Zes-22xx Configuration Guide

ZES

ZES-22xx

1998 2015 Zelax. .

01 22.05.2015 . 1.100

, 124681 , . , . , 1, 2 : +7 (495) 748-71-78 () http://www.zelax.ru

: [email protected] : [email protected]

2 2015 Zelax ZES-22xx

ZES-22xx 2015 Zelax 3

1 .................................................................................................................. 5 1.1 ................................................................................................................ 5

1.1.1 ...................................................................................................... 5 1.1.2 ................................................................................................ 6

1.2 (CLI) .......................................................................................... 8 1.2.1 .................................................................................................. 8 1.2.2 ............................................................................................................. 10 1.2.3 ............................................................................................................ 10 1.2.4 ................................................................................................ 11 1.2.5 ................................................................................... 11

2 .................................................................................................... 12 2.1 () .................................................................................................. 12

2.1.1 .................................................................................................................. 12 2.1.2 ............................................................................................................. 12 2.1.3 .................................................................................................................. 12 2.1.4 ............................................................................................................. 13

2.2 System ............................................................................................................................ 13 2.3 Green Ethernet ( Ethernet) ........................................................................... 22 2.4 Ports ()............................................................................................................................. 26 2.5 Security () ............................................................................................................ 34

2.5.1 Switch () ............................................................................................................. 34 2.5.2 Access Management ( ) .................................................................... 39 2.5.3 SNMP .................................................................................................................................... 40 2.5.4 RMON .................................................................................................................................... 48

2.6 Network () .......................................................................................................................... 53 2.6.1 Port Security ( ) ..................................................................................... 53 2.6.2 NAS........................................................................................................................................ 57 2.6.3 ACL ( ) .......................................................................................................... 63 2.6.4 DHCP ..................................................................................................................................... 69 2.6.5 IP Source Guard ( IP- ) ................................................................ 72 2.6.6 ARP inspection ( ARP) ........................................................................................ 74

2.7 RADIUS ...................................................................................................................................... 76 2.7.2 TACACS+ .............................................................................................................................. 81

2.8 Aggregation () ................................................................................................... 82 2.8.1 Static ( ) ................................................................................... 82 2.8.2 LACP ..................................................................................................................................... 83

2.9 Redundancy () ............................................................................................... 86 2.9.1 Z-Ring ................................................................................................................ 86 2.9.2 Loop Protection ( ) .................................................................................... 90 2.9.3 Spanning Tree ....................................................................................................................... 91 2.9.4 MEP (Maintenance Entity Point) .......................................................................................... 101 2.9.5 ERPS ................................................................................................................................... 109

2.10 IPMC Profile ( IPMC) ................................................................................................ 111 2.11 MVR ......................................................................................................................................... 113 2.12 IPMC ........................................................................................................................................ 116

2.12.1 IGMP Snooping ................................................................................................................... 116 2.12.2 MLD Snooping ..................................................................................................................... 121

2.13 LLDP ........................................................................................................................................ 126 2.14 PoE ( PoE) ............................................................ 133 2.15 MAC Table ( -) ..................................................................................... 138 2.16 VLAN Translation ( VLAN) ................................................................................... 140 2.17 VLANs ...................................................................................................................................... 141 2.18 Private VLANs ( VLAN) ............................................................................................. 146 2.19 GVRP ....................................................................................................................................... 147 2.20 VCL .......................................................................................................................................... 148

2.20.1 MAC-based ( MAC-) ............................................................................. 148 2.20.2 Protocol-based VLAN (VLAN ) ......................................................... 149

2.21 QoS ( ) .............................................................................................. 151 2.21.2 Storm Control ( ) ......................................... 166

2.22 Mirroring () .................................................................................................... 166


2.23 UPnP ....................................................................................................................................... 167 2.24 PTP (IEEE1588) ...................................................................................................................... 168 2.25 Diagnostics () ...................................................................................................... 171 2.26 Maintenance () ............................................................................................... 172

2.26.2 Software ( ) ............................................................................. 173 2.26.3 Configuration () .................................................................................................. 174


1

1.1 .

: (out-of-band) (in-band).

- :

admin; admin.

1.1.1 .

, , . , IP- Telnet.

:

1: (. 1):

. 1.

RS-232 , , .

RS-232 , , HyperTerminal, Windows 9x/NT/2000/XP.

2: HyperTerminal.

1. HyperTerminal. 2. :

115200 /; 8 ; ; 1; .

3: (CLI) .

. HyperTerminal CLI-.

Boot> fi lo -d managed

Image loaded from 0x80040000-0x80ac4e4c

Boot> go

Press ENTER to get started

Username:


.

1.1.2 Telnet,

SSH HTTP SNMP. , - , , .

. 2.

1.1.2.1 Telnet SSH Telnet SSH

. 2 :

1. IP- ; 2. IP- ( Telnet) VLAN

IP-; 3. 2 , Telnet IP-

, , .

1.1.2.2 Web- Web-

:

1. IP- ; 2. IP- ( HTTP) VLAN

; 3. 2 , ( HTTP)

IP- , , .

Telnet, ping IP- , Web- .

Web- . Web- , . .

Web- ZES . 3:


. 3. Web-

Web-. , Web- (. . 4).

. 4. Web-


1.1.2.3 SNMP SNMP

:

1. IP- ; 2. IP- ( SNMP-) VLAN

; 3. 2 , IP-

, , ; 4. SNMP (

2.5.3).

1.2 (CLI) CLI . ,

Telnet SSH CLI.

CLI . . . :

1.2.1 . 5 .

V

LA

N

V

LA

N

. 5.

1.2.1.1 CLI .

. Switch>, > , . exit (), .

.


1.2.1.2 Switch#.

, enable, . (Global Mode) exit (), . "Ctrl+z ( ) .

, ; , . , .

1.2.1.3 config terminal

, Switch(Config)# exit ( , VLAN), .

, , MAC-, , VLAN, GVRP, STP . .

, , .

1.2.1.4

interface. :

1. VLAN; 2. FastEthernet; 3. GigabitEthernet.

.

VLAN interface vlan

IP- . .

exit

FastEthernet interface fastethernet

, Ethernet- . .

exit

GigabitEthernet interface gigabitethernet

, Ethernet- . .

exit

1.2.1.5

line. .

1.2.1.6 .

, . :

cmdtxt {enum1 | | enumN } [option1 | | optionN]


cmdtxt , .

;

{enum1 | | enumN} , enum1 enumN;

([ ]) [option] . , < >, { } [ ]. [] , {enum1 | enum2}, [option1 [option2]], . .

:

show version, . . .

vlan , .

hostname , .

snmp-server community {v2c | v3} {ro | rw}, :

snmp-server community v2c ro snmp-server community v3 rw

1.2.2 , ,

(, (, , , ) . Up () Down (), ctrl+p ctrl+n.

Up . 10

Down . Up

, Down

Left Left Right

Right

Ctrl+p , Up Ctrl+n , Down Ctrl+b , Left Ctrl+f , Right Ctrl+z (

) Ctrl+c , , ping

Ctrl+a (Tab)

, Tab ( )

1.2.3

: help ?.

Help

help Enter.

? 1. ?. . 2. ? ( ). , , . . ,


. , Enter . 3. ? ( ) ,

1.2.4 .

, , . .

,

ZES-2220S(config)# snmp-server community v2c % Incomplete command.

ZES-2220S(config)# snmp-server community v1 ^ % Invalid word detected at '^' marker.

,

ZES-2220S# show r ^ % Ambiguous word detected at '^' marker.

1.2.5 .

, , . :

show interface FastEthernet 1/1 status sh int fa 1/1 status . , sh r show running-config, > Ambiguous command! ( !), . show r show rmon show running-config. , sh ru.


2

. web- CLI .

web- - ; , . web- web-, Internet Explorer ( 9.0 ), Firefox Google Chrome. web- , IP- , . .

2.1 () web- ,

, IP- 192.168.0.24 , web-. , . Firefox.

. 6. web-

, -, admin admin. , Port State ( ).

2.1.1 , ,

( ). , LAN 100M/. 1000M/.

Ports>State (>).

2.1.2 "Refresh" ( ).

, "Auto-refresh" ( ). 3 .

. 7.

, LAN, , .

2.1.3 ,

.


, . , "help" ().

. 8.

2.1.4 , web-.

.

. 9.

, . "OK" , "Cancel" (), web .

. 10.

, ( ), "System".

2.2 System , "System" , IP-

, ..

. 11. System

2.2.1.1 System Configuration ( ) , , 'sysContact'

(OID 1.3.6.1.2.1.1.4), 'sysName' (OID 1.3.6.1.2.1.1.5) 'sysLocation' (OID 1.3.6.1.2.1.1.6) MIB2 SNMP. Save ().


. 12. System - Configuration ( )

System Contact ( ): . , , (email) . 0~255 ASCII 32~126.

System Name ( ): . (A-Z; a-z), (0-9) (-). , . ( ). . 0~255.

System Location ( ): . 0~255.

CLI:

snmp-server contact [email protected]

hostname ZES-2220S

snmp-server location Russia, 124681, Moscow, Zelenograd, Zavodskaya st., 1B, bldg 2

2.2.1.2 System Information ( ) ,

, MAC-, , , .

. 13. System - Information ( )

2.2.1.3 System IP ( IP) IP- .


. 14. System - IP ( IP)

IP Configuration ( IP).

Mode ( ): , IP . Host () IP . Router (), . VLAN, Router. Host .

DNS Server (DNS-): (DNS) , . :

From any DHCP interfaces ( DHCP): IP- DNS-, DHCP, DHCP .

No DNS server ( DNS-): DNS- . Configured ( IP-): IP- DNS-,

. From this DHCP interface ( DHCP):

DHCP- DNS-.

DNS Proxy (- ): - DNS, DNS DNS-, , DNS- .

IP Interface (IP )

, "Add Interface" ( ). 8 .

VLAN ( VLAN): VLAN, IP-. IP- VLAN. .

DHCP: , IPv4- DHCP. DHCP- DNS.

IPv4 Address (IPv4-): IPv4- . DHCP, . IPv4 , .

IPv4 Mask ( IPv4): IPv4 ( ). IPv4- 0 30 . DHCP, . IPv4 , .


IPv4 Current Lease ( IPv4-): DHCP IP-, , DHCP .

IPv6 Address (IPv6-): IPv6- 128- , , (:). . , fe80::215:c5ff:fe03:4dc7. :: , 16- , . . IPv4-. , ::192.1.2.34. IPv6 , .

IPv6 Mask ( IPv6): IPv6 ( ). IPv6- 1 128 . IPv6 , .

IP Routes (IP- )

Network ( ): IP- IP- IP- . IPv6. , 0.0.0.0 IPv6 ::

Mask Length ( ): IP- , ( ). , , . IPv4- 0 32 ; IPv6- 0 128 . , , 0 ( ).

Gateway (): IP- . IP- IPv6. .

CLI:

vlan 1

!

interface vlan 1

ip address 192.168.0.24 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 192.168.0.254

2.2.1.4 System IP Status ( IP- ) IP- .


. 15. System - IP Status ( IP- )

System IP. .

2.2.1.5 System NTP ( ) NTP ,

.

. 16. System - NTP ( )

Mode ( ): NTP. :

Enabled (): NTP-. Disabled (): NTP-.

Server #: IPv4- IPv6- NTP-.

NTP- . 'Server 1' , NTP- 'Server 2'.


CLI:

ntp

ntp server 1 ip-address 192.168.0.105

2.2.1.6 System Time ( ) .

. 17. System - Time ( )

Time Zone Configuration ( )

Time Zone ( ): . Save (), .

Acronym ( ): .

Daylight Saving Time Configuration ( / )

Daylight Saving Time ( / ): , . / Disable (). , , Recurring ( ). , NonRecurring ( ). Disable (.

, , :


Start time settings ( ): , , , , , .

End time settings ( ): , , , , , .

Offset settings ( ): , . : 1 1440.

CLI:

clock timezone MSK 3

2.2.1.7 .

. 18. System - Log Configuration

Server Mode ( ): . , Syslog- ( IP- ). UDP UDP 514. , .

Server Address ( ): IPv4- syslog-. DNS-, .

Syslog Level ( ): , . :

Info (): , .

Warning (): .

Error (): .

CLI:

logging on

logging host 192.168.0.105

logging level warning

2.2.1.8 System Log Information ( ) , .


. 19. System - Log Information

Level (): : All ( ), , .

Clear Level ( ): .

Browsing buttons ( ): , .

CLI:

ZES-2220S# show logging

Switch logging host mode is enabled

Switch logging host address is 192.168.0.105

Switch logging level is warning

Number of entries on Switch 1:

Info : 28

Warning: 0

Error : 0

All : 28

ID Level Time Message

---- ------ ------------------------- -----------------------------

1 Info 2013-01-01T02:59:59+03:00 Switch just made a cool boot.

2 Info 2013-01-01T03:00:01+03:00 Link up on port 3

2.2.1.9 System Detailed Log ( ) .

. 20. System - Detailed Log ( )

, .


2.2.1.10 System CPU Load ( CPU) (CPU)

SVG.

. 21. System - CPU Load ( CPU)

100 , 1 10 . 120 , , . SVG , SVG. 3 .

2.2.1.11 System SMTP ( )

.


. 22. System - SMTP

SMTP Configuration ( SMTP)

SMTP Mode ( SMTP): SMTP. :

Enabled (): SMTP- . Disabled (): SMTP- .

SMTP Server (SMTP-): IP- SMTP- ( email).

SMTP Port ( SMTP): SMTP. SMTP 25.

Server requires authentication ( ): , . , :

Username ( ): SMTP-.

Password (): username SMTP-.

Recipient mail address ( ): , .

SMTP Mail Event ( SMTP-)

, , , email .

System (): / . :

Warm Start ( ): / warm restart.

Cold Start ( ): / cold restart.

Power (): / . :

Power 1 Status ( 1): / 1.

Power 2 Status ( 2): / 2.

Interface (): / . :

Port Link Up ( ): / .

Port Link Down ( ): / .

CLI:

smtp

smtp server ip-address 192.168.0.1

smtp recipient 1 ip-address [email protected]

smtp event system warmstart coldstart

smtp event system warmstart coldstart power power1 power2

smtp event system warmstart coldstart power power1 power2 interface linkup linkdown

2.3 Green Ethernet ( Ethernet) "Green Ethernet" ( Ethernet)

.


. 23. Green Ethernet ( Ethernet)

2.3.1.1

, , .

. 24. Green Ethernet - LED

. , , 50% - , 10% .

maintenance (), 100% 10 (, link down).

CLI:

green-ethernet led on-event error

green-ethernet led interval 9-18 intensity 50

green-ethernet led interval 18-9 intensity 10

2.3.1.2 Green Ethernet

Ethernet () Ethernet.


. 25. Green Ethernet - Configuration

Port Power Savings Configuration ( )

Optimize EEE for ( ): / . :

Power (): . .

Latency ( ): EEE . . .

Port Configuration ( )

ActiPHY: ActiPHY , . , , Ethernet . , , PHY , .

PerfectReach ( PerfectReach): PerfectReach . .

EEE ( Ethernet): EEE , , . EEE IEEE802.3az (IEEE). EEE , . , , . , , . , 17 , 1 / 30 . , , .


LLDP (Link Layer Discovery Protocol ). , 1 / 100 / . , , .

, , . , / , , , . . , , , , .

EEE Urgent Queues ( ): , ( QOS), . , , .

, . , .

CLI:

green-ethernet eee optimize-for-power

!

interface FastEthernet 1/1

green-ethernet eee

green-ethernet energy-detect

green-ethernet short-reach

2.3.1.3 Green Ethernet .

. 26. Green Ethernet - Status

Green Ethernet . , Ethernet , LAN.


2.4 Ports () Ports () ,

.

. 27. Ports

2.4.1.1 Ports Configuration ( ) ,

.

. 28. Ports - Configuration

Port (): 16 LAN 1~16 4 ( SFP-) 17~20. . , "*" .

Link ( ): . , , .

Current Speed ( ): (10 /, 100 /, 1 /) (fdx= , hdx=).

Configured Speed ( ): , . , .


:

Disabled (): . Auto ():

, , , .

10Mbps HDX: 10 /, .

10Mbps FDX: 10 /, .

100Mbps HDX: 100 /, .

100Mbps FDX: 100 /, .

:

Disabled (): . Auto ():

, , , .

100Mbps FDX: 100 /, .

1Gbps FDX: 1 /, .

Flow Control ( ): Current Rx , . Current Tx , . Rx Tx . , . Configured Speed (. ).

Maximum Frame Size ( ): , , FCS. 9600 .

Excessive Collision Mode ( ): : "Discard" ( 16 ), "Restart" ( (backoff algorithm) 16 ).

CLI:

interface GigabitEthernet 1/4

speed 1000

flowcontrol on

duplex full

2.4.1.2 Ports State ( ) .


. 29. Ports - State

, , . "" , 100 /. "" 1 /. "" . , "Refresh" (). "Auto-refresh" ( ) , 3 .

2.4.1.3 Ports Traffic Overview ( ) .

. 30. Ports - Traffic Overview

Port (): (1~20), , .

Packets (): .

Bytes (): .

Errors (): , , .

Drops (): , .

Filtered (): , ().


, "Refresh" (). "Auto-refresh" ( ) , 3 . , "Clear" ().

2.4.1.4 Ports QoS Statistics ( QoS ) .

. 31. Ports - QoS Statistics

Port (): , , .

Qn (): 8 QoS. Q0 .

Rx/Tx: .

2.4.1.5 Ports QCL Status ( QCL) QCL (QoS Control List)

QCL.

. 32. Ports - QCL Status

QCE (QoS Control Entry), . QCE - , . QCE 256.

User (): QCL.


QCE#: QCE.

Frame Type ( ): , . :

Any (): QCE . Ethernet: Ethernet ( EtherType 0x600-0xFFFF) LLC: LLC. SNAP: SNAP. IPv4: QCE IPV4. IPv6: QCE IPV6.

Port (): , QCE.

Action (): , , . : Class (), DPL DSCP.

Class (): QoS; QCE, .

DPL: (Drop Precedence Level); QCE, DP , DPL.

DSCP: QCE, DSCP , DSCP.

Conflict (): QCL. , , , QCE, . 'Yes' (), 'No' (). , , , ; QCL, 'Resolve Conflict' ( ).

2.4.1.6 Ports Detailed Statistics ( )

. : ( ); ( ); ( ). , , port select ( ).


. 33. Ports - Detailed Statistics

Receive Total ( ) Transmit Total ( ):

Rx Tx Packets: ( ) . Rx Tx Octets: ( ) .

FCS, . Rx Tx Unicast: ( )

. Rx Tx Multicast: ( )

. Rx Tx Broadcast: ( )

. Rx Tx Pause: MAC-,

, , .

Receive Transmit Size: ( ) , .

Receive Transmit Queue: .

Receive Error ( ):

Rx Drops (): , .

Rx CRC/Alignment: , .

Rx Undersize: 1 , .

Rx Oversize: 2 , .

Rx Fragments: 1 ,

. Rx Jabber:

2 , .

Rx Filtered: , ().


1 64 .

2 , , ,

.

Transmit Error ( ):

Tx Drops: , .

Tx Late/Exc. Coll.: , .

2.4.1.7 Ports VeriPHY( )

VeriPHY , 10 /, 100 / 1 /. All ( ). Start ().

. 34. Ports - VeriPHY

5 . , 15 . , . . , VeriPHY 7 140 .

VeriPHY , 10 / 100 / . , VeriPHY , 10 / 100 /, , , VeriPHY .

Port (): .

Pair (): :


OK: . Open (): . Short (): . Short A: - . Short B: - . Short C: - . Short D: - D. Cross A: - Cross B: - Cross C: - Cross D: - D

Length (): . 3 .

CLI:

ZES-2220S# show interface FastEthernet 1/8 veriphy

Starting VeriPHY - Please wait

Interface Pair A Length Pair B, Length Pair C Length Pair D Length

---------------------- ------ ------ -------------- ------ ------ ------ ------

FastEthernet 1/8 OK 3 OK 3 OK 3 Open 0

2.4.1.8 Ports SFP ( SFP ) SFP .

. 35. Ports - SFP

Vendor Name ( ): SFP.

Vendor Part ( ): ( SFP).

Fiber Type ( ): .

Wave Length ( ): (Tx).

Wave Length 2 ( 2): (Rx). ( SFP ).


Link Length ( ): . ( SFP , .)

TX Power ( ): ; SFP, DDMI ( ).

RX Power ( ): , SFP, DDMI.

RX Sensitivity ( ): , SFP, DDMI.

Temperature (): , SFP, DDMI.

CLI:

ZES-2220S# show sfp

17

----------

Vendor Name : Zelax

Vendor Part Number: SFP-G-S1310/20-D

Fiber Type : Single

Wave Length : 1310 nm

Link Length : 20 km

TX Power : -6 dBm

RX Power : -40 dBm

RX Sensitivity : 0 dBm

Temperature : 59 degree C

2.5 Security () Security () switch (), network

() RADIUS.

. 36. Security

2.5.1 Switch ()


2.5.1.1 Users () .

web- .

. 37. Security Switch - Users

'admin', (15).

User Name ( ) Add New User ( ), .

Add User ( )

. 38. Security Switch Users (Add User)

User Name ( ): .

Password (): .

Password (again) ( ): .

Privilege Level ( ): . : 1 15.

15, , . . , . , 5; 10 /. ( , . .) , 15.

, 15 ; 10 ; 5 .

CLI:

username zelax privilege 10 password unencrypted


2.5.1.2 .

. 39. Security Switch Privilege Levels


Group Name ( ): , . (, LACP, RSTP QoS), . .

System (): Contact ( ), Name (), Location (), Timezone ( ), Daylight Saving Time ( ), Log ( ).

Security (): Authentication (), System Access Management ( ), Port () ( Dot1x port ( Dot1x), MAC based ( MAC-), MAC Address Limit ( MAC-), ACL, HTTPS, SSH, ARP Inspection ( ARP), IP source guard ( IP- ).

IP: , 'ping'.

Port (): , 'VeriPHY'.

Diagnostics (): 'ping' 'VeriPHY'.

Maintenance (): CLI System Reboot ( ), System Restore Default ( ), System Password ( ), Configuration Save ( ), Configuration Load ( ), Firmware Load ( ). Web Users ( Web-), Privilege Levels ( ) Maintenance.

Debug (): CLI.

Privilege Levels ( ): :

configuration read-only (, ) configuration/execute read-write (/, -) status/statistics read-only (/, ) status/statistics read-write (e.g. for clearing of statistics) (/, -

, ).

, .

CLI:

web privilege group Z-Ring level cro 1 crw 15 sro 5 srw 10

2.5.1.3 Auth Method ( )

.

. 40. Security Switch Auth Method

Client (): , .

Methods (): :

no (): , .


local (): .

radius: RADIUS-. tacacs+: TACACS+-.

: , , , . . , , , , , . , 'local' (). , .

CLI:

aaa authentication login telnet radius tacacs local

2.5.1.4 SSH SSH.

. 41. Security Switch SSH

Mode ( ): SSH. :

Enabled (): SSH . , - . Disabled (): SSH .

: SSH, , 2 SSH.

CLI:

no ip ssh

2.5.1.5 HTTPS HTTPS.

. 42. Security Switch HTTPS

Mode ( ): HTTPS. HTTPS, HTTPS , web- HTTP. :

Enabled (): HTTPS . Disabled (): HTTPS .


Automatic Redirect ( ): HTTPS. , HTTPS "Enabled" (). HTTP web- HTTPS, HTTPS Automatic Redirect. :

Enabled (): HTTPS . Disabled (): HTTPS .

CLI:

ip http secure-server

ip http secure-redirect

2.5.2 Access Management ( )

2.5.2.1 Access Management Configuration ( )

. 16. , , .

. 43. Security Switch Access Management - Configuration

Mode ( ): . :

Enabled (): . Disabled (): .

VLAN ID: VLAN .

Start IP address ( IP-): IP- .

End IP address ( IP-): IP- .

HTTP/HTTPS: , , IP- HTTP/HTTPS.

SNMP: , , IP- SNMP.

TELNET/SSH: , , IP- TELNET/SSH .

, Add New Entry ( ). Delete () , .

Save (), . Reset (), , .

CLI:

access management 1 10 172.16.1.1 to 172.16.1.254 web telnet


2.5.2.2 Access Management Statistics ( )

.

. 44. Security Switch Access Management - Statistics

Interface (): , .

Received Packets ( ): , .

Allowed Packets ( ): , .

Discarded Packets ( ): , , .

CLI:

ZES-2220S# show access management statistics

Access Management Statistics:

-----------------------------

HTTP Receive: 12 Allow: 0 Discard: 12

HTTPS Receive: 0 Allow: 0 Discard: 0

SNMP Receive: 0 Allow: 0 Discard: 0

TELNET Receive: 3 Allow: 0 Discard: 3

SSH Receive: 0 Allow: 0 Discard: 0

2.5.3 SNMP SNMP System Configuration ( SNMP )

SNMP.

. 45. Security Switch SNMP - System Configuration

Mode ( ): SNMP. :


Enabled (): SNMP . Disabled (): SNMP .

Version (): SNMP. :

SNMP v1: 1 SNMP. SNMP v2c: 2c SNMP. SNMP v3: 3 SNMP.

Read Community ( Community ): community, , SNMP-. 0~255 ASCII 0x21 0x7E.

Write Community ( Community ): community, , SNMP-. 0~255 ASCII 0x21 0x7E. SNMP v1 v2c. SNMP v3, community community SNMPv3. SNMPv3 , SNMPv1 SNMPv2c. community, .

Engine ID: engine ID SNMPv3. ( ), 10 64; , F . Engine ID .

CLI:

snmp-server community v2c zelax_public RO

snmp-server community v2c zelax_private RW

2.5.3.1 Alarm Configuration ( ) SNMP trap.

. 46. Security Switch SNMP - Alarm Configuration

Global Settings ( )

Mode ( ): SNMP trap .

SNMP trap, Add New Entry ( ).


. 47. Security Switch SNMP - Trap Configuration

SNMP Trap Configuration ( SNMP Trap)

Config Name ( ): SNMP trap.

Trap Mode ( Trap): SNMP trap.

Enabled (): SNMP trap . Disabled (): SNMP trap .

Trap Version ( Trap): SNMP trap. :

SNMP v1: 1 SNMP trap. SNMP v2c: 2c SNMP trap. SNMP v3: 3 SNMP trap.

Trap Community ( Community SNMP trap): community SNMP trap. 0~255 ASCII 0x21 0x7E.

Trap Destination Address (IP- Trap): IP- SNMP trap. IP- ('x.y.z.w'). . - ( A-Z; a-z, 0-9, (.) (-)). . ; .

Trap Destination port ( Trap): SNMP trap. SNMP- SNMP ; 1~65535. SNMP trap 162.

Trap Inform Mode ( Trap Inform): SNMP trap inform. :

Enabled (): SNMP trap inform . Disabled (): SNMP trap inform .


Trap Inform Timeout (seconds) ( Trap Inform (): SNMP trap inform. : 0 2147.

Trap Inform Retry imes ( Trap Inform): SNMP trap inform. : 0 255.

Trap Probe Security Engine ID: SNMP trap probe security engine ID. :

Enabled (): SNMP trap probe security engine ID . Disabled (): SNMP trap probe security engine ID .

Trap Security Engine ID: SNMP trap security engine ID.

SNMPv3 trap inform, USM . engine ID . "Trap Probe Security Engine ID", (ID) . , ID, . ( ), 10 64; , F .

Trap Security Name: SNMP trap security name. SNMP trap inform SNMPv3 USM . trap inform, .

SNMP Trap Event ( SNMP Trap)

System (): (system trap events) :

Warm Start (): , .

Cold Start ( ): ( ).

AAA: , . trap .

Switch (): traps . traps:

STP: , STP trap. , STP trap.

RMON: , RMON trap. , RMON trap.

Power (): traps, . trap :

Power 1 Status ( 1): , trap 1. , trap 1.

Power 2 Status ( 2): , trap 2. , trap 2.

Interface (): traps, . traps:

Link Up ( ): none ()/specific ( )/all ports ( ).

Link Down ( ): none ()/specific ( )/all ports ( ).

LLDP: none ()/specific ( )/all ports ( ).

PoE: none ()/specific ( )/all ports ( ). PoE.


"specific" ( ), , . "Save" ().

Alarm Relay ( )

Power (): , . :

Power 1 Status ( 1): , 1. 1 , . , 1.

Power 2 Status ( 2): , 2. 2 , . , 2.

Interface (): , . :

Link Down ( ): none ()/specific ( )/all ports ( ). , , . , .

PoE: none ()/specific ( )/all ports ( ). PoE. PoE , , . , .

"specific" ( ), , .

CLI:

snmp-server host Test trap

no shutdown

host 192.168.0.105 162 traps

traps system warmstart coldstart

traps system warmstart coldstart aaa authentication

traps system warmstart coldstart aaa authentication power power1 power2

alarm power power1 power2

!

snmp-server trap

!


snmp-server host Test trap traps linkup linkdown

snmp-server host Test trap alarm linkdown

2.5.3.2 SNMPv3 Community Configuration ( SNMPv3 Community)

SNMPv3 community.


. 48. Security Switch SNMP - Communities

Delete (): , , . .

Community: community, SNMP-. 1~32 ASCII 0x21 0x7E. community , community SNMPv1 SNMPv2c. .

Source IP (IP- ): IP- SNMP.

Source Mask ( ): IP- SNMP.

CLI:

snmp-server community v3 public 192.168.0.0 255.255.255.0

2.5.3.3 SNMPv3 User Configuration ( SNMPv3)

SNMPv3. Engine ID User Name ( ).

. 49. Security Switch SNMP - SNMPv3 User

Engine ID: , engine ID, . ( ), 10 64; , F . SNMPv3 USM (User-based Security Model) VACM (View-based Access Control Model) . USM usmUserEngineID usmUserName. usmUserEngineID snmpEngineID . snmpEngineID (SNMP engine), . , engine ID engine ID , , .

User Name ( ): , , . 1~32 ASCII 0x21 0x7E.

Security Level ( ): , . :

NoAuth, NoPriv: . Auth, NoPriv: , .


Auth, Priv: , .

, . , , .

Authentication Protocol ( ): , . :

None (): . MD5: , ,

MD5. SHA: , ,

SHA.

, . , , .

Authentication Password ( ): , . MD5: 8 32 . SHA: 8 40 . ASCII 0x21 0x7E.

Privacy Protocol ( ): , . :

None (): . DES: , ,

DES. AES: , ,

AES.

Privacy Password ( ): , . 8~32 ASCII 0x21 0x7E.

, Add New Entry ( ). , Delete (), , .

Save (), .

Reset (), , .

2.5.3.4 SNMPv3 Group Configuration ( SNMPv3) SNMPv3.

Security Model ( ) Security Name ( ).

. 50. Security Switch SNMP - SNMPv3 Group

Security Model ( ): , . :

v1: SNMPv1.


v2c: SNMPv2. usm: USM (User-based Security

Model) SNMPv3.

Security Name ( ): , , . 1~32 ASCII 0x21 0x7E.

Group Name ( ): , , . 1~32 ASCII 0x21 0x7E.

2.5.3.5 SNMPv3 View Configuration ( SNMPv3) SNMPv3.

View Name ( ) OID Subtree ( OID).

. 51. Security Switch SNMP - SNMPv3 View

View Name ( ): , , . 1~32 ASCII 0x21 0x7E.

View Type ( ): , . :

included ( ): , , .

excluded ( ): , , . , 'excluded' ( ), 'included' ( ) OID 'excluded' ( ).

OID Subtree ( OID): OID , . OID: 1 128. , , (*).

2.5.3.6 SNMPv3 Access Configuration ( SNMPv3) SNMPv3.

: Group Name ( ), Security Model ( ) Security Level ( ).

. 52. Security Switch SNMP - SNMPv3 Access

Delete (): , , . .


Group Name ( ): , , . 1~32 ASCII 0x21 0x7E.

Security Model ( ): , . :

ny (): (v1|v2c|usm). v1: SNMPv1. v2c: SNMPv2. usm: USM (User-based Security

Model) SNMPv3.

Security Level ( ): , . :

NoAuth, NoPriv: . Auth, NoPriv: , . Auth, Priv: , .

Read View Name ( ): MIB, MIB, . 1~32 ASCII 0x21 0x7E.

Write View Name ( ): MIB, MIB, . 1~32 ASCII 0x21 0x7E.

2.5.4 RMON

2.5.4.1 RMON Statistics Configuration ( RMON) RMON. ID.

. 53. Security Switch RMON - Statistics Configuration

Delete (): , , . .

ID: . 1 65535.

Data Source ( ): ID , .

2.5.4.2 RMON History Configuration ( RMON) RMON History Configuration

, . RMON .

. 54. Security Switch RMON - History Configuration


ID: . 1 65535.

Data Source ( ): ID , .

Interval (): . 1800 . : 1 3600 .

Buckets ( ): , . 50. : 1 3600.

Buckets Granted ( ): .


Save (), . Reset (), , .

2.5.4.3 RMON Alarm Configuration ( RMON) ,

. , . . , .

. 55. Security Switch RMON - Alarm Configuration

ID: . 1 65535.

Interval (): . 1 2^31 .

Variable (): MIB, . ifEntry.n.n . : InOctets, InUcastPkts, InNUcastPkts, InDiscards, InErrors, InUnknownProtos, OutOctets, OutUcastPkts, OutNUcastPkts, OutDiscards, OutErrors OutQLen.

Sample Type ( ): .

Absolute ( ): .

Delta (): .

Value (): .

Startup Alarm ( ): , , .

Rising or Falling ( ): , , .

Rising (): , .

Falling (): , , .

Rising Threshold ( ): , , , . , ,


, . : -2147483647 2147483647.

Rising Index ( ): . 1~65535.

Falling Threshold ( ): , , , . , , , . (: -2147483647 2147483647)

Falling Index ( ): . 1~65535.


Save (), . Reset (), , .

2.5.4.4 RMON Event Configuration ( RMON) RMON Event Configuration ( RMON)

, .

. 56. Security Switch RMON - Event Configuration

Delete (): , , . .

ID: ID. 1~65535.

Desc: .

Type (): , :

None (): . Log (): , RMON. snmptrap: trap

trap. logandtrap: , trap.

Community: trap community, . community , SNMP trap configuration ( SNMP trap) . 0~127.

Event Last Time ( ): sysUpTime, .

2.5.4.5 RMON Statistics Overview ( RMON) RMON statistics overview .

, . . , 60 .


. 57. Security Switch RMON - Statistics Overview

ID: ID.

Data Source ( ): ID .

Drop ( ): - .

Octets (): .

Pkts: ( , ).

Broadcast ( ): , .

Multicast ( ): , .

CRC Errors ( ): 64 1518 ( , FCS).

Undersize ( ): 64 .

Oversize ( ): 1518 .

Frag.: 64 , CRC.

Jabb.: 64 , CRC.

Coll.: Ethernet.

64 Bytes ( 64 ): 64 ( ).

X~Y (65~127, 128~255, 256~511, 512~1023, 1024~1588): , X Y .

2.5.4.6 History Overview ( )

. 58. Security Switch RMON - History Overview

History Index ( ): .

Sample Index ( ): , .

Sample Start ( ): , ( , ).

Drop ( ): - .

Octets (): .

Pkts: ( , ).

Broadcast ( ): , .


Multicast ( ): , .

CRC Errors ( ): 64 1518 ( , FCS).

Undersize ( ): 64 .

Oversize ( ): 1518 .

Frag.: 64 , CRC.

Jabb.: 64 , CRC.

Coll.: Ethernet.

Utilization (): , .

2.5.4.7 Alarm Overview ( )

. 59. Security Switch RMON - Alarm Overview

ID: .

Interval (): ( ) .

Variable (): MIB, .

Sample Type ( ): , .

Value (): .

Startup Alarm ( ): , , , .

Rising Threshold ( ): , , , .

Rising Index ( ): , , , .

Falling Threshold ( ): , , , .

Falling Index ( ): , , , .

2.5.4.8 Event Overview ( )


. 60. Security Switch RMON - Event Overview

Event Index ( ): .

Log Index ( ): .

Log Time ( ): .

Log Description ( ): .

2.6 Network ()

2.6.1 Port Security ( ) (Port Security Limit Control)

, - VLAN ID ( ). , , , .

2.6.1.1 Limit Control ( )

. 61. Security Network - Port Security - Limit Control


System Configuration ( )

Mode ( ): () , . (), , .

Aging Enabled ( ): , MAC- , Aging Period ( ). , , , . , , (Aging Period), , .

Aging Period ( ): Aging Enabled ( ) , . 3600 . 10 10 000 000 .


Port (): . Port * .

Mode ( ): ( ). , , .

Limit (): MAC-, . 1024. , .

Action (): , :

None (): MAC-, . .

Trap (): MAC- , SNMP trap. (Aging) , SNMP trap. , SNMP trap , .

Shutdown ( ): MAC- , . , MAC- , MAC- . , , ( / ). : ; Limit Control (

) ; Reopen ().

Trap & Shutdown ( ): MAC- , - Trap () Shutdown ( ), .

State (): . :

Disabled (): ( , ). Ready (): . Limit Reached ( ): .

, Action () None () Trap ().

Shutdown ( ): . , Action


() Shutdown () Trap & Shutdown ( ).

Re-open Button ( ): , , , , . . Shutdown ( ) Action (). , Reopen ( ), , .

CLI:

port-security aging

port-security aging time 600

port-security

!


port-security

port-security maximum 2

port-security violation trap-shutdown

2.6.1.2 Switch Status ( )

. 62. Security Network - Port Security - Switch Status

User Module Legend ( )

User Module Name ( ): , .


Abbr: , Users () Port Status ( ).

Port Status ( )

Port (): . .

Users (): , , . '-' , . , , , .

State (): . :

Disabled (): , , .

Ready (): ; -.

Limit Reached ( ): , , ; , MAC- .

Shutdown ( ): , , . MAC- , .

MAC Count (Current/Limit) ( MAC- ( // )): -, (, ) -, . , (-). , Limit ( ) (-).

CLI:

ZES-2220S# show port-security switch

Users:

L = Limit Control

8 = 802.1X

Interface Users State MAC Cnt

----------------------- ----- ------------- -------

FastEthernet 1/1 L- Ready 0

FastEthernet 1/2 -- No users 0















GigabitEthernet 1/1 -- No users 0





2.6.1.3 Port Statistics ( ) MAC-, .

. 63. Security Network - Port Security - Port Statistics

MAC Address (-): Port Security Limit Control , MAC-, .

VLAN ID: VLAN ID, .

State (): , MAC- . - .

Time of Addition ( ): , MAC- .

Age/Hold (/ ): MAC-, MAC- ( ). MAC- , , MAC-. ( ) , MAC- MAC-. , . MAC- , (-).

2.6.2 NAS (Network Access Server)

, (supplicants) , . , IEEE 802.1X, , , .

, radius-, . RADIUS-, , EAPOL ( ). . , , RADIUS.


2.6.2.1 Configuration ()

. 64. Security Network NAS - Configuration

System Configuration ( )

Mode ( ): 802.1X -. , .

Reauthentication Enabled ( ): , , "Reauthentication Period" ( ). , .

Reauthentication Period ( ): , . 3600 . 1 3600 .

EAPOL Timeout ( EAPOL): , , Request Identify ( ) EAPOL. 30 . 1 65535 .

Aging Period ( ): , 802.1X -. 300 . 10 1 000 000 .

Hold Time ( ): , EAP, RADIUS, - . , Single 802.1X, Multi 802.1X -. 10 . 10 1 000 000 .

Radius-Assigned QoS Enabled ( QoS, Radius): , QoS, RADIUS.

Radius-Assigned VLAN Enabled ( VLAN, Radius): VLAN, RADIUS, VLAN, , . VLAN,


RADIUS, . RADIUS- RADIUS .

"RADIUS-Assigned VLAN Enabled" () / RADIUS- VLAN. , , VLAN RADIUS. , VLAN RADIUS .

Guest VLAN Enabled ( VLAN): VLAN VLAN, . , , VLAN. , VLAN .

Guest VLAN ID ( VLAN): VLAN ID , VLAN . VLAN ID , , VLAN. : 1 4095.

Max. Reauth. Count ( ): EAPOL, , VLAN. , VLAN . 1~255.

Allow Guest VLAN if EAPOL Seen ( VLAN, EAPOL): , EAPOL . VLAN, , . ( ), VLAN , EAPOL . ( ), VLAN, EAPOL . , VLAN .


Port (): . Port * .

Admin State ( ): . , NAS. :

Force Authorized ( ): () EAPOL, , .

Force Unauthorized ( ): () EAPOL, , .

Port-Based 802.1X (802.1X ): , dot1x- . , dot1x-, .

Single 802.1X ( 802.1X): Single 802.1X, , . EAPOL. , , , . , . , . . - Port Security ( ) ( , ).


Multi Single 802.1X ( 802.1X): Multi 802.1X, . ; - Port Security ( ).

MAC-based Auth. ( -): 802.1X, - EAPOL. -, , , . ( ), , , , , - RADIUS- EAP. 6- - "xx-xx-xx-xx-xx-xx", (-) - ( ).

MD5-Challenge, RADIUS- .

Radius-Assigned QoS Enabled ( QoS, Radius): , RADIUS-Assigned QoS .

Radius-Assigned VLAN Enabled ( VLAN, Radius): , RADIUS-Assigned VLAN .

Guest VLAN Enabled ( VLAN): , VLAN .

Port State ( ): ( 802.1X). :

Globally Disabled ( ): 802.1X MAC- .

Link Down ( ): 802.1X MAC- , .

Authorized (): .

Unauthorized ( ): , RADIUS- .

X Auth/Y Unauth ( /Y ): . , Y .

Restart (): , . , , ( System Configuration ( ), Admin State ( ) EAPOL-based ( EAPOL) MAC-Based ( MAC-). .

Reauthenticate ( ): , ( EAPOL). -, . , , , .

Reinitialize ( ): , . , .

CLI:

dot1x re-authentication

dot1x system-auth-control

!


dot1x port-control auto


!


dot1x port-control mac-based

2.6.2.2 Switch Status ( )

. 65. Security Network NAS - Switch Status

Port (): . NAS .

Admin State ( ): .

Port Status ( ): .

Last Source ( ): -, EAPOL EAPOL.

Last ID ( ID ): ( ), EAPOL EAPOL.

QoS Class ( QoS): QoS, NAS . QoS NAS, .

Port VLAN ID (VLAN-ID ): VLAN ID , NAS. VLAN ID NAS, .

CLI:

ZES-2220S# show dot1x status brief

Inf Admin Port State Last Src Last ID QOS VLAN Guest

-------- ----- ---------- ----------------- ----------------- ---- ---- -----

Fa 1/1 Port Down - - - - -

Fa 1/2 MAC Down - - - - -

Fa 1/3 Auth Down - - - - -

Fa 1/4 Auth Down - - - - -

Fa 1/5 Auth Auth - - - - -

Fa 1/6 Auth Down - - - - -


Fa 1/7 Auth Down - - - - -

Fa 1/8 Auth Down - - - - -

Gi 1/1 Auth Down - - - - -

Gi 1/2 Auth Down - - - - -

Gi 1/3 Auth Down - - - - -

Gi 1/4 Auth Down - - - - -

2.6.2.3 Port Statistics ( )

. 66. Security Network NAS - Port Statistics

Port State ( )

Admin State ( ): .

Port Status ( ): .

Receive EAPOL Counters ( EAPOL)

Total ( ): EAPOL , .

Response ID ( ): EAPOL , .

Responses ( ): EAPOL ( ), .

Start (): EAPOL, .

Logoff (): EAPOL, .

Invalid Type ( ): EAPOL, , .

Invalid Length ( ): EAPOL, , Packet Body Length ( ).

Transmit EAPOL Counters ( EAPOL)

Total (): EAPOL , .

Request ID (ID ): EAPOL , .

Requests (): EAPOL ( ), .


2.6.3 ACL ( ) ACL ,

. , .

2.6.3.1 Ports ()

. 67. Security Network ACL Ports

Port (): .

Policy ID ( ): . , , . 0. 0~255.

Action (): , .

Rate Limiter ID ( ): , . Rate Limiters ( ).

Port Redirect ( ): , .

Mirror (): . , , Mirror (). ACL, , . ACL Mirror () ACL Ports Configuration ( ACL). Mirror Configuration ( ), Port to mirror on (, ) , Mode ( ) Disabled ().

Logging ( ): . , System (), System Log Information ( ).

Shutdown ( ): , , .

State (): ^

Enabled (): .


Disabled (): .

Counters (): , , .

2.6.3.2 Rate Limiters ( )

. 68. Security Network ACL Rate Limiters

Rate Limiter ID ( ): .

Rate (): , . 0~3276700 pps (/.) 1, 100, 200, 3001000000 /.

Unit ( ): .

CLI:

access-list rate-limiter 1 100kbps 10

access-list rate-limiter 2 100kbps 5

2.6.3.3 Access Control List ( )

. , , .

. 69. Security Network ACL Configuration


Ingress Port ( ): . All (), ( ) .

Policy Bitmask ( ): ACE.

Frame Type ( ): , .

Action (): - permit () deny ().

Rate Limiter ( ): , , .

Port Redirect ( ): , .

Mirror (): , .

Counter (): , - , .

.

. 70. Security Network ACL ACE

ACE Configuration ( ACE)

Ingress Port ( ): . All (), .

Policy Filter (): . Any () , . Specific (), ACE.

Frame Type ( ): . : Any (), Ethernet, ARP, IPv4. .

Action (): - permit () deny ().

Rate Limiter ( ): , .

Mirror (): .

Logging ( ): .


Shutdown ( ): .

Counter (): , - , .

VLAN Parameters ( VLAN)

802.1Q Tagged (802.1Q ): , ( ).

VLAN ID Filter ( VLAN ID): VLAN ID ACE.

Any (): VLAN ID . Specific (): VLAN ID.

VLAN ID, ACE.

Tag Priority ( ): User Priority ( ), VLAN .

MAC Parameter (-)

SMAC Filter ( SMAC): - . Any (), - Specific (), - . ( Any () Ethernet.

DMAC Filter ( DMAC): - .

Any (): - . MC: -. BC: -. UC: -. Specific (): , -

. ( Ethernet.)

Ethernet Type Parameter ( Ethernet )

EtherType Filter ( Ether): Ethernet II. EtherType ( Ether) Specific ().

ARP Parameter ( ARP)

ARP/RARP: ARP.

Any (): ARP/RARP . ARP: ARP/RARP ARP. RARP: ARP/RARP RARP. Other (): ARP/RARP.

Request/Reply (/): , ARP, ARP .

Any (): ARP/RARP . Request (): ARP

Request ( ARP) RARP Request ( RARP). Reply (): ARP Reply

( ARP) RARP Request ( RARP).

Sender IP Filter ( IP- ): IP- .

Any (): IP- . Host (): IP- . Network (): IP- IP- .

Target IP Filter ( IP-): IP- .

Any (): IP- . Host (): IP-. Network (): IP- IP- .


ARP Sender SMAC Match ( SMAC- ARP): 0, , SHA (Sender Hardware Address ) ARP/RARP - . 1, , SHA ARP/RARP - . Any (), .

RARP Target MAC Match ( MAC- RARP): 0, , THA (Target Hardware Address ) ARP/RARP - . 1, , THA ARP/RARP - . Any (), .

IP/Ethernet Length ( IP-/Ethernet): 0, , HLN (Hardware Address Length ) ARP/RARP Ethernet (0x6) Protocol Address Length ( ) IPv4 (0x4). 1, , HLN ARP/RARP Ethernet (0x6) Protocol Address Length ( ) IPv4 (0x4). Any (), .

IP: 0, , Protocol Address Space ( ) ARP/RARP IP (0x800). 1, , Protocol Address Space ( ) IP (0x800). Any (), .

Ethernet: 0, , Hardware Address Space ( ) ARP/RARP Ethernet (1). 1, , Hardware Address Space ( ) Ethernet (1). Any (), .

IP Parameters ( IP)

IP Protocol Filter ( IP): IP , : Any (), ICMP, UDP, TCP Other ().

IP TTL: Zero (), , TTL IPv4 0. TTL 0, Non-Zero ( ). , any ( ).

IP Fragment ( IP): , Any ( ). Yes () , IPv4, MF, FRAG OFFSET 0 . No () , IPv4, MF, FRAG OFFSET 0 .

IP Option ( IP): .

, Any ( ). Yes () , IPv4 , . No () , IPv4 , .

SIP Filter ( SIP): IP- : Any (), Host () Network (). Host (), IP- . Network (), , .

SIP Address ( SIP): IP- .

SIP Mask ( SIP): .

DIP Filter ( DIP): IP- : Any (), Host () Network (). Host (), IP- . Network (), , .

DIP Address ( DIP): IP- .

DIP Mask ( DIP): .

IPv6 Parameters ( IPv6)


Next Header Filter ( ): . : ICMP, UDP, TCP, Other ( ).

SIP Filter ( SIP): IP- . Any () , SIP-. Specific (), SIP .

Hop Limit (. ): , Any ( ). 0, IPv6, hop limit . 1, IPv6, hop limit .

CLI:

access-list ace 1 ingress interface FastEthernet 1/2 vid 10 rate-limiter 1 logging

2.6.3.4 ACL Status ( )

. 71. Security Network ACL Status

ACL ACL. CE, . CE - , . CE 256.

User (/): ACL.

Ingress Port ( ): ACE. , .

Frame Type ( ): ACE. :

Any (): CE . EType: CE Ethernet. ,

Ethernet ACE IP ARP. ARP: CE ARP/RARP. IPv4: CE IPv4. IPv4/ICMP: ACE IPv4 ICMP. IPv4/UDP: ACE IPv4 UDP. IPv4/TCP CE IPv4 CP. IPv4/Other ( IPv4): IPv4,

ICMP/UDP/TCP. IPv6: CE IPv6.

Action (): () ACE.

Permit (): , ACE, .

Deny (): , ACE, .

Filtered (): , .

Rate Limiter ( ): . : 1 16. Disabled (), .

Port Redirect ( ): .

, . : Disabled (), . Disabled (), .


Mirror (): . :

Enabled (): , , . Disabled (): , , .

"Disabled" ().

CPU: , ACE CPU.

CPU Once ( CPU): , ACE CPU.

Counter (): .

Conflict (): . .

CLI:

ZES-2220S# show access-list ace-status

User

----

S : Static

IPSG: IP Source Guard

IPMC: IPMC

MEP : MEP

ARPI: ARP Inspection

UPnP: UPnP

PTP : PTP

DHCP: DHCP

LOOP: Loop Protect

? : Z-Ring

User ID Frame Action Rate L. Mirror CPU Counter Conflict

---- -- ----- ------ -------- -------- ------ ------- -------

S 1 Any Permit 1 Disabled No 0 No

Switch 1 access-list ace number: 1

2.6.4 DHCP DHCP Snooping

DHCP. DHCP Snooping , IP- () , DHCP Snooping. , , , , DHCP Snooping, , IP Source Guard.

2.6.4.1 Snooping Configuration ( DHCP Snooping)


. 72. Security DHCP Snooping Configuration

DHCP Snooping Configuration ( DHCP Snooping)

Snooping Mode ( Snooping): DHCP Snooping . DHCP snooping, DHCP , .

Port Mode Configuration ( )

Port (): . Port * .

Mode ( ): DCHP Snooping. Trusted () Untrusted ().

CLI:

ip dhcp snooping

!


no ip dhcp snooping trust

2.6.4.2 DHCP Relay

. 73. Security DHCP Relay configuration


Relay Mode ( DHCP Relay): DHCP relay.

Relay Server ( DHCP Relay): IP- DHCP-, DHCP relay .

Relay Mode ( DHCP Relay): DHCP Relay option 82. , , , , Relay Mode Enabled ().

Relay Information Policy ( DHCP Relay): DHCP Relay DHCP-, option 82.

Replace (): DHCP- DHCP Relay . .

Keep (): DHCP-. Drop (): , DHCP,

DHCP Relay.

CLI:

ip dhcp relay

ip helper-address 192.168.0.254

ip dhcp relay information option

2.6.4.3 Relay Statistics ( DHCP Relay)

. 74. Security DHCP Relay Statistics

DHCP Relay Statistics ( DHCP Relay)

Transmit to Server ( ): , .

Transmit Error ( ): , .

Receive from Client ( ): , .

Receive Missing Agent Option ( ): , .

Receive Missing Circuit ID ( ): , Circuit ID ( ).

Receive Missing Remote ID ( ): , Remote ID ( ).

Receive Bad Circuit ID ( ): , Circuit ID ( ) circuit ID.

Receive Bad Remote ID ( ): , Remote ID ( ) Remote ID.

Client Statistics ( )

Transmit to Client ( ): .


Transmit Error ( ): , .

Receive from Client ( ): , .

Receive Missing Agent Option ( ): , .

Replace Agent Option ( ): , .

Keep Agent Option ( ): , .

Drop Agent Option ( ): , , .

2.6.5 IP Source Guard ( IP- )


. 75. Security IP Source Guard Configuration

IP Source Guard Configuration ( IP- )

Mode ( ): IP- ().

Translate dynamic to static ( ): , .


Port (): . Port * .

Mode ( ): IP- . , , , IP- , , .

Max Dynamic Clients (. ): , . : 0, 1, 2, unlimited ( ).


0, IP-, (IP-) .

CLI:

ip verify source

!


ip verify source

ip verify source limit 1

2.6.5.2 Static Table ( )

. 76. Security IP Source Guard Static Table

Port (): .

VLAN ID: VLAN ID.

IP Address (IP-): IP-.

MAC Address (-): MAC-.

, Add New Entry ( ). Delete (), .

Save (), . Reset (), , , .

CLI:

ip source binding interface FastEthernet 1/2 2 192.168.0.105 00-1b-21-21-9f-fb

2.6.5.3 Dynamic Table ( ) IP- ,

, VLAN ID, IP- MAC-. , 20 . 999 ; , entries per page ( ).

. 77. Security IP Source Guard Dynamic Table


2.6.6 ARP inspection ( ARP)

2.6.6.1 Port Configuration ( )

. 78. Security ARP inspection Port Configuration

ARP Inspection Configuration ( ARP)

Mode ( ): ARP .


Port (): . Port * .

Mode ( ): ARP . , , , ARP , , .

Check VLAN ( VLAN): (Enable) (disable) VLAN.

Log Type ( ): .

None (): . Deny (): . Permit (): . All (): .

CLI:

ip arp inspection

!


no ip arp inspection trust

ip arp inspection check-vlan

ip arp inspection logging all


2.6.6.2 VLAN Configuration ( VLAN)

. 79. Security ARP inspection VLAN Configuration

VLAN ID: VLAN ARP. -, web- Port mode configuration ( ). , Global Mode ( ) Port Mode ( ), ARP Inspection . -, web- VLAN mode configuration ( VLAN) , VLAN . VLAN.

Log Type ( ): .

None (): . Deny (): . Permit (): . All (): .


Save (), . Reset (), , , .

CLI:

ip arp inspection vlan 10

ip arp inspection vlan 10 logging all

2.6.6.3 Static Table ( )

. 80. Security ARP inspection Static Table

Port (): .

VLAN ID: VLAN ID.


MAC Address (-): - ARP.

IP Address (IP-): IP- ARP.


Save (), . Reset (), , , .

CLI:

ip arp inspection entry interface FastEthernet 1/1 2 00-1b-21-21-9f-fb 192.168.0.105

2.6.6.4 Dynamic Table Status ( )

. 81. Security ARP inspection Dynamic Table Status

Port (): .

VLAN ID: VLAN ID, ARP.

MAC Address (-): - .

IP Address (IP-): IP- .

2.7 RADIUS


. 82. Security Radius Configuration

Global Configuration ( )

Timeout ( ): , , .

Retransmit ( ): , . , , .


Deadtime ( ): Deadtime ( ) , , . , , , . Deadtime , (0), , , . Deadtime: 0 1440 .

Key (): 64 . RADIUS- .

NAS-IP-Address: IPv4, 4 RADIUS. , IP- .

NAS-IPv6-Address: IPv6, 95 RADIUS. , IP- .

NAS Identifier ( NAS): 256 , 32 RADIUS. , NAS .

Server Configuration ( )

Hostname ( ): RADIUS- IP-.

Auth Port ( ): UDP, RADIUS- .

Acct Port ( ): UDP, RADIUS- .

Timeout ( ): , . , .

Retransmit ( ): , . , .

Key (): , . , .

CLI:

radius-server host 192.168.0.105

2.7.1.2 RADIUS Overview ( RADIUS)

. 83. Security Radius Overview


#: Radius. . , #.

IP Address (IP-): IP- UPD.

Status (): RADIUS. , , :

Disabled (): . Not Ready ( ): , IP

. Ready (): , IP .

RADIUS- .

2.7.1.3 RADIUS Details ( RADIUS)

. 84. Security Radius Details

RADIUS Authentication Statistics for Server ( RADIUS )

Access Accepts ( ): RADIUS Access-Accept ( ) , .

Access Rejects ( ): RADIUS Access-Reject ( ) , .

Access Challenges ( ): RADIUS Access-Challenge ( ) , .

Malformed Access Responses ( ): RADIUS Access-Response ( ), . . Bad authenticators ( ) Message Authenticator ( ), .


Bad Authenticators ( ): RADIUS, Message Authenticator ( ).

Unknown Types ( ): RADIUS, .

Packets Dropped ( ): RADIUS, .

Access Requests ( ): RADIUS Access-Request ( ), . .

Access Retransmissions ( ): RADIUS Access-Request ( ), RADIUS- .

Pending Requests ( ): RADIUS Access-Request ( ), , , . Access-Request ( ) Access-Accept ( ), Access-Reject ( ), Access-Challenge ( ), .

Timeouts ( ): . , , . ( ). ( ).

IP Address (IP-): IP- UDP .

State (): . :


. Ready (): , IP ; RADIUS

. Dead (X seconds left) ( ,

): , . (), . , , . , .

Round-Trip Time ( ): ( ) Access-Reply/Access-Challenge Access-Request RADIUS- . () 100 . 0 , .

RADIUS Accounting Statistics for Server ( RADIUS )

Responses ( ): RADIUS ( ), .

Malformed Responses ( ): RADIUS, . . .

Bad Authenticators ( ): RADIUS, , .

Unknown Types ( ): RADIUS , .

Packets Dropped ( ): RADIUS, .


Requests (): RADIUS, . .

Retransmissions ( ): RADIUS, RADIUS.

Pending Requests ( ): RADIUS, , , . , , ; .

Timeouts ( ): . , , . ( ). ( ).

IP Address (IP-): IP- UDP .

State (): . :


. Ready (): , IP ; RADIUS

. Dead (X seconds left) ( ,

): , . (), . , , . , .

Round-Trip Time ( ): ( ) RADIUS- . 100 . 0 , .

CLI:

ZES-2220S# show radius-server statistics

Global RADIUS Server Timeout : 5 seconds

Global RADIUS Server Retransmit : 3 times

Global RADIUS Server Deadtime : 0 minutes

Global RADIUS Server Key :

Global RADIUS Server Attribute 4 :



RADIUS Server #1:

Host name : 192.168.0.105

Auth port : 1812

Acct port : 1813

Timeout :

Retransmit :

Key :

RADIUS Server #1 (192.168.0.105:1812) Authentication Statistics:

Rx Access Accepts: 0 Tx Access Requests: 0

Rx Access Rejects: 0 Tx Access Retransmissions: 0

Rx Access Challenges: 0 Tx Pending Requests: 0

Rx Malformed Acc. Responses: 0 Tx Timeouts: 0

Rx Bad Authenticators: 0

Rx Unknown Types: 0


Rx Packets Dropped: 0

State: Ready

Round-Trip Time: 0 ms

RADIUS Server #1 (192.168.0.105:1813) Accounting Statistics:

Rx Responses: 0 Tx Requests: 0

Rx Malformed Responses: 0 Tx Retransmissions: 0

Rx Bad Authenticators: 0 Tx Pending Requests: 0

Rx Unknown Types: 0 Tx Timeouts: 0

Rx Packets Dropped: 0

State: Ready

Round-Trip Time: 0 ms

2.7.2 TACACS+ Tacacs+ .

. 85. Security Tacacs+

Global Configuration ( )

Timeout ( ): , TACACS+ , .

Deadtime ( ): Deadtime ( ) , , . , , , . Deadtime , ( 0 ), , , . Deadtime: 0 1440 .

Key (): 63 . TACACS+ .

Server Configuration ( )

Hostname ( ): TACACS+ IP-.

Port (): TCP, TACACS+ .

Timeout ( ): , . , .

Key (): , . , .

CLI:

tacacs-server key 123456

tacacs-server host 192.168.0.110 timeout 20


2.8 Aggregation () ,

, , , . , . : LACP.

Aggregation () static ( ) LACP.

. 86. Aggregation

2.8.1 Static ( )

. 87. Aggregation Static

Aggregation Mode Configuration ( )

Source MAC Address (- ): MAC- , .

Destination MAC Address (- ): MAC- , .

IP Address (IP-): IP- , .

TCP/UDP Port Number ( TCP/UDP): TCP/UDP , .

Aggregation Group Configuration ( )


Group ID ( ): , . Normal ( ) , . 2 10 (). , , .

Port Members (- ): , .

CLI:


aggregation group 1

!


aggregation group 1

2.8.2 LACP LACP (Link Aggregation Control Protocol

), IEEE 802.3ad. . , , LACP, , LACP. LACP, . , LACP, .

2.8.2.1 Port Configuration ( ) LACP.

. 88. Aggregation LACP

Port (): . Port * .

LACP Enabled ( LACP): LACP .

Key (): Auto () , . , , Specific (). : 1 65535. LACP .


, ( ).

Role (): Active ( ), Passive ( ), LACP. , , Active LACP. , LACP- , , . , - .

, LACP, , , LACP. , LACP LACP, , LACP.

Timeout ( ): Timeout ( ) BPDU. Fast (), LACP ; Slow (), LACP 30 .

Prio ( ): , . , , .

CLI:


lacp

!


lacp

2.8.2.2 System Status ( )

. 89. Aggregation System Status

Aggr ID ( ): , LAG (Link Aggregation Group).

Partner System ID ( ): LAG (MAC-).

Partner Key ( ): , LAG.

Partner Prio ( ): .

Last Changed ( ): , LAG.

Local Ports ( ): , LAG.


2.8.2.3 Port Status ( )

. 90. Aggregation Port Status

Port (): .

LACP: LACP .

Yes (): LACP , . No (): LACP , . Backup ( ): .

LAG, LAG.

Key (): .

Aggr ID ( ): , .

Partner System ID ( ): LAG .

Partner Port ( ): , .

Partner Prio ( ): .

2.8.2.4 Port Statistics ( )

. 91. Aggregation Port Statistics


Port (): .

LACP Received ( LACP): LACP, .

LACP Transmitted ( LACP): LACP, .

Discarded (): , .

2.9 Redundancy ()

. . , - . , , , , . STP (802.1d), RSTP (802.1w) MSTP (802.1s). Z-Ring ERPS (G.8032), , STP-.

, . , Redundancy ().

. 92. Redundancy

2.9.1 Z-Ring Z-Ring . 250

, , 10 . STP, Z-Ring , . Z-Ring ( ), , .



. 93. Aggregation Z-Ring Configuration

, Add New Instance ( ).

Instance (): . 5.

Type (): Z-Ring 3 . .

Z-Ring: Z-Ring . - Z-Ring.

. 94. Z-Ring

Z-Chain: Z-Chain , , Z-Ring , Z-Ring.

. 95. Z-Ring

Sub-Ring: Sub-Ring . Sub-Ring Z-Ring Z-Chain. .


Z-Ring

Z-Ring Z-Ring

Z-Ring Z-Ring

Z-Ring

Z-Ring

Sub-Ring

Sub-Ring

Sub-Ring

Sub-Ring

Z-Ring

Z-Ring

. 96. Z-Ring Sub-Ring

Master ( ): Master ( ) , , . , , (Master). , Master , Z-Ring -. , (Master) .

Port (): .

Edge (): , Z-Chain. , , Z-Chain.

(Master) .

Z-Ring

Z-Chain

Sub-Ring

1.

. , Z-Ring - . -. , Z-Ring - . -

. - -. , , Z-Ring . : Z-Chain, ( ) .

. , Z-Ring - . -. , Z-Ring - . -


.

.

2.

.

. , .

.

CLI:

ring 1 ring east interface FastEthernet 1/1 west interface FastEthernet 1/2

2.9.1.2 Status ()

. 97. Aggregation Z-Ring Status

Instance (): .

Type (): .

Role (): Master ( ) Slave ( ). .

East & West Port Number ( () ): , .

East & West Port State ( () ): . :

Forwarding (): . Blocking (): . Down (): .

East & West Port Edge ( () ): , .

Healthy ( ): .

: .

o: , . .


o: . blocked () forwarding (), .

CLI:

ZES-2220S#show ring 1

|-------East-------| |-------West-------|

Inst Type Role Interface State Edge Interface State Edge Healthy

----+-----+-----+---------+-----+----+---------+-----+----+-------

1 Ring - Fa 1/1 Down - Fa 1/2 Down - -

2.9.2 Loop Protection ( ) , ,

, . , . Loop Protection ( ), , . . , , , .


. 98. Loop Protection Configuration

General Settings ( )

Enable Loop Protection ( ): .

Transmission Time ( ): PDU . : 1 10 .

Shutdown Time ( ): , . : 0 604800 . 0 , , .



Port (): . Port * .

Enable (): .

Action (): , . : Shutdown Port ( ), Shutdown Port and Log ( , ) Log Only ( ).

Shutdown Port ( ): , , , Shutdown Time ( ).

Shutdown Port and Log ( , ): , , , Shutdown Time ( ), .

Log Only ( ): , .

Tx Mode ( ): PDU PDU, .

CLI:

loop-protect

loop-protect shutdown-time 60

!


no loop-protect

!


loop-protect action shutdown log

2.9.2.2 Status ()

. 99. Loop Protection Status

Port (): .

Action (): , .

Transmit (): (Tx).

Loops (): , .

Status (): , .

Loops (): , .

Time of Last Loop ( ): , .

2.9.3 Spanning Tree , ,

, . , . ,


(), , . , -, , , - ( ) . -, . . CPU .

, , STP , , , , .

STP (Spanning Tree Protocol) IEEE Standard 802.1s. 2- ( - Ethernet-) , , .

, , IEEE Standard 802.1s - RSTP (Rapid Spanning Tree Protocol (IEEE 802.1w)). RSTP STP, . , , () . , RSTP STP.

RSTP IEEE 802.1s MSTP (Multiple Spanning Tree protocol), VLAN . STP RSTP, MSTP STP VLAN. , VLAN, MSTP , STP.

2.9.3.1 Bridge Settings ( )

. 100. Spanning Tree Bridge Settings

Basic Settings ( )

Protocol Version ( ): . : STP, RSTP MSTP.

Bridge Priority ( ): , . ( ) , .


, . MSTP CIST. STP/RSTP.

Forward Delay ( ): STP, Forward Delay , Listening () Learning () Forwarding ( ). , . : 4 30 .

Max Age (. ): hello , . : 6 40 , Max Age (Forward Delay-1)*2.

Maximum Hop Count ( ): , BPDU . BPDU, . , BPDU . 20. 6 40.

Transmit Hold Count ( BPDU ): BPDU, . , BPDU . 6 . : 1 10.

, , CPU; . Transmit Hold Count , .

Advanced Settings ( )

Edge Port BPDU Filtering ( BPDU ): BPDU BPDU , .

Edge Port BPDU Guard ( BPDU ): , - . , . , BPDU. , , , .

BPDU, STP.

, BPDU guard. BPDU, , STP , BPDU. .

Port Error Recovery ( ): , , - , .

Port Error Recovery Timeout ( ): , , , - , . 30 86400 .

CLI:

spanning-tree mode rstp

spanning-tree edge bpdu-filter

spanning-tree edge bpdu-guard

spanning-tree mst 0 priority 4096


2.9.3.2 MSTI Mapping ( MSTI)

. 101. Spanning Tree MSTI Mapping

Configuration Identification ( )

Configuration Name ( ): MSTI. - . 32 . , STP MSTI, .

Configuration Revision ( ): MSTI. : 1 65535.

MSTI Mapping ( MSTI)

MSTI: MSTI.

VLAN Mapped ( VLAN): VLAN, MSTI. VLAN, VLAN. VLAN VLAN. (: 2,5,20-40). MSTI .

CLI:

spanning-tree mst name 00-1a-81-00-c0-a9 revision 0

spanning-tree mst 1 vlan 3-5

2.9.3.3 MSTI Priorities ( MSTI)


. 102. Spanning Tree MSTI Priorities

MSTI: MSTI . MSTI * .

Priority (): MSTI. , . . , , -. , , . : MSTI, 6- - .

CLI:

spanning-tree mst 1 priority 16384


2.9.3.4 CIST Ports ( CIST)

. 103. Spanning Tree CIST Ports

CIST Aggregated Port Configuration ( CIST)

Port (): .

STP Enabled ( STP): STP.

Path Cost ( ): . Auto (), . , , Specific (). : 1 200000000.

, , , .

Priority (): .

Admin Edge ( ): , Edge ().

Auto Edge ( ): , . , BPDU.

Restricted Role ( ): , CIST MSTI , STP.

Restricted TCN ( TCN): , .

BPDU Guard ( BPDU): BPDU. BPDU discarding. , , BPDU.

Point-to-Point (-): , .

Auto (): , - - .

Forced True ( -): -.

Forced False ( ): .

CLI:


spanning-tree

spanning-tree bpdu-guard


spanning-tree mst 0 port-priority 16

2.9.3.5 MSTI Ports ( MSTI)

. 104. Spanning Tree MSTI Ports

MSTI, , Get ().

. 105. Spanning Tree MSTI Port Configuration

Port (): .

Path Cost ( ): . Auto (), . , , Specific (). : 1 200000000.

, , , .

Priority (): .

2.9.3.6 Bridge Status ( )


. 106. Spanning Tree Bridge Status

STP Bridge ( STP)

MSTI: . .

Bridge ID ( ): , - .

Root ID ( ): -.

Root Port ( ): , . . , .

Root Cost ( ): . . .

Topology Flag ( ): .

Topology Change Last (

Documents

Zes-22xx Configuration Guide