Zyxel Switch Configuration Manual

Confidential : This document is intended for internal use of Tulip only.

Tulip Telecom Ltd., A – 235, Okhla Phase I New Delhi – 110 020

Document distribution List Serial Number 1 2 Name SV Ramana Arun Singh Purpose Review & Approve Review & Approve Tulip Telecom Ltd. translation.. A – 235. transformation to any medium requires prior written approval of Tulip.Document Title : Zyxel Switch Configuration Manual Document Owner : Vriti Kulshrestha Document Classification : Confidential This is a confidential document of Tulip and reproduction. This document includes confidential information related to Tulip and shall not be distributed to the persons other than those mentioned in the distribution list without the consent of the parties. Okhla Phase I New Delhi – 110 020 .

Management IP address 4. Speed-duplex setting 5. Enable password configuration 3. Access and Trunk port configuration Multiple Spanning Tree Rate-limit Storm-Control IGMP Snooping Tacacs+ Authentication Port Security MTU on Switch Port Mirroring BPDU Control Password Recovery procedure • • • • • • • • • • Tulip Telecom Ltd. A – 235.Zyxel Switch Configuration Manual CONTENTS • • • Configuring Hostname How To Save configuration Basic Configuration 1.. Okhla Phase I New Delhi – 110 020 . Administrator password configuration 2.

DEFAULT LOGIN In-band IP Address http://192.1 Out-of-band IP Address http://192. Tulip Telecom Ltd.168.0. A – 235.168..255.1 User Name admin Password 1234 Configuring Host Name: ES-3124F(config)#hostname <name_string> System name string ES-3124F(config)# hostname Zyxel Zyxel(config)# Saving Your Configuration: Zyxel(config)# write memory Configuring Basic Parameters: Changing the Administrator Password: Syntax:admin-password <pw-string> <Confirm-string> Example: Zyxel(config)# admin-password <pw-string> New Password Zyxel(config)# admin-password tulip <confirm-string> Retype to Confirm Zyxel(config)# admin-password tulip tulip Changing the Enable Password: Syntax:password <password> Example: Zyxel(config)# password <password> Password String Zyxel(config)# password tulip Changing the Management IP Address: The Switch has a different IP address in each VLAN.1. By default.255. Okhla Phase I New Delhi – 110 020 . the Switch has VLAN 1 with IP address 192.1 and subnet mask 255.168.1.0.

Syntax: speed-duplex <value> The default is auto (auto-negotiation). Example: Zyxel(config)# interface port-channel 20 Zyxel(config-interface)# inactive Zyxel(config)# interface port-channel 20 Zyxel(config-interface)# no inactive //disable the port// //enable the port// Configuring Access Port: • In this switch the access port means the untagged port.2.2 255. Syntax: vlan <Vlan number> untagged <port number> Tulip Telecom Ltd.2.2. • The ports are defined untagged under the particular VLANs which are to be allowed on that port. 100. Example: Zyxel(config)# interface port-channel 20 Zyxel(config-interface)# speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full> Set Interface Speed duplex Zyxel(config-interface)# speed-duplex 100-full Disabling or re-enabling a port: A port can be made inactive (disable) or active (enable) by selecting the appropriate status option. The default value for a port is enabled. A – 235.255.. You can manually enter the port speed to operate at either 10. Okhla Phase I New Delhi – 110 020 .0 Zyxel(config-vlan)# ip address default-gateway 2.Syntax: ip address inband-default <ip> <mask> Example: Zyxel(config)# vlan 1 Zyxel(config-vlan)# ip address ? <ip-address> IP Address default-gateway Configre inband default gateway inband-default In-band Default IP Setting Zyxel(config-vlan)# ip address inband-default 2. This same as shutdown and noshutdown option in other switches. or 1000 Mbps.2.255.1 Modifying port speed and duplex mode: The ports auto-sense and auto-negotiate the speed and duplex mode of the connected device.

The default state is to not be under MSTP mode. A – 235. Example: Zyxel(config)# spanning-tree mode <RSTP|MRSTP|MSTP> spanning tree mode Zyxel(config)# spanning-tree mode MSTP Setting the MSTP name: Each switch that is running MSTP is configured with a name. For compatibility of MSTP with Cisco and Maipu you need to configure identical number on all.. To configure a system into MSTP mode. name: 1-32 printable characters Example: Zyxel(config)# mstp configuration-name <name> Name string Zyxel(config)# mstp configuration-name TULIP_TEST Setting the MSTP revision number: Each switch that is running MSTP is configured with a revision number. For compatibility of MSTP with Cisco and Maipu you need to configure identical MSTP name on all. use the following command at the Global Configuration level. So no specific command required to make a trunk port. a system can be either under MSTP mode or not under MSTP mode. • By default. Multiple Spanning Tree: Configuring MSTP Mode: With the introduction of MSTP. all the ports are tagged for all the configured vlans. Okhla Phase I New Delhi – 110 020 .Example: Zyxel(config)# vlan vlan vlan-stacking vlan-type Zyxel(config)# vlan 20 Zyxel(config-vlan)#untagged <port-list> Untagged port list Zyxel(config-vlan)# untagged 20 Zyxel(config-vlan)# vlan1q Configuring Trunk Port: • In this switch the trunk port means the tagged port. Syntax: mstp configuration-name <name> Sets a name for an MSTP region. Syntax: mstp revision <0-65535> Sets the revision number for this MST Region Tulip Telecom Ltd.

channel <port-list> Example: Zyxel(config)# mstp instance 0 interface port-channel 1 Activating MSTP on a switch: To enable MSTP on your switch.. Configuring Mstp on Ports: Syntax: mstp instance <0-16> interface port. Example: Zyxel(config)# mstp instance 1 vlan 3. Specifies the VLANs that belongs to the instance. Each region can contain one or more VLANs. Syntax: mstp instance <0-16> vlan <vlan-list> no mstp instance <0-16> vlan <1-4094> Disables the assignment of specific VLANs from an MST instance. You can set a priority to the instance that gives it forwarding preference over lower priority instances within a VLAN or on the switch. Syntax: mstp instance <0-16> priority <0. Okhla Phase I New Delhi – 110 020 . A – 235. Example: Zyxel(config)#mstp revision 10 Configuring an MSTP instance: An MSTP instance is configured with an MSTP ID for each region.7 Configuring bridge priority: Priority can be configured for a specified instance. Zyxel(config)#mstp Zyxel(config)#no mstp Activates MSTP on the Switch.5. Port Based Rate-limit: Two separate commands (bandwidth-limit cir and Tulip Telecom Ltd. Disables MSTP on the Switch. use the following at the Global Configuration level.configuration.61440> Example: Zyxel(config)#mstp instance 1 priority 8192 Notes: • Acceptable values are 0 .61440 in increments of 4096.

Example: Zyxel(config)# int port-channel 20 Zyxel(config-interface)# bandwidth-limit cir Set Interface Bandwidth limit Tulip Telecom Ltd. Enters subcommand mode for configuring the specified ports. The CIR and PIR should be set for all ports that use the same uplink bandwidth. Ingress Rate-limit: Syntax: bandwidth-control interface port-channel <port-list> bandwidth-limit cir bandwidth-limit cir <rate> Enables bandwidth control on the Switch. Enters subcommand mode for configuring the specified ports.. Example: Zyxel(config)# int port-channel 20 Zyxel(config-interface)# bandwidth-limit cir Set Interface Bandwidth limit egress Set Interface Bandwidth limit pir Set Interface Bandwidth limit Zyxel(config-interface)# bandwidth-limit cir <Kbps> Set Interface Bandwidth limit <cr> Set Interface Commit Bandwidth limit Zyxel(config-interface)# bandwidth-limit cir Zyxel(config-interface)#bandwidth-limit cir 64 Egress Rate-limit: Syntax: bandwidth-control interface port-channel <port-list> bandwidth-limit egress bandwidth-limit egress <rate> Enables bandwidth control on the Switch. Sets the guaranteed bandwidth allowed for the incoming traffic flow on a port. Enables commit rate limits on the specified port(s). packets are sent at the rate up to the PIR. Sets the maximum bandwidth allowed for outgoing traffic on the port(s). Okhla Phase I New Delhi – 110 020 . When network congestion occurs. A – 235. packets through the ingress port exceeding the CIR will be marked for drop. Enables bandwidth limits for outgoing traffic on the port(s). If the CIR is reached.bandwidth-limit pir) are used to control the Committed Information Rate (CIR) and the Peak Information Rate (PIR) allowed on a port.

egress pir Set Interface Bandwidth limit Set Interface Bandwidth limit Zyxel(config-interface)# bandwidth-limit egress Zyxel(config-interface)# bandwidth-limit egress 64 Storm-Control: Storm control prevents traffic on a LAN from being disrupted by a broadcast. A – 235.. Okhla Phase I New Delhi – 110 020 . Specifies the maximum number of broadcast packets the per second on the specified port(s). Syntax: storm-control no storm-control Enables broadcast storm control on the Switch. Disables broadcast storm control on the Switch. mistakes in the network configuration. a multicast. or a unicast storm on one of the physical interfaces. Example: ZYXEL(config)# int port-channel 20 ZYXEL(config-interface)# broadcast-limit <cr> <pkt/s> Set Interface Broadcast Limit ZYXEL(config-interface)# broadcast-limit ZYXEL(config-interface)# broadcast-limit 100 Multicast Storm-Control: Syntax: Tulip Telecom Ltd. A LAN storm occurs when packets flood the LAN. Example: ZYXEL(config)# storm control Broadcast Storm-control: Syntax: broadcast-limit broadcast-limit <pkt/s> Switch accepts Enables the broadcast packet limit on the specified port(s). creating excessive traffic and degrading network performance. To enable any kind of storm control first you have to enable it globally. or users issuing a denial-of-service attack can cause a storm. Errors in the protocol-stack implementation.

Example: ZYXEL(config)# int port-channel 20 ZYXEL(config-interface)# multicast-limit <cr> <pkt/s> Set Interface Multicast Limit ZYXEL(config-interface)# Multicast-limit ZYXEL(config-interface)# Multicast-limit 100 Unknown Unicast Storm-Control: Syntax: dlf-limit dlf-limit <pkt/s> accepts per second Example: ZYXEL(config)# int port-channel 20 ZYXEL(config-interface)# dlf-limit <cr> <pkt/s> Set Interface DLF Limit Enables the DLF packet limit on the specified port(s). Enables IGMP filtering on the Switch. igmp-filtering profile <name> start-address <ip> end.multicast-limit multicast-limit <pkt/s> Enables the multicast packet limit on the specified port(s). Disables IGMP snooping. Specifies the maximum number of DLF packets the Switch on the specified port(s). A – 235. C 13 Specifies the maximum number of multicast packets the Switch accepts per second on the specified port(s). Ports can only join multicast groups specified in their IGMP filtering profile. ZYXEL(config-interface)# dlf-limit 100 IGMP Snooping Syntax: igmp-snooping no igmp-snooping igmp-filtering Enables IGMP snooping.. Okhla Phase I New Delhi – 110 020 .address <ip> Tulip Telecom Ltd.

or tacacs+.. Step 3: tacacs-server host <index> <ip> [auth-port <socket-number>][key<key-tring>] Specifies the IP address of the specified TACACS+ server. method: enable. Okhla Phase I New Delhi – 110 020 . radius. or tacacs+. Step 5: tacacs-server timeout <1-1000> Specifies the TACACS+ server timeout value. radius. method: local.Optionally. Example: Tulip Telecom Ltd. sets the port number and key of the TACACS+ Step 4: tacacs-server mode <index.priority|round-robin> Specifies the mode for TACACS+ server selection. second. Example: ZYXEL(config)# igmp-snooping ZYXEL(config)# igmp-filtering <cr> Enable IGMP Filtering profile Add new igmp filter profile ZYXEL(config)# igmp-filtering Tacacs+ Authentication: Step 1: aaa authentication enable: <method1> [<method2> Specifies which method should be used first. and third for checking privileges. Step 2: aaa authentication login Specifies which method should be used first. A – 235. second. and third for the authentication of login accounts.Sets the range of multicast address(es) in a profile.

Okhla Phase I New Delhi – 110 020 .ZYXEL(config)# aaa authentication enable tacacs+ ZYXEL(config)# aaa authentication login tacacs+ ZYXEL(config)# tacacs-server host 71. You have to configure a time server before you can specify the protocol. timesync <daytime|time|ntp> Sets the time server protocol.101.5.4 key cisco123 NTP Configuration: Syntax: timesync server <ip> Sets the IP address of your time server. • Every 24 hours after the Switch starts up. • When the time server IP address or protocol is updated. Tulip Telecom Ltd. The Switch synchronizes with the time server in the following situations: • When the Switch starts up. A – 235..

Okhla Phase I New Delhi – 110 020 . Port Security Tulip Telecom Ltd.1. Clears system logs. A – 235.. ZYXEL(config)# timesync <daytime|time|ntp> Time server setting server Time server IP address setting ZYXEL(config)# timesync server <ip> IP address setting ZYXEL(config)# timesync server 1.no timesync Example: Disables timeserver settings.1.1 For the Time settings following options are available: ZYXEL(config)# time <Hour:Min:Sec> Set time by Hour:Min:Sec date Date setting daylight-saving-time Daylight saving time help Description of Time help timezone Time zone(UTC) setting ZYXEL(config)# time 08/06/2010 Logging Commands: Syntax: show logging no logging Example: Displays system logs.

port-security <port-list> learn inactive Disables MAC address learning on the specified port(s). Enables port security on the specified port(s). disable MAC address learning and configure static MAC address(es) for a port.These commands to allow only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. Disables port security on the device.. enable port security. Okhla Phase I New Delhi – 110 020 . Example: ZYXEL(config)#port-security <cr> <port-list> Port list of port security configuration ZYXEL(config)# port-security ZYXEL(config)# ZYXEL(config)# <number> ZYXEL(config)# ZYXEL(config)# port-security 20 port-security 20 address-limit number of learned MAC address port-security 20 address-limit 30 port-security 20 learn inactive Check the port security on port: ZYXEL# sh port-security Port Security Active : YES Port Active Address Learning Limited Number of Learned MAC Address 01 N Y 0 02 N Y 0 03 N Y 0 04 N Y 0 05 N Y 0 06 N Y 0 07 N Y 0 08 N Y 0 09 N Y 0 10 N Y 0 11 N Y 0 12 N Y 0 13 N Y 0 14 N Y 0 15 N Y 0 16 N Y 0 17 N Y 0 Tulip Telecom Ltd. A – 235. port-security <port-list>address-limit <number> Limits the number of (dynamic) MAC addresses that may be learned on the specified port(s). Syntax: port-security no port-security port-security <port-list> Enables port security on the Switch. For maximum port security.

Enables port mirroring for incoming (ingress). Specifies the monitor port (the port to which traffic flow is copied) for port mirroring. A – 235. Example: ZYXEL(config)# mirror-port ZYXELconfig)# mirror-port 3 ZYXEL(config)# interface port-channel 1 ZYXEL(config-interface)# mirror Mirrored port 1 is monitor port now. ZYXEL(config-interface)# mirror dir both OR ZYXEL(config-interface)# mirror dir egress BPDU Control Syntax: bcp-transparency Activate BPDU control interface port-channel <port-list> bpdu-control <peer|tunnel|discard|network> Tulip Telecom Ltd..18 N 19 N 20 Y 21 N 22 N 23 N 24 N 25 N 26 N 27 N 28 N ZYXEL# # Y Y N Y Y Y Y Y Y Y Y 0 0 30 0 0 0 0 0 0 0 0 MTU On the Switch By default. Enables port mirroring in the int. outgoing (egress) or both incoming and outgoing (both) traffic. Port Mirroring Commands Syntax: mirror-port mirror-port <port-num> interface port-channel <port-list> mirror mirror dir <ingress|egress|both> Enables port mirroring on the Switch. the switch supports Jumbo frames. Enters config-interface mode for the specified port(s). You don't have to enable anything on port or switch. Okhla Phase I New Delhi – 110 020 .

Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU.Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Okhla Phase I New Delhi – 110 020 . Example: ES-3124# config ES-3124(config)# bcp-transparency ES-3124(config)# interface port-channel 20 ES-3124(config-interface)# bpdu-control ? <peer|tunnel|discard|network> ES-3124(config-interface)# bpdu-control discard Password Recovery Of the Switch If the password of the switch is not known the the following procedure can be used for the recovery of password. Step2: Reboot the switch and keep pressing Enter key until the switch reaches the default mode. Select Discard to drop any BPDU received on this port.. Step 1: Connect the Switch to a PC through console port. Tulip Telecom Ltd. A – 235. Select Tunnel to forward BPDUs received on this port.

Tulip Telecom Ltd. Type Command atlc to transfer the . a) First type the command: altc on the switch.ROM file from computer to switch through Xmodem.. Command: atba5 Step 4: Save the ROM file to the computer. A – 235.Step 3: Change the baud rate of the switch to 115200 so that the file transfer is quick. Okhla Phase I New Delhi – 110 020 .

Command: atgo Tulip Telecom Ltd.ROM This will bring the switch to default configuration. A – 235.b) Then transfer the file 380AIV1C0. Step 5: Once the changes are done reboot the switch and the baud rate will automatically reset to 9600. Okhla Phase I New Delhi – 110 020 ..

ROM file is available on the FTP please download it first before starting the recovery procedure. Tulip Telecom Ltd. Notes: • • • The . By this way the old configuration will be lost. once they will reply I will update. A – 235. Okhla Phase I New Delhi – 110 020 .. I have already asked ZYXEL to provide a work around for this.Now the switch is on default configuration.

Sign up to vote on this title
UsefulNot useful