 Part III: Web Configurator 45 Chapter 4 The Web Configurator ...47 4.1 Introduction ...47 4.2 System Login ...47 4.3 The Status Screen ...48 4.3.1 Change Your Password 53 4.4 Saving Your Configuration 53 4.5 Switch Lockout ...54 4.6 Resetting the Switch ...54 4.6.1 Reload the Configuration File 54 4.7 Logging Out of the Web Configurator 55 4.8 Help...Status and Port Statistics 61 6.1 Overview ...61 6.2 Port Status Summary ...61 6.2.1 Status: Port Details 62 Chapter 7 Basic Setting ...67 7.1 Overview ...67 7.2 System Information ...67 12 ES-3124 Series User's Guide
User Guide
Page 27
... re-configure the Switch. If you backed up the configuration (and make the Switch more effectively. • Change the password. Use a password that's not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down ...password, you will have to reset the Switch to restore it in a safe place. • Back up an earlier configuration file, you know how to its factory default settings. Restoring an earlier working configuration may be monitored and/or managed by an SNMP manager. If you forget your last configuration. ES-3124...
... re-configure the Switch. If you backed up the configuration (and make the Switch more effectively. • Change the password. Use a password that's not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down ...password, you will have to reset the Switch to restore it in a safe place. • Back up an earlier configuration file, you know how to its factory default settings. Restoring an earlier working configuration may be monitored and/or managed by an SNMP manager. If you forget your last configuration. ES-3124...
User Guide
Page 47
... web browser. 2 Type "http://" and the IP address of the web configurator. 4.1 Introduction The web configurator is 1024 by default). 4.2 System Login 1 Start your device. ES-3124 Series User's Guide 47 CHAPTER 4 The Web Configurator This section introduces the configuration and functions of the Switch (for example, the default is 1234. In.... Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. Press [ENTER]. 3 The login screen appears. The default username is admin and associated default password is 192.168.1.1) in the General Setup screen.
... web browser. 2 Type "http://" and the IP address of the web configurator. 4.1 Introduction The web configurator is 1024 by default). 4.2 System Login 1 Start your device. ES-3124 Series User's Guide 47 CHAPTER 4 The Web Configurator This section introduces the configuration and functions of the Switch (for example, the default is 1234. In.... Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. Press [ENTER]. 3 The login screen appears. The default username is admin and associated default password is 192.168.1.1) in the General Setup screen.
User Guide
Page 52
...can configure the Switch to perform special treatment on the specified criteria. The external servers can view system logs and test port(s). 52 ES-3124 Series User's Guide Access Control This link takes you to screens where you can logically aggregate physical links to form one port or...configure protection against network loops that you can examine the traffic from specified source(s) to a screen where you can change the system login password and configure SNMP and remote management. Loop Guard This link takes you to a screen where you can cap the maximum bandwidth allowed ...
...can configure the Switch to perform special treatment on the specified criteria. The external servers can view system logs and test port(s). 52 ES-3124 Series User's Guide Access Control This link takes you to screens where you can logically aggregate physical links to form one port or...configure protection against network loops that you can examine the traffic from specified source(s) to a screen where you can change the system login password and configure SNMP and remote management. Loop Guard This link takes you to a screen where you can cap the maximum bandwidth allowed ...
User Guide
Page 53
ES-3124 Series User's Guide 53 ARP Table This link takes you to display the... lost when the Switch's power is turned off . IP address resolution table. Figure 22 Change Administrator Login Password 4.4 Saving Your Configuration When you can configure clustering management and view its status. Settings in the run-time...Management This link takes you can copy attributes of devices attached to screens where you change the default administrator password. Nonvolatile memory refers to the Switch's storage that remains even if the Switch's power is recommended you can...
ES-3124 Series User's Guide 53 ARP Table This link takes you to display the... lost when the Switch's power is turned off . IP address resolution table. Figure 22 Change Administrator Login Password 4.4 Saving Your Configuration When you can configure clustering management and view its status. Settings in the run-time...Management This link takes you can copy attributes of devices attached to screens where you change the default administrator password. Nonvolatile memory refers to the Switch's storage that remains even if the Switch's power is recommended you can...
User Guide
Page 54
... traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from the Switch or forget the administrator password, you will lose all previous configurations and the speed of the console port will need to reload the...replaces the current configuration file with 8 data bit, no parity, one stop bit and flow control set to none. The password will see the initial screen. 54 ES-3124 Series User's Guide When you reconnect the Switch's power, you will also be reset to the default of 9600bps with ...
... traffic to the CPU port. 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from the Switch or forget the administrator password, you will lose all previous configurations and the speed of the console port will need to reload the...replaces the current configuration file with 8 data bit, no parity, one stop bit and flow control set to none. The password will see the initial screen. 54 ES-3124 Series User's Guide When you reconnect the Switch's power, you will also be reset to the default of 9600bps with ...
User Guide
Page 55
...User's Guide 55 press any key to restart the Switch. Erasing OK ES-3124> atgo The Switch is recommended after you finish a management session for the "Starting XMODEM upload" message before activating XMODEM upload on your password again after the "Enter Debug Mode" message. 5 Wait for security...have to log in with a default configuration file including the default password of "1234". 4.7 Logging Out of the Web Configurator Click Logout in a screen to enter Debug Mode within 3 seconds Enter Debug Mode ES-3124> atlc Starting XMODEM upload (CRC mode).... Figure 23 Resetting the ...
...User's Guide 55 press any key to restart the Switch. Erasing OK ES-3124> atgo The Switch is recommended after you finish a management session for the "Starting XMODEM upload" message before activating XMODEM upload on your password again after the "Enter Debug Mode" message. 5 Wait for security...have to log in with a default configuration file including the default password of "1234". 4.7 Logging Out of the Web Configurator Click Logout in a screen to enter Debug Mode within 3 seconds Enter Debug Mode ES-3124> atlc Starting XMODEM upload (CRC mode).... Figure 23 Resetting the ...
User Guide
Page 133
... to a port based on the MAC address and password of authentication use the RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) protocol to validate users. " If you may need to install 802.1x client software. ES-3124 Series User's Guide 133 Both types of the client... - See Section 23.1.2 on page 180 for more information on an external server (authentication server). At the time of a user name and password. An authentication server validates access to a port based on the same port, the Switch performs IEEE 802.1x authentication first. CHAPTER 16 Port ...
... to a port based on the MAC address and password of authentication use the RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) protocol to validate users. " If you may need to install 802.1x client software. ES-3124 Series User's Guide 133 Both types of the client... - See Section 23.1.2 on page 180 for more information on an external server (authentication server). At the time of a user name and password. An authentication server validates access to a port based on the same port, the Switch performs IEEE 802.1x authentication first. CHAPTER 16 Port ...
User Guide
Page 134
... Session Granted/Denied ES-3124 Series User's Guide Chapter 16 Port Authentication Figure 71 IEEE 802.1x Authentication Process 1 New Connection 2 Login Info Request 3 Login Credentials 4 Authentication Request 5 Authentication Reply Session Granted/Denied 16.1.2 MAC Authentication MAC authentication works in a very similar way to a port on the Switch along with a password configured specifically...
... Session Granted/Denied ES-3124 Series User's Guide Chapter 16 Port Authentication Figure 71 IEEE 802.1x Authentication Process 1 New Connection 2 Login Info Request 3 Login Credentials 4 Authentication Request 5 Authentication Reply Session Granted/Denied 16.1.2 MAC Authentication MAC authentication works in a very similar way to a port on the Switch along with a password configured specifically...
User Guide
Page 136
...Use this row only if you want to the port. Reauthentication Specify how often a client has to re-enter his or her username and password to stay Timer connected to make some settings the same for all ports. Cancel Click Cancel to begin configuring this screen afresh. 16.2.2 Activate ...Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to all ports. Apply Click Apply to save your changes to all the ports as soon as shown. 136 ES-3124 Series User's Guide The Switch loses these changes if it on the top navigation...
...Use this row only if you want to the port. Reauthentication Specify how often a client has to re-enter his or her username and password to stay Timer connected to make some settings the same for all ports. Cancel Click Cancel to begin configuring this screen afresh. 16.2.2 Activate ...Specify if a subscriber has to periodically re-enter his or her username and password to stay connected to all ports. Apply Click Apply to save your changes to all the ports as soon as shown. 136 ES-3124 Series User's Guide The Switch loses these changes if it on the top navigation...
User Guide
Page 137
...time before configuring it on the Switch. Table 42 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this setting. Type the password the Switch sends along with the RADIUS server. Note: If the Aging Time in the Switch Setup screen is cleared. Chapter 16 Port Authentication...the client is 3000 seconds. Port This field displays a port number. Maximum time is forwarded to permit MAC authentication on each port. ES-3124 Series User's Guide 137 If you specify 0 for authentication with the MAC address of denied.
...time before configuring it on the Switch. Table 42 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this setting. Type the password the Switch sends along with the RADIUS server. Note: If the Aging Time in the Switch Setup screen is cleared. Chapter 16 Port Authentication...the client is 3000 seconds. Port This field displays a port number. Maximum time is forwarded to permit MAC authentication on each port. ES-3124 Series User's Guide 137 If you specify 0 for authentication with the MAC address of denied.
User Guide
Page 180
.... Table 62 RADIUS vs TACACS+ RADIUS TACACS+ Transport Protocol UDP (User Datagram Protocol) TCP (Transmission Control Protocol) Encryption Encrypts the password sent for RADIUS attributes utilized by means of an external server instead of (or in addition to) an internal device user database that...for authentication. Click Advanced Application > Auth and Acct in the navigation panel to display the screen as shown. 180 ES-3124 Series User's Guide In essence, RADIUS and TACACS+ authentication both ) and then set up the authentication priority and accounting settings.
.... Table 62 RADIUS vs TACACS+ RADIUS TACACS+ Transport Protocol UDP (User Datagram Protocol) TCP (Transmission Control Protocol) Encryption Encrypts the password sent for RADIUS attributes utilized by means of an external server instead of (or in addition to) an internal device user database that...for authentication. Click Advanced Application > Auth and Acct in the navigation panel to display the screen as shown. 180 ES-3124 Series User's Guide In essence, RADIUS and TACACS+ authentication both ) and then set up the authentication priority and accounting settings.
User Guide
Page 181
... then tries the second RADIUS server. You need not change this value unless your network administrator instructs you configure multiple RADIUS servers. ES-3124 Series User's Guide 181 Mode This field is a read-only number representing a RADIUS server entry. Timeout Specify the amount of ...the external RADIUS server and the Switch. If you are using index-priority for your RADIUS authentication settings. Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to authenticate with the first configured RADIUS server, if the RADIUS server does ...
... then tries the second RADIUS server. You need not change this value unless your network administrator instructs you configure multiple RADIUS servers. ES-3124 Series User's Guide 181 Mode This field is a read-only number representing a RADIUS server entry. Timeout Specify the amount of ...the external RADIUS server and the Switch. If you are using index-priority for your RADIUS authentication settings. Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to authenticate with the first configured RADIUS server, if the RADIUS server does ...
User Guide
Page 182
... Server Use this value unless your TACACS+ server settings. Shared Secret Specify a password (up to begin configuring this box if you click Apply. Delete Check this screen afresh. Cancel Click Cancel to 32 alphanumeric characters) as shown. 182 ES-3124 Series User's Guide See Section 23.1.2 on page 180 for more information on...
... Server Use this value unless your TACACS+ server settings. Shared Secret Specify a password (up to begin configuring this box if you click Apply. Delete Check this screen afresh. Cancel Click Cancel to 32 alphanumeric characters) as shown. 182 ES-3124 Series User's Guide See Section 23.1.2 on page 180 for more information on...
User Guide
Page 184
...and accounting settings on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown. 184 ES-3124 Series User's Guide This entry is turned off or loses power, so use the Save link on the external TACACS+ accounting .... Chapter 23 Authentication & Accounting Table 64 Advanced Application > Auth and Acct > TACACS+ Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. Cancel Click Cancel to begin ...
...and accounting settings on the Auth and Acct Setup link in the Authentication and Accounting screen to view the screen as shown. 184 ES-3124 Series User's Guide This entry is turned off or loses power, so use the Save link on the external TACACS+ accounting .... Chapter 23 Authentication & Accounting Table 64 Advanced Application > Auth and Acct > TACACS+ Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. Cancel Click Cancel to begin ...
User Guide
Page 189
...the User-Name attribute is $enab#$, where # is the privilege level (114) User-Password NAS-Identifier NAS-IP-Address 23.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 23.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name...digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time ES-3124 Series User's Guide 189 Chapter 23 Authentication & Accounting 23.3.1 Attributes Used for Authentication The following sections list the attributes sent from the Switch...
...the User-Name attribute is $enab#$, where # is the privilege level (114) User-Password NAS-Identifier NAS-IP-Address 23.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 23.3.1.3 Attributes Used by the IEEE 802.1x Authentication User-Name...digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time ES-3124 Series User's Guide 189 Chapter 23 Authentication & Accounting 23.3.1 Attributes Used for Authentication The following sections list the attributes sent from the Switch...
User Guide
Page 237
... under a filename of your choosing. ES-3124 Series User's Guide 237 First, understand the filename conventions. 29.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and ... some examples of uploading to as the "ras" file) is the system firmware and has a "bin" filename extension. ZyNOS (ZyXEL Network Operating System sometimes referred to or downloading files from the Switch using FTP commands. Uploading the config file replaces the specified configuration file...
... under a filename of your choosing. ES-3124 Series User's Guide 237 First, understand the filename conventions. 29.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and ... some examples of uploading to as the "ras" file) is the system firmware and has a "bin" filename extension. ZyNOS (ZyXEL Network Operating System sometimes referred to or downloading files from the Switch using FTP commands. Uploading the config file replaces the specified configuration file...
User Guide
Page 238
... in either ASCII (plain text format) or in binary mode. Login Type Anonymous. The server requires a unique User ID and Password to login. If it does not match, the Switch will not work only if your ISP or service administrator has enabled this... password is when a user I.D. Initial Remote Directory Specify the default remote directory (path). Normal. Configuration and firmware files should be transferred in binary mode. Initial Local Directory Specify the default local directory (path). 29.8.4 FTP Restrictions FTP will disconnect the FTP session immediately. 238 ES-3124...
... in either ASCII (plain text format) or in binary mode. Login Type Anonymous. The server requires a unique User ID and Password to login. If it does not match, the Switch will not work only if your ISP or service administrator has enabled this... password is when a user I.D. Initial Remote Directory Specify the default remote directory (path). Normal. Configuration and firmware files should be transferred in binary mode. Initial Local Directory Specify the default local directory (path). 29.8.4 FTP Restrictions FTP will disconnect the FTP session immediately. 238 ES-3124...
User Guide
Page 239
.... Table 96 Access Control Overview Console Port SSH Telnet FTP Web SNMP One session Share up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed one session each, Telnet and SSH share four sessions, up to four sessions One session Up... This chapter describes how to control access to the Switch. 30.1 Access Control Overview A console port and FTP are allowed. Figure 143 Management > Access Control ES-3124 Series User's Guide 239
.... Table 96 Access Control Overview Console Port SSH Telnet FTP Web SNMP One session Share up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed one session each, Telnet and SSH share four sessions, up to four sessions One session Up... This chapter describes how to control access to the Switch. 30.1 Access Control Overview A console port and FTP are allowed. Figure 143 Management > Access Control ES-3124 Series User's Guide 239