User Guide
Page 3
...Chapter 1 Getting to Know Your Switch...5 1.1 Introduction ...5 1.1.1 Bridging Example ...5 1.1.2 High Performance Switching Example 6 1.1.3 Gigabit Ethernet to the Desktop 7 1.1.4 IEEE 802.1Q VLAN Application Example 7 1.1.5 IPv6 Support ...8 1.2 Ways to Manage the Switch ...8 1.3 Good Habits for Managing the Switch 8 Chapter 2 Hardware Installation and Connection 11 2.1 Freestanding ...Configurator ...25 4.1 Introduction ...25 4.2 System Login ...25 4.3 The Web Configurator Layout ...26 4.3.1 Change Your Password ...32 4.4 Switch Lockout ...32 GS1910/XGS1910 Series User's Guide 3
...Chapter 1 Getting to Know Your Switch...5 1.1 Introduction ...5 1.1.1 Bridging Example ...5 1.1.2 High Performance Switching Example 6 1.1.3 Gigabit Ethernet to the Desktop 7 1.1.4 IEEE 802.1Q VLAN Application Example 7 1.1.5 IPv6 Support ...8 1.2 Ways to Manage the Switch ...8 1.3 Good Habits for Managing the Switch 8 Chapter 2 Hardware Installation and Connection 11 2.1 Freestanding ...Configurator ...25 4.1 Introduction ...25 4.2 System Login ...25 4.3 The Web Configurator Layout ...26 4.3.1 Change Your Password ...32 4.4 Switch Lockout ...32 GS1910/XGS1910 Series User's Guide 3
User Guide
Page 4
... ...45 5.7 How to Use IP Source Guard and DHCP Snooping to Prevent Spoofed Traffic 45 5.8 How to Use DHCP Relay on the Switch 48 5.8.1 Creating a VLAN ...49 5.8.2 Configuring DHCP Relay ...49 5.8.3 Troubleshooting ...50 5.9 How to Use Link Aggregation to Group Multiple Ports into One Logical Link 50 5.9.1 Static Port Trunking ...50... via the Console Port 66 Chapter 6 Troubleshooting...69 6.1 Power, Hardware Connections, and LEDs 69 6.2 Switch Access and Login ...70 Appendix A Legal Information...73 Index ...75 4 GS1910/XGS1910 Series User's Guide
... ...45 5.7 How to Use IP Source Guard and DHCP Snooping to Prevent Spoofed Traffic 45 5.8 How to Use DHCP Relay on the Switch 48 5.8.1 Creating a VLAN ...49 5.8.2 Configuring DHCP Relay ...49 5.8.3 Troubleshooting ...50 5.9 How to Use Link Aggregation to Group Multiple Ports into One Logical Link 50 5.9.1 Static Port Trunking ...50... via the Console Port 66 Chapter 6 Troubleshooting...69 6.1 Power, Hardware Connections, and LEDs 69 6.2 Switch Access and Login ...70 Appendix A Legal Information...73 Index ...75 4 GS1910/XGS1910 Series User's Guide
User Guide
Page 7
... stations that are not in the same group(s) unless such traffic first goes through a router. 1.1.4.1 Tag-based VLAN Example Ports in the same VLAN group share the same frame broadcast domain, thus increasing network performance by adding, moving or changing ports without any ...time by reducing broadcast traffic. With VLAN, a station cannot directly talk to a data server and the Internet. GS1910/XGS1910 Series User's Guide 7 The uplink module supports a fiber-optic connection which demand high bandwidth for...
... stations that are not in the same group(s) unless such traffic first goes through a router. 1.1.4.1 Tag-based VLAN Example Ports in the same VLAN group share the same frame broadcast domain, thus increasing network performance by adding, moving or changing ports without any ...time by reducing broadcast traffic. With VLAN, a station cannot directly talk to a data server and the Internet. GS1910/XGS1910 Series User's Guide 7 The uplink module supports a fiber-optic connection which demand high bandwidth for...
User Guide
Page 8
...8226; Neighbor Discovery Protocol (a protocol used by all ports in packet processing and perform diagnostic functions, such as the server. At the time of VLAN 1. The device can be part of writing, the Switch supports the following methods to manage the Switch. • Web Configurator. This is designed... for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. 8 GS1910/XGS1910 Series User's Guide Chapter 1 Getting to Know Your Switch Shared resources such as a server can be used to discover other...
...8226; Neighbor Discovery Protocol (a protocol used by all ports in packet processing and perform diagnostic functions, such as the server. At the time of VLAN 1. The device can be part of writing, the Switch supports the following methods to manage the Switch. • Web Configurator. This is designed... for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. 8 GS1910/XGS1910 Series User's Guide Chapter 1 Getting to Know Your Switch Shared resources such as a server can be used to discover other...
User Guide
Page 28
... authentication and accounting services via the Switch, configure the access control list, DHCP snooping, DHCP relay, IP source guard and ARP inspection settings. Private VLANs 28 GS1910/XGS1910 Series User's Guide AAA This link takes you to a screen where you can configure and view 802.1Q... VLAN parameters for individual Switch ports. Aggregation Static This link takes you to a screen where you can activate one logical, higher-bandwidth link. MSTI Mapping ...
... authentication and accounting services via the Switch, configure the access control list, DHCP snooping, DHCP relay, IP source guard and ARP inspection settings. Private VLANs 28 GS1910/XGS1910 Series User's Guide AAA This link takes you to a screen where you can configure and view 802.1Q... VLAN parameters for individual Switch ports. Aggregation Static This link takes you to a screen where you can activate one logical, higher-bandwidth link. MSTI Mapping ...
User Guide
Page 29
...types. Stack This link takes you to a screen to a screen where you can configure QoS classification settings for telephony devices detecting. Monitor GS1910/XGS1910 Series User's Guide 29 Port Policing This link takes you to a screen where you can configure QoS policers that can be used ...transmission rate of unicast, broadcast and unknown packets the Switch receives per second on the XGS1910-24 or XGS1910-48. sFlow This link takes you to a screen where you can configure a protocol-based VLAN. Protocol-based This link takes you to a screen where you can configure an sFlow ...
...types. Stack This link takes you to a screen to a screen where you can configure QoS classification settings for telephony devices detecting. Monitor GS1910/XGS1910 Series User's Guide 29 Port Policing This link takes you to a screen where you can configure QoS policers that can be used ...transmission rate of unicast, broadcast and unknown packets the Switch receives per second on the XGS1910-24 or XGS1910-48. sFlow This link takes you to a screen where you can configure a protocol-based VLAN. Protocol-based This link takes you to a screen where you can configure an sFlow ...
User Guide
Page 30
... link takes you to a screen where you can view IGMP snooping status, IGMP group information and SFM (Source-Filtered Multicast) information. 30 GS1910/XGS1910 Series User's Guide LACP System Status This link takes you to a screen where you can view STP packet statistics on a port. ... to a screen that displays general system information. Groups MVR SFM Information This link takes you to a screen where you can view Multicast VLAN Registration (MVR) statistics. QoS Statistics This link takes you to a screen where you can view LACP statistics on the Switch. Log This...
... link takes you to a screen where you can view IGMP snooping status, IGMP group information and SFM (Source-Filtered Multicast) information. 30 GS1910/XGS1910 Series User's Guide LACP System Status This link takes you to a screen where you can view STP packet statistics on a port. ... to a screen that displays general system information. Groups MVR SFM Information This link takes you to a screen where you can view Multicast VLAN Registration (MVR) statistics. QoS Statistics This link takes you to a screen where you can view LACP statistics on the Switch. Log This...
User Guide
Page 31
... VCL MAC-based VLAN sFlow sFlow Statistics Diagnostic Ping Ping6 VeriPHY DESCRIPTION This link takes you to a screen where you can reboot the system without turning the power off. This link takes you to a screen where you can view the EEE information exchanged via LLDP. GS1910/XGS1910 Series User's.... This link takes you to a screen where you can view detailed VLAN settings on the specified port(s). This link takes you to a screen where you can view sFlow receiver state and sFlow packet statistics on the XGS1910-24 or XGS1910-48. This link takes you to a screen where you can...
... VCL MAC-based VLAN sFlow sFlow Statistics Diagnostic Ping Ping6 VeriPHY DESCRIPTION This link takes you to a screen where you can reboot the system without turning the power off. This link takes you to a screen where you can view the EEE information exchanged via LLDP. GS1910/XGS1910 Series User's.... This link takes you to a screen where you can view detailed VLAN settings on the specified port(s). This link takes you to a screen where you can view sFlow receiver state and sFlow packet statistics on the XGS1910-24 or XGS1910-48. This link takes you to a screen where you can...
User Guide
Page 32
... 4.3.1 Change Your Password After you log in for security reasons. 4.6 Help The web configurator's online help description of that screen. 32 GS1910/XGS1910 Series User's Guide Figure 26 Change Administrator Login Password 4.4 Switch Lockout You could block yourself (and all services from a web configurator... a screen to display the next screen. Click the Help link from accessing the Switch. 6 Change a service port number but forget it is VLAN 1). 2 Disable all ports. 3 Misconfigure the text configuration file. 4 Forget the password and/or IP address. 5 Prevent all others out of...
... 4.3.1 Change Your Password After you log in for security reasons. 4.6 Help The web configurator's online help description of that screen. 32 GS1910/XGS1910 Series User's Guide Figure 26 Change Administrator Login Password 4.4 Switch Lockout You could block yourself (and all services from a web configurator... a screen to display the next screen. Click the Help link from accessing the Switch. 6 Change a service port number but forget it is VLAN 1). 2 Disable all ports. 3 Misconfigure the text configuration file. 4 Forget the password and/or IP address. 5 Prevent all others out of...
User Guide
Page 33
...to Use Private VLAN to Do Port Isolation in your Switch • How to Configure Access Control List (ACL) for Packets Filtering • How to Reset the Switch via the Console Port 5.1 How to set up and use the Switch. Figure 27 Initial Setup Example: Management IP Address GS1910/XGS1910 Series ...User's Guide 33 You can configure the IP address to be in the same subnet as your network or have the Switch obtain a dynamic IP address from a DHCP server in a VLAN • How to Use IP Source Guard and DHCP...
...to Use Private VLAN to Do Port Isolation in your Switch • How to Configure Access Control List (ACL) for Packets Filtering • How to Reset the Switch via the Console Port 5.1 How to set up and use the Switch. Figure 27 Initial Setup Example: Management IP Address GS1910/XGS1910 Series ...User's Guide 33 You can configure the IP address to be in the same subnet as your network or have the Switch obtain a dynamic IP address from a DHCP server in a VLAN • How to Use IP Source Guard and DHCP...
User Guide
Page 34
...Connect your computer to the Switch's port which is in VLAN1 (the default management VLAN). 2 Open your changes back to update the IP address and DNS server information... user name and privilege level of the VLAN group to which the Switch is the same as the VLAN ID you can select the DHCP Client... login accounts the user used to log in the Configuration > VLANs > VLAN Membership screen. This is connected. The IP address assigned by a DHCP server... has priority over the IP address you manually configured. 6 The VLAN ID field lets you log in with the admin account. 4 Click ...
...Connect your computer to the Switch's port which is in VLAN1 (the default management VLAN). 2 Open your changes back to update the IP address and DNS server information... user name and privilege level of the VLAN group to which the Switch is the same as the VLAN ID you can select the DHCP Client... login accounts the user used to log in the Configuration > VLANs > VLAN Membership screen. This is connected. The IP address assigned by a DHCP server... has priority over the IP address you manually configured. 6 The VLAN ID field lets you log in with the admin account. 4 Click ...
User Guide
Page 38
... default, all ports, but this example, you restore using this using IEEE 802.1Q tagged static VLAN with a specific VLAN and provides the information that is duplicated only on which the port(s) belongs. Figure 28 VLAN Example 38 GS1910/XGS1910 Series User's Guide A broadcast frame (or a multicast frame for all ports on the Switch...
... default, all ports, but this example, you restore using this using IEEE 802.1Q tagged static VLAN with a specific VLAN and provides the information that is duplicated only on which the port(s) belongs. Figure 28 VLAN Example 38 GS1910/XGS1910 Series User's Guide A broadcast frame (or a multicast frame for all ports on the Switch...
User Guide
Page 39
... VLAN2 network is connected to port 1 on the Switch, select port 1's check box under Port Members to configure port 1 to be a permanent member of the VLAN. 5 Click Save to save the settings to the Switch. 5.4.1 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port... so that the frames are forwarded to create VLAN2. 3 Enter 2 in the VLAN ID field and enter a descriptive name in the navigation panel. Chapter 5 Tutorials 1 Access the Switch through http://192.168.1.1. Click Add New...
... VLAN2 network is connected to port 1 on the Switch, select port 1's check box under Port Members to configure port 1 to be a permanent member of the VLAN. 5 Click Save to save the settings to the Switch. 5.4.1 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port... so that the frames are forwarded to create VLAN2. 3 Enter 2 in the VLAN ID field and enter a descriptive name in the navigation panel. Chapter 5 Tutorials 1 Access the Switch through http://192.168.1.1. Click Add New...
User Guide
Page 40
... to VLAN 2. Figure 29 Port VID Example 1 Click Configuration > VLANs > Ports in the navigation panel. 2 Set Port VLAN Mode to Specific and enter 2 in the Port VLAN ID field for port 1. 3 To ensure that VLAN-unaware ...devices (such as computers and hubs) can receive frames properly, you can either select Untag_all in the TX Tag field to set the Switch to remove any VLAN... tags before sending or leave the TX Tag field at Untag_pvid to have the Switch remove a frame's VLAN tag when the frame's VLAN ID is the same ...
... to VLAN 2. Figure 29 Port VID Example 1 Click Configuration > VLANs > Ports in the navigation panel. 2 Set Port VLAN Mode to Specific and enter 2 in the Port VLAN ID field for port 1. 3 To ensure that VLAN-unaware ...devices (such as computers and hubs) can receive frames properly, you can either select Untag_all in the TX Tag field to set the Switch to remove any VLAN... tags before sending or leave the TX Tag field at Untag_pvid to have the Switch remove a frame's VLAN tag when the frame's VLAN ID is the same ...
User Guide
Page 41
...5 Tutorials 5.5 How to Set Up a Guest VLAN with the authentication server. You want to assign clients that connect to these ports should provide the correct user name and password in the VLAN Name field for example) in order to access the ports. GS1910/XGS1910 Series User's Guide 41 In this... VLAN. 4 Configure port 10 to be a permanent member of VLAN 200. 1 Access the web configurator through a gateway attached to...
...5 Tutorials 5.5 How to Set Up a Guest VLAN with the authentication server. You want to assign clients that connect to these ports should provide the correct user name and password in the VLAN Name field for example) in order to access the ports. GS1910/XGS1910 Series User's Guide 41 In this... VLAN. 4 Configure port 10 to be a permanent member of VLAN 200. 1 Access the web configurator through a gateway attached to...
User Guide
Page 42
... frames received on these ports. 9 click Save to save your changes back to the Switch 5.5.2 Enabling IEEE 802.1x Port Authentication and Guest VLAN Follow the steps below to enable port authentication to validate access to ports 1~8 to activate IEEE 802.1x authentication on a RADIUS server. 1 Click...these ports so that the frames are forwarded to the VLAN group that the tag defines. 8 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, select Untag_all in the Mode field to clients based on the Switch. 42 GS1910/XGS1910 Series User's Guide
... frames received on these ports. 9 click Save to save your changes back to the Switch 5.5.2 Enabling IEEE 802.1x Port Authentication and Guest VLAN Follow the steps below to enable port authentication to validate access to ports 1~8 to activate IEEE 802.1x authentication on a RADIUS server. 1 Click...these ports so that the frames are forwarded to the VLAN group that the tag defines. 8 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, select Untag_all in the Mode field to clients based on the Switch. 42 GS1910/XGS1910 Series User's Guide
User Guide
Page 43
... configure the IEEE 802.1x-enabled ports as a member of the guest VLAN. 4 Set Admin State to Port-based 802.1x for ports 1 to 8 to enable the guest VLAN on ports 1, 2 and 3. The Switch puts unauthenticated clients in VLAN 1. GS1910/XGS1910 Series User's Guide 43 Chapter 5 Tutorials 2 Select the Reauthentication Enabled check box to...
... configure the IEEE 802.1x-enabled ports as a member of the guest VLAN. 4 Set Admin State to Port-based 802.1x for ports 1 to 8 to enable the guest VLAN on ports 1, 2 and 3. The Switch puts unauthenticated clients in VLAN 1. GS1910/XGS1910 Series User's Guide 43 Chapter 5 Tutorials 2 Select the Reauthentication Enabled check box to...
User Guide
Page 44
...isolation in a VLAN instead of private VLAN 25. 1 Access the web configurator through the uplink port in the same VLAN. Internet In this private VLAN. 44 GS1910/XGS1910 Series User's Guide You use private VLAN to do port isolation in a VLAN but still allow ...ports to access the Internet or network resources through the Switch's port on the Switch are in VLAN 1 and private VLAN 1. By default, all ports on which port isolation is not applicable to the XGS1910-24...
...isolation in a VLAN instead of private VLAN 25. 1 Access the web configurator through the uplink port in the same VLAN. Internet In this private VLAN. 44 GS1910/XGS1910 Series User's Guide You use private VLAN to do port isolation in a VLAN but still allow ...ports to access the Internet or network resources through the Switch's port on the Switch are in VLAN 1 and private VLAN 1. By default, all ports on which port isolation is not applicable to the XGS1910-24...
User Guide
Page 45
...If there is a binding, the Switch forwards the packet. When the Switch receives an IP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in your network. The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from ...4, you should be able to access the device that they cannot send traffic to allow or block IP traffic in the binding table. GS1910/XGS1910 Series User's Guide 45 Chapter 5 Tutorials 5.6.2 Enabling Port Isolation Follow the steps below to configure port isolation. 1 Click Configuration > Private...
...If there is a binding, the Switch forwards the packet. When the Switch receives an IP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in your network. The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from ...4, you should be able to access the device that they cannot send traffic to allow or block IP traffic in the binding table. GS1910/XGS1910 Series User's Guide 45 Chapter 5 Tutorials 5.6.2 Enabling Port Isolation Follow the steps below to configure port isolation. 1 Click Configuration > Private...
User Guide
Page 46
...or an untrusted port for how to create a VLAN and configure ports to DHCP servers or other switches. Create a VLAN containing ports 5, 6 and 7. M VLAN 100 CB A The settings in this Tutorial HOST PORT CONNECTED DHCP Server (A) 5 DHCP Client (B) 6 DHCP Client (C) 7 VLAN 1 and 100 1 and 100 1 and 100...connected to enable DHCP snooping before you enable ARP inspection. Note: The Switch will drop all devices in VLAN 100. Untrusted ports are connected to join the VLAN. 46 GS1910/XGS1910 Series User's Guide Chapter 5 Tutorials If you want DHCP server A connected to port 5 to ...
...or an untrusted port for how to create a VLAN and configure ports to DHCP servers or other switches. Create a VLAN containing ports 5, 6 and 7. M VLAN 100 CB A The settings in this Tutorial HOST PORT CONNECTED DHCP Server (A) 5 DHCP Client (B) 6 DHCP Client (C) 7 VLAN 1 and 100 1 and 100 1 and 100...connected to enable DHCP snooping before you enable ARP inspection. Note: The Switch will drop all devices in VLAN 100. Untrusted ports are connected to join the VLAN. 46 GS1910/XGS1910 Series User's Guide Chapter 5 Tutorials If you want DHCP server A connected to port 5 to ...