ZyXEL Communications XGS3700 Series User manual

1/215

www.zyxel.com

Switch Series

Firmware Version 4.50

Edition 04/2018

Handbook

Default Login Details

LAN Port IP Address

https://192.168.1.1

User Name

admin

Password

1234

Communications Corporation

2/215

www.zyxel.com

Classifications of Zyxel switches:

 L2 switches: GS2210/ XGS2210/ GS1920/ XGS1930 series

 L2+ switches: XGS3700/ GS3700 series

 L3 switches: XGS4600 series

3/215

www.zyxel.com

Contents

Basic principles for network management ................................................. 9

1.1 How to use the Wizard function .............................................................. 9

1.1.1 Basic ................................................................................................. 11

1.1.2 Protection ........................................................................................ 13

1.1.3 VLAN ................................................................................................ 15

1.1.4 QoS ................................................................................................... 16

1.2 How to customize your default configuration ..................................... 17

1.2.1 Configuration on Switch ............................................................... 19

1.2.2 Test the Result ................................................................................. 20

1.3 How to change the switch management IP address to avoid

accessing the wrong device ...................................................................... 22

1.3.1 Configuration in the Switch-2 ....................................................... 22

1.3.2 Test the Result ................................................................................. 24

1.4 How to configure the switch with a device name to avoid accessing

the wrong device ........................................................................................ 25

1.4.1 Configuration in Switch-1 .............................................................. 26

1.4.2 Test the Result ................................................................................. 27

1.5 How to configure the switch to update the time from an NTP server28

1.5.1 Configuration in Switch ................................................................. 29

1.5.2 Test the Result ................................................................................. 30

1.5.3 What could go wrong? ................................................................. 32

1.6 How to configure the switch to backup events on a SYSLOG server

....................................................................................................................... 33

1.6.1 Configure the Switch-1 ................................................................. 34

1.6.2 Test the Result ................................................................................. 36

1.6.3 What could go wrong? ................................................................. 37

1.7 How to configure the switch with a port name to quickly identify

directly connected devices ....................................................................... 38

1.7.1 Configure Switch-1 ........................................................................ 39

1.7.2 Test the Result ................................................................................. 40

1.8 How to collect the Diagnostic Info ....................................................... 41

1.8.1 Collect the Diagnostic Info from web GUI ................................. 42

1.8.2 Test the Result ................................................................................. 43

1.9 How to change the default administrator password .......................... 44

4/215

www.zyxel.com

1.9.1 Change the default administrator password ............................ 45

1.9.2 Test the Result ................................................................................. 46

1.10 How to configure a whitelist for remote management to prevent

unauthorized access ................................................................................... 47

1.10.1 Configure the whitelist of the remote management ............. 48

1.10.2 Test the Result ............................................................................... 49

1.10.3 What could go wrong? ............................................................... 50

1.11 How to configure DHCP auto-configuration ..................................... 51

1.11.1 DHCP auto-configuration flow .................................................. 53

1.11.2 Configure DHCP auto-configuration ........................................ 53

1.11.3 Test the Result ............................................................................... 60

1.11.4 What Could Go Wrong ............................................................... 64

Designing the Local Area Network ............................................................ 65

2.1 How to configure the switch to separate traffic between departments

using VLAN ................................................................................................... 65

2.1.1 Configure Switch-1 ........................................................................ 66

2.1.2 Configure Switch-2 ........................................................................ 69

2.1.3 Test the Result ................................................................................. 71

2.2 How to configure the switch to route traffic across VLANs ................ 72

2.2.1 Configure VLAN 10 ........................................................................ 73

2.2.2 Configure VLAN 20 ........................................................................ 75

2.2.3 Set the gateway on PC-1 and PC-2 ........................................... 77

2.2.4 Test the Result ................................................................................. 79

2.2.5 What could go wrong ................................................................... 80

2.3 How to configure the switch to perform DHCP service in a VLAN .... 81

2.3.1 Configure VLAN 10 ........................................................................ 82

2.3.2 Configure VLAN 20 ........................................................................ 84

2.3.3 Configure the Switch and PC ...................................................... 86

2.3.4 Test the Result ................................................................................. 89

2.3.5 What Could Go Wrong ................................................................. 90

Improving Network Reliability .................................................................... 91

3.1 How to configure a stacked switch to ensure high server availability

....................................................................................................................... 91

3.1.1 Configure Switch-1 and Switch-2 for Stacking .......................... 92

3.1.2 Configure Link Aggregation on Stacked switch ....................... 94

3.1.3 Configure Link Aggregation on Switch-3 ................................... 95

5/215

www.zyxel.com

3.1.4 Test the Result ................................................................................. 96

3.1.5 What Could Go Wrong ................................................................. 97

3.2 How to configure RSTP in a ring topology ........................................... 98

3.2.1 Configure Switch ............................................................................ 99

3.2.2 Test the Result ............................................................................... 102

3.2.3 What Could Go Wrong ............................................................... 104

3.3 How to configure VRRP to provide hosts with a redundant gateway

..................................................................................................................... 105

3.3.1 Configuration in the Gateway-A .............................................. 106

3.3.2 Configuration in the Gateway-B ............................................... 109

3.3.3 Test the Result ............................................................................... 112

3.3.4 What Could Go Wrong? ............................................................. 114

3.4 How to configure bandwidth control to limit incoming or outgoing

traffic rate ................................................................................................... 115

3.4.1 Configure Switch .......................................................................... 116

3.4.2 Test the Result ............................................................................... 117

3.5 How to configure ACL to rate limit IP traffic ...................................... 118

3.5.1 Configure VLAN and Route Traffic ............................................ 119

3.5.2 Configure the Classifier ............................................................... 120

3.5.3 Configure the ACL (Policy Rule) ................................................ 122

3.5.4 Test the Result ............................................................................... 124

3.5.5 What Could Go Wrong ............................................................... 126

Designing an IPTV Network ....................................................................... 127

4.1 Introduction for IGMP .......................................................................... 127

4.1.1 What are General Queries and Group Specific Queries? .... 127

4.1.2 What are IGMP Snooping Querier Modes? ............................. 127

4.1.3 What are the differences between IGMP Snooping

fast/normal/immediate leave? .......................................................... 128

4.2 How to configure IGMP routing for multicast clients in a different LAN

..................................................................................................................... 129

4.2.1 Configure Switch-1 ...................................................................... 130

4.2.2 Configure Switch-2 ...................................................................... 131

4.2.3 Test the Result ............................................................................... 132

4.2.4 What Could Go Wrong ............................................................... 133

4.3 How to configure IGMP Snooping for multicast clients in the same

LAN .............................................................................................................. 134

6/215

www.zyxel.com

4.3.1 Configure Switch .......................................................................... 135

4.3.2 Test the Result ............................................................................... 136

Network Security ........................................................................................ 137

5.1 How to configure the port security to limit the number of connected

devices ....................................................................................................... 137

5.1.1 Configure Switch-1 ...................................................................... 138

5.1.2 Test the Result ............................................................................... 139

5.1.3 What Could Go Wrong ............................................................... 140

5.2 How to configure MAC filter to block unwanted traffic ................... 141

5.2.1 Configure Switch-1 ...................................................................... 142

5.2.2 Test the Result ............................................................................... 143

5.2.3 What Could Go Wrong ............................................................... 144

5.3 How to configure the switch to prevent IP scanning ........................ 145

5.3.1 Configuration in the Switch ........................................................ 146

5.3.2 Test the Result ............................................................................... 147

5.3.3 What Could Go Wrong? ............................................................. 150

5.4 How to Configure the Switch and RADIUS Server to Provide Network

Access through 802.1x Port Authentication ............................................ 151

5.4.1 Configuration in the Switch ........................................................ 152

5.4.2 Configuration in the RADIUS-Server .......................................... 154

5.4.3 Test the Result ............................................................................... 155

5.4.4 What May Go Wrong? ................................................................ 159

5.5 How to configure the switch to send unauthorized users in a guest

VLAN ........................................................................................................... 160

5.5.1 Configure 802.1x Port Authentication on the Switch ............. 161

5.5.2 Configure VLAN for Guest VLAN ............................................... 161

5.5.3 Configure Guest VLAN for Failed Authentication ................... 161

5.5.4 Configure the RadiusServer ........................................................ 162

5.5.5 Configure the setting on User-A, User-B and Guest ................ 163

5.5.6 Test the Result ............................................................................... 165

5.5.7 What Could Go Wrong ............................................................... 167

5.6 How to Configure the Switch and RADIUS Server to Provide Network

Access through Device MAC Address .................................................... 169

5.6.1 Configuration in the Switch ........................................................ 169

5.6.2 Configuration in the RADIUS-Server .......................................... 171

5.6.3 Test the Result ............................................................................... 172

7/215

www.zyxel.com

5.6.4 What Could Go Wrong? ............................................................. 173

5.7 How to configure the switch to prevent ARP spoofing ..................... 175

5.7.1 Configuration in the Switch ........................................................ 176

5.7.2 Test the Result ............................................................................... 178

5.7.3 What Could Go Wrong? ............................................................. 179

5.8 How to Configure the Switch to Protect Against Rogue DHCP Servers

..................................................................................................................... 180

5.8.1 Configuration in the Switch ........................................................ 181

5.8.2 Test the Result ............................................................................... 184

5.8.3 What Could Go Wrong? ............................................................. 185

5.9 How to configure IPSG static binding for trusted network devices . 186

5.9.1 Configuration in the Switch ........................................................ 187

5.9.2 Test the Result ............................................................................... 188

5.10 How to configure ACL to block unwanted traffic ........................... 189

5.10.1 Configure VLAN and Route Traffic .......................................... 190

5.10.2 Configure the Classifier ............................................................. 191

5.10.3 Configure the Policy Rule ......................................................... 193

5.10.4 Test the Result ............................................................................. 194

5.10.5 What Could Go Wrong ............................................................. 195

Implementing VOIP ................................................................................... 196

6.1 How to configure an IP Phone's VLAN using LLDP-MED ................... 196

6.1.1 Configure VLAN for IP Phone ..................................................... 197

6.1.2 Configure Switch .......................................................................... 198

6.1.3 Test the Result ............................................................................... 200

6.1.4 What Could Go Wrong ............................................................... 201

6.2 How to configure the switch to separate VOIP traffic from data traffic

..................................................................................................................... 202

6.2.1 Configure VLAN 100 for IP Phone .............................................. 203

6.2.2 Configure Voice VLAN ................................................................ 204

6.2.3 Test the Result ............................................................................... 205

6.2.4 What Could Go Wrong ............................................................... 206

6.3 How to configure the switch to improve Voice traffic quality ......... 207

6.3.1 Configure VLAN for voice traffic ............................................... 208

6.3.2 Configure Voice VLAN ................................................................ 209

6.3.3 Configure Mirroring (For “Test the Result”) ............................... 210

6.3.4 Test the Result ............................................................................... 211

8/215

www.zyxel.com

6.3.5 What Could Go Wrong ............................................................... 212

Implementing PoE ...................................................................................... 213

7.1 How does the PoE LED works .............................................................. 213

7.1.1 Meanings of PoE LED ................................................................... 214

7.1.2 Examples ....................................................................................... 215

9/215

www.zyxel.com

Basic principles for network management

1.1 How to use the Wizard function

Wizard is a new function which provides an easier and faster way for

users to set up switches. The wizard includes four often-used basic

settings, which are:

 Basic

 Protection

 VLAN

 QoS

Wizard interface

10/215

www.zyxel.com

Note:

1. Applying configurations made in the Wizard menu will cause all other

configurations not supported in the Wizard to return to default settings.

2. Original VLAN configurations set on Web GUI will NOT be merged into the

Wizard.

Following example was tested using XGS1930-28HP (Firmware Version: V4.50).

This feature is for L2 capable switches only. (Only for XGS1930 series)

11/215

www.zyxel.com

1.1.1 Basic

1 In IP, users can configure the switch management IP address,

Subnet Mask, Gateway and DNS server.

2 In Password, users can change the administrator password as

well as configure SNMP settings. We can configure passwords

for Get, Set and Trap communities.

12/215

www.zyxel.com

3 In Link Aggregation, users can configure Link aggregation

settings with a maximum of 5 trunks.

4 In Summary, users can confirm final settings on this page.

13/215

www.zyxel.com

1.1.2 Protection

1 By using Loop Guard, users can prevent loops from

happening.

2 In Broadcast Storm Control, users can limit broadcast traffic by

pkt/s.

14/215

www.zyxel.com

3 In Summary, we can confirm setting of Loop Guard and

Broadcast Storm Control.

15/215

www.zyxel.com

1.1.3 VLAN

1 We can use the Wizard to setup VLAN with a faster and easier

way. Users can configure 5 VLANs.

16/215

www.zyxel.com

1.1.4 QoS

Users can configure QoS as High, Medium and Low to divide packets

into different priorities. Below are the meanings of High, Medium and

Low.

 High: Priority= 5

 Medium: Priority= 3

 Low: Priority= 1

17/215

www.zyxel.com

1.2 How to customize your default configuration

This example shows administrators how to define your own configuration

as the default configuration. Sometimes, when users configure settings

on the switch, they might accidentally change settings that could

cause service downtime. However, it might be difficult to recover it in a

short time because too many changes have been made. To create a

better user experience, ZYXEL provides a new solution which allows users

to define their own default configuration. This is called Custom Default.

By using either the hardware restore button or Web GUI, users can

recover configurations back to their own custom default settings.

The following is an application:

One of ZYXEL’s customers, who is an Internet Service Provider, benefits a

lot from it. Before they provide services for their customers, they will

configure a last known good configuration that best matches the

customer’s environment, such as management IP interface and VLAN

database, to the switch’s Custom Default setting. Every time their

customers misconfigure the switch and unexpectedly causing service

loss, they will first ask the customers to return the switch back to custom

default settings. Compared to returning to factory default settings, the

customers do not suffer from long service down times, while the ISP

spends less time and resources debugging for their customers.

Figure 1 illustrates conditions set by ISP, which works fine. VLAN 100 is

VLAN for management and VLAN 200 is VLAN for normal traffic. When

service works fine, PC-B can successfully ping the interface of VLAN 200.

ISP can save this configuration as Custom Default.

18/215

www.zyxel.com

Condition in which the network works fine

Note:

All network IP addresses and subnet masks are used as examples in this article.

Please replace them with your actual network IP addresses and subnet masks. This

example was tested using XGS1930-28HP (Firmware Version: V4.50).

19/215

www.zyxel.com

1.2.1 Configuration on Switch

1 After making sure running configurations work fine. Enter the

web GUI and go to Menu Management > Maintenance >

Save Configuration > Custom Default. The running

configuration will be saved to Custom Default.

20/215

www.zyxel.com

1.2.2 Test the Result

If customer accidentally deletes the IP interface in VLAN 200

(192.168.200.1), Switch-B will not be able to ping Switch.

Users can use two methods to restore Switch to Custom

Default and prevent service down-time.

1 Hardware button

Press and hold down the RESTORE button on the panel

for 3 ~ 6 seconds until Power LED turns blinking green.

Note:

1. RESTORE Button behaviors:

No Action: Press < 3 seconds

Return to custom default: 3 ~ 6 seconds until Power LED

turns blinking green

Factory Default: 7 ~ 10 seconds until power LED turns solid

amber

2. When triggering Custom default, both Config 1 and Config 2

will be reset to Custom Default configuration without

undergoing reboot.

Page is loading ...

ZyXEL Communications XGS3700 Series User manual

Related papers

Other documents