Basic Configuration Manual for Zyxel 3124F Switch 08072010v1.0

Zyxel Switch Configuration Manual

Confidential : This document is intended for internal use of Tulip only.

Tulip Telecom Ltd., A – 235, Okhla Phase I New Delhi – 110 020

Document Title : Zyxel Switch Configuration Manual

Document Owner : Vriti Kulshrestha

Document Classification : Confidential

This is a confidential document of Tulip and reproduction, translation, transformation to any medium requires prior written approval of Tulip. This document includes confidential information related to Tulip and shall not be distributed to the persons other than those mentioned in the distribution list without the consent of the parties.

Document distribution List

Serial Number Name Purpose

1 SV Ramana Review & Approve

2 Arun Singh Review & Approve


Zyxel Switch Configuration Manual

CONTENTS• Configuring Hostname• How To Save configuration• Basic Configuration

1. Administrator password configuration2. Enable password configuration3. Management IP address4. Speed-duplex setting5. Access and Trunk port configuration

• Multiple Spanning Tree• Rate-limit• Storm-Control• IGMP Snooping• Tacacs+ Authentication• Port Security• MTU on Switch• Port Mirroring• BPDU Control• Password Recovery procedure


DEFAULT LOGINIn-band IP Address http://192.168.1.1

Out-of-band IP Address http://192.168.0.1User Name admin

Password 1234

Configuring Host Name:

ES-3124F(config)#hostname <name_string> System name stringES-3124F(config)# hostname ZyxelZyxel(config)#

Saving Your Configuration:

Zyxel(config)# write memoryConfiguring Basic Parameters:

Changing the Administrator Password:

Syntax:admin-password <pw-string> <Confirm-string>

Example:Zyxel(config)# admin-password <pw-string> New PasswordZyxel(config)# admin-password tulip <confirm-string> Retype to ConfirmZyxel(config)# admin-password tulip tulip

Changing the Enable Password:

Syntax:password <password>

Example:Zyxel(config)# password <password> Password StringZyxel(config)# password tulip

Changing the Management IP Address:

The Switch has a different IP address in each VLAN. By default, the Switch has VLAN 1 with IP address 192.168.1.1 and subnet mask 255.255.255.0.


Syntax: ip address inband-default <ip> <mask>

Example:Zyxel(config)# vlan 1Zyxel(config-vlan)# ip address ?<ip-address> IP Address default-gateway Configre inband default gateway inband-default In-band Default IP SettingZyxel(config-vlan)# ip address inband-default 2.2.2.2 255.255.255.0Zyxel(config-vlan)# ip address default-gateway 2.2.2.1

Modifying port speed and duplex mode:The ports auto-sense and auto-negotiate the speed and duplex mode of the connected device. You can manually enter the port speed to operate at either 10, 100, or 1000 Mbps.

Syntax: speed-duplex <value>The default is auto (auto-negotiation).

Example:Zyxel(config)# interface port-channel 20Zyxel(config-interface)# speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full> Set Interface Speed duplexZyxel(config-interface)# speed-duplex 100-full

Disabling or re-enabling a port:

A port can be made inactive (disable) or active (enable) by selecting the appropriate status option.The default value for a port is enabled.This same as shutdown and noshutdown option in other switches.

Example:Zyxel(config)# interface port-channel 20Zyxel(config-interface)# inactive //disable the port//Zyxel(config)# interface port-channel 20Zyxel(config-interface)# no inactive //enable the port//

Configuring Access Port:• In this switch the access port means the untagged port.• The ports are defined untagged under the particular VLANs which are to be allowed on that port.

Syntax: vlan <Vlan number> untagged <port number>


Example:Zyxel(config)# vlanvlan vlan-stacking vlan-type vlan1q Zyxel(config)# vlan 20Zyxel(config-vlan)#untagged <port-list> Untagged port listZyxel(config-vlan)# untagged 20Zyxel(config-vlan)#

Configuring Trunk Port:• In this switch the trunk port means the tagged port.• By default, all the ports are tagged for all the configured vlans. So no specific command required to make a trunk port.

Multiple Spanning Tree:

Configuring MSTP Mode:With the introduction of MSTP, a system can be either under MSTP mode or not under MSTP mode. The default state is to not be under MSTP mode.To configure a system into MSTP mode, use the following command at the Global Configuration level.

Example:Zyxel(config)# spanning-tree mode

<RSTP|MRSTP|MSTP> spanning tree modeZyxel(config)# spanning-tree mode MSTP

Setting the MSTP name:Each switch that is running MSTP is configured with a name. For compatibility of MSTP with Cisco and Maipu you need to configure identical MSTP name on all.

Syntax: mstp configuration-name <name> Sets a name for an MSTP region. name: 1-32 printable characters

Example:Zyxel(config)# mstp configuration-name <name> Name stringZyxel(config)# mstp configuration-name TULIP_TEST

Setting the MSTP revision number:

Each switch that is running MSTP is configured with a revision number.For compatibility of MSTP with Cisco and Maipu you need to configure identical number on all.Syntax: mstp revision <0-65535> Sets the revision number for this MST Region


configuration.

Example:Zyxel(config)#mstp revision 10

Configuring an MSTP instance:

An MSTP instance is configured with an MSTP ID for each region. Each region can contain one or more VLANs.Syntax: mstp instance <0-16> vlan <vlan-list> no mstp instance <0-16> vlan <1-4094> Disables the assignment of specific VLANs from an MST instance.

Example:

Zyxel(config)# mstp instance 1 vlan 3,5,7 Specifies the VLANs that belongs to the instance.

Configuring bridge priority:

Priority can be configured for a specified instance. You can set a priority to the instance that gives it forwarding preference over lower priority instances within a VLAN or on the switch.Syntax: mstp instance <0-16> priority <0- 61440>

Example:Zyxel(config)#mstp instance 1 priority 8192Notes:

• Acceptable values are 0 - 61440 in increments of 4096.

Configuring Mstp on Ports:

Syntax: mstp instance <0-16> interface port- channel <port-list>

Example:Zyxel(config)# mstp instance 0 interface port-channel 1

Activating MSTP on a switch:To enable MSTP on your switch, use the following at the Global Configuration level.

Zyxel(config)#mstp Activates MSTP on the Switch. Zyxel(config)#no mstp Disables MSTP on the Switch.

Port Based Rate-limit:

Two separate commands (bandwidth-limit cir and


bandwidth-limit pir) are used to control the Committed Information Rate (CIR) and the Peak Information Rate (PIR) allowed on a port. The CIR and PIR should be set for all ports that use the same uplink bandwidth. If the CIR is reached, packets are sent at the rate up to the PIR. When network congestion occurs,packets through the ingress port exceeding the CIR will be marked for drop.

Ingress Rate-limit:

Syntax: bandwidth-control Enables bandwidth control on the Switch. interface port-channel <port-list> Enters subcommand mode for configuring the specified ports. bandwidth-limit cir Enables commit rate limits on the specified port(s). bandwidth-limit cir <rate> Sets the guaranteed bandwidth allowed for the incoming traffic flow on a port.

Example:Zyxel(config)# int port-channel 20Zyxel(config-interface)# bandwidth-limit cir Set Interface Bandwidth limit egress Set Interface Bandwidth limit pir Set Interface Bandwidth limit

Zyxel(config-interface)# bandwidth-limit cir <Kbps> Set Interface Bandwidth limit <cr> Set Interface Commit Bandwidth limitZyxel(config-interface)# bandwidth-limit cir Zyxel(config-interface)#bandwidth-limit cir 64

Egress Rate-limit:

Syntax: bandwidth-control Enables bandwidth control on the Switch. interface port-channel <port-list> Enters subcommand mode for configuring the specified ports.

bandwidth-limit egress Enables bandwidth limits for outgoing traffic on the port(s).

bandwidth-limit egress <rate> Sets the maximum bandwidth allowed for outgoing traffic on the port(s).

Example:Zyxel(config)# int port-channel 20Zyxel(config-interface)# bandwidth-limit cir Set Interface Bandwidth limit


egress Set Interface Bandwidth limit pir Set Interface Bandwidth limit

Zyxel(config-interface)# bandwidth-limit egressZyxel(config-interface)# bandwidth-limit egress 64

Storm-Control:

Storm control prevents traffic on a LAN from being disrupted by a broadcast, a multicast, or a unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in the network configuration, or users issuing a denial-of-service attack can cause a storm.

To enable any kind of storm control first you have to enable it globally.

Syntax: storm-control Enables broadcast storm control on the Switch. no storm-control Disables broadcast storm control on the Switch.

Example:ZYXEL(config)# storm control

Broadcast Storm-control:

Syntax:

broadcast-limit Enables the broadcast packet limit on the specified port(s). broadcast-limit <pkt/s> Specifies the maximum number of broadcast packets the Switch accepts per second on the specified port(s).

Example:ZYXEL(config)# int port-channel 20ZYXEL(config-interface)# broadcast-limit <cr>

<pkt/s> Set Interface Broadcast Limit

ZYXEL(config-interface)# broadcast-limitZYXEL(config-interface)# broadcast-limit 100

Multicast Storm-Control:Syntax:


multicast-limit Enables the multicast packet limit on the specified port(s). C 13

multicast-limit <pkt/s> Specifies the maximum number of multicast packets the Switch accepts per second on the specified port(s).

Example:ZYXEL(config)# int port-channel 20ZYXEL(config-interface)# multicast-limit <cr>

<pkt/s> Set Interface Multicast Limit

ZYXEL(config-interface)# Multicast-limitZYXEL(config-interface)# Multicast-limit 100

Unknown Unicast Storm-Control:

Syntax: dlf-limit Enables the DLF packet limit on the specified port(s). dlf-limit <pkt/s> Specifies the maximum number of DLF packets the Switch accepts per second on the specified port(s).

Example:

ZYXEL(config)# int port-channel 20

ZYXEL(config-interface)# dlf-limit

<cr>

<pkt/s> Set Interface DLF Limit

ZYXEL(config-interface)# dlf-limit 100

IGMP Snooping

Syntax:

igmp-snooping Enables IGMP snooping. no igmp-snooping Disables IGMP snooping.

igmp-filtering Enables IGMP filtering on the Switch. Ports can only join multicast groups specified in their IGMP filtering profile.

igmp-filtering profile <name> start-address <ip> end- address <ip>


Sets the range of multicast address(es) in a profile.

Example:

ZYXEL(config)# igmp-snoopingZYXEL(config)# igmp-filtering

<cr> Enable IGMP Filtering

profile Add new igmp filter profileZYXEL(config)# igmp-filtering

Tacacs+ Authentication:

Step 1:

aaa authentication enable: <method1> [<method2>

Specifies which method should be used first, second, and third for checking

privileges.

method: enable, radius, or tacacs+.

Step 2:

aaa authentication login

Specifies which method should be used first, second, and third for the

authentication of login accounts.

method: local, radius, or tacacs+.

Step 3:

tacacs-server host <index> <ip> [auth-port <socket-number>][key<key-tring>]

Specifies the IP address of the specified TACACS+ server.Optionally, sets the port

number and key of the TACACS+

Step 4:

tacacs-server mode <index- priority|round-robin>

Specifies the mode for TACACS+ server selection.

Step 5:

tacacs-server timeout <1-1000>

Specifies the TACACS+ server timeout value.

Example:


ZYXEL(config)# aaa authentication enable tacacs+

ZYXEL(config)# aaa authentication login tacacs+

ZYXEL(config)# tacacs-server host 71.5.101.4 key cisco123

NTP Configuration:

Syntax:

timesync server <ip>

Sets the IP address of your time server. The Switch synchronizes with the time server in the following situations: • When the Switch starts up. • Every 24 hours after the Switch starts up. • When the time server IP address or protocol is updated.

timesync <daytime|time|ntp>

Sets the time server protocol. You have to configure a time server before you can specify the protocol.


no timesync Disables timeserver settings.

Example:

ZYXEL(config)# timesync <daytime|time|ntp> Time server setting server Time server IP address settingZYXEL(config)# timesync server <ip> IP address setting ZYXEL(config)# timesync server 1.1.1.1

For the Time settings following options are available:

ZYXEL(config)# time <Hour:Min:Sec> Set time by Hour:Min:Sec date Date setting daylight-saving-time Daylight saving time help Description of Time help timezone Time zone(UTC) settingZYXEL(config)# time 08/06/2010

Logging Commands:

Syntax:

show logging Displays system logs. no logging Clears system logs.

Example:

Port Security


These commands to allow only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. For maximum port security, enable port security, disable MAC address learning and configure static MAC address(es) for a port.

Syntax:

port-security Enables port security on the Switch. no port-security Disables port security on the device. port-security <port-list> Enables port security on the specified port(s). port-security <port-list> learn inactive Disables MAC address learning on the specified port(s). port-security <port-list>address-limit <number> Limits the number of (dynamic) MAC addresses that may be learned on the specified port(s).

Example:

ZYXEL(config)#port-security <cr> <port-list> Port list of port security configurationZYXEL(config)# port-security

ZYXEL(config)# port-security 20ZYXEL(config)# port-security 20 address-limit <number> number of learned MAC addressZYXEL(config)# port-security 20 address-limit 30ZYXEL(config)# port-security 20 learn inactive

Check the port security on port:ZYXEL# sh port-security

Port Security Active : YES Port Active Address Learning Limited Number of Learned MAC Address 01 N Y 0 02 N Y 0 03 N Y 0 04 N Y 0 05 N Y 0 06 N Y 0 07 N Y 0 08 N Y 0 09 N Y 0 10 N Y 0 11 N Y 0 12 N Y 0 13 N Y 0 14 N Y 0 15 N Y 0 16 N Y 0 17 N Y 0


18 N Y 0 19 N Y 0 20 Y N 30 21 N Y 0 22 N Y 0 23 N Y 0 24 N Y 0 25 N Y 0 26 N Y 0 27 N Y 0 28 N Y 0ZYXEL# #

MTU On the Switch

By default, the switch supports Jumbo frames. You don't have to enable anything on port or switch.

Port Mirroring Commands

Syntax:mirror-port Enables port mirroring on the Switch.mirror-port <port-num> Specifies the monitor port (the port to which traffic flow is copied) for port mirroring. interface port-channel <port-list> Enters config-interface mode for the specified port(s). mirror Enables port mirroring in the int.mirror dir <ingress|egress|both> Enables port mirroring for incoming (ingress), outgoing (egress) or both incoming and outgoing (both) traffic.

Example:ZYXEL(config)# mirror-portZYXELconfig)# mirror-port 3ZYXEL(config)# interface port-channel 1ZYXEL(config-interface)# mirrorMirrored port 1 is monitor port now.ZYXEL(config-interface)# mirror dir both ORZYXEL(config-interface)# mirror dir egress

BPDU Control

Syntax:

bcp-transparency Activate BPDU control interface port-channel <port-list>bpdu-control <peer|tunnel|discard|network>


Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port.

Select Tunnel to forward BPDUs received on this port.

Select Discard to drop any BPDU received on this port.

Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU.

Example:ES-3124# config

ES-3124(config)# bcp-transparency

ES-3124(config)# interface port-channel 20

ES-3124(config-interface)# bpdu-control ?

<peer|tunnel|discard|network>

ES-3124(config-interface)# bpdu-control discard

Password Recovery Of the Switch

If the password of the switch is not known the the following procedure can be used for the recovery of password.

Step 1:Connect the Switch to a PC through console port.

Step2:

Reboot the switch and keep pressing Enter key until the switch reaches the default mode.


Step 3:Change the baud rate of the switch to 115200 so that the file transfer is quick.

Command: atba5

Step 4:

Save the ROM file to the computer.Type Command atlc to transfer the .ROM file from computer to switch through Xmodem.

a) First type the command: altc on the switch.


b) Then transfer the file 380AIV1C0.ROM

This will bring the switch to default configuration.

Step 5:

Once the changes are done reboot the switch and the baud rate will automatically reset to 9600.Command: atgo


Now the switch is on default configuration.

Notes:

• The .ROM file is available on the FTP please download it first before starting the recovery procedure.

• By this way the old configuration will be lost.• I have already asked ZYXEL to provide a work around for this, once they

will reply I will update.


Documents

Basic Configuration Manual for Zyxel 3124F Switch 08072010v1.0